- 10 Apr, 2019 5 commits
-
-
Shane Lontis authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8697) (cherry picked from commit 3a86f1db)
-
Bernd Edlinger authored
Reviewed-by:
-
Jakub Wilk authored
CLA: trivial Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Richard Levitte authored
Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by:
-
Richard Levitte authored
'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by:
-
- 09 Apr, 2019 1 commit
-
-
Matt Caswell authored
If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by:
-
- 08 Apr, 2019 1 commit
-
-
Dan Campbell authored
Fixes #8645 Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
- 06 Apr, 2019 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 05 Apr, 2019 2 commits
-
-
Richard Levitte authored
It was assumed that the config functionality returned a boolean. However, it may return a negative number on error, so we need to take that into account. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- 04 Apr, 2019 1 commit
-
-
Matt Caswell authored
There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but are backwards compatible with SSLv3. Fixes #8655 Reviewed-by:
-
- 03 Apr, 2019 1 commit
-
-
Tomas Mraz authored
This prevents failure of openssl s_server socket binding to wildcard address on hosts with disabled IPv6. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- 02 Apr, 2019 3 commits
-
-
Richard Levitte authored
I turns out that this made crypto/rand/rand_win.c to never build with BCrypt support unless the user sets _WIN32_WINNT. That wasn't the intent. This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9. Reviewed-by:
-
Dr. Matthias St. Pierre authored
BCryptGenRandom() is available for Windows Vista and newer versions, see https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom Reviewed-by:
-
Richard Levitte authored
This helps decide if the BCrypt API should be used or not. Fixes #8635 Reviewed-by:
-
- 31 Mar, 2019 1 commit
-
-
x753 authored
"warning: iv not use by this cipher" -> "warning: iv not used by this cipher" CLA: trivial Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- 30 Mar, 2019 1 commit
-
-
Shane Lontis authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8607) (cherry picked from commit cad8347be23c5e0c0d9eea02d090d42daf2dd7a9)
-
- 29 Mar, 2019 4 commits
-
-
Soujyu Tanaka authored
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). Reviewed-by:
-
Soujyu Tanaka authored
Reviewed-by:
-
Soujyu Tanaka authored
Replace it with InitializeCriticalSection() Reviewed-by:
-
Soujyu Tanaka authored
This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp Reviewed-by:
-
- 28 Mar, 2019 3 commits
-
-
Paul Monson authored
CLA: trivial Reviewed-by:
-
Dmitry Belyavskiy authored
Reviewed-by:
-
Matt Caswell authored
Fixes #8589 Reviewed-by:
-
- 27 Mar, 2019 5 commits
-
-
Jake Massimo authored
DH_check is used to test the validity of Diffie-Hellman parameter sets (p, q, g). Among the tests performed are primality tests on p and q, for this BN_is_prime_ex is called with the rounds of Miller-Rabin set as default. This will therefore use the average case error estimates derived from the function BN_prime_checks_for_size based on the bit size of the number tested. However, these bounds are only accurate on testing random input. Within this testing scenario, where we are checking the validity of a DH parameter set, we can not assert that these parameters are randomly generated. Thus we must treat them as if they are adversarial in nature and increase the rounds of Miller-Rabin performed. Generally, each round of Miller-Rabin can declare a composite number prime with probability at most (1/4), thus 64 rounds is sufficient in thwarting known generation techniques (even in safe prime settings - see https://eprint.iacr.org/2019/032 for full analysis). The choice of 64 rounds is also consistent with SRP_NUMBER_ITERATIONS_FOR_PRIME 64 as used in srp_Verify_N_and_g in openssl/apps/s_client.c. Reviewed-by:
-
Matt Caswell authored
See discussion in github issue #8563 Fixes #8563 Reviewed-by:
-
Matt Caswell authored
Fixes #8567 Reviewed-by:
-
Matt Caswell authored
We treat that as automatic success. Other EVP_*Update functions already do this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is a bit of an anomoly. That treats 0 byte input length as an error. Fixes #8576 Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reported by Mak Kolybabi Reviewed-by:
-
- 25 Mar, 2019 1 commit
-
-
Hubert Kario authored
not specifying the digest both on command line and in the config file will lead to response generation aborting with 140617514493760:error:2F098088:time stamp routines:ts_CONF_lookup_fail: \ cannot find config variable:crypto/ts/ts_conf.c:106:tsr_test::signer_digest Reviewed-by:
-
- 22 Mar, 2019 3 commits
-
-
Bernd Edlinger authored
constant time with a memory access pattern that does not depend on secret information. [extended tests] Reviewed-by:
-
Bernd Edlinger authored
[extended tests] Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- 21 Mar, 2019 1 commit
-
-
Dmitry Belyavskiy authored
Reviewed-by:
-
- 20 Mar, 2019 3 commits
-
-
Lorinczy Zsigmond authored
So far, it only handled hash-and-algorithm pairs from TLS1.2, now it also handles 'schemes' defined in TLS1.3 like 0x0807=ed25519 or 0x0809=rsa_pss_pss_sha256 Now it prints information in one of these formats: ... Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128 ... TLS1.3 ... Algorithm digest=SHA384, algorithm=DSA, security bits=192 ... TLS1.2 ... Algorithm scheme=unknown(0x0e01), security bits=128 ... unhandled case To implement this added three new lookup-tables: signature_tls13_scheme_list, signature_tls12_alg_list, signature_tls12_hash_list. Also minor changes in 'security_callback_debug', eg adding variable 'show_nm' to indicate if we should show 'nm'. Also coding-styles fixes from matcaswell Reviewed-by:
-
Richard Levitte authored
Great effort has been made to make initialization more configurable. However, the behavior of OPENSSL_config() was lost in the process, having it suddenly generate errors it didn't previously, which is not how it's documented to behave. A simple setting of default flags fixes this problem. Fixes #8528 Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
- 19 Mar, 2019 3 commits
-
-
Matt Caswell authored
DSA can accept other digests other than SHA1. EC ignores the digest option altogether. Fixes #8425 Reviewed-by:
-
Vitezslav Cizek authored
The ecdh_c array is allocated of the same size as ecdh_choices, whose size depends on whether the support for binary curves is enabled or not. (The same goes for ecdsa_c). On systems without SIGALRM, ecdh_c is indexed by predefined constants intended for representing the index of the ciphers in the ecdh_choices array. However, in case of NO_EC2M some of the #defined constants won't match and would actually access the ecdh_c out-of-bounds. Use enum instead of a macro to define the curve indexes so they're within the bounds of the ecdh_c array. Reviewed-by:
-
Vitezslav Cizek authored
openssl speed doesn't take into account that the library could be compiled without the support for the binary curves and happily uses them, which results in EC_GROUP_new_by_curve_name() errors. Reviewed-by:
-
