- Jun 12, 2019
-
-
raja-ashok authored
Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8178)
-
Matt Caswell authored
A previous commit added the ability to find newly undocumented symbols. We extend this capability to check anything that was newly added since 1.1.1 which is undocumented. A new option -o is added to find-doc-nits to amend the behaviour of -v or -e to check symbols that were newly added since the release of 1.1.1. Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9094)
-
Matt Caswell authored
A macro was missing a space which was confusing find-doc-nits Reviewed-by:
-
Matt Caswell authored
find-doc-nits complains if a symbol is documented in more than one location. Reviewed-by:
-
Matt Caswell authored
We create lists of undocumented functions and macros as they are now so that find-doc-nits can check for newly introduced functions/macros that are undocumented. This works in a similar way to the -u and -d options to find-doc-nits. These count undocumented symbols and print a detailed list of undocumented symbols repsectively. This commit adds the -v and -e options to restrict the count/detailed list to newly added undocumented symbols only. There is also a new -s option that does the same as -e except that it produces no output if there are no newly undocumented symbols. We also amend "make doc-nits" to add the -s option which should cause travis to fail if a PR adds undocumented symbols. Reviewed-by:
-
Richard Levitte authored
Make sure that each basename only appears once. This is due to the static library archiver on Unix, that indexes archived object files by base name only, thereby making base name clashes... interesting. This is a safety net for OpenSSL developer! Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9133)
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Other commits will enable the RAND code in FIPS_MODE. Until those commits are in place we temporarily disable making RAND calls while in FIPS_MODE. Reviewed-by:
-
Matt Caswell authored
Replace the low level SHA512_* function calls with EVP calls. Reviewed-by:
-
Matt Caswell authored
These variants of BN_CTX_new() and BN_CTX_secure_new() enable passing an OPENSSL_CTX so that we can access this where needed throughout the BIGNUM sub library. Reviewed-by:
-
Acheev Bhagat authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9137)
-
- Jun 11, 2019
-
-
Pauli authored
Technically not a bug since the code worked but the array index shouldn't have been constant after searching for the field. Reviewed-by:
-
Matt Caswell authored
When compiling with --strict-warnings using gcc 7.4.0 the compiler complains that a case falls through, even though there is an explicit comment stating this. Moving the comment outside of the conditional compilation section resolves this. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Shane Lontis authored
opt.c uses functions that are only available if inttypes.h exists. It now checks a define which is unavailable if inttypes.h is included. The include is done automagically inside e_os2.h. Reviewed-by:
-
Shane Lontis authored
Including <inttypes.h> caused a windows build failure. The test is now skipped if strtoimax & strtoumax are not supported. It does this by checking for a define which is only available if inttypes.h is not included. The include is done automagically inside e_os2.h. Reviewed-by:
-
Shane Lontis authored
Use the defines OPENSSL_NO_INTTYPES_H & OPENSSL_NO_STDINT_H to determine if the headers are unavailable for a platform. Reviewed-by:
-
Shane Lontis authored
The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. - the minimum iteration count (1000 recommended). - salt length (at least 128 bits). These additional constraints may cause errors (in scrypt, and some PKCS5 related test vectors). To disable the new constraints use the new ctrl string "pkcs5". For backwards compatability, the checks are only enabled by default for fips mode. Reviewed-by:
-
Shane Lontis authored
This is still required currently by engines and digestsign/digestverify. This PR contains merged in code from Richard Levitte's PR #9126. [extended tests] Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9120)
-
Shigeki Ohtsu authored
ae3947de changed the callback arg not to have a const parameter. CLA: trivial Reviewed-by:
-
Todd Short authored
Making the default cipher strings a function gives the library more control over the defaults. Potentially allowing a change in the future as ciphers become deprecated or dangerous. Also allows third party distributors to change the defaults for their installations. Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
-
- Jun 10, 2019
-
-
Tomas Mraz authored
The lookup for ::1 with getaddrinfo() might return error even if the ::1 would work if AI_ADDRCONFIG flag is used. Fixes: #9053 Reviewed-by:
-
MouriNaruto authored
Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.) Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Because the operation identity wasn't integrated with the created methods, the following code would give unexpected results: EVP_MD *md = EVP_MD_fetch(NULL, "MD5", NULL); EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "MD5", NULL); if (md != NULL) printf("MD5 is a digest\n"); if (cipher != NULL) printf("MD5 is a cipher\n"); The message is that MD5 is both a digest and a cipher. Partially fixes #9106 Reviewed-by:
-
- Jun 09, 2019
-
-
Dr. Matthias St. Pierre authored
The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b87 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes #9078 This partially reverts commit 38023b87 . Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9084)
-
- Jun 07, 2019
-
-
Matt Caswell authored
Various functions have been added that take an OPENSSL_CTX parameter as a result of moving the RAND code into the FIPS module. We document all of those functions. Reviewed-by:
-
Matt Caswell authored
It was previously rand_lib but it makes more sense in drbg_lib.c since all the functions that use this lock are only ever called from drbg_lib.c We add some FIPS_MODE defines in preparation for later moving this code into the FIPS module. Reviewed-by:
-
Matt Caswell authored
This is in preparation for moving this code inside the FIPS module. Reviewed-by:
-
Matt Caswell authored
In preparation for moving the RAND code into the FIPS module we make drbg_lib.c OPENSSL_CTX aware. Reviewed-by:
-
Acheev Bhagat authored
Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9101)
-
David Makepeace authored
[skip ci] Reviewed-by:
-
- Jun 06, 2019
-
-
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Dr. Matthias St. Pierre authored
Fixes #9092 Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
