- 31 10月, 2019 14 次提交
-
-
由 Richard Levitte 提交于
Otherwise, should this function be called more than once on the same EVP_PKEY_CTX, we get double free issues. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10292)
-
由 Jakub Zelenka 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9823)
-
由 Billy Brumley 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10209)
-
由 Kelvin Lee 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10275)
-
由 Tanzinul Islam 提交于
The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless). >rm -f `find . -name '*.d' \! -name '.*' -print` >rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory >make: [Makefile:1910: clean] Error 1 (ignored) Exclude directories from being matched by the `find` commands. CLA: trivial Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10264)
-
由 John Baldwin 提交于
The kernel will generate the MAC when transmitting the frame. Doing so here causes the MAC to be included as part of the plain text that the kernel MACs and encrypts. Note that this path is not taken when using stitched cipher suites. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)
-
由 John Baldwin 提交于
This partially reverts 3119ab3c. In the case of a simple openssl s_server instance, the bio in s->wbio is a BIO_TYPE_BUFFER BIO, not BIO_TYPE_SOCKET. This caused all of the checks to fail breaking KTLS. The default return value of control methods I have looked it is zero for unknown control requests, so invoking the control requests should be returning 0 for non-socket BIOs already. This does still map the requests to 0 at compile time for the non-KTLS case so that the compiler can optimize the checks away entirely. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)
-
由 John Baldwin 提交于
Avoid tripping over errno values from previous system calls in the thread and just hardcode the specific error. BIO_get_ktls_send() should never be true in the NO_KTLS path, so the #ifdef could be moved even higher up to assume that error path in the NO_KTLS case instead. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)
-
由 Andrew Gallatin 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)
-
由 Andrew Gallatin 提交于
- Check for the <sys/ktls.h> header to determine if KTLS support is available. - Populate a tls_enable structure with session key material for supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256 with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE is supported. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10257)
-
由 Pauli 提交于
Only the KDF and PRF algorithms used the macros for their names, all other algorithms used a string name directly. This brings the KDFs and PRFs into line with the rest. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10293)
-
由 Dr. Matthias St. Pierre 提交于
This template automatically adds the [issue: documentation] label. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10051)
-
由 Dr. Matthias St. Pierre 提交于
Actually, we would rather see general questions posted to the openssl-users mailing list. But habits have changed and more and more users ask questions on GitHub. Many of them are currently tagged as bug reports or feature requests, because there is no appropriate template for questions. This commit adds the missing template. This template automatically adds the [issue: question] label. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10051)
-
- 30 10月, 2019 2 次提交
-
-
由 Kelvin Lee 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10274)
-
由 Pavel Karagodin 提交于
... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
-
- 29 10月, 2019 1 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10036)
-
- 28 10月, 2019 5 次提交
-
-
由 Matt Caswell 提交于
Running s_server in WWW mode on Windows can allow a client to read files outside the s_server directory by including backslashes in the name, e.g. GET /..\myfile.txt HTTP/1.0 There exists a check for this for Unix paths but it is not sufficient for Windows. Since s_server is a test tool no CVE is assigned. Thanks to Jobert Abma for reporting this. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10215)
-
由 Matt Caswell 提交于
The introductory paragraph for the TLSv1.3 server side PSK documentation is a copy & paste of the client side documentation which has not been updated with the server side equivalent information. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10245)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10253)
-
由 Tobias Nießen 提交于
RSA-PSS keys use the same internal structure as RSA keys but do not allow accessing it through EVP_PKEY_get0_RSA. This commit changes that behavior. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10217)
-
由 Johannes Bauer 提交于
The hardcoded code points for TLSv1.3 cipher suites are used in the TLS PSK server callback. However, they seem to have been refactored a while ago to use tls13_aes128gcmsha256_id, so these defines are not necessary within the s_server code anymore. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10243)
-
- 26 10月, 2019 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10266)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>
-
- 24 10月, 2019 2 次提交
-
-
由 Rich Salz 提交于
Also tweak find-doc-nits while fixing a bug (don't need .in files) Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10239)
-
由 Tomas Mraz 提交于
[extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10242)
-
- 23 10月, 2019 10 次提交
-
-
由 Rich Salz 提交于
Documenting the macros removes 14 undocumented items. Merged three separate manpages into one. Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one for API compatibility. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10216)
-
由 Cesar Pereida Garcia 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10232)
-
由 Cesar Pereida Garcia 提交于
PR https://github.com/openssl/openssl/pull/10122 introduced changes to the BN_gcd function and the control logic inside it accessed `g->d[0]` irrespective of `g->top`. When BN_add is called, in case the result is zero, `BN_zero` is called. The latter behaves differently depending on the API compatibility level flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only `g->top` is set to zero. This commit uses bitwise logic to ensure that `g` is treated as zero if `g->top` is zero, irrespective of `g->d[0]`. Co-authored-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10232)
-
由 Rich Salz 提交于
Add P12 format description. Remove PEM NOTES sections; it's in openssl.pod Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10142)
-
由 Rich Salz 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10214)
-
由 Simo Sorce 提交于
Signed-off-by: NSimo Sorce <simo@redhat.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9949)
-
由 Nicola Tuveri 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9874)
-
由 Nicola Tuveri 提交于
- Use `()` to qualify function names, consistently - Limit line width to 80 chars Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9874)
-
由 Nicola Tuveri 提交于
There is nothing confidential in `EC_GROUP` so really having a `EC_GROUP_clear_free` function at all does not make much sense anymore. See https://github.com/openssl/openssl/issues/9822Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9874)
-
由 Nicola Tuveri 提交于
There is nothing confidential in `EC_GROUP` so really having a `EC_GROUP_clear_free` function at all does not make much sense anymore. See https://github.com/openssl/openssl/issues/9822Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9874)
-
- 22 10月, 2019 2 次提交
-
-
由 jayaram 提交于
for the following functions. EC_GROUP_get_order EC_GROUP_get_cofactor EC_GROUP_get_curve_name EC_GROUP_get_asn1_flag EC_GROUP_get_point_conversion_form EC_GROUP_get_degree Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9664)
-
由 Rich Salz 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10220)
-
- 21 10月, 2019 2 次提交
-
-
由 Richard Levitte 提交于
HWCAP_S390_VX is missing on SUSE Linux Enterprise Server 12 SP1, so we add a guard that checks the present of that macro. While we're at it, we do the same with HWCAP_S390_STFLE, for consistency. Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/9892)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10227)
-