- Oct 12, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4485)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add functions to return DH parameters using NID and to return the NID if parameters match a named set. Currently this supports only RFC7919 parameters but could be expanded in future. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
If BN_FLG_STATIC_DATA is set don't cleanse a->d as it will reside in read only memory. If BN_FLG_MALLOCED is not set don't modify the BIGNUM at all. This change applies to BN_clear_free() and BN_free(). Now the BIGNUM structure is opaque applications cannot create a BIGNUM structure without BN_FLG_MALLOCED being set so they are unaffected. Update internal DH routines so they only copy pointers for read only parameters. Reviewed-by:
-
- Oct 11, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4503)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add an ENGINE to EVP_PKEY structure which can be used for cryptographic operations: this will typically be used by an HSM key to redirect calls to a custom EVP_PKEY_METHOD. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
If we are passed an ENGINE to use in int_ctx_new e.g. via EVP_PKEY_CTX_new() use it instead of the default. Reviewed-by:
-
Matt Caswell authored
RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls BN_mod_exp() as follows: BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx) ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In BN_mod_exp() we only test the third param for the existence of this flag. We should test all the inputs. Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this issue. This typically only happens once at key load, so this is unlikely to be exploitable in any real scenario. Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4477)
-
Matt Caswell authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4468)
-
Benjamin Kaduk authored
test/bad_dtls_test.c: In function 'validate_client_hello': test/bad_dtls_test.c:128:33: error: 'u' may be used uninitialized in this function [-Werror=maybe-uninitialized] if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE) ^ Apparently -O1 does not perform sufficient optimization to ascertain that PACKET_get_1 will always initialize u if it returns true. Reviewed-by:Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4518)
-
Benjamin Kaduk authored
Now that we are moving to support named FFDH groups, these fields are not ec-specific, so we need them to always be available. This fixes the no-ec --strict-warnings build, since gcc 5.4.0-6ubuntu1~16.04.4 appears to always try to compile the static inline functions from ssl_locl.h, even when they are not used in the current compilation unit. Reviewed-by:
-
- Oct 10, 2017
-
-
Pauli authored
Use a read lock when reading using pthreads. Reviewed-by:
-
Keshav Kini authored
CLA: trivial Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4513)
-
Andy Polyakov authored
Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Tatsuhiro Tsujikawa authored
Reviewed-by:
-
- Oct 09, 2017
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
in an atomic fashion. Reviewed-by:
-
Patrick Steuer authored
Mention CTR, GCM, CCM, OCB, WRAP and XTS modes. Signed-off-by:
-
Patrick Steuer authored
CCM does not support streaming: An additional call to (EVP_...)Update must precede each call to Update to pass the total message length. The generic Update_loop calls Update one time such that in case of CCM only the total message length is passed. No encryption/decryption measured. Signed-off-by:
-
EasySec authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
RESULT_D can be used to provide a separate directory for test results. Let's use that to separate them from other files. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4499)
-
Richard Levitte authored
Reviewed-by:
-
KaoruToda authored
unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by:
Stephen Henson <steve@openssl.org> Reviewed-by:
-
- Oct 08, 2017
-
-
Pauli authored
indicate the level of locking required for various operations. Remove the lock and atomics from the lhash code. These we're not complete or adequate. Refer to #4418 and #4427 for details. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4491)
-
- Oct 07, 2017
-
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Rewrite the -req-nodes flag from CA.pl (idea from Andy) Rewrite ERR_string_error_n Reviewed-by:
-
