- 21 2月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
If we hit an EOF while reading in libssl then we will report an error back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. Contains a partial fix for #10880 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10882)
-
- 15 2月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
The future style that's coming with OpenSSL 3.0 was used, we need to revert that back to "traditional" style. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11088)
-
- 07 2月, 2020 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888) (cherry picked from commit a05bf83c7964bb3928b323fe356b9f70f105036d)
-
- 06 2月, 2020 1 次提交
-
-
由 Davide Galassi 提交于
Prepend missing ossl_unused in front of lh_type_new to make the compiler happy. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10946) (cherry picked from commit 7b6a746721170a21519c38798041be8101e7361f)
-
- 02 1月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
The New Year has caused various files to appear out of date to "make update". This causes Travis to fail. Therefore we update those files. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10739)
-
- 16 12月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
This is a missing accessor in order to obtain PSS parameters from an RSA key, which should also be available in 1.1.1. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10568)
-
- 15 12月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
RAND_get_rand_method() can return a NULL method pointer in the case of a malloc failure, so don't dereference it without a check. Reported-by: Zu-Ming Jiang (detected by FIFUZZ) Fixes #10480 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10490)
-
- 17 11月, 2019 1 次提交
-
-
由 Anthony Hu 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10388) (cherry picked from commit 2555285fa5e4248ad4a5a0bc14ae4606443856c2)
-
- 15 10月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
A macro was missing a space which was confusing find-doc-nits Reviewed-by: NRichard Levitte <levitte@openssl.org> (cherry picked from commit 8caab503ba004abb555d636c1ca9f7bcde79657f) Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10094)
-
由 David Benjamin 提交于
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone code (see also issue #1319). Add the missing wrapper macros and document them. Reviewed-by: NMatt Caswell <matt@openssl.org> (cherry picked from commit a97faad76a1be22eadd6c1a39972ad5e095d9e80) Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10094)
-
- 03 10月, 2019 1 次提交
-
-
由 Michael Osipov 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10029) (cherry picked from commit 648b53b88ea55b4c2f2c8c57d041075731db5f95)
-
- 28 9月, 2019 3 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Make the include guards consistent by renaming them systematically according to the naming conventions below The public header files (in the 'include/openssl' directory) are not changed in 1.1.1, because it is a stable release. For the private header files files, the guard names try to match the path specified in the include directives, with all letters converted to upper case and '/' and '.' replaced by '_'. An extra 'OSSL_' is added as prefix. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
-
由 Dr. Matthias St. Pierre 提交于
Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
-
由 Dr. Matthias St. Pierre 提交于
Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
-
- 15 9月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9812) (cherry picked from commit bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b)
-
- 10 9月, 2019 4 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9847)
-
由 Dr. Matthias St. Pierre 提交于
When the new OpenSSL CSPRNG was introduced in version 1.1.1, it was announced in the release notes that it would be fork-safe, which the old CSPRNG hadn't been. The fork-safety was implemented using a fork count, which was incremented by a pthread_atfork handler. Initially, this handler was enabled by default. Unfortunately, the default behaviour had to be changed for other reasons in commit b5319bdb, so the new OpenSSL CSPRNG failed to keep its promise. This commit restores the fork-safety using a different approach. It replaces the fork count by a fork id, which coincides with the process id on UNIX-like operating systems and is zero on other operating systems. It is used to detect when an automatic reseed after a fork is necessary. To prevent a future regression, it also adds a test to verify that the child reseeds after fork. CVE-2019-1549 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9802)
-
- 08 8月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Note a flag needed to be added since some ssl tests fail if they output any error (even if the error is ignored). Only ciphers that handle the GET_IV_LEN control set this flag. Fixes #8330 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9499)
-
- 06 8月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
They incorrectly said that i2d_ECDSA_SIG returns 0 on error. In fact it returns a negative value on error. We fix this by moving the i2d_ECDSA_SIG/d2i_ECDSA_SIG docs onto the same page as all the other d2i/i2d docs. Fixes #9517 Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9533) (cherry picked from commit bbda79976b5c5095c5e6557311c86c623ba335f1)
-
由 Matt Caswell 提交于
The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string "extended master secret". On EBCDIC machines it actually contained the value "extecded master secret" Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9430) (cherry picked from commit c1a3f16f735057b45df1803d58f40e4e17b233e5)
-
- 01 8月, 2019 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Complements commit b383aa20, which added X509_get0_authority_key_id(). const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); [NEW] const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); [NEW] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9494)
-
由 Antoine Cœur 提交于
CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9295)
-
- 31 7月, 2019 1 次提交
-
-
由 David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9466) (cherry picked from commit 7408f6759f1b0100438ca236ea8f549454aaf2d5)
-
- 23 7月, 2019 1 次提交
-
-
由 Pauli 提交于
The rand pool support allocates maximal sized buffers -- this is typically 12288 bytes in size. These pools are allocated in secure memory which is a scarse resource. They are also allocated per DRBG of which there are up to two per thread. This change allocates 64 byte pools and grows them dynamically if required. 64 is chosen to be sufficiently large so that pools do not normally need to grow. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9428) (cherry picked from commit a6a66e4511eec0f4ecc2943117a42b3723eb2222)
-
- 24 7月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The check is redundant, because <openssl/x509v3.h> is included. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9365)
-
- 18 7月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9217) (cherry picked from commit 04edd688b3727835f9b2c7cca7e4c963bf3ed2ba)
-
- 17 7月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
Although in a false-conditional code section gcc-4.8.4 flagged this with a C90 warning :-( include/internal/refcount.h:108:7: error: C++ style comments are not allowed in ISO C90 [-Werror] // under Windows CE we still have old-style Interlocked* functions Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9388)
-
- 08 7月, 2019 1 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9059) (cherry picked from commit 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623)
-
- 02 7月, 2019 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9281)
-
由 Rich Salz 提交于
This does no harm, and ensures that the inclusion isn't mistakenly removed in the generated *err.h where it's actually needed. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (cherry picked from commit b53c4fe3f92e3d2c5bd9fca1a171cd24f66ef14d) Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9281)
-
- 01 7月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
The maximum key length for rc5 is 2040 bits so we should not attempt to use keys longer than this. Issue found by OSS-Fuzz and Guido Vranken. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8834) (cherry picked from commit 792cb4ee8d82e4b063f707fc9f4992271ffd65ab)
-
由 Antoine Cœur 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9275)
-
- 24 6月, 2019 1 次提交
-
-
由 Pauli 提交于
This feature is enabled by default outside of FIPS builds which ban such actions completely. Encryption is always disallowed and will generate an error. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9112) (cherry picked from commit 2c840201e57e27fa9f1b26a970270a91813e32fe)
-
- 12 6月, 2019 2 次提交
-
-
由 raja-ashok 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9140) (cherry picked from commit c162c126be342b8cd97996346598ecf7db56130f)
-
由 Acheev Bhagat 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9137) (cherry picked from commit f35819d1b7e195af9a41d991db00655f6f2c0af3)
-
- 06 6月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #9092 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9093) (cherry picked from commit e6071f29c24cd22ac7857bf88917598265cc90a9)
-
- 03 6月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8944) (cherry picked from commit 19e512a8244a6f527d0194339a8f9fc45468537a)
-
- 28 5月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-