- Dec 09, 2021
-
-
Quanah Gibson Mount authored(cherry picked from commit 58af6a2b)
-
- Dec 08, 2021
-
-
Quanah Gibson Mount authored
-
- Dec 02, 2021
-
-
Quanah Gibson Mount authored
(cherry picked from commit 9aeeb762)
-
Quanah Gibson Mount authored
-
Quanah Gibson Mount authored
(cherry picked from commit 617f866c)
-
Quanah Gibson Mount authored
(cherry picked from commit fbdb5aad)
-
- Aug 24, 2021
-
-
-
Quanah Gibson Mount authored
-
Quanah Gibson Mount authored
-
Quanah Gibson Mount authored
OpenSSL 1.1.1l release tag
-
Matt Caswell authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Previously there was no check that the supplied buffer was large enough. It was just assumed to be sufficient. Instead we should check and fail if not. Reviewed-by:
Paul Dale <pauli@openssl.org> Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com>
-
Matt Caswell authored
Check the case where C1y < 32 bytes in length (i.e. short overhead), and also the case with longer plaintext and C1x and C1y > 32 bytes in length (i.e. long overhead) Reviewed-by:
-
Matt Caswell authored
Previously the length of the SM2 plaintext could be incorrectly calculated. The plaintext length was calculated by taking the ciphertext length and taking off an "overhead" value. The overhead value was assumed to have a "fixed" element of 10 bytes. This is incorrect since in some circumstances it can be more than 10 bytes. Additionally the overhead included the length of two integers C1x and C1y, which were assumed to be the same length as the field size (32 bytes for the SM2 curve). However in some cases these integers can have an additional padding byte when the msb is set, to disambiguate them from negative integers. Additionally the integers can also be less than 32 bytes in length in some cases. If the calculated overhead is incorrect and larger than the actual value this can result in the calculated plaintext length being too small. Applications are likely to allocate buffer sizes based on this and therefore a buffer overrun can occur. CVE-2021-3711 Issue reported by John Ouyang. Reviewed-by:
-
Matt Caswell authored
Previously if an error path is entered a leak could result. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
Matt Caswell authored
If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it any for safety in normal builds. Reviewed-by:
-
Matt Caswell authored
Check that there's at least one byte in params->base before trying to read it. CVE-2021-3712 Reviewed-by:
-
Matt Caswell authored
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by:
-
Matt Caswell authored
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by:
-
Matt Caswell authored
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by:
-
Matt Caswell authored
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by:
-
Matt Caswell authored
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by:
-
Matt Caswell authored
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by:
-
Matt Caswell authored
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by:
-
- Aug 18, 2021
-
-
Pauli authored
(cherry picked from commit 64fac96d) Reviewed-by:
-
Nicola Tuveri authored
This reverts commit aa23aa75. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Nicola Tuveri authored
This commit temporarily disables the ubsan build, due to failures to be investigated in a dedicated PR. Reviewed-by:
-
Nicola Tuveri authored
In 1.1.1 currently we do not support running multiple tests in parallel, and the `--debug -O1` msan build required more than 3h to run the tests. This commit temporarily disables this build configuration. Reviewed-by:
-
Nicola Tuveri authored
This commit temporarily disables tests for no-tls1_3, due to failures to be investigated in a dedicated PR. Reviewed-by:
-
Nicola Tuveri authored
This commit temporarily disables pyca external tests, due to failures to be investigated in a dedicated PR. Reviewed-by:
-
Nicola Tuveri authored
This commit temporarily disables krb5 external tests, due to failures to be investigated in a dedicated PR. Reviewed-by:
-
Nicola Tuveri authored
This commit temporarily disables cross-compiling tests for sparcv9, due to failures to be investigated in a dedicated PR. Reviewed-by:
-
Nicola Tuveri authored
The daily run-checker is scheduled to start at 6:42, instead of the start of the hour. The official GitHub documentation remarks the following regarding scheduled workflows: > Note: The schedule event can be delayed during periods of high loads > of GitHub Actions workflow runs. High load times include the start of > every hour. To decrease the chance of delay, schedule your workflow to > run at a different time of the hour. 42, obviously, has been picked because it is the answer to the ultimate question of life, the universe, and everything. Reviewed-by:
-
Nicola Tuveri authored
This commit does not include the daily run-checker workflow. Reviewed-by:
-
Nicola Tuveri authored
Reviewed-by:
-
Nicola Tuveri authored
Reviewed-by:
-
