- Jun 07, 2019
-
-
Matt Caswell authored
Various functions have been added that take an OPENSSL_CTX parameter as a result of moving the RAND code into the FIPS module. We document all of those functions. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9039)
-
Matt Caswell authored
It was previously rand_lib but it makes more sense in drbg_lib.c since all the functions that use this lock are only ever called from drbg_lib.c We add some FIPS_MODE defines in preparation for later moving this code into the FIPS module. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9039)
-
Matt Caswell authored
This is in preparation for moving this code inside the FIPS module. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9039)
-
Matt Caswell authored
In preparation for moving the RAND code into the FIPS module we make drbg_lib.c OPENSSL_CTX aware. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9039)
-
Acheev Bhagat authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9101)
-
David Makepeace authored
[skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9102)
-
- Jun 06, 2019
-
-
Kurt Roeckx authored
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> GH: #7651
-
Kurt Roeckx authored
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> GH: #7651
-
Dr. Matthias St. Pierre authored
Fixes #9092 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9093)
-
Pauli authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9090)
-
Shane Lontis authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9083)
-
- Jun 05, 2019
-
-
Shane Lontis authored
covID 1445689 Resource leak (in error path) covID 1445318 Resource leak (in test - minor) covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used) covID 1443691 Resource leak (in app - minor) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9071)
-
Dr. Matthias St. Pierre authored
This causes travis build failures on master Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9087)
-
Pauli authored
Add documentation to indicate the interaction between global (context level) property queries and local (passed to fetch) ones. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9042)
-
- Jun 04, 2019
-
-
Richard Levitte authored
If a EVP_MD_CTX holds a reference to a previously given engine, and the type of its digest isn't the same as the one given in the new call, drop that engine reference, allowing providers or other engines to provide the new algorithm on an equal basis. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9077)
-
Dr. Matthias St. Pierre authored
In commit 2b8fa1d5 the version-specific SSL/TLS methods were deprecated. This patch improves the documentation of that change by stating the deprecation more prominently in the manual page and explaining the reason for the deprecation. Fixes #8989 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9001)
-
Vitezslav Cizek authored
The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales. The Russian locales consume 6856 bytes, Ukrainian even 7000. build_SYS_str_reasons() contains an overflow check: if (cnt > sizeof(strerror_pool)) cnt = sizeof(strerror_pool); But since commit 9f15e5b9 it no longer works as cnt is incremented once more after the condition. cnt greater than sizeof(strerror_pool) results in an unbounded OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash. When the first received error string was empty or contained only spaces, cur would move in front of the start of the strerror_pool. Also don't call openssl_strerror_r when the pool is full. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8966)
-
Dr. Matthias St. Pierre authored
The DEBUG_SAFESTACK preprocessor define is obsolete since 2008 when the non-safestack code was removed by commit 985de863 . Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9070)
-
Shane Lontis authored
Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8763)
-
- Jun 03, 2019
-
-
Mathias Berchtold authored
Add missing parentheses in macro Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9044)
-
Matt Caswell authored
Commit c5f7a996 broke the test framework such that some tests might fail, but the test framework still gives a PASS result overall. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9056)
-
Matt Caswell authored
There are various C macro definitions that are passed via the compiler to enable AES assembler optimisation. We need to make sure that these defines are also passed during compilation of the FIPS module. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9038)
-
Matt Caswell authored
These ciphers were already provider aware, and were available from the default provider. We move them into the FIPS provider too. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9038)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773)
-
Matt Caswell authored
If we receive a KeyUpdate message (update requested) from the peer while we are in the middle of a write, we should defer sending the responding KeyUpdate message until after the current write is complete. We do this by waiting to send the KeyUpdate until the next time we write and there is no pending write data. This does imply a subtle change in behaviour. Firstly the responding KeyUpdate message won't be sent straight away as it is now. Secondly if the peer sends multiple KeyUpdates without us doing any writing then we will only send one response, as opposed to previously where we sent a response for each KeyUpdate received. Fixes #8677 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773)
-
Pauli authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9066)
-
Shane Lontis authored
Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8944)
-
- Jun 02, 2019
-
-
Pauli authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9065)
-
- Jun 01, 2019
-
-
Richard Levitte authored
All invokations of $(PERL) need to be quoted, in case it contains spaces. That was forgotten in one spot. Fixes #9060 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9062)
-
Pauli authored
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8840)
-
- May 31, 2019
-
-
David Benjamin authored
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9050)
-
Retropotenza authored
CLA: trivial Fixes #8911 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8866)
-
Sambit Kumar Dash authored
Minor typo. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8866)
-
Richard Levitte authored
Some OSSL_PROVIDER getters took a non-const OSSL_PROVIDER parameter. There's no reason to do so. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9054)
-
- May 30, 2019
-
-
Sambit Kumar Dash authored
Method name correction. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9052)
-
agnosticdev authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9041)
-
Andreas Kretschmer authored
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712) CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI. Adds extensive man pages and tests. Integration into build scripts. Incremental pull request based on OpenSSL commit 1362190b of 2018-09-26 3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8669)
-
Pauli authored
Add a page about properties in the man7 section of the public documentation. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9011)
-
- May 29, 2019
-
-
Richard Levitte authored
This has been long overdue. Note that this does not join the X509 and X509V3 error modules, that will be too many macro changes at this stage. Fixes #8919 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8925)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8117)
-