- 03 Jun, 2019 3 commits
-
-
Matt Caswell authored
Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773) (cherry picked from commit a77b4dba)
-
Matt Caswell authored
If we receive a KeyUpdate message (update requested) from the peer while we are in the middle of a write, we should defer sending the responding KeyUpdate message until after the current write is complete. We do this by waiting to send the KeyUpdate until the next time we write and there is no pending write data. This does imply a subtle change in behaviour. Firstly the responding KeyUpdate message won't be sent straight away as it is now. Secondly if the peer sends multiple KeyUpdates without us doing any writing then we will only send one response, as opposed to previously where we sent a response for each KeyUpdate received. Fixes #8677 Reviewed-by:
-
Shane Lontis authored
Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8944) (cherry picked from commit 19e512a8)
-
- 31 May, 2019 4 commits
-
-
David Benjamin authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Retropotenza authored
CLA: trivial Fixes #8911 Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8866) (cherry picked from commit fdbb3a86)
-
Sambit Kumar Dash authored
Minor typo. CLA: trivial Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8866) (cherry picked from commit 3527cfcf)
-
Sambit Kumar Dash authored
Method name correction. CLA: trivial Reviewed-by:
-
- 30 May, 2019 2 commits
-
-
agnosticdev authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8606) (cherry picked from commit 711a161f)
-
- 29 May, 2019 2 commits
-
-
Dr. Matthias St. Pierre authored
openssl_config_int() returns the uninitialized variable `ret` when compiled with OPENSSL_SYS_UEFI. Fixes #9026 Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9029) (cherry picked from commit f4a96507)
-
Iuri Rezende Souza authored
CLA: trivial Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9021) (cherry picked from commit ea8d07b1)
-
- 28 May, 2019 6 commits
-
-
Richard Levitte authored
Not all Unixen know the -v option Reviewed-by:
-
Richard Levitte authored
Use -bnoentry, not -bexpall Reviewed-by:
-
Tomas Mraz authored
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- 27 May, 2019 7 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
OpenSSL 1.1.1's Configure treats the strings in @disablables as regexps, which means that the 'buildtest-c++' option needs a bit of escaping to be interpreted as intended. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Disabled by default Fixes #8360 Reviewed-by:
-
Richard Levitte authored
We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by:
-
Richard Levitte authored
The documentation of what a X509_LOOKUP implementation must do was unclear and confusing. Most of all, clarification was needed that it must store away the found objects in the X509_STORE. Fixes #8707 Reviewed-by:
-
- 26 May, 2019 1 commit
-
-
FdaSilvaYY authored
Add a few coverage test case. Fixes #8949 [extended tests] Reviewed-by:
-
- 24 May, 2019 3 commits
-
-
voev authored
CLA: trivial Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8979)
-
agnosticdev authored
Reviewed-by:
-
Sambit Kumar Dash authored
CLA: trivial Reviewed-by:
-
- 23 May, 2019 2 commits
-
-
Bernd Edlinger authored
e.g. openssl speed -evp id-aes256-wrap-pad was crashing because the return code from EVP_CipherInit_ex was ignored. Not going to allow that cipher mode because wrap ciphers produces more bytes output than the input length and EVP_Update_loop is not really prepared for that. Reviewed-by:
-
Matt Caswell authored
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and coverts them for use within evp_test. This commit also adds a script to convert the .rsp CAVS files into the evp_test format. Reviewed-by:
-
- 22 May, 2019 3 commits
-
-
Patrick Steuer authored
Fixes #7323 Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Patrick Steuer authored
Fixes #8957 Signed-off-by:
-
Patrick Steuer authored
67c81ec3 forgot about s390x Signed-off-by:
-
- 21 May, 2019 2 commits
-
-
Kurt Roeckx authored
Fixes: #8737 Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
Matt Caswell authored
This reverts commit dcb982d7 . This change is causing extended tests to fail. [extended tests] Reviewed-by:
-
- 20 May, 2019 1 commit
-
-
Arne Schwabe authored
This function only returns a status and does not modify the parameter. Since similar function are already taking const parameters, also change this function to have a const parameter. Fixes #8934 CLA: trivial Signed-off-by:
Arne Schwabe <arne@rfc2549.org> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- 16 May, 2019 1 commit
-
-
Valentin Robert authored
CLA: trivial Reviewed-by:
-
- 09 May, 2019 1 commit
-
-
Rashmica Gupta authored
CLA: trivial Reviewed-by:
-
- 08 May, 2019 1 commit
-
-
Tobias Nießen authored
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by:
-
- 07 May, 2019 1 commit
-
-
Matt Caswell authored
Fixes #8875 Reviewed-by:
-
