- 22 5月, 2019 1 次提交
-
-
由 Pauli 提交于
Add the possibility of a property query clause to be optional by preceding it with a question mark. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8943)
-
- 21 5月, 2019 5 次提交
-
-
由 Kurt Roeckx 提交于
Fixes: #8737 Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #8741
-
由 Matt Caswell 提交于
This reverts commit dcb982d7. This change is causing extended tests to fail. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8964)
-
由 Richard Levitte 提交于
When sanitize options are added as 'enable-msan' or similar, the -fsanitize C flags is set in $config{cflags} rather than $config{CFLAGS}, so we need to check both. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8965)
-
由 Arne Schwabe 提交于
This function only returns a status and does not modify the parameter. Since similar function are already taking const parameters, also change this function to have a const parameter. Fixes #8934 CLA: trivial Signed-off-by: NArne Schwabe <arne@rfc2549.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8945)
-
由 Pauli 提交于
Add ranged checked OSSL_PARAM conversions between the native types. A conversion is legal only if the given value can be exactly represented by the target type. Includes a test case that reads a stanza test case file and verified that param conversions are processed properly. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8733)
-
- 20 5月, 2019 3 次提交
-
-
由 Richard Levitte 提交于
In the development of the CRMF sub-system, there seems to have been some confusion as to what configuration option should be used. 'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP rather than OPENSSL_NO_CRMF... In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a silent "option" that get affected by 'cmp' by way of %disable_cascades. This allows options to be "aliases" for a set of other ones, silent or not. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8897)
-
由 Pauli 提交于
The 32 bit counter behaviour is necessary and was intentional. This reverts commit e9f148c9. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8958)
-
由 Richard Levitte 提交于
We still use '.so' as a last resort... Fixes #8950 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8951)
-
- 17 5月, 2019 1 次提交
-
-
由 Daniel Axtens 提交于
The kernel self-tests picked up an issue with CTR mode. The issue was detected with a test vector with an IV of FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD: after 3 increments it should wrap around to 0. There are two paths that increment IVs: the bulk (8 at a time) path, and the individual path which is used when there are fewer than 8 AES blocks to process. In the bulk path, the IV is incremented with vadduqm: "Vector Add Unsigned Quadword Modulo", which does 128-bit addition. In the individual path, however, the IV is incremented with vadduwm: "Vector Add Unsigned Word Modulo", which instead does 4 32-bit additions. Thus the IV would instead become FFFFFFFFFFFFFFFFFFFFFFFF00000000, throwing off the result. Use vadduqm. This was probably a typo originally, what with q and w being adjacent. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8942)
-
- 16 5月, 2019 2 次提交
-
-
由 Valentin Robert 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8905)
-
由 Shane Lontis 提交于
X963 KDF is used for CMS ec keyagree Recipient Info. The X963 KDF that is used by CMS EC Key Agreement has been moved into a EVP_KDF object. This KDF is almost identical to the the SSKDF hash variant, so it has been implemented inside the SSKDF code with its own method table. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8902)
-
- 13 5月, 2019 5 次提交
-
-
由 Richard Levitte 提交于
Now that the legacy NID isn't used as a main index for fetched algorithms, the legacy NID was just transported around unnecessarily. This is removed, and the legacy NID is simply set by EVP_{API}_fetch() after the construction process is done. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8878)
-
由 Richard Levitte 提交于
POD markup is only forbidden in the actual names, while permitted in the description. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8878)
-
由 Richard Levitte 提交于
We didn't deal very well with names that didn't have pre-defined NIDs, as the NID zero travelled through the full process and resulted in an inaccessible method. By consequence, we need to refactor the method construction callbacks to rely more on algorithm names. We must, however, still store the legacy NID with the method, for the sake of other code that depend on it (for example, CMS). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8878)
-
由 Richard Levitte 提交于
This avoids using the ASN1_OBJECT database, which is bloated for the purpose of a simple number <-> name database. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8878)
-
由 Richard Levitte 提交于
This can be used as a general name to identity map. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8878)
-
- 12 5月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Small correction to RAND_DRBG(7) (amends 3a50a8a9) Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8909)
-
- 10 5月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The functions RAND_add() and RAND_seed() provide a legacy API which enables the application to seed the CSPRNG. But NIST SP-800-90A clearly mandates that entropy *shall not* be provided by the consuming application, neither for instantiation, nor for reseeding. The provided random data will be mixed into the DRBG state as additional data only, and no entropy will accounted for it. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8722)
-
- 09 5月, 2019 6 次提交
-
-
由 Pauli 提交于
Provide C test cases with the option to skip tests and subtests. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8695)
-
由 Pauli 提交于
applicable. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8695)
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8901)
-
由 Richard Levitte 提交于
There are quite a number of sanitizers for clang that aren't documented in the clang user documentation. This makes it impossible to be selective about what sanitizers to look at to determine if '-z defs' should be used of not. Under these circumstances, the sane thing to do is to just look for any sanitizer specification and not use '-z defs' if there's one present. Fixes #8735 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8892)
-
由 Rashmica Gupta 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8889)
-
由 Lorinczy Zsigmond 提交于
Add new option '-http_server_binmode' which allows the server to open and send binary files as well as text. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8811)
-
- 08 5月, 2019 15 次提交
-
-
由 Richard Levitte 提交于
OBJ_bsearch_ and OBJ_bsearch_ex_ are generic functions that don't really belong with the OBJ API, but should rather be generic utility functions. The ending underscore indicates that they are considered internal, even though they are declared publicly. Since crypto/stack/stack.c uses OBJ_bsearch_ex_, the stack API ends up depending on the OBJ API, which is unnecessary, and carries along other dependencies. Therefor, a generic internal function is created, ossl_bsearch(). This removes the unecessary dependencies. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8899)
-
由 Tobias Nießen 提交于
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7243)
-
由 Guido Vranken 提交于
If ctx->cipher->cupdate/ctx->cipher->cfinal failed, 'soutl' is left uninitialized. This patch incorporates the same logic as present in EVP_DecryptUpdate and EVP_DecryptFinal_ex: only branch on 'soutl' if the preceding call succeeded. Bug found by OSS-Fuzz. Signed-off-by: NGuido Vranken <guidovranken@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8874)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-