- Dec 10, 2018
-
-
Eneas U de Queiroz authored
Signed-off-by:
Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7585) (cherry picked from commit eb3fe0ee)
-
Matt Caswell authored
Fixes #7727 Reviewed-by:
-
Matt Caswell authored
For the same reasons as in the previous commit we must preserve errno across dlopen calls. Some implementations (e.g. solaris) do not preserve errno even on a successful dlopen call. Fixes #6953 Reviewed-by:
-
Matt Caswell authored
This function can end up being called during ERR_get_error() if we are initialising. ERR_get_error() must preserve errno since it gets called via SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are supposed to inspect errno. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7852) (cherry picked from commit f2f734d4)
-
Richard Levitte authored
Reviewed-by:
-
- Dec 08, 2018
-
-
Andy Polyakov authored
Reviewed-by:
-
- Dec 07, 2018
-
-
Richard Levitte authored
It turns out that the strictness that was implemented in EVP_PKEY_asn1_new() (see Github openssl/openssl#6880) was badly placed for some usages, and that it's better to do this check only when the method is getting registered. Fixes #7758 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7847) (cherry picked from commit a8600316)
-
FdaSilvaYY authored
Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
-
- Dec 06, 2018
-
-
Dr. Matthias St. Pierre authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7750) (cherry picked from commit 425dde5d)
-
Dr. Matthias St. Pierre authored
Fixes #7698 Reviewed-by:
-
- Dec 05, 2018
-
-
Matt Caswell authored
Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by:
-
Matt Caswell authored
This reverts commit ec0c5f56 . SSL_export_keying_material() may use longer label lengths. Fixes #7712 Reviewed-by:
-
Andy Polyakov authored
Fixed-top interfaces tolerate zero-padded inputs and facilitate constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend, but not divisor. It's argued that divisor's length is public even when value is secret. [extended tests] Reviewed-by:
-
Andy Polyakov authored
and add template for constant-time bn_div_3_words. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
It's being replaced with constant-time alternative. Reviewed-by:
-
- Dec 03, 2018
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Check that s is less than the order before attempting to verify the signature as per RFC8032 5.1.7 Fixes #7693 Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Nov 30, 2018
-
-
Andy Polyakov authored
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding if nul delimiter is preceded by 8 consecutive 0x03 bytes. Reviewed-by:
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by:
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Expected usage pattern is to unconditionally set error and then wipe it if there was no actual error. Reviewed-by:
-
- Nov 27, 2018
-
-
Richard Levitte authored
Config options 'no-err' and 'no-autoerrinit' Reviewed-by:
-
Paul Yang authored
If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the process crashed in the debug code. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
We only convert lowercase .s to .asm, that turned out not to be sufficient. Reviewed-by:
-
- Nov 26, 2018
-
-
Billy Brumley authored
Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/517358603b4be76d48a50007a0d414c2072697dd Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7619) (cherry picked from commit 900fd8f3)
-
- Nov 24, 2018
-
-
Richard Levitte authored
There's too high a chance that the openssl app and perl get different messages for some error numbers. [extended tests] Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
When creating a tarball, it's pointless to include scripts that assume a git workspace. Reviewed-by:
-
Richard Levitte authored
Also adds missing copyright boilerplate to util/mktar.sh Reviewed-by:
-
Richard Levitte authored
This typo prevented ia64 assembler to be compiled on VMS Reviewed-by:
-
Richard Levitte authored
It turns out that on VMS, strerror() returns messages with added spaces at the end. We wouldn't had noticed if it wasn't for perl trimming those spaces off for its own sake and thereby having test/recipes/02-test_errstr.t fail on VMS. The safe fix is to do the same trimming ourselves. Reviewed-by:
-
David Woodhouse authored
If the private key says it can only support one specific digest, then don't ask it to perform a different one. Fixes: #7348 Reviewed-by:
-
David Woodhouse authored
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory digest algorithm, when the key can't support any others. That isn't true here, so return 1 instead. Partially fixes #7348 Reviewed-by:
-
