- May 12, 2019
-
-
Richard Levitte authored
We didn't deal very well with names that didn't have pre-defined NIDs, as the NID zero travelled through the full process and resulted in an inaccessible method. By consequence, we need to refactor the method construction callbacks to rely more on algorithm names. We must, however, still store the legacy NID with the method, for the sake of other code that depend on it (for example, CMS). Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8878)
-
Richard Levitte authored
This avoids using the ASN1_OBJECT database, which is bloated for the purpose of a simple number <-> name database. Reviewed-by:
-
Richard Levitte authored
This can be used as a general name to identity map. Reviewed-by:
-
Dr. Matthias St. Pierre authored
Small correction to RAND_DRBG(7) (amends 3a50a8a9 ) Reviewed-by:
-
- May 10, 2019
-
-
Dr. Matthias St. Pierre authored
The functions RAND_add() and RAND_seed() provide a legacy API which enables the application to seed the CSPRNG. But NIST SP-800-90A clearly mandates that entropy *shall not* be provided by the consuming application, neither for instantiation, nor for reseeding. The provided random data will be mixed into the DRBG state as additional data only, and no entropy will accounted for it. Reviewed-by:
-
- May 09, 2019
-
-
Pauli authored
Provide C test cases with the option to skip tests and subtests. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8695)
-
Pauli authored
applicable. Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Richard Levitte authored
There are quite a number of sanitizers for clang that aren't documented in the clang user documentation. This makes it impossible to be selective about what sanitizers to look at to determine if '-z defs' should be used of not. Under these circumstances, the sane thing to do is to just look for any sanitizer specification and not use '-z defs' if there's one present. Fixes #8735 Reviewed-by:
-
Rashmica Gupta authored
CLA: trivial Reviewed-by:
-
- May 08, 2019
-
-
Lorinczy Zsigmond authored
Add new option '-http_server_binmode' which allows the server to open and send binary files as well as text. Reviewed-by:
-
Richard Levitte authored
OBJ_bsearch_ and OBJ_bsearch_ex_ are generic functions that don't really belong with the OBJ API, but should rather be generic utility functions. The ending underscore indicates that they are considered internal, even though they are declared publicly. Since crypto/stack/stack.c uses OBJ_bsearch_ex_, the stack API ends up depending on the OBJ API, which is unnecessary, and carries along other dependencies. Therefor, a generic internal function is created, ossl_bsearch(). This removes the unecessary dependencies. Reviewed-by:
-
Tobias Nießen authored
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by:
-
Guido Vranken authored
If ctx->cipher->cupdate/ctx->cipher->cfinal failed, 'soutl' is left uninitialized. This patch incorporates the same logic as present in EVP_DecryptUpdate and EVP_DecryptFinal_ex: only branch on 'soutl' if the preceding call succeeded. Bug found by OSS-Fuzz. Signed-off-by:
Guido Vranken <guidovranken@gmail.com> Reviewed-by:
-
- May 07, 2019
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Matt Caswell authored
Fixes #8875 Reviewed-by:
-
Boris Pismenny authored
This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by:
Boris Pismenny <borisp@mellanox.com> Reviewed-by:
-
Boris Pismenny authored
This commit introduces support for Linux KTLS sendfile. Sendfile semantics require the use of a kernel TLS socket to construct the TLS record headers, encrypt and authenticate the data. KTLS sendfile improves performance by avoiding the copy of file data into user space, which is required today. Signed-off-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
- May 03, 2019
-
-
Simo Sorce authored
Conform to other modules which were changed at the last minute and this discrepancy was not noticed. Retain "md" as an alias so not to break 3rd party backports/tests scripts. Signed-off-by:
Simo Sorce <simo@redhat.com> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8783)
-
Shane Lontis authored
Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
Todd Short authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- May 02, 2019
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
We should be seeking to move the OPENSSL_init_crypto and OPENSSL_cleanup processing into OPENSSL_CTX instead. Reviewed-by:
-
Matt Caswell authored
Various core and property related code files used global data. We should store all of that in an OPENSSL_CTX instead. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Klotz, Tobias authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8023)
-
