- 18 6月, 2018 2 次提交
-
-
由 David von Oheimb 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6217)
-
由 David von Oheimb 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6217)
-
- 15 6月, 2018 6 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Calling the functions rand_pool_add_{additional,nonce}_data() in crypto/rand/rand_lib.c with no implementation for djgpp/MSDOS causees unresolved symbols when linking with djgpp. Reported and fixed by Gisle Vanem Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6421)
-
由 Eric S. Raymond 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6491)
-
由 David Cooper 提交于
This commit replaces the certificates in demos/bio with new certificates that don't expire until 2118. The same certificates appear in both demos/smime and demos/cms. This commit copies the new certificates and keys from demos/smime to demos/cms. This PR Fixes #6412 by updating cacert.pem and signer.pem in the openssl/demos/smime/ directory. It also updates all of the keys with longer key lengths. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6483)
-
由 Andy Polyakov 提交于
848113a3 added mitigation for a side-channel attack. This commit extends approach to all code paths for consistency. [It also removes redundant white spaces introduced in last commit.] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6480)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6477)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6477)
-
- 14 6月, 2018 1 次提交
-
-
由 Eric S. Raymond 提交于
CLA: trivial Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #6472
-
- 13 6月, 2018 7 次提交
-
-
由 Matt Caswell 提交于
Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
[omit even -b:SRE, as it's implied by -G flag.] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6453)
-
由 Andy Polyakov 提交于
Add aix-common template that covers even aix-shared from shared-info.pl, add -bsymbolic to shared_ldflags. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6453)
-
由 Andy Polyakov 提交于
This allows to specify flags specific to shared build, e.g. 'bin_lflags => shared("-Wl,-bsvr4")'. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6453)
-
由 Andy Polyakov 提交于
The flag was apparently omitted in switch from Makefile.shared to shared-info.pl. Do put it back! And in the process move all solaris-shared flags from shared-info.pl to solaris-common. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6446)
-
由 Richard Levitte 提交于
The man name didn't match the file name, and some places had 'password' instead of 'pass phrase'. Fixes #6474 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6476)
-
由 Viktor Dukhovni 提交于
and also X509_delete_ext() Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 12 6月, 2018 6 次提交
-
-
由 Nicola Tuveri 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6460)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6461)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6461)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6461)
-
由 Richard Levitte 提交于
There was no option to give other config files than the default crypto/err/openssl.ec, and yet it tried to check the errors generated in engines (and failing, of course). Also added the same '-internal' option as util/mkerr.pl. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6461)
-
由 Guido Vranken 提交于
CVE-2018-0732 Signed-off-by: NGuido Vranken <guidovranken@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6457)
-
- 11 6月, 2018 7 次提交
-
-
由 Richard Levitte 提交于
The list of known libs are readily available in crypto/err/openssl.ec, so lets use it to figure out if all error function codes belong to known libs. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6455)
-
由 David von Oheimb 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6451)
-
由 Matt Caswell 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6370)
-
由 Matt Caswell 提交于
TLSv1.3 ignores the alert level, so we should suppress sending of warning only alerts. Fixes #6211 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6370)
-
由 Matt Caswell 提交于
In TLSv1.3 we should ignore the severity level of an alert according to the spec. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6370)
-
由 Richard Levitte 提交于
Fixes #6449 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6450) (cherry picked from commit 9a236d5a7158d38b933656cacc31dfd4ff4fcc08)
-
由 Todd Short 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6430)
-
- 09 6月, 2018 4 次提交
-
-
由 Andy Polyakov 提交于
This module is used only with odd input lengths, i.e. not used in normal PKI cases, on contemporary processors. The problem was "illuminated" by fuzzing tests. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6440)
-
由 Andy Polyakov 提交于
If built with no-dso, syscall_random remains "blind" to getentropy. Since it's possible to detect symbol availability on ELF-based systems without involving DSO module, bypass it. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6436)
-
由 Andy Polyakov 提交于
If built with no-dso, DSO_global_lookup leaves "unsupported" message in error queue. Since there is a fall-back code, it's unnecessary distraction. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6436)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6438)
-
- 08 6月, 2018 7 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6209)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6437)
-
由 Andy Polyakov 提交于
Move ios targets to 15-ios.conf and modernize by deploying xcrun. This excuses user from looking for paths and setting environment variables. [Thanks to @0neday for hint.] Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6410)
-
由 Mingtao Yang 提交于
Upon a call to CRYPTO_ocb128_setiv, either directly on an OCB_CTX or indirectly with EVP_CTRL_AEAD_SET_IVLEN, reset the nonce-dependent variables in the OCB_CTX. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6420)
-
由 Andy Polyakov 提交于
It's kind of a "brown-bag" bug, as I did recognize the problem and verified an ad-hoc solution, but failed to follow up with cross-checks prior filing previous merge request. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6435)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6394)
-
由 Matt Caswell 提交于
EVP_PKEY_asn1_set_get_priv_key() and EVP_PKEY_asn1_set_get_pub_key() Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6394)
-