- 13 4月, 2018 5 次提交
-
-
由 Matt Caswell 提交于
Historically we used to implement standalone base64 code for SRP. This was replaced by commit 3d3f21aa with the standard base64 processing code. However, the SRP base64 code was designed to be compatible with other SRP libraries (notably libsrp, but also others) that use a variant of standard base64. Specifically a different alphabet is used and no padding '=' characters are used. Instead 0 padding is added to the front of the string. By changing to standard base64 we change the behaviour of the API which may impact interoperability. It also means that SRP verifier files created prior to 1.1.1 would not be readable in 1.1.1 and vice versa. Instead we expand our standard base64 processing with the capability to be able to read and generate the SRP base64 variant. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5925)
-
由 Matt Caswell 提交于
Previously they were using EVP_EncodeBlock/EVP_DecodeBlock. These are low level functions that do not handle padding characters. This was causing the SRP code to fail. One side effect of using EVP_EncodeUpdate is that it inserts newlines which is not what we need in SRP so we add a flag to avoid that. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5925)
-
由 Richard Levitte 提交于
The documentation erroneously stated that one can change the default configuration file name. Fixes #5939 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5941)
-
由 Andy Polyakov 提交于
The failure is "impossible", because we have confirmation that s_server listens, yet Mac OS X fails to connect. This avoids 10 minutes timeout on Travis CI. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5907)
-
由 Andy Polyakov 提交于
On rare occasion 's_server | perl -ne print' can complete before corresponding waitpid, which on Windows can results in -1 return value. This is not an error, don't treat it like one. Collect even return value from s_server. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5907)
-
- 12 4月, 2018 10 次提交
-
-
由 Richard Levitte 提交于
X509_get_default_cert_dir_env() returns the default environment variable to check for certificate directories. X509_get_default_cert_dir() returns the default configured certificate directory. Use these instead of hard coding our own values, and thereby be more integrated with the rest of OpenSSL. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937)
-
由 Richard Levitte 提交于
Fixes #5902 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937)
-
由 Andy Polyakov 提交于
Purpose of build_all_generated is to execute all the rules that require perl, so that one can copy the tree to system with compiler but without perl. This commit removes last dependencies on perl. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5929)
-
由 Daniel Bevenius 提交于
This is a minor update which hopefully makes these particular lines read a little easier. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5938)
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5930)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5930)
-
由 Richard Levitte 提交于
Computing the value of the GENERATED variable in the build file templates is somewhat overcomplicated, and because of possible duplication errors, changes are potentially error prone. Looking more closely at how this list is determined, it can be observed that the exact list of files to check is consistently available in all the values found in the %unified_info tables 'depends', 'sources' and 'shared_sources', and all that's needed is to filter those values so only those present as keys in the 'generate' table are left. This computation is also common for all build files, so due to its apparent complexity, we move it to common0.tmpl, with the result left in a global variable (@generated), to be consumed by all build file templates. common0.tmpl is included among the files to process when creating build files, but unlike common.tmpl, it comes first of all. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5930)
-
由 Theo Buehler 提交于
The EVP_MD_CTX_cleanup() function was merged into EVP_MD_CTX_reset() which is called by EVP_MD_CTX_free(). Adjust the documentation to say that the latter should be used to avoid leaking memory. CLA: trivial Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5921)
-
由 Daniel Bevenius 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5774)
-
由 Dr. Matthias St. Pierre 提交于
- added some explaining text to a sentence that lost its context. - removed mention of per-ssl drbg - fix whitespace errors Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5804)
-
- 11 4月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
For test recipes that want to use the directory of the data directory or a subdirectory thereof, rather than just individual files. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5928)
-
- 10 4月, 2018 3 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5918)
-
由 Andy Polyakov 提交于
The warning reads "[cast] may cause misaligned access". Even though this can be application-supplied pointer, misaligned access shouldn't happen, because structure type is "encoded" into data itself, and application would customarily pass correctly aligned pointer. But there is no harm in resolving the warning... Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5894)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 09 4月, 2018 2 次提交
-
-
由 Kunxian Xia 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5908)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #5778, #5840 The various IS_*() macros did not work correctly for 8-bit ASCII characters with the high bit set, because the CVT(a) preprocessor macro and'ed the given ASCII value with 0x7F, effectively folding the high value range 128-255 over the low value range 0-127. As a consequence, some of the IS_*() erroneously returned TRUE. This commit fixes the issue by adding range checks instead of cutting off high order bits using a mask. In order avoid multiple evaluation of macro arguments, most of the implementation was moved from macros into a static function is_keytype(). Thanks to Румен Петров for reporting and analyzing the UTF-8 parsing issue #5840. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5903)
-
- 08 4月, 2018 10 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5900)
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887)
-
由 Andy Polyakov 提交于
Original logic was "if no records found *or* last one is truncated, then leave complete records in queue." Trouble is that if we don't pass on complete records and get complete packet in opposite direction, then queued records will go back to sender. In other words complete records should always be passed on. [Possible alternative would be to match direction in reconstruct_record.] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887)
-
由 Andy Polyakov 提交于
Even though removed calls were oiriginally added on Windows, problem they tried to mitigate is not Windows-specific. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887)
-
由 Andy Polyakov 提交于
Without TCP_NODELAY alerts risk to be dropped between shutdown and close. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887)
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887)
-
由 Andy Polyakov 提交于
HP-UX provides sockets symbols with incompatible prototypes under same name. This caused problems in 64-bit builds. Additional macros force unambiguous symbols with unambiguous prototypes. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5742)
-
由 Andy Polyakov 提交于
hpux64-parisc2-gcc is chosen based on gcc's bitness, and it was overriden unconditionally. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5742)
-
由 Andy Polyakov 提交于
HP-UX gmtime fails with ERANGE past 19011213204552Z, so skip some tests. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5742)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5889)
-
- 06 4月, 2018 5 次提交
-
-
由 Kaoru Toda 提交于
add_attribute_object and add_DN_object have similar code, so move it into a common function build_data. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4566)
-
由 Matt Caswell 提交于
Fixes #5873 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5880)
-
由 Matt Caswell 提交于
Adding support for these operations for the EdDSA implementations makes pkeyutl usable for signing/verifying for these algorithms. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5880)
-
由 Rich Salz 提交于
The wrong "set" field was incremented in the wrong place and would create a new RDN, not a multi-valued RDN. RDN inserts would happen after not before. Prepending an entry to an RDN incorrectly created a new RDN Anything which built up an X509_NAME could get a messed-up structure, which would then be "wrong" for anyone using that name. Thanks to Ingo Schwarze for extensive debugging and the initial fix (documented in GitHub issue #5870). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5882)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5886)
-
- 05 4月, 2018 4 次提交
-
-
由 Matt Caswell 提交于
Fixes #5739 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800)
-
由 Matt Caswell 提交于
There are two undocumented DSA parameter generation options available in the genpkey command line app: dsa_paramgen_md and dsa_paramgen_q_bits. These can also be accessed via the EVP API but only by using EVP_PKEY_CTX_ctrl() or EVP_PKEY_CTX_ctrl_str() directly. There are no helper macros for these options. dsa_paramgen_q_bits sets the length of q in bits (default 160 bits). dsa_paramgen_md sets the digest that is used during the parameter generation (default SHA1). In particular the output length of the digest used must be equal to or greater than the number of bits in q because of this code: if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) goto err; if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) goto err; for (i = 0; i < qsize; i++) md[i] ^= buf2[i]; /* step 3 */ md[0] |= 0x80; md[qsize - 1] |= 0x01; if (!BN_bin2bn(md, qsize, q)) goto err; qsize here is the number of bits in q and evpmd is the digest set via dsa_paramgen_md. md and buf2 are buffers of length SHA256_DIGEST_LENGTH. buf2 has been filled with qsize bits of random seed data, and md is uninitialised. If the output size of evpmd is less than qsize then the line "md[i] ^= buf2[i]" will be xoring an uninitialised value and the random seed data together to form the least significant bits of q (and not using the output of the digest at all for those bits) - which is probably not what was intended. The same seed is then used as an input to generating p. If the uninitialised data is actually all zeros (as seems quite likely) then the least significant bits of q will exactly match the least significant bits of the seed. This problem only occurs if you use these undocumented and difficult to find options and you set the size of q to be greater than the message digest output size. This is for parameter generation only not key generation. This scenario is considered highly unlikely and therefore the security risk of this is considered negligible. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800)
-
由 Matt Caswell 提交于
When libssl is initialised it will attempt to load any config file. This ensures any system_default configuration (as per https://github.com/openssl/openssl/pull/4848) is used. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5818)
-