- Mar 29, 2019
-
-
Dr. Matthias St. Pierre authored
Partially reverts d33d7616 Don't fail when tracing is disabled Commit d33d7616 fixed the problem that the initialization of libcrypto failed when tracing was disabled, because the unoperational ossl_trace_init() function returned a failure code. The problem was fixed by changing its return value from failure to success. As part of the fix the return values of other unimplemented trace API functions (like OSSL_trace_set_channel(),OSSL_trace_set_callback()) was changed from failure to success, too. This change was not necessary and is a bit problematic IMHO, because nobody expects an unimplemented function to pretend it succeeded. It's the application's duty to handle the case correctly when the trace API is not enabled (i.e., OPENSSL_NO_TRACE is defined), not the API's job to pretend success just to prevent the application from failing. Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8552)
-
Patrick Steuer authored
>=20% faster than present code. Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8560)
-
Richard Levitte authored
Fixes #4856 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1928)
-
Richard Levitte authored
The naming of generated assembler wasn't done quite right. There are assembler files that are generated from a perl script, and there are those who are not. Only the former must be renamed to the platform specific asm extension. Furthermore, we need to make sure that 'OSSL_provider_init' isn't case sensitive on VMS, to allow for the least surprise for provider builders. Reviewed-by:
-
Pauli authored
with padding bytes. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
The initialisation was also flawed, failing to account for padding and alignment bytes. Reviewed-by:
-
Pauli authored
This is probably harmless but best to properly initialise things. Reviewed-by:
-
Richard Levitte authored
Related to #8609 Reviewed-by:
-
Richard Levitte authored
When 'openssl dgst' is called with a MD alias (such as sha256) and no further arguments (i.e. input is taken from stdin), the MD name wasn't shown. Reviewed-by:
-
Pauli authored
If the structures have empty padding bytes, ensure they are zeroed. These structures are added to seed pools as complete blocks including any padding and alignment bytes. Reviewed-by:
-
Soujyu Tanaka authored
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). Reviewed-by:
-
Soujyu Tanaka authored
Reviewed-by:
-
Soujyu Tanaka authored
Replace it with InitializeCriticalSection() Reviewed-by:
-
Soujyu Tanaka authored
This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp Reviewed-by:
-
Pauli authored
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. The check is fairly simplistic, being for the entropy sources to not feed the DRBG the same block of seed material twice in a row. Only the first DRBG in a chain is subject to this check, latter DRBGs are assumed to be safely seeded via the earlier DRBGs. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- Mar 28, 2019
-
-
Pauli authored
Reviewed-by:
-
Paul Monson authored
CLA: trivial Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
Dmitry Belyavskiy authored
Reviewed-by:
-
Matt Caswell authored
Fixes #8589 Reviewed-by:
-
Pauli authored
/usr/include/bits/waitstatus.h includes endian.h under some libc's. This clashes with the new test header file, so rename the latter. Reviewed-by:
-
- Mar 27, 2019
-
-
Pauli authored
Reviewed-by:
-
Jake Massimo authored
DH_check is used to test the validity of Diffie-Hellman parameter sets (p, q, g). Among the tests performed are primality tests on p and q, for this BN_is_prime_ex is called with the rounds of Miller-Rabin set as default. This will therefore use the average case error estimates derived from the function BN_prime_checks_for_size based on the bit size of the number tested. However, these bounds are only accurate on testing random input. Within this testing scenario, where we are checking the validity of a DH parameter set, we can not assert that these parameters are randomly generated. Thus we must treat them as if they are adversarial in nature and increase the rounds of Miller-Rabin performed. Generally, each round of Miller-Rabin can declare a composite number prime with probability at most (1/4), thus 64 rounds is sufficient in thwarting known generation techniques (even in safe prime settings - see https://eprint.iacr.org/2019/032 for full analysis). The choice of 64 rounds is also consistent with SRP_NUMBER_ITERATIONS_FOR_PRIME 64 as used in srp_Verify_N_and_g in openssl/apps/s_client.c. Reviewed-by:
-
Matt Caswell authored
See discussion in github issue #8563 Fixes #8563 Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8584)
-
Matt Caswell authored
EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places were not getting this check correct. Reviewed-by:
-
Matt Caswell authored
Fixes #8567 Reviewed-by:
-
Matt Caswell authored
We treat that as automatic success. Other EVP_*Update functions already do this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is a bit of an anomoly. That treats 0 byte input length as an error. Fixes #8576 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reported by Mak Kolybabi Reviewed-by:
-
- Mar 26, 2019
-
-
Shane Lontis authored
Reviewed-by:
-
- Mar 25, 2019
-
-
Hubert Kario authored
not specifying the digest both on command line and in the config file will lead to response generation aborting with 140617514493760:error:2F098088:time stamp routines:ts_CONF_lookup_fail: \ cannot find config variable:crypto/ts/ts_conf.c:106:tsr_test::signer_digest Reviewed-by: -
Shane Lontis authored
Reviewed-by:
-
- Mar 22, 2019
-
-
Bernd Edlinger authored
constant time with a memory access pattern that does not depend on secret information. [extended tests] Reviewed-by:
-
Bernd Edlinger authored
[extended tests] Reviewed-by:
-
