- Aug 07, 2017
-
-
Rich Salz authored
Use atfork to count child forks, and reseed DRBG when the counts don't match. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4101)
-
- Aug 06, 2017
-
-
Pauli authored
reference not by value. This allows an error return from the setup function. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4083)
-
Rich Salz authored
Also use "" not <> for all include cryptlib Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4082)
-
Dr. Stephen Henson authored
The test ENGINE effectively used a predictable PRNG because it supplied a bogus implementation of SHA256 which the old version of OpenSSL's PRNG used. The new DRBG does not use SHA256 so it is no longer predictable if the SHA256 implementation is replaced. Use an explicit predictable PRNG instead. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4098)
-
Dr. Stephen Henson authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4097)
-
- Aug 05, 2017
-
-
Johannes Bauer authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #4090
-
Xiaoyin Liu authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #4093
-
Johannes Bauer authored
Out-of-bounds array access in the example documentation of EVP_PKEY_CTX_set_hkdf_md fixed. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4081)
-
Dr. Stephen Henson authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4092)
-
Dr. Stephen Henson authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4092)
-
- Aug 04, 2017
-
-
Todd Short authored
Add missing ASN1_TIME functions Do some cleanup of the ASN1_TIME code. Add ASN1_TIME_normalize() to normalize ASN1_TIME structures. Add ASN1_TIME_compare() to compare two ASN1_TIME structures. Add ASN1_TIME_cmp_time_t() to compare an ASN1_TIME to time_t (generic version of ASN1_UTCTIME_cmp_time_t()). Replace '0' .. '9' compares with isdigit() Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2753)
-
- Aug 03, 2017
-
-
Pauli authored
Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Add a new global DRBG for private keys used by RAND_priv_bytes. Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes(). Change callers to use the appropriate BN_priv... function. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4076)
-
Rich Salz authored
Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
-
Rich Salz authored
If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
-
Matt Caswell authored
Move the definition of ossl_assert() out of e_os.h which is intended for OS specific things. Instead it is moved into internal/cryptlib.h. This also changes the definition to remove the (int) cast. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4073)
-
Lingmo Zhu authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
Lingmo Zhu authored
The comment "The following should not return 1, otherwise, things are very strange" is from the very first commit of OpenSSL. The really meaning of the comment is if the identical session can be found from internal cache after calling get_session_cb but not found before calling get_session_cb, it is just strange. The value 1 was originated from the old doc of SSLeay, reversed from the actual return value of SSL_CTX_add_session(). Anyway either return value of SSL_CTX_add_session() should not interrupt the session resumption process. So the checking of return value of SSL_CTX_add_session() is not necessary. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
Dr. Stephen Henson authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4079)
-
Johannes Bauer authored
Conform to coding guidelines. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
Johannes Bauer authored
This was previously mistakenly handled as a single error code. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
Johannes Bauer authored
Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and introduced more specific error codes (not only indicating *that* some parameter is missing, but actually *which* one it is). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
Johannes Bauer authored
HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns KDF_R_INVALID_DIGEST if the passed digest is not known). Both KDFs now set the error code KDF_R_UNKNOWN_PARAMETER_TYPE if a type was passed that is not recognized. This will have the effect of improving debugging output in case a user uses "openssl pkeyutl -kdf ..." in a wrong way and result in an actual error code (instead of just "failure" and an empty error stack). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
Johannes Bauer authored
Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER error code when required parameters have not been set. This will make "openssl pkeyutl -kdf HKDF" return a meaningful error message instead of simply "Public Key operation error". Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
- Aug 02, 2017
-
-
Andy Polyakov authored
This is achieved mostly by ~10% reduction of amount of instructions per round thanks to a) switch to KECCAK_2X variant; b) merge of almost 1/2 rotations with logical instructions. Performance is improved on all observed processors except on Cortex-A15. This is because it's capable of exploiting more parallelism and can execute original code for same amount of time. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4057)
-
Pauli authored
Removing the use of SETUP_TEST_FIXTURE reduces complxity in those tests that used it. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4066)
-
- Aug 01, 2017
-
-
Martin Peylo authored
The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential for the common implementations of CMP (Certificate Managing Protocol, RFC4210). HMAC-MD5's OID {1 3 6 1 5 5 8 1 1} (NID_hmac_md5) is in the same branch and it seems to generally exist (-> Internet search), but it is unclear where it is actually defined as it appears not to be referenced by RFCs and practically rather unused. Those OIDs are both duplicates to OIDs from an RSA OID branch, which are already included in builtin_pbe[]: HMAC-SHA1 also has another OID defined in PKCS#5/RFC2898 (NID_hmacWithSHA1). It is also unclear where the other OID for HMAC-MD5 (NID_hmacWithMD5) from the RSA branch is officially specified, as only HMAC-SHA1 from PKCS#5 was found to be defined. Anyway, HMAC-MD5 likely only plays a neglectable role in the future. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3811)
-
Pauli authored
Simplify the only test that uses this macro so it doesn't need it anymore. Clean up the formatting a little. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4034)
-
Andy Polyakov authored
"More" refers to the fact that we make active BIT_INTERLEAVE choice in some specific cases. Update commentary correspondingly. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Even though tm->length >= 15 && v[14] == '.' works in practice, [because "YYYYMMDDHHMMSS." would be rejected as invalid by asn1_time_to_tm,] formal correctness with respect to buffer overstep in few lines vicinity improves readability. [Also fold one if condition and improve expression readability.] Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4058)
-
Paul Yang authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4061)
-
Paul Yang authored
Seems this documentation is not dead, so add this missing part Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4037)
-
Ken Goldman authored
Document that the RSA_get0_ functions permit a NULL BIGNUM **. Those output parameters are ignored. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4064)
-
Matt Caswell authored
In TLSv1.3 we can resume, but still get a new session. This adds a test to make sure that is happening. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
-
Matt Caswell authored
If a new_session_cb is set then it was only ever getting invoked if !s->hit is true. This is sensible for <=TLSv1.2 but does not work for TLSv1.3. Fixes #4045 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
-
Paul Yang authored
This is to address issue #3932. Support comma-separated string to specify what extensions to be displayed. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4016) Remove redundant variable [to be squashed]
-
- Jul 31, 2017
-
-
Xiaoyin Liu authored
I scanned all files in the doc folder with a spell checker (https://github.com/EWSoftware/VSSpellChecker ). This patch (hopefully) corrected all spell errors that it found. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4065)
-
Bernd Edlinger authored
The memory blocks contain secret data and must be cleared before returning to the system heap. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4062)
-
Todd Short authored
Some extensions were being displayed twice, before they were parsed, and again after they were parsed. The supported_versions extension was not being fully displayed, as it was processed differently than other extensions. Move the debug callback to where the extensions are first collected, to catch all the extensions as they come in, so they are ordered correctly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3911)
-