- 29 11月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
It appears that 'sock_timeout' is defined at least with DJGPP, so we rename our symbol and hope the new name isn't taken. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10515)
-
- 28 11月, 2019 5 次提交
-
-
由 moehuster 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10420) (cherry picked from commit ca7c982821cd6d7546f92623da61a6f43ee32d0a)
-
由 Ard Biesheuvel 提交于
Depending on the size of the input, we may take different paths through the accelerated arm64 ChaCha20 routines, each of which use a different subset of the FP registers, some of which need to be preserved and restored, as required by the AArch64 calling convention (AAPCS64) In some cases, (e.g., when the input size is 640 bytes), we call the 512 byte NEON path followed directly by the scalar path, and in this case, we preserve and restore d8 and d9, only to clobber them again immediately before handing over to the scalar path which does not touch the FP registers at all, and hence does not restore them either. Fix this by moving the restoration of d8 and d9 to a later stage in the 512 byte routine, either before calling the scalar path, or when exiting the function. Fixes #10470 CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10497)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10135)
-
由 Rich Salz 提交于
Add openssl-env.pod Also fix up many other environment page formatting nits. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10135)
-
由 Richard Levitte 提交于
Build it against static libraries always, since that's the only way it can work as intended. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10516)
-
- 27 11月, 2019 2 次提交
-
-
由 Richard Levitte 提交于
When checking links, we need to peal away stuff that aren't part of the link proper first. That makes it easier to check the link itself. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10507)
-
由 Richard Levitte 提交于
This replaces doc/HOWTO/proxy_certificates.txt Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10507)
-
- 26 11月, 2019 1 次提交
-
-
由 Pauli 提交于
Coverity 1456008. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10509)
-
- 25 11月, 2019 2 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10461)
-
由 John Baldwin 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #10372
-
- 24 11月, 2019 3 次提交
-
-
由 Pauli 提交于
The reduction in the cache flush threshold in #10408 caused the stochastic test to fail with noticeable probability. Revert that part of the change. Also add a comment to help avoid this in future. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10505)
-
由 Dr. Matthias St. Pierre 提交于
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding mechanism, which makes it dispensable to define a RANDFILE for saving and restoring randomness. This commit removes the RANDFILE declarations from our own configuration files and adds documentation that this option is not needed anymore and retained mainly for compatibility reasons. Fixes #10433 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10436)
-
由 Matus Kysel 提交于
Remove deadlock that was caused by calling pthread_rwlock_wrlock() on same thread twice. This can be reproduce only with musl. CLA: trivial Signed-off-by: NMatus Kysel <mkysel@tachyum.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10501)
-
- 23 11月, 2019 1 次提交
-
-
由 Daniil Zotkin 提交于
Use ssl_print_hex to print message in case of GOST key exchange algorithm. CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9995)
-
- 22 11月, 2019 8 次提交
-
-
由 Richard Levitte 提交于
Fixes #10444 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10447)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10493)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10495)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10487)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10487)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10496)
-
由 Benjamin Kaduk 提交于
As was done for ciphers, supported groups, and EC point formats in https://github.com/openssl/openssl/pull/9162, only write the negotiated SNI hostname value to the session object when not resuming, even for TLS 1.3 resumptions. Otherwise, when using a stateful session cache (as is done by default when 0-RTT data is enabled), we can have multiple SSLs active using the same in-memory session object, which leads to double-frees and similar race conditions in the SNI handler prior to this commit. Fortunately, since draft-ietf-tls-tls13-22, there is no requirement that the SNI hostname be preserved across TLS 1.3 resumption, and thus not a need to continually update the session object with the "current" value (to be used when producing session tickets, so that the subsequent resumption can be checked against the current value). So we can just relax the logic and only write to the session object for initial handshakes. This still leaves us in a somewhat inconsistent state, since if the SNI value does change across handshakes, the session object will continue to record the initial handshake's value, even if that bears no relation to the current handshake. The current SSL_get_servername() implementation prefers the value from the session if s->hit, but a more complete fix for that and related issues is underway in https://github.com/openssl/openssl/pull/10018; there is no need to wait for the complete fix for SNI name handling in order to close the race condition and avoid runtime crashes. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10441)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10488)
-
- 21 11月, 2019 5 次提交
-
-
由 Matt Caswell 提交于
Also documents our new canonical naming. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10092)
-
由 Matt Caswell 提交于
Make some algorithms names better match our "canonical" style. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10092)
-
由 Pauli 提交于
Check for NULL and return error if so. This can possibly be called from apps/ca.c with a NULL argument. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/10474)
-
由 Pauli 提交于
Add NULL check for return from pkey_asn1_meths. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10473)
-
由 Pauli 提交于
Verifications are public, there is no need to clear the used storage before freeing it. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10475)
-
- 20 11月, 2019 5 次提交
-
-
由 Richard Levitte 提交于
This adds ossl_namemap_empty(), to detect if a namemap is empty and can thereby be pre-populated. This also affects the way legacy NIDs are looked up in evp_cipher_from_dispatch() and evp_md_from_dispatch(). Instead of trying to find the NID directly, look up the legacy method structure and grab the NID from there. The reason is that NIDs can be aliases for other NIDs, which looks like a clash even if wasn't really one. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8984)
-
由 Bernd Edlinger 提交于
We store a secondary frame pointer info for the debugger in the red zone. Fixes #8853 [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9624)
-
由 Patrick Steuer 提交于
In addition to 67c81ec3 which introduced this behavior in CCM mode docs but only implemented it for AES-CCM. Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10331)
-
由 Patrick Steuer 提交于
The asm modules may assume an input length > 0. Fixes: #9262 Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10323)
-
由 Rich Salz 提交于
Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371)
-
- 19 11月, 2019 4 次提交
-
-
由 Matt Caswell 提交于
Various ciphers have the ability to support varaible length keys. This adds some test cases for algorithms where we did not test a key length other than the default size. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10449)
-
由 Matt Caswell 提交于
EVP_CIPHER_CTX_set_keylen() was succeeding even though a bad key length is passed to it. This is because the set_ctx_params() were all accepting this parameter and blindly changing the keylen even though the cipher did not accept a variable key length. Even removing this didn't entirely resolve the issue because set_ctx_params() functions succeed even if passed a parameter they do not recognise. This should fix various issues found by OSSfuzz/Cryptofuzz. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10449)
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10467)
-
由 Xiaokang Qian 提交于
Speed test, aes-siv related cases fail on both x86 and arm. The return value of siv_init() causes this problem, remove the iv check to fix it. Verify it locally, the result is pass. Fixes #10416 Change-Id: If1a18599f3d0f56f22a1ce4f8f114b8db0f68cca Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10419)
-
- 18 11月, 2019 3 次提交
-
-
由 Pauli 提交于
The property query cache was not reference count aware and this could cause problems if the property store removes an algorithm while it is being returned from an asynchronous query. This change makes the cache reference count aware and avoids disappearing algorithms. A side effect of this change is that the reference counts are now owned by the cache and store. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10408)
-
由 Shane Lontis 提交于
Fixes #10438 issue found by clusterfuzz/ossfuzz The dest was getting a copy of the src structure which contained a pointer that should point to an offset inside itself - because of the copy it was pointing to the original structure. The setup for a ctx is mainly done by the initkey method in the PROV_CIPHER_HW structure. Because of this it makes sense that the structure should also contain a copyctx method that is use to resolve any pointers that need to be setup. A dup_ctx has been added to the cipher_enc tests in evp_test. It does a dup after setup and then frees the original ctx. This detects any floating pointers in the duplicated context that were pointing back to the freed ctx. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10443)
-
由 Richard Levitte 提交于
There's no reason why the object to be written, or the key string given by the caller should be non-const. This makes the IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const macros superfluous, so we keep them around but mark them deprecated. In all places where IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const are used, they are replaced with the corresponding macros without '_const'. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10452)
-