- 03 12月, 2020 8 次提交
-
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13577)
-
由 Pauli 提交于
Fixes: #13555 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13577)
-
由 Benjamin Kaduk 提交于
This code started off as a copy of ssl3_write_bytes(), and the comment was not updated with the implementation. Reported by yangyangtiantianlonglong in #13518 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13566)
-
由 Richard Levitte 提交于
This adds a bit of functionality in ossltest, so it can now be used to load PEM files. It takes the file name as key ID, but just to make sure faults aren't ignored, it requires all file names to be prefixed with 'ot:'. Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13570)
-
由 Richard Levitte 提交于
These two functions react when the FORMAT_ENGINE format is given, and use the passed ENGINE |e| and the passed key argument to form a URI suitable for the engine: loader. Co-authored-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13570)
-
由 Richard Levitte 提交于
The idea is to be able to have our apps load engine keys using a URI: org.openssl.engine:{engineid}:{keyid} This is legacy, but added for the time being to support keys given to the application like this: -engine {engineid} -key {keyid} -keyform ENGINE This latter form is recognised internally, and rewritten into the URI form. Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13570)
-
由 Matt Caswell 提交于
Ensure we correctly detect if DTLS has been disabled in the client auth test_ssl_new tests. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13587)
-
由 Matt Caswell 提交于
BIO_do_connect() can work even in no-sock builds (non socket based BIOs have the right ctrls). Therefore we move the macro outside of the OPENSSL_NO_SOCK guards Fixes #12207 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13587)
-
- 02 12月, 2020 11 次提交
-
-
由 Daiki Ueno 提交于
This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13545)
-
由 Richard Levitte 提交于
The passed 'pkey' already contains a library context, and the encoder implementations should be found within the same context, so passing an explicit library context seems unnecessary, and potentially dangerous. It should be noted that it's possible to pass an EVP_PKEY with a legacy internal key. The condition there is that it doesn't have a library context assigned to it, so the NULL library context is used automatically, thus requiring that appropriate encoders are available through that context. Fixes #13544 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13545)
-
由 Ankita Shetty 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13488)
-
由 Ankita Shetty 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13488)
-
由 Matt Caswell 提交于
When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13452)
-
由 Shane Lontis 提交于
The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X942 - this has been made a bit clearer by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an alias of X963KDF. This work was instigated as a result of the ACVP tests optionally being able to use keybits for the supp_pubinfo field. Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this to be disabled. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13418)
-
由 Shane Lontis 提交于
Fixes #12476 Note this stopped working when ECX was swapped over to using providers. The ECX_KEY keygen and exchange were converted, but not the ED signing support. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13508)
-
由 Pauli 提交于
Tests randomisation wasn't reliably printing the seed used on failure in the CIs. Fixes: #13572 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13573)
-
由 Tim Hudson 提交于
Previously the system guessing logic would incorrectly guess i686-apple-darwin as the fallback for any unspecified architecture that is a Darwin target Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13517)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13534)
-
- 01 12月, 2020 7 次提交
-
-
由 Kelvin Lee 提交于
CLA: trivial Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13584)
-
由 Richard Levitte 提交于
This very simple module loader is only linked with the standard C library, so cannot and should not provide any other symbol to the module it tries to load. It can thereby be used to verify that the module it tries to load doesn't have any surprising dependencies when it's supposed to be self contained. A test recipe is added to verify the FIPS module with this loader. Fixes #11020 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13507)
-
由 Richard Levitte 提交于
The result is "simpledynamic.c", or "sd" for short. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13507)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13568)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13568)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13568)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13568)
-
- 30 11月, 2020 5 次提交
-
-
由 Richard Levitte 提交于
A couple of numbers were incorrect. Fixes #13559 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13562)
-
由 Ard Biesheuvel 提交于
ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected by silicon errata #1742098 [0] and #1655431 [1], respectively, where the second instruction of a AES instruction pair may execute twice if an interrupt is taken right after the first instruction consumes an input register of which a single 32-bit lane has been updated the last time it was modified. This is not such a rare occurrence as it may seem: in counter mode, only the least significant 32-bit word is incremented in the absence of a carry, which makes our counter mode implementation susceptible to these errata. So let's shuffle the counter assignments around a bit so that the most recent updates when the AES instruction pair executes are 128-bit wide. [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice Signed-off-by: NArd Biesheuvel <ard.biesheuvel@arm.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13504)
-
由 Matt Caswell 提交于
Various sections of code assumed that at least one of dh or ec would be available. We also now also need to handle cases where a provider has a key exchange algorithm and TLS-GROUP that we don't know about. Fixes #13536 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13549)
-
由 Matt Caswell 提交于
If OPENSSL_SMALL_FOOTPRINT was defined then the CHACHA20-POLY1305 implementation for TLS went down a different codepath that failed to adjust the payload length to remove the tag. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13513)
-
由 Matt Caswell 提交于
Addition using the NULL pointer (even when adding 0) is undefined behaviour. Recent versions of ubsan are now complaining about this, so we fix various instances. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13513)
-
- 29 11月, 2020 4 次提交
-
-
由 Dr. David von Oheimb 提交于
Fixes #13495 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13552)
-
由 John Baldwin 提交于
These two bodies should be grouped together anyway as the reason for the call to BIO_flush() is to permit using BIO_set_ktls_ctrl_msg(). Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13090)
-
由 John Baldwin 提交于
When using KTLS, empty fragments sent as a mitigation for known-IV weakenesses in TLS 1.0 are sent as writes of 0 bytes. The TLS header and trailer are added to the empty fragment by the kernel. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13090)
-
由 Richard Levitte 提交于
The URI length was set to 80 chars, but the URI being built up may need more space, all depending on the paths used to get to the files that are to be loaded. If the result needs more than 80 chars, the test will fail. Fixed by using PATH_MAX. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13546)
-
- 28 11月, 2020 5 次提交
-
-
由 Liang Liu 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13519)
-
由 J08nY 提交于
CLA: trivial Fixes #12423 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13538)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13466)
-
由 Richard Levitte 提交于
ERR_get_error_line() is deprecated, and ERR_get_error_func() and ERR_get_error_data() are removed in favor of ERR_get_error_all(), since they pop the error record, leaving the caller with only partial error record data and no way to get the rest if the wish. If it's desirable to retrieve data piecemeal, the caller should consider using the diverse ERR_peek functions and finish off with ERR_get_error(). Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13466)
-
由 Matt Caswell 提交于
If we specify no-engine then this should cascade to also mean no-dynamic-engine. The store test was only checking whether dynamic-engine was disabled, meaning that some tests were failing in a no-engine build. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13502)
-