- 14 3月, 2020 1 次提交
-
-
由 Benjamin Kaduk 提交于
Generally modernize the language. Refer to TLS instead of SSL/TLS, and try to have more consistent usage of commas and that/which. Reword some descriptions to avoid implying that a list of potential reasons for behavior is an exhaustive list. Clarify how get_session_cb() is only called on servers (i.e., in general, and that it's given the session ID proposed by the client). Clarify the semantics of the get_cb()'s "copy" argument. The behavior seems to have changed in commit 8876bc05, though the behavior prior to that commit was not to leave the reference-count unchanged if *copy was not written to -- instead, libssl seemed to assume that the callback already had incremented the reference count. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 06f876837a8ec76b28c42953731a156c0c3700e2)
-
- 13 3月, 2020 1 次提交
-
-
由 Jakub Jelen 提交于
CLA: trivial Signed-off-by: NJakub Jelen <jjelen@redhat.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11299) (cherry picked from commit c08dea30d4d127412097b39d9974ba6090041a7c)
-
- 12 3月, 2020 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
(cherry picked from commit 88398d2a358f) Additionally, remove an outdated paragraph mentioning the .rnd file, which is obsolete in 1.1.1 since the RANDFILE entry was removed from openssl.cnf in commit 1fd6afb5. Also borrow some text from 'openssl(1)/Random State Options' on master (commit a397aca43598) to emphasize that it is not necessary anymore to restore and save the RNG state using the '-rand' and '-writerand' options. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11251)
-
- 11 3月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
This reverts commit b98efebe. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11282)
-
由 Matt Caswell 提交于
This reverts commit 68436f0a. The OMC did not vote in favour of backporting this to 1.1.1, so this change should be reverted. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11282)
-
- 09 3月, 2020 3 次提交
-
-
由 James Peach 提交于
CLA: trivial Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11253) (cherry picked from commit 9f44e96e245993c8e7aaa9fadf1d6713c9c60915)
-
由 Richard Levitte 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (cherry picked from commit 03d65ca2095777cf6314ad813eb7de5779c9b93d) Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11232)
-
由 Richard Levitte 提交于
We change the description to be about the key rather than the signature. How the key size is related to the signature is explained in the description of EVP_SignFinal() anyway. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (cherry picked from commit 6942a0d6feb8d3dcbbc6a1ec6be9de7ab2df1530) Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11232)
-
- 08 3月, 2020 1 次提交
-
-
由 Bastian Germann 提交于
OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11 engine URL to "-signkey" option. The actual code is ready to take it. Change the option parsing to allow an engine URL to be passed and modify the manpage accordingly. CLA: trivial (cherry picked from commit 16d560439d8b1be5082228a87576a8f79b3525ac) Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11173)
-
- 07 3月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() expect the size of the key buffer to be populated in the |*len| parameter on entry - but the docs made no mention of this. Fixes #11245 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11254) (cherry picked from commit f529fc7d53bf4228fae61cb1efe73d97fe3eb35f)
-
- 06 3月, 2020 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11120)
-
由 Richard Levitte 提交于
Most of all, the base X509_LOOKUP functionality is now documented. Furthermore, the names X509_LOOKUP_METHOD and X509_STORE are added for reference. Some functions were moved from X509_LOOKUP_meth_new.pod Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11120)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11229) (cherry picked from commit af7f656cd91d99d62567e2b20c61f07cb4d81d0b)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11234) (cherry picked from commit 7b2ce4a6e817e4385ff77fea0c6e349294c7b756)
-
- 05 3月, 2020 1 次提交
-
-
由 Bernd Edlinger 提交于
It happens when configured with ./config -ftest-coverage see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94029Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11246)
-
- 28 2月, 2020 1 次提交
-
-
由 Scott Arciszewski 提交于
CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11175) (cherry picked from commit c590be6f12d0b725863961e41bc64a81c8cf30d6)
-
- 27 2月, 2020 2 次提交
-
-
由 Bastian Germann 提交于
CAkeyform may be set to PEM, DER or ENGINE, but the current options are not using the proper optionformat 'E' (OPT_FMT_PDE) for this. Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting the option value. This amends bf4006a6 ("Fix regression on x509 keyform argument") which did the same thing for keyform and changed the manpage synopsis entries for both keyform and CAkeyform but did not change the option section. Hence, change the option section. CLA: trivial Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11172)
-
由 Richard Levitte 提交于
This only affects __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H, which are used automatically by HP and VSI C/C++ compilers. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11159)
-
- 26 2月, 2020 1 次提交
-
-
由 Matt Turner 提交于
Its entry in Configuration/10-main.conf was dropped in commit 7ead0c89 ("Configure: fold related configurations more aggressively and clean-up.") probably because all but one of its bn_ops were removed (RC4_CHAR remained). Benchmarks on an Alpha EV7 indicate that RC4_INT is better than RC4_CHAR so rather than restoring the configuation, remove it from config. CLA: trivial Bug: https://bugs.gentoo.org/697840 (cherry picked from commit 19ded1a717b6c72c3db241f06787a353f1190755) Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11130)
-
- 21 2月, 2020 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10882)
-
由 Matt Caswell 提交于
If we hit an EOF while reading in libssl then we will report an error back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. Contains a partial fix for #10880 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10882)
-
由 Matt Caswell 提交于
These are temporary files generated by the build process that should not be checked in. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11122) (cherry picked from commit 7b5108dff4cfde059ca278147a188fb6254603d1)
-
- 19 2月, 2020 1 次提交
-
-
由 Simon Cornish 提交于
Allow for encryption overhead in early DTLS size check and send overflow if validated record is too long Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11096) (cherry picked from commit cc0663f697b05ed121a728241f0502250429802d)
-
- 17 2月, 2020 1 次提交
-
-
由 David Benjamin 提交于
If one of the perlasm xlate drivers crashes, OpenSSL's build will currently swallow the error and silently truncate the output to however far the driver got. This will hopefully fail to build, but better to check such things. Handle this by checking for errors when closing STDOUT (which is a pipe to the xlate driver). This is the OpenSSL 1.1.1 version of https://github.com/openssl/openssl/pull/10883 and https://github.com/openssl/openssl/pull/10930. Reviewed-by: NMark J. Cox <mark@awe.com> Reviewed-by: NPaul Dale David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/10931)
-
- 16 2月, 2020 2 次提交
-
-
由 Kurt Roeckx 提交于
Signature algorithms not using an MD weren't checked that they're allowed by the security level. Reviewed-by: NTomáš Mráz <tmraz@fedoraproject.org> GH: #11062
-
由 Kurt Roeckx 提交于
Create a whole chain of Ed488 certificates so that we can use it at security level 4 (192 bit). We had an 2048 bit RSA (112 bit, level 2) root sign the Ed488 certificate using SHA256 (128 bit, level 3). Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #10785 (cherry picked from commit 77c4d3972400adf1bcb76ceea359f5453cc3e8e4)
-
- 15 2月, 2020 3 次提交
-
-
由 Richard Levitte 提交于
The BIO_f_buffer() documentation tells in enough detail how it affects BIO_gets(), but not how it affects BIO_read_ex(). This change remedies that. Fixes #10859 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10890) (cherry picked from commit 9a4fd80ee0ad1833879b6a55c9c4673eeb8446a3)
-
由 Richard Levitte 提交于
The future style that's coming with OpenSSL 3.0 was used, we need to revert that back to "traditional" style. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11088)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11088)
-
- 14 2月, 2020 1 次提交
-
-
由 Bernd Edlinger 提交于
Backport of improvements from #9982 to 1.1.1 branch. Adds some more exclusions which were previously missed. [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11059)
-
- 12 2月, 2020 2 次提交
-
-
由 Nikolay Morozov 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11072)
-
由 Matt Caswell 提交于
The hostname_cb in sslapitest.c was originally only defined if TLSv1.3 was enabled. A recently added test now uses this unconditionally, so we move the function implementation earlier in the file, and always compile it in. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11014) (cherry picked from commit 104a733df65dfd8c3dd110de9bd56f6ebfc8f2f6)
-
- 07 2月, 2020 3 次提交
-
-
由 FdaSilvaYY 提交于
Default image was currently "Visual Studio 2015" Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10327) (cherry picked from commit b03de7a9207645c72e22627b10709f15eed211bf)
-
由 kinichiro 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10816) (cherry picked from commit adc9086beb21a91ca59aaf0c619b38b82c223f9b)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888) (cherry picked from commit a05bf83c7964bb3928b323fe356b9f70f105036d)
-
- 06 2月, 2020 5 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #10998 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11000)
-
由 Davide Galassi 提交于
Prepend missing ossl_unused in front of lh_type_new to make the compiler happy. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10946) (cherry picked from commit 7b6a746721170a21519c38798041be8101e7361f)
-
由 Jakub Jelen 提交于
CLA: trivial Signed-off-by: NJakub Jelen <jjelen@redhat.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10841) (cherry picked from commit 099a398268a298557be784528ac1d94f0f44c97c)
-
由 thekuwayama 提交于
CLA: trivial Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10810) (cherry picked from commit 924d041fe0c650a79449217f81880a6384ff06b2)
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> GH: #10786 (cherry picked from commit b744f915ca8bb37631909728dd2529289bda8438)
-