- 08 8月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9542)
-
- 07 8月, 2019 5 次提交
-
-
由 Matt Caswell 提交于
When creating a BN_CTX, make sure we store it in the right variable! Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9546)
-
由 Matt Caswell 提交于
Commit ed57f7f9 implemented the macro ERR_raise and updated err.h to use it. A typo in err.h means that errors in the BN library are mistakenly attributed to the RSA library. This was found due to the following error appearing in a travis log: 00:07:CB:13:05:7F:00:00:error:0400006C:rsa routines::data greater than mod len:crypto/bn/bn_gcd.c:613: 00:07:CB:13:05:7F:00:00:error:04000003:rsa routines::BN lib:crypto/rsa/rsa_gen.c:393: /home/travis/build/openssl/openssl/util/shlib_wrap.sh /home/travis/build/openssl/openssl/apps/openssl genrsa -out rsamptest.pem -primes 5 8192 => 1 not ok 12 - genrsa 8192p5 The line in question (crypto/bn/bn_gcd.c:613) actually looks like this: BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); The test was checking for that error being raised, but was instead seeing a different error and thus failing. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/9539)
-
由 Matt Caswell 提交于
We run the cipher and digest evp_test test files in FIPS mode. Some ciphers/digests aren't available in FIPS mode so we mark those as only being available in the default provider. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9531)
-
由 Matt Caswell 提交于
If an implict EVP_CIPHER_fetch fails then ctx->cipher should not be set otherwise strange things will happen when trying to free the ctx. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9531)
-
由 Shane Lontis 提交于
Fixes #9500 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9512)
-
- 06 8月, 2019 9 次提交
-
-
由 raja-ashok 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9323)
-
由 raja-ashok 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9323)
-
由 raja-ashok 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9323)
-
由 Matt Caswell 提交于
They incorrectly said that i2d_ECDSA_SIG returns 0 on error. In fact it returns a negative value on error. We fix this by moving the i2d_ECDSA_SIG/d2i_ECDSA_SIG docs onto the same page as all the other d2i/i2d docs. Fixes #9517 Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9533)
-
由 Matt Caswell 提交于
Document the new EC functions that are OPENSSL_CTX aware. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9380)
-
由 Matt Caswell 提交于
Test that EC code works properly in the FIPS provider Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9380)
-
由 Matt Caswell 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9380)
-
由 Matt Caswell 提交于
The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string "extended master secret". On EBCDIC machines it actually contained the value "extecded master secret" Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9430)
-
由 Matt Caswell 提交于
At some point in the past do_ssl3_write() used to return the number of bytes written, or a value <= 0 on error. It now just returns a success/ error code and writes the number of bytes written to |tmpwrit|. The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code for the number of bytes written rather than |tmpwrit|. This has the effect that the buffers are not released when they are supposed to be. Fixes #9490 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9505)
-
- 05 8月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9506)
-
- 04 8月, 2019 1 次提交
-
-
由 David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9483)
-
- 02 8月, 2019 2 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9496)
-
由 Pauli 提交于
Code clarification. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/9514)
-
- 01 8月, 2019 11 次提交
-
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9501)
-
由 Dr. Matthias St. Pierre 提交于
Complements commit b383aa20, which added X509_get0_authority_key_id(). const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); [NEW] const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); [NEW] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9493)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
-
由 Matt Caswell 提交于
The krb5 external test relies on legacy algorithms. Therefore we make use of the capability to load a config file by default, and ensure that the config file in use by the krb5 tests loads both the legacy and default providers. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
-
由 Matt Caswell 提交于
Previously we only loaded the config file by default for libssl. Now we do it for libcrypto too. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
-
由 Matt Caswell 提交于
Running evp_test with the FIPS module has never worked because the config file was never loaded by default. Actually loading the FIPS module reveals lots of failures in evp_test. The following commits will enable loading the config file by default and so we temporarily disable running the evp_test with the FIPS module until the tests can be fixed. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
-
由 Matt Caswell 提交于
The "Availablein" keyword is supposed to indicate which providers are required in evp_test in order for a particular test to pass. Unfortunately this didn't work. If the provider was available then the test failed. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
-
由 Pauli 提交于
The problem being that the "requires flush" flag was being cleared after the the flush. The fix is to clear it before. This is a problem because the cache flushing called RAND_bytes and if the DRBG hadn't been created yet, it would be queried and added to the cache causing the flush code to repeat. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9477)
-
由 Pauli 提交于
The alternative is to use a fast and small xorshift random number generator. The stochastic flushing doesn't require good random numbers, just enough variety to avoid causing problems. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9477)
-
由 raja-ashok 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9471)
-
由 joe2018Outlookcom 提交于
Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared. Fixes #9487 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9488)
-
- 31 7月, 2019 10 次提交
-
-
由 David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9466)
-
由 Shane Lontis 提交于
The code has been modularized so that it can be shared by algorithms. A fixed size IV is now used instead of being allocated. The IV is not set into the low level struct now until the update (it uses an iv_state for this purpose). Hardware specific methods have been added to a PROV_GCM_HW object. The S390 code has been changed to just contain methods that can be accessed in a modular way. There are equivalent generic methods also for the other platforms. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/9231)
-
由 Nicola Tuveri 提交于
[extended tests] This is a temporary workaround for issue #9251, which contains a full discussion of the real problem. As a temporary workaround, we test `EC_GROUP_new_from_ecparameters()` against a curve that does not currently have alternative implementations. The proper fix is dependant on resolution of issue #8615 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9474)
-
由 Richard Levitte 提交于
In ERR_add_error_vdata(), the size of err_data had 1 added to it in some spots, which could lead to buffer overflow. In ERR_vset_error(), ERR_MAX_DATA_SIZE was used instead of buf_size in the BIO_vsnprintf() call, which would lead to a buffer overflow if such a large buffer couldn't be allocated. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9491)
-
由 Shane Lontis 提交于
Change name from 'ctx' to 'store' to remove ctx->ctx from code. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9405)
-
由 Shane Lontis 提交于
Also added EVP_CTRL_RET_UNSUPPORTED define (so magic numbers can be removed) Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9464)
-
由 FdaSilvaYY 提交于
CAdES : rework CAdES signing API. Make it private, as it is unused outside library bounds. Fix varous doc-nits. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-
由 Richard Levitte 提交于
More should be added there Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/9486)
-
由 Pauli 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9485)
-
由 Richard Levitte 提交于
If compiled with 'no-deprecated', ERR_put_error() is undefined. We had one spot where we were using it directly, because the file and line information was passed from elsewhere. Fortunately, it's possible to use ERR_raise() for that situation, and call ERR_set_debug() immediately after and thereby override the information that ERR_raise() stored in the error record. util/mkerr.pl needed a small adjustment to not generate code that won't compile in a 'no-deprecated' configuration. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
-