- 16 7月, 2020 6 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12311)
-
由 Shane Lontis 提交于
Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are supported. The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly. The cipher returns the flag EVP_CIPH_FLAG_CTS. EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12094)
-
由 aSoujyuTanaka 提交于
Reviewed-by: NMark J. Cox <mark@awe.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526)
-
由 aSoujyuTanaka 提交于
Reviewed-by: NMark J. Cox <mark@awe.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526)
-
由 aSoujyuTanaka 提交于
its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.htmlReviewed-by: NMark J. Cox <mark@awe.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526)
-
由 aSoujyuTanaka 提交于
Reviewed-by: NMark J. Cox <mark@awe.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526)
-
- 14 7月, 2020 2 次提交
-
-
由 Pauli 提交于
The existing wording didn't capture the reality of the default setup, this new nomenclature attempts to improve the situation. Reviewed-by: NMark J. Cox <mark@awe.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12366)
-
由 Daniel Bevenius 提交于
This commit updates Configurations/README.md and turns the Makefile templates into non-links. The motivation for this is that not all template exist in the directory leading to 404 Not found errors when accessed. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12401)
-
- 12 7月, 2020 2 次提交
-
-
由 Billy Brumley 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12096)
-
由 Benjamin Kaduk 提交于
Since libssl is entirely using fetched cipher/digest implementations from providers, we don't need to register the libcrypto cipher/digest implementations in ossl_init_ssl_base(). Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12418)
-
- 11 7月, 2020 3 次提交
-
-
由 Richard Levitte 提交于
The code relied on B_ENDIAN being defined on all big-endian platform, which turned out to not always be the case. Fixes #12387 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12390)
-
由 Richard Levitte 提交于
This moves test/ossl_test_endian.h to include/internal/endian.h and thereby makes the macros in there our standard way to check endianness in run-time. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12390)
-
由 Richard Levitte 提交于
Fixes #12350 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12373)
-
- 10 7月, 2020 1 次提交
-
-
由 Dr. David von Oheimb 提交于
Fixes #12386 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12399)
-
- 09 7月, 2020 3 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12402)
-
由 Richard Levitte 提交于
Documentation files were treated as programs when assigning to the make variables HTMLDOCS{1,3,5,7} and MANDOCS{1,3,5,7}, which is is incorrect on POSIX sub-systems where executables have an extension (.exe). Fixes #11937 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12374)
-
由 Shane Lontis 提交于
Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12176)
-
- 08 7月, 2020 11 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
-
由 Shane Lontis 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
-
由 Shane Lontis 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
-
由 Shane Lontis 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
-
由 Shane Lontis 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
-
由 Shane Lontis 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
-
由 Shane Lontis 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12292)
-
由 Matt Caswell 提交于
As long as we have at least one provider loaded which offers some groups, it doesn't matter if we have others loaded that don't. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12292)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12292)
-
由 Matt Caswell 提交于
It is not a failure to call OSSL_PROVIDER_get_capabilities() with a provider loaded that has no capabilities. Fixes #12286 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12292)
-
- 07 7月, 2020 4 次提交
-
-
由 Martin Elshuber 提交于
Some applications want even all plaintext copies beeing zeroized. However, currently plaintext residuals are kept in rbuf within the s3 record layer. This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to optionally enable cleansing of decrypted plaintext data. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12251)
-
由 Nicola Tuveri 提交于
Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <https://github.com/openssl/openssl/issues/12306> for more details. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12307)
-
由 Nicola Tuveri 提交于
If the key is to be serialized or printed as text and the framework returns an error, the app should signal the failure to the user using a non-zero exit status. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12305)
-
由 Nicola Tuveri 提交于
The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes #12306 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12313)
-
- 06 7月, 2020 8 次提交
-
-
由 Glenn Strauss 提交于
improve reference implementation code in SSL_CTX_set_tlsext_ticket_key_cb man page change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication of requiring longer keys. Updating this code brings the reference implementation in line with implementation in openssl committed in 2016: commit 05df5c20 Use AES256 for the default encryption algoritm for TLS session tickets add comments where user-implementation is needed to complete code CLA: trivial Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12063)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
-
由 Matt Caswell 提交于
sslcorrupttest was looking for a "decryption failed or bad record mac" error in the queue. However if there were multiple errors on the queue then it would fail to find it. We modify the test to check all errors. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
-
由 Matt Caswell 提交于
EVP_CipherUpdate is supposed to return 1 for success or 0 for error. However for GCM ciphers it was sometimes returning -1 for error. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
-
由 Matt Caswell 提交于
We were not correctly passing the provider ctx down the chain during initialisation of a new cipher ctx. Instead the provider ctx got set to NULL. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
-