- Apr 25, 2019
-
-
Patrick Steuer authored
Add non-base instructions which are used by the chacha20 and poly1305 modules. Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8181)
-
Patrick Steuer authored
z14 introduced alignment hints to help vector load/store performance. For its predecessors, alignment hint defaults to 0 (no alignment indicated). Signed-off-by:
-
Pauli authored
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8818)
-
Matt Caswell authored
If we were using a different type of BIO than a socket BIO then BIO_get_ktls_send() and BIO_get_ktls_recv() could return the wrong result. The above occurred even if KTLS was disabled at compile time - so we should additionally ensure that those macros do nothing if KTLS is disabled. Finally we make the logic in ssl3_get_record() a little more robust when KTLS has been disabled. [extended tests] Reviewed-by:
-
Matt Caswell authored
If the kernel headers are sufficiently recent to have KTLS transmit support, but not recent enough to have KTLS receive support then a compilation error would be the result. Reviewed-by:
-
Guido Vranken authored
Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by:
Guido Vranken <guidovranken@gmail.com> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
- Apr 24, 2019
-
-
Jakub Jelen authored
CLA: trivial Signed-off-by:
Jakub Jelen <jjelen@redhat.com> Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
Richard Levitte authored
Because we depend on knowing if clang's address, memory or undefinedbehavior sanitizers are enabled, we make an extra effort to detect them among the C flags, and adjust the %disabled values accordingly. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8778)
-
- Apr 23, 2019
-
-
Richard Levitte authored
OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for display, but if all you really want is the directory itself, you were forced to parsed the string. This introduces a new function to get diverse configuration data from the library, OPENSSL_info(). This works the same way as OpenSSL_version(), but has its own series of types, currently including: OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR OPENSSL_INFO_MODULES_DIR returns MODULESDIR OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator OPENSSL_INFO_LIST_SEPARATOR returns list separator For scripting purposes, this also adds the command 'openssl info'. Reviewed-by:
-
Richard Levitte authored
This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the flag '-m' for 'openssl version'. Reviewed-by:
-
Richard Levitte authored
Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by:
-
Richard Levitte authored
Fixes #8787 Reviewed-by:
-
Richard Levitte authored
This came about with the realisation that upper case CFLAGS, LDFLAGS and so on aren't treated much after that, and this makes figuring out user added flags significantly easier, just look in %config. Reviewed-by:
-
Matt Caswell authored
[extended tests] Reviewed-by:
-
Matt Caswell authored
Make sure we use the the correct key length in EVP_CIPHER_CTX_rand_key(). Now that ciphers may come from providers we need to make sure we ask the provider for the value if appropriate. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Apr 20, 2019
-
-
Pauli authored
This only impacts FIPS mode or someone who has enabled the FIPS 140.2 4.9.2 Conditional Tests. i.e. nobody currently. Fix a significant issue in the entropy gathering for the continuous RNG testing. The impact is using an uninitialised buffer instead of the gathered entropy. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8789)
-
- Apr 19, 2019
-
-
dyrock authored
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
We also lay the ground work for various of other the basic AES ciphers. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Richard Levitte authored
The comparator further down the call stack doesn't tolerate NULL, so if we got that as input, use the empty string. Reviewed-by:
-
Richard Levitte authored
OPENSSL_LH_flush() frees the linked lists for each slot, but didn't set the list head to NULL after doing so, with the result that an operation that affects these lists is likely to cause a crash. Reviewed-by:
-
Richard Levitte authored
ossl_method_store_cache_get() and ossl_method_store_cache_set() were called with a NULL argument for store, which means no caching is done. Give them a real store instead. Also, increment the refcount when we do get a method out of the cache. Reviewed-by:
-
- Apr 18, 2019
-
-
Richard Levitte authored
|str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by:
-
