- 06 5月, 2021 1 次提交
-
-
由 Dr. David von Oheimb 提交于
Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
-
- 05 5月, 2021 26 次提交
-
-
由 Benjamin Kaduk 提交于
The "bad DTLS" tests run into trouble due to the special behavior for that "bad" version, and the SSL record tests need to set the -legacy_server_connect flag to allow an SSLv2 ClientHello to work against any TLS server (since SSLv2 ClientHello messages cannot carry extensions as would be needed in order to negotiate the use of the renegitiation_info extension). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-
由 Benjamin Kaduk 提交于
This option is only useful for the client, but it was previously marked as only being applicable for servers. Correct the entry to properly mark it as client-only, and update the s_server/s_client manuals accordingly. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-
由 Benjamin Kaduk 提交于
Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in SSL_CTX_new(), to allow connections to legacy servers that did not implement RFC 5746. It has been more than a decade since RFC 5746 was published, so there has been plenty of time for implmentation support to roll out. Change the default behavior to be to require peers to support secure renegotiation. Existing applications that already cleared SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as re-clearing the flag is just a little bit of redundant work. The old behavior is still available by explicitly setting the flag in the application. Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for similar reasons. Document the behavior change in CHANGES.md, and update the SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change in default behavior. Fixes: 14848 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-
由 Tomas Mraz 提交于
Fixes #15137 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15138)
-
由 Pauli 提交于
Fixes #14140 Fixes #13232 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
由 Rich Salz 提交于
Also add a negative test, and fix typo's. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
-
由 Rich Salz 提交于
It was a mistake to allow relative paths for include files (just like root shouldn't have "." in its PATH), but we probably can't change it now. Add a new pragma "abspath" that someone can put in the system-wide config file to require absolute paths. Also update the config documentation to better explain how file inclusion works. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
-
由 Rich Salz 提交于
Fix other wording, too. Fixes: #13151 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15038)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
由 Rich Salz 提交于
Use official (first) names for wrapping algorithms. Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14182)
-
由 Shane Lontis 提交于
Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M and it now checks this during set_parameters. The encoder related functions now pass in the maximum size of the output buffer so they can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in order to calculate and check the length before encoding. Note that right_encode() is currently only used in one place but this may change if other algorithms are supported (such as TupleHash). Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15106)
-
由 Tomas Mraz 提交于
The maximum (theoretical) block size of SHA3 is 200 bytes. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15125)
-
由 Richard Levitte 提交于
Fixes #11165 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15073)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15104)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15120)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15103)
-
- 04 5月, 2021 13 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15132)
-
由 Matt Caswell 提交于
Fixes #14409 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15072)
-
由 Matt Caswell 提交于
Check that reading/writing to a core bio via BIO_new_from_core_bio() works as expected. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15072)
-
由 Matt Caswell 提交于
Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an internal only concept for our own providers. Since this is likely to be generally useful, we make it a part of the public API. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15072)
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15121)
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15121)
-
由 Petr Gotthard 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15118)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15105)
-
由 Richard Levitte 提交于
They completely ignored any passphrase related setting. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15119)
-
由 Richard Levitte 提交于
Fixes #15114 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15119)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8871)
-
由 Richard Levitte 提交于
This is required for 'make update' and fips checksums Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8871)
-
由 Richard Levitte 提交于
This adds the following scripts: util/lang-compress.pl: Compress source code, which language is determined by the first argument. For the moment, we know 'perl' (perlasm source code), 'C' (C source code) and 'S' (Assembler with C preprocessor directives). This removes comments and empty lines, and compresses series of horizontal spaces to one single space in the languages where that's appropriate. util/fips-checksums.sh: Takes source file names as arguments, pushes them through util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates the checksum on the result. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8871)
-