- 08 8月, 2019 3 次提交
-
-
由 Martin Ukrop 提交于
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were still reversed in the X509_STORE_CTX_get_error function documentation. This used to be the problem also in the verify application documentation, but was fixed on 2010-02-23 in 7d3d1788. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9529) (cherry picked from commit 6d5aa88d74b67b1bc108e121dea687a4ca67e329)
-
由 Matt Caswell 提交于
Ensure users understand that they need to have appropriate permissions to write to the install location. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9268) (cherry picked from commit 7c03bb9fff02b7f08d4654f51f8667584a92cf72)
-
由 Shane Lontis 提交于
Note a flag needed to be added since some ssl tests fail if they output any error (even if the error is ignored). Only ciphers that handle the GET_IV_LEN control set this flag. Fixes #8330 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9499)
-
- 06 8月, 2019 3 次提交
-
-
由 Matt Caswell 提交于
They incorrectly said that i2d_ECDSA_SIG returns 0 on error. In fact it returns a negative value on error. We fix this by moving the i2d_ECDSA_SIG/d2i_ECDSA_SIG docs onto the same page as all the other d2i/i2d docs. Fixes #9517 Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9533) (cherry picked from commit bbda79976b5c5095c5e6557311c86c623ba335f1)
-
由 Matt Caswell 提交于
The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string "extended master secret". On EBCDIC machines it actually contained the value "extecded master secret" Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9430) (cherry picked from commit c1a3f16f735057b45df1803d58f40e4e17b233e5)
-
由 Matt Caswell 提交于
At some point in the past do_ssl3_write() used to return the number of bytes written, or a value <= 0 on error. It now just returns a success/ error code and writes the number of bytes written to |tmpwrit|. The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code for the number of bytes written rather than |tmpwrit|. This has the effect that the buffers are not released when they are supposed to be. Fixes #9490 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9505) (cherry picked from commit 8bbf63e48f27c5edaa03e6d87d969c9b6a207f3c)
-
- 01 8月, 2019 4 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Complements commit b383aa20, which added X509_get0_authority_key_id(). const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); [NEW] const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); [NEW] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9494)
-
由 raja-ashok 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9471) (cherry picked from commit 59b2cb2638dda3e07385ad36a41f0e141b36987b)
-
由 Antoine Cœur 提交于
CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9295)
-
由 joe2018Outlookcom 提交于
Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared. Fixes #9487 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9488) (cherry picked from commit 0c789f59f117ccbb30ffc621216ba776117c7c61)
-
- 31 7月, 2019 2 次提交
-
-
由 David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9466) (cherry picked from commit 7408f6759f1b0100438ca236ea8f549454aaf2d5)
-
由 Bernd Edlinger 提交于
This avoids a spurious gcc warning: ./config enable-asan --strict-warnings => In function 'afalg_create_sk', inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11: engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation] 376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); | ^~~~~~~ [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9478) (cherry picked from commit 62cc845fc955c8d4de7b703f57bfd8e5854f00f4)
-
- 29 7月, 2019 1 次提交
-
-
由 Pauli 提交于
Implement the GNU C library's random(3) pseudorandom number generator. The algorithm is described: https://www.mscs.dal.ca/~selinger/random/ The rationale is to make the tests repeatable across differing platforms with different underlying implementations of the random(3) library call. More specifically: when executing tests with random ordering. [extended tests] Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9463) (cherry picked from commit e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22)
-
- 26 7月, 2019 1 次提交
-
-
由 David Benjamin 提交于
tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9445) (cherry picked from commit 166c0b98fd6e8b1bb341397642527a9396468f6c)
-
- 25 7月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9400)
-
- 23 7月, 2019 2 次提交
-
-
由 Pauli 提交于
The rand pool support allocates maximal sized buffers -- this is typically 12288 bytes in size. These pools are allocated in secure memory which is a scarse resource. They are also allocated per DRBG of which there are up to two per thread. This change allocates 64 byte pools and grows them dynamically if required. 64 is chosen to be sufficiently large so that pools do not normally need to grow. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9428) (cherry picked from commit a6a66e4511eec0f4ecc2943117a42b3723eb2222)
-
由 Bernd Edlinger 提交于
The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9424)
-
- 24 7月, 2019 5 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The HEADER_X509_H check is redundant, because <openssl/x509.h> is already included. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9365)
-
由 Dr. Matthias St. Pierre 提交于
The check is redundant, because <openssl/x509v3.h> is included. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9365)
-
由 Dr. Matthias St. Pierre 提交于
This include guard inside an object file comes as a surprise and serves no purpose anymore. It seems like this object file was included by crypto/threads/mttest.c at some time, but the include directive was removed in commit bb8abd67. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9365)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9365)
-
由 Bernd Edlinger 提交于
This avoids leaking bit 0 of the private key. Backport-of: #9363 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9435)
-
- 23 7月, 2019 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9438) (cherry picked from commit 82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6)
-
- 21 7月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
These weren't available in Cygwin at the time our DSO code was written, but things have changed since. Fixes #9385 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9402) (cherry picked from commit 38f6f99cdf0a87345d646d30a764c089c38627ad)
-
- 20 7月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
If a config file gets loaded, the tests get disturbed. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9393) (cherry picked from commit 5800ba761052894145abe7a74a1159df007b6875)
-
- 18 7月, 2019 3 次提交
-
-
由 Bernd Edlinger 提交于
The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9217) (cherry picked from commit 04edd688b3727835f9b2c7cca7e4c963bf3ed2ba)
-
由 Shane Lontis 提交于
Cosmetic changes to use the X509_STORE_lock/unlock functions. Renamed some ctx variables to store. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9366) (cherry picked from commit 7a9abccde7b7a5e36efe42d89246f6cfd4d59f44)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9381) (cherry picked from commit c17d60ea293746d7cd06a910ced446edbb6c1eba)
-
- 17 7月, 2019 2 次提交
-
-
由 Bernd Edlinger 提交于
Although in a false-conditional code section gcc-4.8.4 flagged this with a C90 warning :-( include/internal/refcount.h:108:7: error: C++ style comments are not allowed in ISO C90 [-Werror] // under Windows CE we still have old-style Interlocked* functions Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9388)
-
由 Matt Caswell 提交于
This function was always returning 0. It should return 1 on success. Fixes #9374 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9395) (cherry picked from commit 7bc82358ae930cfbd353602bc1fd25bfad107350)
-
- 16 7月, 2019 3 次提交
-
-
由 Todd Short 提交于
Also, use define rather than sizeof Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9377) (cherry picked from commit fe9edc9d39c96c965efc4fde12ddf7fa8a852025)
-
由 Viktor Dukhovni 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9390) (cherry picked from commit 3d9b33b5e48d82d098a1f8c37dbf616a0d84621c)
-
- 15 7月, 2019 1 次提交
-
-
由 Krists Krilovs 提交于
x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9326) (cherry picked from commit a161738a708b5e284a4714edc0c976606ea7cb26)
-
- 11 7月, 2019 1 次提交
-
-
由 agnosticdev 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9351) (cherry picked from commit 5fe6e2311df9bbbe347cdc7b3c22ce06e20a0ef9)
-
- 08 7月, 2019 4 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9059) (cherry picked from commit 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623)
-
由 John Schember 提交于
CLA: trivial Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9297) (cherry picked from commit 53fd220c8fc953b603dd13257d6b2e2d1e7eb864)
-
由 Lei Maohui 提交于
Modified rev to rev64, because rev only takes integer registers. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827 Otherwise, the following error will occur. Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b' CLA: trivial Signed-off-by: NLei Maohui <leimaohui@cn.fujitsu.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9151) (cherry picked from commit 7b0fceed21c8929e0c6694f57018aa1dbba03e15)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9318) (cherry picked from commit 933a73b9144397a5690a75c69694123a00d3590d)
-
- 07 7月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9311) (cherry picked from commit 291f616ced45c924d639d97fc9ca2cbeaad096cf)
-