- Apr 02, 2019
-
-
Richard Levitte authored
Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test module wasn't built, but the provider test programs didn't check that macro. We rename it to OPENSSL_NO_MODULE, since that name describes the situation more than OPENSSL_NO_SHARED does, and use it. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8623)
-
Richard Levitte authored
While we're at it, sort out inconsistencies with the build of modules: - not building shared libraries means not building dynamic engines. However, other modules may still be built. - not having DSO functionality doesn't mean not to build modules (even though we can't use them from apps linked with libraries that are built this way). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8623)
-
Richard Levitte authored
SHARED_SOURCE is reserved for products that are expected to come in dual shared / non-shared form, i.e. the routine libraries like libcrypto and libssl, to distinguish source that should only appear in their shared form. Modules are always shared, so there's no need for them to have this type of distinction. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8623)
-
- Apr 01, 2019
-
-
Richard Levitte authored
Removing the option entirely would break builds unnecessarily, so let's make it deprecated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8632)
-
Boris Pismenny authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
-
Boris Pismenny authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
-
Boris Pismenny authored
Add a unit-test for ktls receive side. Change-Id: I890588681d05fba419f644f6d903be6dc83c9ed5 Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
-
Boris Pismenny authored
This patch adds support for the Linux TLS Rx socket option. It completes the previous patch for TLS Tx offload. If the socket option is successful, then the receive data-path of the TCP socket is implemented by the kernel. We choose to set this option at the earliest - just after CCS is complete. Change-Id: I59741e04d89dddca7fb138e88fffcc1259b30132 Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
-
Boris Pismenny authored
Add support for Linux TLS Rx offload in the BIO layer. Change-Id: I79924b25dd290a873d69f6c8d429e1f5bb2c3365 Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
-
Boris Pismenny authored
Introduce the infrastructure for supproting receive side Linux Kernel TLS data-path. Change-Id: I71864d8f9d74a701cc8b0ad5536005f3c1716c1c Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
-
Richard Levitte authored
'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/#8622)
-
- Mar 31, 2019
-
-
x753 authored
"warning: iv not use by this cipher" -> "warning: iv not used by this cipher" CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8608)
-
- Mar 30, 2019
-
-
Shane Lontis authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8607)
-
Pauli authored
of those that are (e.g. int32_t). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8616)
-
Pauli authored
The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8578)
-
- Mar 29, 2019
-
-
Paul Yang authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8465)
-
Paul Yang authored
This follows #8321 which added the SM2 certificate verification feature. This commit adds the related docs - the newly added 2 APIs and options in apps/verify. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8465)
-
Paul Yang authored
This follows #8321 which added the SM2 certificate verification feature. This commit adds some test cases for #8321. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8465)
-
Dr. Matthias St. Pierre authored
It seems more intuitive to set `OPENSSL_TRACE=all` instead of `OPENSSL_TRACE=any` to obtain trace output for all categories. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8552)
-
Dr. Matthias St. Pierre authored
Previously, if the openssl application was run with OPENSSL_TRACE=any, all trace output would just show 'ANY' as the category name, which was not very useful. To get the correct category name printed in the trace output, the openssl application now registers separate channels for each category. The trace API is unchanged, it is still possible for an application to register a single channel for the 'ANY' category to see all outputt, if it does not need this level of detail. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8552)
-
Dr. Matthias St. Pierre authored
When OSSL_trace_get_category_num() is called with an unknown category name, it returns -1. This case needs to be considered in order to avoid out-of-bound memory access to the `trace_channels` array. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8552)
-
Dr. Matthias St. Pierre authored
Partially reverts d33d7616 Don't fail when tracing is disabled Commit d33d7616 fixed the problem that the initialization of libcrypto failed when tracing was disabled, because the unoperational ossl_trace_init() function returned a failure code. The problem was fixed by changing its return value from failure to success. As part of the fix the return values of other unimplemented trace API functions (like OSSL_trace_set_channel(),OSSL_trace_set_callback()) was changed from failure to success, too. This change was not necessary and is a bit problematic IMHO, because nobody expects an unimplemented function to pretend it succeeded. It's the application's duty to handle the case correctly when the trace API is not enabled (i.e., OPENSSL_NO_TRACE is defined), not the API's job to pretend success just to prevent the application from failing. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8552)
-
Patrick Steuer authored
>=20% faster than present code. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8560)
-
Richard Levitte authored
Fixes #4856 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1928)
-
Richard Levitte authored
The naming of generated assembler wasn't done quite right. There are assembler files that are generated from a perl script, and there are those who are not. Only the former must be renamed to the platform specific asm extension. Furthermore, we need to make sure that 'OSSL_provider_init' isn't case sensitive on VMS, to allow for the least surprise for provider builders. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8529)
-
Pauli authored
with padding bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
-
Pauli authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
-
Pauli authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
-
Pauli authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
-
Pauli authored
The initialisation was also flawed, failing to account for padding and alignment bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
-
Pauli authored
This is probably harmless but best to properly initialise things. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
-
Richard Levitte authored
Related to #8609 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8612)
-
Richard Levitte authored
When 'openssl dgst' is called with a MD alias (such as sha256) and no further arguments (i.e. input is taken from stdin), the MD name wasn't shown. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8609)
-
Pauli authored
If the structures have empty padding bytes, ensure they are zeroed. These structures are added to seed pools as complete blocks including any padding and alignment bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8610)
-
Soujyu Tanaka authored
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
-
Soujyu Tanaka authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
-
Soujyu Tanaka authored
Replace it with InitializeCriticalSection() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
-
Soujyu Tanaka authored
This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
-
Pauli authored
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. The check is fairly simplistic, being for the entropy sources to not feed the DRBG the same block of seed material twice in a row. Only the first DRBG in a chain is subject to this check, latter DRBGs are assumed to be safely seeded via the earlier DRBGs. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8599)
-
Andy Polyakov authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8540)
-