- May 29, 2019
-
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8117)
-
Dr. Matthias St. Pierre authored
openssl_config_int() returns the uninitialized variable `ret` when compiled with OPENSSL_SYS_UEFI. Fixes #9026 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9029)
-
- May 28, 2019
-
-
Iuri Rezende Souza authored
CLA: trivial Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9021)
-
Pauli authored
Rework the test so that it fails far less often. A number of independent tests are executed and 5% are expected to fail. The number of such failures follows a binomial distribution which permits a statistical test a 0.01% expected failure rate. There is a command line option to enable the stochastic range checking. It is off by default. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8830)
-
Shane Lontis authored
enabling the 'enable-crypto-mdebug' option and running parameter generation causes timeouts. Loading pregenerated params is more suited for these tests. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9022)
-
Richard Levitte authored
Not all Unixen know the -v option Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9012)
-
Richard Levitte authored
Use -bnoentry, not -bexpall Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9012)
-
Tomas Mraz authored
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9015)
-
- May 27, 2019
-
-
Richard Levitte authored
We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013)
-
Shane Lontis authored
Convert EVP_PKEY Parameters to/from binary. This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters in a similar way to Public and Private Keys. The API's can be used by applications (including openssl apps) that only want to use EVP_PKEY without needing to access low level key API's. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8903)
-
David Makepeace authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9010)
-
Richard Levitte authored
The documentation of what a X509_LOOKUP implementation must do was unclear and confusing. Most of all, clarification was needed that it must store away the found objects in the X509_STORE. Fixes #8707 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8755)
-
David Makepeace authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9008)
-
- May 26, 2019
-
-
FdaSilvaYY authored
Add a few coverage test case. Fixes #8949 [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8959)
-
Simo Sorce authored
In all legacy code ctx->cipher is dereferenced without checks, so it makes no sense to jump there is ctx->cipher is NULL as it will just lead to a crash. Catch it separately and return an error. This is simlar to the fix in d2c2e49e Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9002)
-
Laszlo Ersek authored
CLA: trivial Fixes #8904 Commit 48feaceb ("Remove the possibility to disable the UI module entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c" unconditional, by deleting the preprocessing directive "#ifndef OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2 (OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ. Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from commit 984d6c60 , "Fix no-stdio build", 2015-09-29). Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8922)
-
Daniël van Eeden authored
Example with patch: ``` $ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305' TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ``` Example without patch: ``` $ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305' TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ``` CLA: Trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8999)
-
Daniël van Eeden authored
* Cipher name: from 23 to 30 (example: ECDHE-ECDSA-AES128-GCM-SHA256) * Fixed length for TLS version (examples: TLSv1, TLSv1.3) * Au length from 4 to 5 (example: ECDSA) Example (without patch): ``` $ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ``` Example (with patch): ``` $ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ``` CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8999)
-
- May 24, 2019
-
-
agnosticdev authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8995)
-
Sambit Kumar Dash authored
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8952)
-
David Makepeace authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8987)
-
David Makepeace authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8994)
-
- May 23, 2019
-
-
Bernd Edlinger authored
e.g. openssl speed -evp id-aes256-wrap-pad was crashing because the return code from EVP_CipherInit_ex was ignored. Not going to allow that cipher mode because wrap ciphers produces more bytes output than the input length and EVP_Update_loop is not really prepared for that. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8739)
-
Matt Caswell authored
In addition this commit ensures that the "provctx" value is defaulted to the current library context when we are recurively initialising the FIPS provider when already inside the FIPS module. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
-
Matt Caswell authored
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and coverts them for use within evp_test. This commit also adds a script to convert the .rsp CAVS files into the evp_test format. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8981)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8963)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8963)
-
- May 22, 2019
-
-
voev authored
CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8979)
-
Patrick Steuer authored
Fixes #7323 Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8970)
-
Patrick Steuer authored
Fixes #8957 Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8970)
-
Patrick Steuer authored
67c81ec3 forgot about s390x Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8971)
-
Pauli authored
Add the possibility of a property query clause to be optional by preceding it with a question mark. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8943)
-
- May 21, 2019
-
-
Kurt Roeckx authored
Fixes: #8737 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #8741
-
Matt Caswell authored
This reverts commit dcb982d7 . This change is causing extended tests to fail. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8964)
-
Richard Levitte authored
When sanitize options are added as 'enable-msan' or similar, the -fsanitize C flags is set in $config{cflags} rather than $config{CFLAGS}, so we need to check both. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8965)
-
- May 20, 2019
-
-
Arne Schwabe authored
This function only returns a status and does not modify the parameter. Since similar function are already taking const parameters, also change this function to have a const parameter. Fixes #8934 CLA: trivial Signed-off-by: Arne Schwabe <arne@rfc2549.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8945)
-
Pauli authored
Add ranged checked OSSL_PARAM conversions between the native types. A conversion is legal only if the given value can be exactly represented by the target type. Includes a test case that reads a stanza test case file and verified that param conversions are processed properly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8733)
-