- 07 Dec, 2018 1 commit
-
-
FdaSilvaYY authored
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7705) (cherry picked from commit 56bc3ea0a49b8aa99a4b031e7cb48ea87fe28e2d)
-
- 06 Dec, 2018 2 commits
-
-
Dr. Matthias St. Pierre authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7750) (cherry picked from commit 425dde5d)
-
Dr. Matthias St. Pierre authored
Fixes #7698 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7750) (cherry picked from commit 3a17b9a4)
-
- 05 Dec, 2018 6 commits
-
-
Matt Caswell authored
Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7755) (cherry picked from commit 0fb2815b873304d145ed00283454fc9f3bd35e6b)
-
Matt Caswell authored
This reverts commit ec0c5f56 . SSL_export_keying_material() may use longer label lengths. Fixes #7712 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7755) (cherry picked from commit ed371b8c)
-
Andy Polyakov authored
Fixed-top interfaces tolerate zero-padded inputs and facilitate constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend, but not divisor. It's argued that divisor's length is public even when value is secret. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit 3a4a88f4)
-
Andy Polyakov authored
and add template for constant-time bn_div_3_words. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit 3da2e9c4)
-
Andy Polyakov authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit 31703da3)
-
Andy Polyakov authored
It's being replaced with constant-time alternative. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit b34446cc)
-
- 03 Dec, 2018 3 commits
-
-
Matt Caswell authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7697) (cherry picked from commit e65a79d2)
-
Matt Caswell authored
Check that s is less than the order before attempting to verify the signature as per RFC8032 5.1.7 Fixes #7693 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7697) (cherry picked from commit 0ac8f35c)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7744) (cherry picked from commit 7b4a3515a4ddb567d48000e61d7cb640d0c5f261)
-
- 30 Nov, 2018 5 commits
-
-
Andy Polyakov authored
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding if nul delimiter is preceded by 8 consecutive 0x03 bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 603221407ddc6404f8c417c6beadebf84449074c)
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 75f5e944be97f28867e7c489823c889d89d0bd06)
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit e875b0cf2f10bf2adf73e0c2ec81428290f4660c)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 89072e0c2a483f2ad678e723e112712567b0ceb1)
-
Andy Polyakov authored
Expected usage pattern is to unconditionally set error and then wipe it if there was no actual error. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit f658a3b64d8750642f4975090740865f770c2a1b)
-
- 27 Nov, 2018 4 commits
-
-
Richard Levitte authored
Config options 'no-err' and 'no-autoerrinit' Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7711) (cherry picked from commit f1d49ed94707f5f0799541aa8e528dce67712948)
-
Paul Yang authored
If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the process crashed in the debug code. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7707) (cherry picked from commit 5a4481f0e0bbf836c7f41805e84617784cb6b1db)
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7703) (cherry picked from commit f19d20b6)
-
Richard Levitte authored
We only convert lowercase .s to .asm, that turned out not to be sufficient. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7703) (cherry picked from commit c739e676)
-
- 26 Nov, 2018 1 commit
-
-
Billy Brumley authored
Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/517358603b4be76d48a50007a0d414c2072697dd Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7619) (cherry picked from commit 900fd8f375ca758d182e894bc1556509b231dbc8)
-
- 24 Nov, 2018 10 commits
-
-
Richard Levitte authored
There's too high a chance that the openssl app and perl get different messages for some error numbers. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7699) (cherry picked from commit 0777de15ff09105593c7e778cf47f97a9144d273)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit 3be389435fc7b94623d972b622dbd9f0cd5c34f7)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b741f153)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit 76bc401c)
-
Richard Levitte authored
When creating a tarball, it's pointless to include scripts that assume a git workspace. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b9a69471)
-
Richard Levitte authored
Also adds missing copyright boilerplate to util/mktar.sh Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b42922ea2f605fd6c42faad1743fb27be5f7f1f3)
-
Richard Levitte authored
This typo prevented ia64 assembler to be compiled on VMS Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7700) (cherry picked from commit 04375857)
-
Richard Levitte authored
It turns out that on VMS, strerror() returns messages with added spaces at the end. We wouldn't had noticed if it wasn't for perl trimming those spaces off for its own sake and thereby having test/recipes/02-test_errstr.t fail on VMS. The safe fix is to do the same trimming ourselves. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7701) (cherry picked from commit 9f15e5b9)
-
David Woodhouse authored
If the private key says it can only support one specific digest, then don't ask it to perform a different one. Fixes: #7348 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2d263a4a73f852005b16359873475d48755999ad) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7609)
-
David Woodhouse authored
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory digest algorithm, when the key can't support any others. That isn't true here, so return 1 instead. Partially fixes #7348 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7609)
-
- 23 Nov, 2018 4 commits
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7692) (cherry picked from commit 8d9535ec)
-
Richard Levitte authored
Since recently, OpenSSL tarballs are produced with 'make tar' rather than 'make dist', as the latter has turned out to be more troublesome than useful. The next step to look at is why we would need to configure at all to produce a Makefile just to produce a tarball. After all, the tarball should now only contain source files that are present even without configuring. Furthermore, the current method for producing tarballs is a bit complex, and can be greatly simplified with the right tools. Since we have everything versioned with git, we might as well use the tool that comes with it. Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It takes the options --name to modify the prefix of the distribution, and --tarfile tp modify the tarball file name specifically. This also adds a few entries in .gitattributes to specify files that should never end up in a distribution tarball. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/...
-
Richard Levitte authored
This ensures we collected them properly and and as completely as can be tested safely. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7681) (cherry picked from commit 4b801fdcf4c25f44374eb18cb18f36d904975edd)
-
Richard Levitte authored
We stored copies of the system error texts in a fixed line size array, which is a huge waste. Instead, use a static memory pool and pack all the string in there. The wasted space at the end, if any, gives us some leeway for longer strings than we have measured so far. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7681) (cherry picked from commit 2c5b6bbb6797242f43b5a986e1c018943e5c1305)
-
- 22 Nov, 2018 1 commit
-
-
Andy Polyakov authored
Blinding is performed more efficiently and securely if MONT_CTX for public modulus is available by the time blinding parameter are instantiated. So make sure it's the case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7586) (cherry picked from commit 2cc3f68c)
-
- 21 Nov, 2018 2 commits
-
-
Matthew Hodgson authored
Fixes #7675 On macOS, if you call `connect()` on a UDP socket you cannot then call `sendto()` with a destination, otherwise it fails with Err#56 ('socket is already connected'). By calling `BIO_ctrl_set_connected()` on the wbio we can tell it that the socket has been connected and make it call `send()` rather than `sendto()`. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7676) (cherry picked from commit b92678f4e94eeec468f194333f874906a6fff7f1)
-
Paul Yang authored
This fixes issue #7677 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7678)
-
- 20 Nov, 2018 1 commit
-
-
cclauss authored
CLA: trivial In Travis CI, add a Python linting step that runs flake8 tests in Travis CI to find syntax errors and undefined names. (http://flake8.pycqa.org ) __E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are merely "style violations" -- useful for readability but they do not effect runtime safety. * F821: undefined name `name` * F822: undefined name `name` in `__all__` * F823: local variable name referenced before assignment * E901: SyntaxError or IndentationError * E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7410) (cherry picked from commit 2a6f57bc)
-