- Nov 27, 2017
-
-
Rich Salz authored
Thanks to Juro Bystricky for the suggestion and prototype. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4644)
-
- Nov 25, 2017
-
-
Andy Polyakov authored
Only chacha_internal_test is affected, since this path is not used from EVP. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4758)
-
Andy Polyakov authored
Convert AVX512F+VL+BW code path to pure AVX512F, so that it can be executed even on Knights Landing. Trigger for modification was observation that AVX512 code paths can negatively affect overall Skylake-X system performance. Since we are likely to suppress AVX512F capability flag [at least on Skylake-X], conversion serves as kind of "investment protection". Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4758)
-
David Benjamin authored
This avoids taking quadratic time to pretty-print certificates with excessively large integer fields. Very large integers aren't any more readable in decimal than hexadecimal anyway, and the i2s_* functions will parse either form. Found by libFuzzer. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4790)
-
Kurt Roeckx authored
Switch to make it return an uint32_t instead of the various different types it returns now. Fixes: #3125 Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #4757
-
- Nov 24, 2017
-
-
Richard Levitte authored
A name too many in the NAME section, and a copyright year update Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4789)
-
Richard Levitte authored
One had some lines copied from the other, and both were missing a proper RETURN VALUES section. Fixes #4781 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4787)
-
- Nov 23, 2017
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4770)
-
Andy Polyakov authored
Originally it was thought that it's possible to use AVX512VL+BW instructions with XMM and YMM registers without kernel enabling ZMM support, but it turned to be wrong assumption. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Nov 22, 2017
-
-
Ronald Tse authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4773)
-
- Nov 21, 2017
-
-
Richard Levitte authored
Fixes #4740 The MSYS2 run-time convert arguments that look like paths when executing a program unless that application is linked with the MSYS run-time. The exact conversion rules are listed here: http://www.mingw.org/wiki/Posix_path_conversion With the built-in configurations (all having names starting with "mingw"), the openssl application is not linked with the MSYS2 run-time, and therefore, it will receive possibly converted arguments from the process that executes it. This conversion is fine for normal path arguments, but it happens that some arguments to the openssl application get converted when they shouldn't. In one case, it's arguments like '-passin file:something', and in another, it's a file: URI (what typically happens is that URIs without an authority component get converted, 'cause the conversion mechanism doesn't recognise them as URIs). To avoid conversion where we don't want it, we simply assign MSYS2_ARG_CONV_EXCL a pattern to avoid specific conversions. As a precaution, we only do this where we obviously need it. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4765)
-
Matt Caswell authored
SNI needs to be consistent before we accept early_data. However a server may choose to not acknowledge SNI. In that case we have to expect that a client may send it anyway. We change the consistency checks so that not acknowledging is treated more a like a "wild card", accepting any SNI as being consistent. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
-
Matt Caswell authored
s_server reported early_data not being sent and early_data being rejected in the same way, i.e. "No early data received". This is slightly misleading so this commit provides a different error message if the early data is rejected. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
-
Matt Caswell authored
We can only send early_data if the SNI is consistent. However it is valid for the client to set SNI and the server to not use it. This would still be counted as consistent. OpenSSL client was being overzealous in this check and disallowing this scenario. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
-
Matt Caswell authored
As per this comment: https://github.com/openssl/openssl/issues/4496#issuecomment-337767145 Since the server is entitled to reject our session our ClientHello should include everything that we would want if a full handshake were to happen. Therefore we shouldn't use the session as a source of information for setting SNI. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
-
Paul Yang authored
* Introduce RSA_generate_multi_prime_key to generate multi-prime RSA private key. As well as the following functions: RSA_get_multi_prime_extra_count RSA_get0_multi_prime_factors RSA_get0_multi_prime_crt_params RSA_set0_multi_prime_params RSA_get_version * Support EVP operations for multi-prime RSA * Support ASN.1 operations for multi-prime RSA * Support multi-prime check in RSA_check_key_ex * Support multi-prime RSA in apps/genrsa and apps/speed * Support multi-prime RSA manipulation functions * Test cases and documentation are added * CHANGES is updated Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4241)
-
- Nov 20, 2017
-
-
Paul Yang authored
EVP_PKEY_public_check() and EVP_PKEY_param_check() Doc and test cases are added Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4647)
-
- Nov 17, 2017
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
All exponentiation subroutines but BN_mod_exp_mont_consttime produce non-negative result for negative input, which is confusing for fuzzer. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4676)
-
- Nov 16, 2017
-
-
FdaSilvaYY authored
..\test\asn1_internal_test.c(96): warning C4113: 'int (__cdecl *)()' differs in parameter lists from 'int (__cdecl *)(void)' Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4744)
-
Andy Polyakov authored
Performance regression was reported for EC key generation between 1.0.2 and 1.1.x [in GH#2891]. It naturally depends on platform, values between 6 and 9% were observed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4743)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4746)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4746)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4746)
-
Yutian Li authored
CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Rich Salz <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1513)
-
- Nov 15, 2017
-
-
Rich Salz authored
Some test files need to be updated. This reverts commit 26a374a2 . Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4745)
-
Yutian Li authored
CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Rich Salz <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1513)
-
- Nov 13, 2017
-
-
FdaSilvaYY authored
Extract and factorise duplicated string glue code. Cache strlen result to avoid duplicate calls. [extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4719)
-
FdaSilvaYY authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4719)
-
Andy Polyakov authored
[skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
We had /WX (treat warnings as errors) in VC-WIN32 for long time. At some point it was somehow omitted. It's argued that it allows to keep better focus on new code, which motivates the comeback... Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
-
Andy Polyakov authored
It's argued that /WX allows to keep better focus on new code, which motivates its comeback... Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
-
Andy Polyakov authored
It's argued that /WX allows to keep better focus on new code, which motivates its comeback... [Keep this commit separate as reminder for time overhaul.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
-
Andy Polyakov authored
Even though |Blen| is declared uint64_t it was casted implicitly to int. [Caught by VC warning subsytem.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
-
Andy Polyakov authored
|flags| argument to do_esc_char was apparently truncated by implicit cast. [Caught by VC warning subsytem.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
-
Rich Salz authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4727)
-
- Nov 12, 2017
-
-
Ben Kaduk authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4573)
-
Benjamin Kaduk authored
Some of the OCSP APIs (such as the recently added OCSP_resp_get0_signer) do not really merit inclusion in the ocsp(1) utility, but we should still have unit tests for them. For now, only test OCSP_resp_get0_signer(), but it should be easy to add more tests in the future. Provide an X509 cert and private key in the test's data directory to use for signing responses, since constructing those on the fly is more effort than is needed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4573)
-
Benjamin Kaduk authored
Add a new function OCSP_resp_get0_signer() that looks in the certs bundled with the response as well as in additional certificates provided as a function argument, returning the certificate that signed the given response (if present). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4573)
-
Piotr Czajka authored
CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4705)
-