This project is mirrored from https://github.com/openssl/openssl.git.
Pull mirroring failed .
Last successful update .
Last successful update .
- 31 Mar, 2020 2 commits
-
-
Matt Caswell authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
- 29 Mar, 2020 1 commit
-
-
Viktor Szakats authored
The fix consists of putting all destination directories between double-quotes to make the default (and any custom) prefixes containing spaces to work when doing 'make install'. Also enable CI test with x86 mingw cross-build. [extended tests] Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11434)
-
- 25 Mar, 2020 2 commits
-
-
Tomas Mraz authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11400)
-
Tomas Mraz authored
This partially reverts commit db943f43. Reviewed-by:
-
- 24 Mar, 2020 1 commit
-
-
Richard Könning authored
CLA: trivial Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11372) (cherry picked from commit 402b00d5)
-
- 22 Mar, 2020 1 commit
-
-
Bernd Edlinger authored
Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10756)
-
- 20 Mar, 2020 1 commit
-
-
FdaSilvaYY authored
Found by Coverity. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- 19 Mar, 2020 4 commits
-
-
Bernd Edlinger authored
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1 when not computing safe primes. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
This should avoid half of the trial divisions in probable_prime_dh_safe and avoid bn_probable_prime_dh generating primes with special properties. Reviewed-by:
-
Bernd Edlinger authored
Currently probable_prime makes sure that p-1 does not have any prime factors from 3..17863, which is useful for safe primes, but not necessarily for the general case. Issue was initially reported here: MIRONOV, I. Factoring RSA Moduli II. https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/Reviewed-by:
-
- 17 Mar, 2020 6 commits
-
-
Matt Caswell authored
Reviewed-by:Paul Yang <kaishen.yy@antfin.com>
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
Mark J. Cox <mark@awe.com> (Merged from https://github.com/openssl/openssl/pull/11342)
-
Matt Caswell authored
Reviewed-by:
-
Ben Kaduk authored
We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so just keep using the original ones. Also, fix a typo in a comment. [extended tests] Reviewed-by:
-
- 13 Mar, 2020 7 commits
-
-
Benjamin Kaduk authored
The TLS (pre-1.3) ChangeCipherState message is usually used to indicate the switch from the unencrypted to encrypted part of the handshake. However, it can also be used in cases where there is an existing session (such as during resumption handshakes) or when changing from one cipher to a different one (such as during renegotiation when the cipher list offered by the client has changed). This test serves to exercise such situations, allowing us to detect whether session objects are being modified in cases when they must remain immutable for thread-safety purposes. Reviewed-by:
-
Benjamin Kaduk authored
The server-side ChangeCipherState processing stores the new cipher in the SSL_SESSION object, so that the new state can be used if this session gets resumed. However, writing to the session is only thread-safe for initial handshakes, as at other times the session object may be in a shared cache and in use by another thread at the same time. Reflect this invariant in the code by only writing to s->session->cipher when it is currently NULL (we do not cache sessions with no cipher). The code prior to this change would never actually change the (non-NULL) cipher value in a session object, since our server enforces that (pre-TLS-1.3) resumptions use the exact same cipher as the initial connection, and non-abbreviated renegotiations have produced a new session object before we get to this point. Regardless, include logic to detect such a condition and abort the handshake if it occurs, to avoid any risk of inadvertently using the wrong cipher on a connection. Reviewed-by:
-
Benjamin Kaduk authored
TLS 1.3 maintains a separate keys chedule in the SSL object, but was writing to the 'master_key_length' field in the SSL_SESSION when generating the per-SSL master_secret. (The generate_master_secret SSL3_ENC_METHOD function needs an output variable for the master secret length, but the TLS 1.3 implementation just uses the output size of the handshake hash function to get the lengths, so the only natural-looking thing to use as the output length was the field in the session. This would potentially involve writing to a SSL_SESSION object that was in the cache (i.e., resumed) and shared with other threads, though. The thread-safety impact should be minimal, since TLS 1.3 requires the hash from the original handshake to be associated with the resumption PSK and used for the subsequent connection. This means that (in the resumption case) the value being written would be the same value that was previously there, so the only risk would be on architectures that can produce torn writes/reads for aligned size_t values. Since the value is essentially ignored anyway, just provide the address of a local dummy variable to generate_master_secret() instead. Reviewed-by:
-
Benjamin Kaduk authored
Use a space after a comma. Reviewed-by:
-
Benjamin Kaduk authored
The generated macros are TYPE_get_ex_new_index() (to match CRYPTO_get_ex_new_index()), not TYPE_get_new_ex_index(), even though the latter spelling seems more natural. Reviewed-by:
-
Benjamin Kaduk authored
Generally modernize the language. Refer to TLS instead of SSL/TLS, and try to have more consistent usage of commas and that/which. Reword some descriptions to avoid implying that a list of potential reasons for behavior is an exhaustive list. Clarify how get_session_cb() is only called on servers (i.e., in general, and that it's given the session ID proposed by the client). Clarify the semantics of the get_cb()'s "copy" argument. The behavior seems to have changed in commit 8876bc05, though the behavior prior to that commit was not to leave the reference-count unchanged if *copy was not written to -- instead, libssl seemed to assume that the callback already had incremented the reference count. Reviewed-by:
-
Jakub Jelen authored
CLA: trivial Signed-off-by:
Jakub Jelen <jjelen@redhat.com> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- 12 Mar, 2020 1 commit
-
-
Dr. Matthias St. Pierre authored
(cherry picked from commit 88398d2a) Additionally, remove an outdated paragraph mentioning the .rnd file, which is obsolete in 1.1.1 since the RANDFILE entry was removed from openssl.cnf in commit 1fd6afb5. Also borrow some text from 'openssl(1)/Random State Options' on master (commit a397aca4) to emphasize that it is not necessary anymore to restore and save the RNG state using the '-rand' and '-writerand' options. Reviewed-by:
-
- 11 Mar, 2020 2 commits
-
-
Matt Caswell authored
This reverts commit b98efebe. Reviewed-by:
-
Matt Caswell authored
This reverts commit 68436f0a. The OMC did not vote in favour of backporting this to 1.1.1, so this change should be reverted. Reviewed-by:
-
- 09 Mar, 2020 1 commit
-
-
James Peach authored
CLA: trivial Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
- 08 Mar, 2020 3 commits
-
-
Richard Levitte authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> (cherry picked from commit 03d65ca2) Reviewed-by:
-
Richard Levitte authored
We change the description to be about the key rather than the signature. How the key size is related to the signature is explained in the description of EVP_SignFinal() anyway. Reviewed-by:
-
Bastian Germann authored
OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11 engine URL to "-signkey" option. The actual code is ready to take it. Change the option parsing to allow an engine URL to be passed and modify the manpage accordingly. CLA: trivial (cherry picked from commit 16d56043) Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> Reviewed-by:
-
- 06 Mar, 2020 3 commits
-
-
Matt Caswell authored
EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() expect the size of the key buffer to be populated in the |*len| parameter on entry - but the docs made no mention of this. Fixes #11245 Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Most of all, the base X509_LOOKUP functionality is now documented. Furthermore, the names X509_LOOKUP_METHOD and X509_STORE are added for reference. Some functions were moved from X509_LOOKUP_meth_new.pod Reviewed-by:
-
- 05 Mar, 2020 3 commits
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
-
Bernd Edlinger authored
It happens when configured with ./config -ftest-coverage see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94029Reviewed-by:
-
- 27 Feb, 2020 2 commits
-
-
Scott Arciszewski authored
CLA: trivial Reviewed-by:
-
Bastian Germann authored
CAkeyform may be set to PEM, DER or ENGINE, but the current options are not using the proper optionformat 'E' (OPT_FMT_PDE) for this. Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting the option value. This amends bf4006a6 ("Fix regression on x509 keyform argument") which did the same thing for keyform and changed the manpage synopsis entries for both keyform and CAkeyform but did not change the option section. Hence, change the option section. CLA: trivial Reviewed-by:
-
