- 22 7月, 2020 3 次提交
-
-
由 Viktor Dukhovni 提交于
The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #12472
-
由 Richard Levitte 提交于
The 'cert_cb' / 'client_cert_cb' arguments had extra, a bit weird documentation. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12494)
-
由 Richard Levitte 提交于
The relaxation allows spaces between function name and argument list, to allow line breaks like this when there are very long names: int (fantastically_long_name_breaks_80char_limit) (fantastically_long_name_breaks_80char_limit *something); This revealed some other intricaties, such as documented internal structures with function pointers inside, so a check of open structures was also added, and they are now simply skipped over. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12494)
-
- 21 7月, 2020 5 次提交
-
-
由 Richard Levitte 提交于
libcommon.a is FIPS agnostic, while libfips.a and libnonfips.a are FIPS / non-FIPS specific. Since bio_prov.c checks FIPS_MODULE, it belongs to the latter. Along with this, a bit more instruction commentary is added to providers/build.info. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/12486)
-
由 Nihal Jere 提交于
CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12482)
-
由 Shane Lontis 提交于
As the ERR_raise() is setup at this point returng a range of negative values for errors is not required. This will need to be revisited if the code ever moves to running from the DEP. Added a -config option to the fips install so that it can test if a fips module is loadable from configuration. (The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file). Added more failure tests for the raised errors. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12346)
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12483)
-
由 Dimitri John Ledkov 提交于
Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12444)
-
- 20 7月, 2020 11 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270)
-
由 Dr. David von Oheimb 提交于
On this occasion fix uses of the word 'nor'. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270)
-
This commit ensures the -L/path/to/zlib flag associated with ldflags property set in "Configurations/00-base-templates.conf" (under "BASE_unix") is inherited when defining "darwin-common" configuration. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12238)
-
由 Shane Lontis 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12452)
-
由 Richard Levitte 提交于
- The check that disallowed space before the argument list in a function typedef is tentatively removed, allowing this kind of construction: typedef int (fantastically_long_name_breaks_80char_limit) (fantastically_long_name_breaks_80char_limit *something); - Accept the following style of function signature: typedef TYPE (NAME)(args...) - Accept space between '#' and 'defined' / 'undef' - Accept other spaces than SPC in argument list comma check, allowing declaration with line breaks. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12452)
-
由 Richard Levitte 提交于
name_synopsis was reading physical SYNOPSIS lines. This changes it to consider a declaration at a time, so we treat a C declaration that's been broken up in several lines as one. This makes it mandatory to end all C declarations in the SYNOPSIS with a semicolon. Those can be detected in two ways: 1. Parsing an individual .pod file outputs this error: doc/man3/SOMETHING.pod:1: Can't parse rest of synopsis: int SOMETHING_status(SOMETHING *s) int SOMETHING_start(SOMETHING *s) (declarations not ending with a semicolon (;)?) 2. Errors like this: doc/man3/SOMETHING.pod:1: SOMETHING_status missing from SYNOPSIS doc/man3/SOMETHING.pod:1: SOMETHING_start missing from SYNOPSIS Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12452)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12468)
-
由 Richard Levitte 提交于
It was useful at the time for a one-time run. However, since it does its work based on file modification time stamps, and those are notoriously untrustable in a git checkout, it ends up being harmful. There is a replacement in OpenSSL's tools repository, which relies on git history. Fixes #12462 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12466)
-
- 18 7月, 2020 1 次提交
-
-
由 Pauli 提交于
The backend code varies for the different MACs and sometimes sets the output length, sometimes checks the return pointer and sometimes neither. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12458)
-
- 17 7月, 2020 6 次提交
-
-
由 Pauli 提交于
The documentation was off by one for the length this function could return. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12435)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12325)
-
由 Pauli 提交于
This boils down to the operating system sources and RDRAND. All other sources are not available in the FIPS module. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12325)
-
由 Shane Lontis 提交于
Fixes #12449 On a aix7_ppc32 machine the error was of the form match 'Previous owner died ' (2147483743) with one of ( 'Previous owner died', 'reason(95)' ) Stripping the trailing whitespace from the system error will address this issue. Suggested fix by @pauldale. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12451)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12359)
-
由 Dr. David von Oheimb 提交于
Also untabify the Perl source file. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12359)
-
- 16 7月, 2020 14 次提交
-
-
由 Dr. David von Oheimb 提交于
If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375)
-
由 Richard Levitte 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
-
由 Richard Levitte 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
-
由 Richard Levitte 提交于
This was forgotten when that file changed name, and that unfortunately disrupts releases. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12464)
-
由 Richard Levitte 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12463)
-
由 Richard Levitte 提交于
[extended tests] Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12186)
-
由 Matt Caswell 提交于
The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit 765d04c9. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
-
由 Matt Caswell 提交于
The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
-
由 Richard Levitte 提交于
- Reworked test perl framwork for parallel tests - Reworked ERR codes to make better space for system errors - Deprecation of the ENGINE API Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12461)
-
由 Pauli 提交于
Everything else to do with algorithm selection and properties is case insensitive. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12450)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
-