- Feb 28, 2018
-
-
Kurt Roeckx authored
Reviewed-by:Richard Levitte <levitte@openssl.org> GH: #4672
-
- Feb 27, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #5405, #1381 The base64 filter BIO reads its input in chunks of B64_BLOCK_SIZE bytes. When processing input in PEM format it can happen in rare cases that - the trailing PEM marker crosses the boundary of a chunk, and - the beginning of the following chunk contains valid base64 encoded data. This happened in issue #5405, where the PEM marker was split into "-----END CER" and "TIFICATE-----" at the end of the first chunk. The decoding of the first chunk terminated correctly at the '-' character, which is treated as an EOF marker, and b64_read() returned. However, when called the second time, b64_read() read the next chunk and interpreted the string "TIFICATE" as valid base64 encoded data, adding 6 extra bytes '4c 81 48 08 04 c4'. This patch restores the assignment of the error code to 'ctx->cont', which was deleted accidentally in commit 5562cfac and which prevents b64_read() from reading additional data on subsequent calls. This issue was observed and reported by Annie Yousar. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Feb 23, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5426)
-
- Feb 14, 2018
-
-
Viktor Dukhovni authored
This is purported to save a few cycles, but makes the code less obvious and more brittle, and in fact breaks on platforms where for ABI continuity reasons there is a SHA2 implementation in libc, and so EVP needs to call those to avoid conflicts. A sufficiently good optimizer could simply generate the same entry points for: foo(...) { ... } and bar(...) { return foo(...); } but, even without that, the different is negligible, with the "winner" varying from run to run (openssl speed -evp sha384): Old: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 28864.28k 117362.62k 266469.21k 483258.03k 635144.87k 649123.16k New: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 30055.18k 120725.98k 272057.26k 482847.40k 634585.09k 650308.27k Reviewed-by:Rich Salz <rsalz@openssl.org>
-
- Feb 06, 2018
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
-
- Jan 23, 2018
-
-
Pauli authored
Support added for these two digests, available only via the EVP interface. Reviewed-by:
-
Richard Levitte authored
EVP_PKEY_asn1_find_str() would search through standard asn1 methods first, then those added by the application, which EVP_PKEY_asn1_find() worked the other way around. Also, EVP_PKEY_asn1_find_str() didn't handle aliases. This change brings EVP_PKEY_asn1_find_str() closer to EVP_PKEY_asn1_find(). Fixes #5086 Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5137)
-
- Jan 09, 2018
-
-
Richard Levitte authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5038)
-
- Jan 07, 2018
-
-
Patrick Steuer authored
Signed-off-by:
-
- Dec 15, 2017
-
-
Bernd Edlinger authored
Rename bio_info_cb to BIO_info_cb. Reviewed-by:
-
- Dec 09, 2017
-
-
Daniel Bevenius authored
I noticed that some of the BIO_METHOD structs are placing the name on the same line as the type and some don't. This commit places the name on a separate line for consistency (which looks like what the majority do) CLA: trivial Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
- Dec 08, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Nov 20, 2017
-
-
Paul Yang authored
EVP_PKEY_public_check() and EVP_PKEY_param_check() Doc and test cases are added Reviewed-by:
-
- Nov 13, 2017
-
-
Andy Polyakov authored
Even though |Blen| is declared uint64_t it was casted implicitly to int. [Caught by VC warning subsytem.] Reviewed-by:
-
- Nov 05, 2017
-
-
Ronald Tse authored
Reviewed-by:
-
Jack Lloyd authored
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by:
-
- Oct 31, 2017
-
-
Ronald Tse authored
Reviewed-by:
-
- Oct 30, 2017
-
-
Kurt Roeckx authored
This restores the 1.0.2 behaviour Reviewed-by:
Benjamin Kaduk <bkaduk@akamai.com> GH: #4613
-
Richard Levitte authored
Reviewed-by:
-
- Oct 18, 2017
-
-
KaoruToda authored
Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by:
-
- Oct 13, 2017
-
-
Rich Salz authored
Names were not removed. Some comments were updated. Replace Andy's address with openssl.org Reviewed-by:
-
- Oct 11, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add an ENGINE to EVP_PKEY structure which can be used for cryptographic operations: this will typically be used by an HSM key to redirect calls to a custom EVP_PKEY_METHOD. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
If we are passed an ENGINE to use in int_ctx_new e.g. via EVP_PKEY_CTX_new() use it instead of the default. Reviewed-by:
-
- Oct 09, 2017
-
-
KaoruToda authored
unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by:
Stephen Henson <steve@openssl.org> Reviewed-by:
-
- Sep 14, 2017
-
-
Pauli authored
Reviewed-by:
-
Paul Yang authored
1. make app pkey methods cleanup internal 2. add EVP_PKEY_meth_remove Fixes travis-ci failure in #4337 Reviewed-by:
-
Pauli authored
size_t variable. Reviewed-by:
-
Pauli authored
This reverts commit cc9c5689 for the file pbe_scrypt.c instead of scrypt.c Reviewed-by:
-
- Sep 13, 2017
-
-
Paul Yang authored
A new method is added to EVP_PKEY_METH as: int (*check) (EVP_PKEY_CTX *ctx); and to EVP_PKEY_ASN1_METHOD as: int (*pkey_check) (EVP_PKEY_CTX *ctx); This is used to check the validity of a specific key. The order of calls is: EVP_PKEY_check -> pmeth.check -> ameth.pkey_check. Reviewed-by:
-
- Sep 11, 2017
-
-
Andy Polyakov authored
Reviewed-by:
-
- Aug 30, 2017
-
-
Jon Spillett authored
AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suites as specified in: https://tools.ietf.org/html/rfc6209 Reviewed-by:
-
- Aug 29, 2017
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and ssl/ssl_locl.h). Added e_os.h into the files that need it now. Directly reference internal/nelem.h when required. Reviewed-by:
-
- Aug 22, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Aug 21, 2017
-
-
Pauli authored
return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by:
-
- Aug 15, 2017
-
-
Johannes Bauer authored
Code review of @dot-asm pointed out style guide violation; this patch fixes it. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4166)
-
