- May 27, 2019
-
-
Richard Levitte authored
We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013) (cherry picked from commit 3b437400d90fb89ce5e0d74fd79bda9028f185fb)
-
Richard Levitte authored
The documentation of what a X509_LOOKUP implementation must do was unclear and confusing. Most of all, clarification was needed that it must store away the found objects in the X509_STORE. Fixes #8707 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8755) (cherry picked from commit 19f43f02aa5349034d0a7a60c3a750e046f994b5)
-
- May 26, 2019
-
-
FdaSilvaYY authored
Add a few coverage test case. Fixes #8949 [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8959) (cherry picked from commit 5b3accde)
-
- May 24, 2019
-
-
voev authored
CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8979)
-
agnosticdev authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8995) (cherry picked from commit 5435a830765a63692b8e1e406142d1602133a5a0)
-
Sambit Kumar Dash authored
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8952) (cherry picked from commit 55e09d17d4c84213d372651b0c91bdc9ef786728)
-
- May 23, 2019
-
-
Bernd Edlinger authored
e.g. openssl speed -evp id-aes256-wrap-pad was crashing because the return code from EVP_CipherInit_ex was ignored. Not going to allow that cipher mode because wrap ciphers produces more bytes output than the input length and EVP_Update_loop is not really prepared for that. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8739) (cherry picked from commit 5d238a1032fee0e4759c2ed7fbd09cb9d7125a72)
-
Matt Caswell authored
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and coverts them for use within evp_test. This commit also adds a script to convert the .rsp CAVS files into the evp_test format. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8981) (cherry picked from commit ecb0f148a94c9b0076240ca1d7904ab50a7dc9a4)
-
- May 22, 2019
-
-
Patrick Steuer authored
Fixes #7323 Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8970) (cherry picked from commit 3f950d87650776d0e2874588081fecb7bdd4fbd0)
-
Patrick Steuer authored
Fixes #8957 Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8970) (cherry picked from commit e8d0678da4942dd027981175b16b6b3162731205)
-
Patrick Steuer authored
67c81ec311 forgot about s390x Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8971) (cherry picked from commit 887e22dd8b6f054e39b2d20fc8870eaba7fc61a8)
-
- May 21, 2019
-
-
Kurt Roeckx authored
Fixes: #8737 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #8741 (cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)
-
Matt Caswell authored
This reverts commit dcb982d792d6064ed3493e79749208d8c257ff04. This change is causing extended tests to fail. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8964) (cherry picked from commit 2c23689402f1894861519d0c1ad762a3e52f4677)
-
- May 20, 2019
-
-
Arne Schwabe authored
This function only returns a status and does not modify the parameter. Since similar function are already taking const parameters, also change this function to have a const parameter. Fixes #8934 CLA: trivial Signed-off-by: Arne Schwabe <arne@rfc2549.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8945) (cherry picked from commit c04b66b18d1a90f0c6326858e4b8367be5444582)
-
- May 16, 2019
-
-
Valentin Robert authored
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8905) (cherry picked from commit 3e4e43e609d6e9c36e5e526246d31802102cad4a)
-
- May 09, 2019
-
-
Rashmica Gupta authored
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8889) (cherry picked from commit 99592c73e7167990082626a46ea9286c152f85fd)
-
- May 08, 2019
-
-
Tobias Nießen authored
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7243) (cherry picked from commit 67c81ec311d696464bdbf4c6d6f8a887a3ddf9f8)
-
- May 07, 2019
-
-
Matt Caswell authored
Fixes #8875 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8876) (cherry picked from commit 9acbe07d2300d34a7ea846d9756f33b4595e32fb)
-
Dr. Matthias St. Pierre authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8893) (cherry picked from commit 260a16f33682a819414fcba6161708a5e6bdff50)
-
- May 02, 2019
-
-
Dr. Matthias St. Pierre authored
If the `openssl cms` command is called without specifying an operation option, it replies with the following laconic error message: cms: Use -help for summary. This commit adds a helpful error message: No operation option (-encrypt|-decrypt|-sign|-verify|...) specified. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8861) (cherry picked from commit 42151b8edb112d23d81f6e0d6606d98797771b4b)
-
Dr. Matthias St. Pierre authored
Since commit 137096a7 it is possible to specify keywords instead of negative magic numbers for the salt length. This commit replaces the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes by `rsa_pss_saltlen:max`. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8860) (cherry picked from commit 31fc48ddc30c627416edaa62ec1448e66ef92908)
-
Wojciech Kaluza authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803) (cherry picked from commit 0c4e984de28b1477e002766b2751576f5c6c47d6)
-
Wojciech Kaluza authored
- Allow user-defined RCFLAGS - Pass RCFLAGS to RC Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803) (cherry picked from commit a583172dac8bce37e268943e570968f193e8b64b)
-
- Apr 30, 2019
-
-
Richard Levitte authored
The reason is that the shared-info attributes may depend on %disabled, so we need to process all enablings/disablings first. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8846) (cherry picked from commit 8f0dd6d9eec0e52feb1b19725c7134684bff28bc)
-
- Apr 25, 2019
-
-
Pauli authored
The testutil support for doubles isn't present in 1.1.1. This reverts commit 4a717667 from #8818. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8829)
-
Pauli authored
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8818) (cherry picked from commit bb5b3e6dd0575a4fa96f5085228b716062c00502)
-
Guido Vranken authored
Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8810) (cherry picked from commit 514c9da48b860153079748b0d588cd42191f0b6a)
-
- Apr 24, 2019
-
-
Jakub Jelen authored
CLA: trivial Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8786) (cherry picked from commit 87930507ff1c020d4ba1ca895ef3ef08e17253b3)
-
- Apr 23, 2019
-
-
Richard Levitte authored
Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit 71ef78d71f638c7de893c635ee9b0fd16247c762)
-
Richard Levitte authored
Fixes #8787 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit 4650d10ff6ad1048785a009349c8b5d6e922fc7a)
-
Richard Levitte authored
This came about with the realisation that upper case CFLAGS, LDFLAGS and so on aren't treated much after that, and this makes figuring out user added flags significantly easier, just look in %config. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit c1a09254e4c763b62811bc412afa1498699fce50)
-
- Apr 19, 2019
-
-
dyrock authored
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8756) (cherry picked from commit 6fda11ae5a06e28fd9463e5afb60735d074904b3)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8780) (cherry picked from commit a595b10d343845eca32cffb35f1d0a2f15ce40a9)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8780) (cherry picked from commit 6f3aae256d62cfcc48c07cc0ead5080b070f371b)
-
- Apr 18, 2019
-
-
Richard Levitte authored
|str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8753) (cherry picked from commit 4f29f3a29b8b416a501c7166dbbca5284b198f81)
-
- Apr 16, 2019
-
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit 06add280d90de9625e9c18985f376ef8d0419a46)
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit 3d42833d389134b7b05b655c264e4dba5a2179e9)
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit d34bce03acc53c583df954bbed65d4800751563a)
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit c9dc22bc3d7f2df670dff66f04935e540e1b931a)
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit b238fb79709a180ba9b4d837101c9f75e2978dc0)
-