- Jun 03, 2019
-
-
Matt Caswell authored
Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773) (cherry picked from commit a77b4dba)
-
Matt Caswell authored
If we receive a KeyUpdate message (update requested) from the peer while we are in the middle of a write, we should defer sending the responding KeyUpdate message until after the current write is complete. We do this by waiting to send the KeyUpdate until the next time we write and there is no pending write data. This does imply a subtle change in behaviour. Firstly the responding KeyUpdate message won't be sent straight away as it is now. Secondly if the peer sends multiple KeyUpdates without us doing any writing then we will only send one response, as opposed to previously where we sent a response for each KeyUpdate received. Fixes #8677 Reviewed-by:
-
Shane Lontis authored
Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8944) (cherry picked from commit 19e512a8244a6f527d0194339a8f9fc45468537a)
-
- May 31, 2019
-
-
David Benjamin authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Retropotenza authored
CLA: trivial Fixes #8911 Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8866) (cherry picked from commit fdbb3a865575136f3b432690357423c2512831fa)
-
Sambit Kumar Dash authored
Minor typo. CLA: trivial Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8866) (cherry picked from commit 3527cfcf283d2ee2e14e85f8e432eb1bcc687dbe)
-
Sambit Kumar Dash authored
Method name correction. CLA: trivial Reviewed-by:
-
- May 30, 2019
-
-
agnosticdev authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8606) (cherry picked from commit 711a161f03ef9ed7cd149a22bf1203700c103e96)
-
- May 29, 2019
-
-
Dr. Matthias St. Pierre authored
openssl_config_int() returns the uninitialized variable `ret` when compiled with OPENSSL_SYS_UEFI. Fixes #9026 Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9029) (cherry picked from commit f4a96507fb880d5f5a707c138388cb8b5b1ba8c8)
-
Iuri Rezende Souza authored
CLA: trivial Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9021) (cherry picked from commit ea8d07b155d26abb52574a1c1366b662a27ffbed)
-
- May 28, 2019
-
-
Richard Levitte authored
Not all Unixen know the -v option Reviewed-by:
-
Richard Levitte authored
Use -bnoentry, not -bexpall Reviewed-by:
-
Tomas Mraz authored
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- May 27, 2019
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
OpenSSL 1.1.1's Configure treats the strings in @disablables as regexps, which means that the 'buildtest-c++' option needs a bit of escaping to be interpreted as intended. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Disabled by default Fixes #8360 Reviewed-by:
-
Richard Levitte authored
We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by:
-
Richard Levitte authored
The documentation of what a X509_LOOKUP implementation must do was unclear and confusing. Most of all, clarification was needed that it must store away the found objects in the X509_STORE. Fixes #8707 Reviewed-by:
-
- May 26, 2019
-
-
FdaSilvaYY authored
Add a few coverage test case. Fixes #8949 [extended tests] Reviewed-by:
-
- May 24, 2019
-
-
voev authored
CLA: trivial Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8979)
-
agnosticdev authored
Reviewed-by:
-
Sambit Kumar Dash authored
CLA: trivial Reviewed-by:
-
- May 23, 2019
-
-
Bernd Edlinger authored
e.g. openssl speed -evp id-aes256-wrap-pad was crashing because the return code from EVP_CipherInit_ex was ignored. Not going to allow that cipher mode because wrap ciphers produces more bytes output than the input length and EVP_Update_loop is not really prepared for that. Reviewed-by:
-
Matt Caswell authored
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and coverts them for use within evp_test. This commit also adds a script to convert the .rsp CAVS files into the evp_test format. Reviewed-by:
-
- May 22, 2019
-
-
Patrick Steuer authored
Fixes #7323 Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Patrick Steuer authored
Fixes #8957 Signed-off-by:
-
Patrick Steuer authored
67c81ec3 forgot about s390x Signed-off-by:
-
- May 21, 2019
-
-
Kurt Roeckx authored
Fixes: #8737 Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
Matt Caswell authored
This reverts commit dcb982d7 . This change is causing extended tests to fail. [extended tests] Reviewed-by:
-
- May 20, 2019
-
-
Arne Schwabe authored
This function only returns a status and does not modify the parameter. Since similar function are already taking const parameters, also change this function to have a const parameter. Fixes #8934 CLA: trivial Signed-off-by:
Arne Schwabe <arne@rfc2549.org> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- May 16, 2019
-
-
Valentin Robert authored
CLA: trivial Reviewed-by:
-
- May 09, 2019
-
-
Rashmica Gupta authored
CLA: trivial Reviewed-by:
-
- May 08, 2019
-
-
Tobias Nießen authored
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by:
-
- May 07, 2019
-
-
Matt Caswell authored
Fixes #8875 Reviewed-by:
-
