- 27 11月, 2020 12 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13510)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13510)
-
由 Shane Lontis 提交于
pem_read_depr_test needed to be setup in build info so that it only exists inside an IF[{- !$disabled{'deprecated-3.0'} -}] block. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13543)
-
由 Shane Lontis 提交于
Fixes #13057 When using an engine, there is no cipher->prov so a call to EVP_CIPHER_CTX_set_padding() returns an error when evp_do_ciph_ctx_setparams() is called. For the legacy path it needs to avoid doing the call and just return 1. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13437)
-
由 Daniel Bevenius 提交于
This commit tries to address a locking issue in evp_pkey_reset_unlocked which can occur when it is called from evp_pkey_downgrade. evp_pkey_downgrade will acquire a lock for pk->lock and if successful then call evp_pkey_reset_unlocked. evp_pkey_reset_unlocked will call memset on pk, and then create a new lock and set pk->lock to point to that new lock. I believe there are two problems with this. The first is that after the call to memset, another thread would try to acquire a lock for NULL as that is what the value of pk->lock would be at that point. The second issue is that after the new lock has been assigned to pk->lock, that lock is different from the one currently locked so another thread trying to acquire the lock will succeed which can lead to strange behaviour. More details and a reproducer can be found in the Refs link below. This changes the evp_pkey_reset_unlocked to not touch the lock and the creation of a new lock is done in EVP_PKEY_new. Refs: https://github.com/danbev/learning-libcrypto/blob/master/notes/issues.md#openssl-investigationtroubleshooting https://github.com/nodejs/node/issues/29817Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13374)
-
由 Tomas Mraz 提交于
Documenting when EVP_MD_CTX_reset() is implicitly called and when type can be set to NULL. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13402)
-
由 Tomas Mraz 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13402)
-
由 Tomas Mraz 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13402)
-
由 Tomas Mraz 提交于
It does not do it in legacy path and 1.1.1 so that must not change. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13402)
-
由 Matt Caswell 提交于
The "multi" variable should only be used within HTTP_DAEMON guards. However there were a few spots where this was not the case, which causes no-posix-io builds to fail. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13498)
-
由 Richard Levitte 提交于
Fixes #13511 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13512)
-
由 Richard Levitte 提交于
The apps UI method acts as a proxy that bases its activity on a base (was called fallback) UI_METHOD, which defaults to UI_OpenSSL() under normal circumstances. However, some apps might want to have it based on another UI_METHOD, such as UI_null() to avoid prompting (typical for a -batch run). The new function set_base_ui_method() allows them to do precisely this. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13512)
-
- 26 11月, 2020 6 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13533)
-
由 Richard Levitte 提交于
The examples are also updated to have correct terminators. doc/man3/OSSL_PARAM.pod is deliberately written with no help from the constructor macros described in OSSL_PARAM_int.pod. Therefore, use of OSSL_PARAM_END isn't shown directly here, only leaving a link to its man-page to indicate that there is that option. Fixes #11280 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13478)
-
由 Matt Caswell 提交于
Skip a test that relies on RC2 being present in a no-rc2 build. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13496)
-
由 Matt Caswell 提交于
genpkey was supressing deprecation warnings in order to support ENGINE functionality. We move all of that into a separate file so that we don't need to suppress the warnings anymore. Fixes #13118 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13454)
-
- 25 11月, 2020 11 次提交
-
-
由 Dr. David von Oheimb 提交于
Also make clear we cannot use get_ui_method() at this point. Fixes #13494 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13497)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13497)
-
由 Dr. David von Oheimb 提交于
Fixes #13494 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13497)
-
由 Matt Caswell 提交于
Commit be9d82bb inadvertently disabled ciphersuite testing. This masked some issues. Therefore we fix this testing. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13378)
-
由 Matt Caswell 提交于
The RC4-MD5 ciphersuites were not removing the length of the MAC when calculating the length of decrypted TLS data. Since RC4 is a streamed cipher that doesn't use padding we separate out the concepts of fixed length TLS data to be removed, and TLS padding. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13378)
-
由 Matt Caswell 提交于
We previously updated the block ciphers to know how to remove a TLS MAC when using Encrypt-then-MAC. We also need to do the same for stream ciphers. Fixes #13363 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13378)
-
由 Matt Caswell 提交于
There have been instances where OSSL_STORE got confused between DSA and DH params (e.g. see issue #13046) due the DER encoding of DH and DSA params looking identical. Therefore we test that we get the types that we expect. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13329)
-
由 Matt Caswell 提交于
Add tests for various deprecated PEM_read_bio_*() functions to ensure they can still read the various files. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13329)
-
由 Matt Caswell 提交于
The OSSL_STORE code was forgetting the datatype that we read from the PEM header when decoding the DER. Fixes #13046 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13329)
-
由 Richard Levitte 提交于
Fixes #13482 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13484)
-
由 Matt Caswell 提交于
The -dsaparam option was deprecated because it was previously using deprecated functions in order to operate. This is no longer the case and therefore does not need to be deprecated. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13485)
-
- 24 11月, 2020 7 次提交
-
-
由 Richard Levitte 提交于
This partially reverts commit a308acb2. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
-
由 Richard Levitte 提交于
This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
-
由 Richard Levitte 提交于
This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be removed when those functions are finally removed. This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h, moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h to include/openssl/cryptoerr_legacy.h, and finally removes the declaration of ERR_load_DSO_strings(), which was entirely internal anyway. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
-
由 Richard Levitte 提交于
This also modifies the .ec L statement to take a third file, which is the internal header file to declare internal things. This is only useful for our internal declarations and will not affect engines. Fixes #10527 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
-
由 Matt Caswell 提交于
As an interim measure until we work out our longer term CI strategy this PR enables some basic CI tests using the Github CI capability. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13489)
-
由 Petr Gotthard 提交于
Fix for the issue #13472. The decoderctx has to be initialized in every cycle as its constructor may not be called due to lazy evaluation of the if-condition. CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13473)
-
由 Richard Levitte 提交于
Our test data (test/data.txt and test/data2.txt) are text files, but declaring them binary means that there will be no line ending transformation done on them. This is necessary for testing on non-Unix platforms, where certain tests could otherwise give results that don't match expected results. Fixes #13474 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13477)
-
- 23 11月, 2020 4 次提交
-
-
由 Matt Caswell 提交于
disabled_enc_mask et al were global. Now that cipher loading is done individually for each SSL_CTX, based on the libctx configured for that SSL_CTX this means that some things will be disabled for one SSL_CTX but not for another. The global variables set up the potential for different SSL_CTXs to trample on each other. We move these variables into the SSL_CTX structure. Fixes #12040 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13465)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13231)
-
由 Matt Caswell 提交于
Previously changes left some variables behind that were no longer needed. We now remove them. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13231)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13231)
-