- 29 5月, 2019 4 次提交
-
-
由 Pauli 提交于
Rework the test so that it fails far less often. A number of independent tests are executed and 5% are expected to fail. The number of such failures follows a binomial distribution which permits a statistical test a 0.01% expected failure rate. There is a command line option to enable the stochastic range checking. It is off by default. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8830)
-
由 Shane Lontis 提交于
enabling the 'enable-crypto-mdebug' option and running parameter generation causes timeouts. Loading pregenerated params is more suited for these tests. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9022)
-
由 Richard Levitte 提交于
Not all Unixen know the -v option Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9012)
-
由 Richard Levitte 提交于
Use -bnoentry, not -bexpall Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9012)
-
- 28 5月, 2019 1 次提交
-
-
由 Tomas Mraz 提交于
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9015)
-
- 27 5月, 2019 10 次提交
-
-
由 Richard Levitte 提交于
We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013)
-
由 Shane Lontis 提交于
Convert EVP_PKEY Parameters to/from binary. This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters in a similar way to Public and Private Keys. The API's can be used by applications (including openssl apps) that only want to use EVP_PKEY without needing to access low level key API's. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8903)
-
由 David Makepeace 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9010)
-
由 Richard Levitte 提交于
The documentation of what a X509_LOOKUP implementation must do was unclear and confusing. Most of all, clarification was needed that it must store away the found objects in the X509_STORE. Fixes #8707 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8755)
-
由 David Makepeace 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9008)
-
由 FdaSilvaYY 提交于
Add a few coverage test case. Fixes #8949 [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8959)
-
由 Simo Sorce 提交于
In all legacy code ctx->cipher is dereferenced without checks, so it makes no sense to jump there is ctx->cipher is NULL as it will just lead to a crash. Catch it separately and return an error. This is simlar to the fix in d2c2e49eSigned-off-by: NSimo Sorce <simo@redhat.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9002)
-
由 Laszlo Ersek 提交于
CLA: trivial Fixes #8904 Commit 48feaceb ("Remove the possibility to disable the UI module entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c" unconditional, by deleting the preprocessing directive "#ifndef OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2 (OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ. Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from commit 984d6c60, "Fix no-stdio build", 2015-09-29). Signed-off-by: NLaszlo Ersek <lersek@redhat.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8922)
-
由 Daniël van Eeden 提交于
Example with patch: ``` $ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305' TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ``` Example without patch: ``` $ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305' TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ``` CLA: Trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8999)
-
由 Daniël van Eeden 提交于
* Cipher name: from 23 to 30 (example: ECDHE-ECDSA-AES128-GCM-SHA256) * Fixed length for TLS version (examples: TLSv1, TLSv1.3) * Au length from 4 to 5 (example: ECDSA) Example (without patch): ``` $ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ``` Example (with patch): ``` $ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ``` CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8999)
-
- 24 5月, 2019 4 次提交
-
-
由 agnosticdev 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8995)
-
由 Sambit Kumar Dash 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8952)
-
由 David Makepeace 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8987)
-
由 David Makepeace 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8994)
-
- 23 5月, 2019 9 次提交
-
-
由 Bernd Edlinger 提交于
e.g. openssl speed -evp id-aes256-wrap-pad was crashing because the return code from EVP_CipherInit_ex was ignored. Not going to allow that cipher mode because wrap ciphers produces more bytes output than the input length and EVP_Update_loop is not really prepared for that. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8739)
-
由 Matt Caswell 提交于
In addition this commit ensures that the "provctx" value is defaulted to the current library context when we are recurively initialising the FIPS provider when already inside the FIPS module. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
由 Matt Caswell 提交于
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and coverts them for use within evp_test. This commit also adds a script to convert the .rsp CAVS files into the evp_test format. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8981)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8963)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8963)
-
由 voev 提交于
CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8979)
-
- 22 5月, 2019 4 次提交
-
-
由 Patrick Steuer 提交于
Fixes #7323 Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8970)
-
由 Patrick Steuer 提交于
Fixes #8957 Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8970)
-
由 Patrick Steuer 提交于
67c81ec3 forgot about s390x Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8971)
-
由 Pauli 提交于
Add the possibility of a property query clause to be optional by preceding it with a question mark. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8943)
-
- 21 5月, 2019 5 次提交
-
-
由 Kurt Roeckx 提交于
Fixes: #8737 Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #8741
-
由 Matt Caswell 提交于
This reverts commit dcb982d7. This change is causing extended tests to fail. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8964)
-
由 Richard Levitte 提交于
When sanitize options are added as 'enable-msan' or similar, the -fsanitize C flags is set in $config{cflags} rather than $config{CFLAGS}, so we need to check both. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8965)
-
由 Arne Schwabe 提交于
This function only returns a status and does not modify the parameter. Since similar function are already taking const parameters, also change this function to have a const parameter. Fixes #8934 CLA: trivial Signed-off-by: NArne Schwabe <arne@rfc2549.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8945)
-
由 Pauli 提交于
Add ranged checked OSSL_PARAM conversions between the native types. A conversion is legal only if the given value can be exactly represented by the target type. Includes a test case that reads a stanza test case file and verified that param conversions are processed properly. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8733)
-
- 20 5月, 2019 3 次提交
-
-
由 Richard Levitte 提交于
In the development of the CRMF sub-system, there seems to have been some confusion as to what configuration option should be used. 'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP rather than OPENSSL_NO_CRMF... In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a silent "option" that get affected by 'cmp' by way of %disable_cascades. This allows options to be "aliases" for a set of other ones, silent or not. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8897)
-
由 Pauli 提交于
The 32 bit counter behaviour is necessary and was intentional. This reverts commit e9f148c9. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8958)
-
由 Richard Levitte 提交于
We still use '.so' as a last resort... Fixes #8950 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8951)
-