- 03 5月, 2019 8 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8867)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
由 Matt Caswell 提交于
We should be seeking to move the OPENSSL_init_crypto and OPENSSL_cleanup processing into OPENSSL_CTX instead. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
由 Matt Caswell 提交于
Various core and property related code files used global data. We should store all of that in an OPENSSL_CTX instead. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
由 Klotz, Tobias 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8023)
-
由 Dr. Matthias St. Pierre 提交于
If the `openssl cms` command is called without specifying an operation option, it replies with the following laconic error message: cms: Use -help for summary. This commit adds a helpful error message: No operation option (-encrypt|-decrypt|-sign|-verify|...) specified. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8861)
-
由 Dr. Matthias St. Pierre 提交于
Since commit 137096a7 it is possible to specify keywords instead of negative magic numbers for the salt length. This commit replaces the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes by `rsa_pss_saltlen:max`. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8860)
-
- 02 5月, 2019 2 次提交
-
-
由 Wojciech Kaluza 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803)
-
由 Wojciech Kaluza 提交于
- Allow user-defined RCFLAGS - Pass RCFLAGS to RC Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803)
-
- 01 5月, 2019 5 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8850)
-
由 Richard Levitte 提交于
Fixes #8796 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8851)
-
由 Philip Prindeville 提交于
Other commands like 'req' support -verbose, so why not gendsa and dsaparam? Part of a larger and more ambitious effort to add -verbose to all apps that might be used in scripts and need to otherwise run silently (well, without belching out anything that isn't a warning or error... which ties into a later scrub of using STDOUT were appropriate for informative messages instead of STDERR)... so that scripts also have the option of doing >/dev/null without losing anything critical. Signed-off-by: NPhilip Prindeville <philipp@redfish-solutions.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6908)
-
由 Philip Prindeville 提交于
Other commands like 'req' support -verbose, so why not genrsa? Signed-off-by: NPhilip Prindeville <philipp@redfish-solutions.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6897)
-
由 Pauli 提交于
Introduce a macro that allows all structure alignment tricks to be rolled up into a single place. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8845)
-
- 30 4月, 2019 6 次提交
-
-
由 Richard Levitte 提交于
OSSL_provider_init() gets another output parameter, holding a pointer to a provider side context. It's entirely up to the provider to define the context and what it's being used for. This pointer is passed back to other provider functions, typically the provider global get_params and set_params functions, and also the diverse algorithm context creators, and of course, the teardown function. With this, a provider can be instantiated more than once, or be re-loaded as the case may be, while maintaining instance state. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8848)
-
由 Richard Levitte 提交于
The OP_cipher_final function takes a return output size and an output buffer size argument. The oneshot OP_cipher_cipher function should do the same. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8849)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8843)
-
由 Richard Levitte 提交于
The reason is that the shared-info attributes may depend on %disabled, so we need to process all enablings/disablings first. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8846)
-
由 Pauli 提交于
Digest stored entropy for CRNG test. Via the FIPS lab, NIST confirmed: The CMVP had a chance to discuss this inquiry and we agree that hashing the NDRNG block does meet the spirit and letter of AS09.42. However, the CMVP did have a few questions: what hash algorithm would be used in this application? Is it approved? Is it CAVs tested? SHA256 is being used here and it will be both approved and CAVs tested. This means that no raw entropy needs to be kept between RNG seedings, preventing a potential attack vector aganst the randomness source and the DRBG chains. It also means the block of secure memory allocated for this purpose is no longer required. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8790)
-
由 Todd Short 提交于
With the removal of SSLv2, the s3 structure is always allocated, so there is little point in having it be an allocated pointer. Collapse the ssl3_state_st structure into ssl_st and fixup any references. This should be faster than going through an indirection and due to fewer allocations, but I'm not seeing any significant performance improvement; it seems to be within the margin of error in timing. Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7888)
-
- 26 4月, 2019 5 次提交
-
-
由 David Benjamin 提交于
pkey_rsa_copy was missing a field. Test this by repeating the operation through an EVP_PKEY_CTX_dup copy in evp_test. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8759)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8181)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8181)
-
由 Patrick Steuer 提交于
Add non-base instructions which are used by the chacha20 and poly1305 modules. Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8181)
-
由 Patrick Steuer 提交于
z14 introduced alignment hints to help vector load/store performance. For its predecessors, alignment hint defaults to 0 (no alignment indicated). Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8181)
-
- 25 4月, 2019 4 次提交
-
-
由 Pauli 提交于
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8818)
-
由 Matt Caswell 提交于
If we were using a different type of BIO than a socket BIO then BIO_get_ktls_send() and BIO_get_ktls_recv() could return the wrong result. The above occurred even if KTLS was disabled at compile time - so we should additionally ensure that those macros do nothing if KTLS is disabled. Finally we make the logic in ssl3_get_record() a little more robust when KTLS has been disabled. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8793)
-
由 Matt Caswell 提交于
If the kernel headers are sufficiently recent to have KTLS transmit support, but not recent enough to have KTLS receive support then a compilation error would be the result. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8793)
-
由 Guido Vranken 提交于
Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: NGuido Vranken <guidovranken@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8810)
-
- 24 4月, 2019 4 次提交
-
-
由 Jakub Jelen 提交于
CLA: trivial Signed-off-by: NJakub Jelen <jjelen@redhat.com> Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8786)
-
由 Shane Lontis 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8762)
-
由 Shane Lontis 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8762)
-
由 Richard Levitte 提交于
Because we depend on knowing if clang's address, memory or undefinedbehavior sanitizers are enabled, we make an extra effort to detect them among the C flags, and adjust the %disabled values accordingly. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8778)
-
- 23 4月, 2019 6 次提交
-
-
由 Richard Levitte 提交于
OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for display, but if all you really want is the directory itself, you were forced to parsed the string. This introduces a new function to get diverse configuration data from the library, OPENSSL_info(). This works the same way as OpenSSL_version(), but has its own series of types, currently including: OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR OPENSSL_INFO_MODULES_DIR returns MODULESDIR OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator OPENSSL_INFO_LIST_SEPARATOR returns list separator For scripting purposes, this also adds the command 'openssl info'. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8709)
-
由 Richard Levitte 提交于
This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the flag '-m' for 'openssl version'. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8709)
-
由 Richard Levitte 提交于
Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812)
-
由 Richard Levitte 提交于
Fixes #8787 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812)
-
由 Richard Levitte 提交于
This came about with the realisation that upper case CFLAGS, LDFLAGS and so on aren't treated much after that, and this makes figuring out user added flags significantly easier, just look in %config. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812)
-
由 Matt Caswell 提交于
[extended tests] Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8794)
-