- 10 Dec, 2018 12 commits
-
-
Eneas U de Queiroz authored
Make CTR mode behave like a stream cipher. Signed-off-by:
Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7585) (cherry picked from commit b5015e83)
-
Eneas U de Queiroz authored
The engine needs a custom cipher context copy function to open a new /dev/crypto session. Signed-off-by:
-
Eneas U de Queiroz authored
Close the session in digest_cleanup instead of digest_final. A failure in closing the session does not mean a previous successful digest final has failed as well. Signed-off-by:
-
Eneas U de Queiroz authored
If the source ctx has not been initialized, don't initialize the copy either. Signed-off-by:
-
Eneas U de Queiroz authored
Return failure when the digest_ctx is null in digest_update and digest_final, and when md is null in digest_final. Signed-off-by:
-
Eneas U de Queiroz authored
Call functions to prepare methods after confirming that /dev/crytpo was sucessfully open and that the destroy function has been set. Signed-off-by:
-
Eneas U de Queiroz authored
Signed-off-by:
-
Matt Caswell authored
Fixes #7727 Reviewed-by:
-
Matt Caswell authored
For the same reasons as in the previous commit we must preserve errno across dlopen calls. Some implementations (e.g. solaris) do not preserve errno even on a successful dlopen call. Fixes #6953 Reviewed-by:
-
Matt Caswell authored
This function can end up being called during ERR_get_error() if we are initialising. ERR_get_error() must preserve errno since it gets called via SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are supposed to inspect errno. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7852) (cherry picked from commit f2f734d4)
-
Richard Levitte authored
Reviewed-by:
-
- 08 Dec, 2018 1 commit
-
-
Andy Polyakov authored
Reviewed-by:
-
- 07 Dec, 2018 2 commits
-
-
Richard Levitte authored
It turns out that the strictness that was implemented in EVP_PKEY_asn1_new() (see Github openssl/openssl#6880) was badly placed for some usages, and that it's better to do this check only when the method is getting registered. Fixes #7758 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7847) (cherry picked from commit a8600316)
-
FdaSilvaYY authored
Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
-
- 06 Dec, 2018 2 commits
-
-
Dr. Matthias St. Pierre authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7750) (cherry picked from commit 425dde5d)
-
Dr. Matthias St. Pierre authored
Fixes #7698 Reviewed-by:
-
- 05 Dec, 2018 6 commits
-
-
Matt Caswell authored
Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by:
-
Matt Caswell authored
This reverts commit ec0c5f56 . SSL_export_keying_material() may use longer label lengths. Fixes #7712 Reviewed-by:
-
Andy Polyakov authored
Fixed-top interfaces tolerate zero-padded inputs and facilitate constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend, but not divisor. It's argued that divisor's length is public even when value is secret. [extended tests] Reviewed-by:
-
Andy Polyakov authored
and add template for constant-time bn_div_3_words. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
It's being replaced with constant-time alternative. Reviewed-by:
-
- 03 Dec, 2018 3 commits
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Check that s is less than the order before attempting to verify the signature as per RFC8032 5.1.7 Fixes #7693 Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- 30 Nov, 2018 5 commits
-
-
Andy Polyakov authored
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding if nul delimiter is preceded by 8 consecutive 0x03 bytes. Reviewed-by:
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by:
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Expected usage pattern is to unconditionally set error and then wipe it if there was no actual error. Reviewed-by:
-
- 27 Nov, 2018 4 commits
-
-
Richard Levitte authored
Config options 'no-err' and 'no-autoerrinit' Reviewed-by:
-
Paul Yang authored
If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the process crashed in the debug code. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
We only convert lowercase .s to .asm, that turned out not to be sufficient. Reviewed-by:
-
- 26 Nov, 2018 1 commit
-
-
Billy Brumley authored
Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/517358603b4be76d48a50007a0d414c2072697dd Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7619) (cherry picked from commit 900fd8f3)
-
- 24 Nov, 2018 4 commits
-
-
Richard Levitte authored
There's too high a chance that the openssl app and perl get different messages for some error numbers. [extended tests] Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
