This project is mirrored from https://github.com/openssl/openssl.git.
Pull mirroring failed .
Last successful update .
Last successful update .
- 07 Jan, 2021 2 commits
-
-
Matt Caswell authored
Reviewed-by:Nicola Tuveri <nic.tuv@gmail.com>
-
Matt Caswell authored
Reviewed-by:
-
- 06 Jan, 2021 2 commits
-
-
Matt Caswell authored
Skip over special TLS steps for stream ciphers if we haven't been configured for TLS. Fixes #12528 Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13774)
-
David CARLIER authored
Running tests takes very long with the current setting while it takes a lot shorter time with this change. Reviewed-by:
-
- 05 Jan, 2021 5 commits
-
-
John Baldwin authored
FreeBSD's /dev/crypto does not provide a CIOCGSESSINFO ioctl, but it does provide other ioctls that can be used to provide similar functionality. First, FreeBSD's /dev/crypto defines a CIOCGESSION2 ioctl which accepts a 'struct session2_op'. This structure extends 'struct session_op' with a 'crid' member which can be used to either request an individual driver by id, or a class of drivers via flags. To determine if the available drivers for a given algorithm are accelerated or not, use CIOCGESSION2 to first attempt to create an accelerated (hardware) session. If that fails, fall back to attempting a software session. In addition, when requesting a new cipher session, use the current setting of the 'use_softdrivers' flag to determine the value assigned to 'crid' when invoking CIOCGSESSION2. Finally, use the returned 'crid' value from CIOCGSESSION2 to look up the name of the associated driver via the CIOCFINDDEV ioctl. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
John Baldwin authored
FreeBSD's current /dev/crypto implementation requires that consumers clone a separate file descriptor via the CRIOGET ioctl that can then be used with other ioctls such as CIOCGSESSION. Reviewed-by:
-
bazmoz authored
Fixes #13703 Reviewed-by:
-
Etienne Millon authored
CLA: trivial Reviewed-by:
-
Etienne Millon authored
CLA: trivial Reviewed-by:
-
- 04 Jan, 2021 3 commits
-
-
Nirbheek Chauhan authored
When targeting the win-onecore configuration, we must link with /APPCONTAINER which is a requirement for submitting apps to the Windows Store. Without this, the Windows App Certificate Kit will reject the app: https://docs.microsoft.com/en-us/cpp/build/reference/appcontainer-windows-store-appReviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Nirbheek Chauhan authored
CreateFiber and ConvertThreadToFiber are not allowed in Windows Store (Universal Windows Platform) apps since they have been replaced by their Ex variants which have a new dwFlags parameter. This flag allows the fiber to do floating-point arithmetic in the fiber on x86, which would silently cause corruption otherwise since the floating-point state is not switched by default. Switch to these "new" APIs which were added in Vista. See: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfiberex#parametersReviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13764)
-
- 31 Dec, 2020 4 commits
-
-
Matt Caswell authored
Also tests the older CRYPTO_atomic_add() which was without a test Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13733)
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
If everything has already been initialised we can check this with a single test at the beginning of OPENSSL_init_crypto() and therefore reduce the amount of time spent in this function. Since this is called via very many codepaths this should have significant performance benefits. Partially fixes #13725 and #13578 Reviewed-by:
-
Matt Caswell authored
We add an implementation for CRYPTO_atomic_or() and CRYPTO_atomic_load() Reviewed-by:
-
- 30 Dec, 2020 1 commit
-
-
Matt Caswell authored
The EVP lib was calling EVP_CIPHER_CTX_block_size(), which in turn calls EVP_CIPHER_block_size() in order to find the block_size in every EVP_EncryptUpdate() call. This adds a surprising amount of overhead when using speed to test aes-128-cbc. Since we're in the EVP lib itself, we can just directly access this value. To test performance I ran the command: openssl speed -evp aes-128-cbc -bytes 16 -seconds 30 For the before and after, I ran this twice and discarded the first result to "warm up" my machine. Before: aes-128-cbc 716949.71k After: aes-128-cbc 742807.11k This represents a performance improvement of about 4% Partially fixes #13407 Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- 24 Dec, 2020 1 commit
-
-
Matt Caswell authored
Most of the time we don't have any explicit settings when loading a config file. Therefore we optimise things so that we don't need to use a lock in that instance. Partially addresses performance issues in #13725 Reviewed-by:
-
- 23 Dec, 2020 4 commits
-
-
Matt Caswell authored
EVP_CIPHER already caches certain constants so that we don't have to query the provider every time. We do the same thing with EVP_MD constants. Without this we can get performance issues, e.g. running "speed" with small blocks of data to digest can spend a long time in EVP_MD_size(), which should be quick. Partialy fixes #13578 Reviewed-by:
-
Matt Caswell authored
Previously we cached the cipher constants in EVP_CIPHER_fetch(). However, this means we do the caching every time we call that function, even if the core has previusly fetched the cipher and cached it already. This means we can end up re-caching the constants even though they are already present. This also means we could be updating these constants from multiple threads at the same time. Reviewed-by:
-
Dmitry Belyavskiy authored
Bug was introduced in #13669 Reviewed-by:
-
Dmitry Belyavskiy authored
Partially fixes #13578 Reviewed-by:
-
- 21 Dec, 2020 2 commits
-
-
Ingo Schwarze authored
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This bug was found while working on LibreSSL documentation. Reviewed-by:
Theo Buehler <tb@openbsd.org> CLA: trivial Reviewed-by:
-
jwalch authored
Fixes #13636 Reviewed-by:
-
- 20 Dec, 2020 1 commit
-
-
Richard Levitte authored
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by:
-
- 19 Dec, 2020 4 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Some of the handling of no-deprecated stuff wasn't quite complete, or even plain wrong. This restores i2d_PublicKey() to be able to handle EVP_PKEYs with legacy internal keys. This also refactors the DSA key tests in test/evp_extra_test.c to use EVP functionality entirely. Reviewed-by:
-
Petr Gotthard authored
The params[0].data is set to a non-NULL value, but params[0].data_size is always zero. This confuses get_string_internal, which creates 1 byte string with uninitialized content. When OSSL_PARAM_construct_utf8_string is used, the data_size is set correctly. Reviewed-by:
-
Richard Levitte authored
This adds an additional check that the legacy provider is available when wanting to add tests for protected PVK, since that depends on the availability of RC4. Reviewed-by:
-
- 17 Dec, 2020 11 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
'check-update' runs a 'make update' to check that it wasn't forgotten. 'check-docs' runs 'make doc-nits'. We have that as a separate job to make it more prominent. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Fixes #13121 Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
Richard Levitte authored
In most error cases, EVP_PKEY_CTX_dup() would only free the EVP_PKEY_CTX without freeing the duplicated contents. Fixes #13503 Reviewed-by:
-
Richard Levitte authored
This introduces a separate activation counter, and the function ossl_provider_deactivate() for provider deactivation. Something to be noted is that if the reference count goes down to zero, we don't care if the activation count is non-zero (i.e. someone forgot to call ossl_provider_deactivate()). Since there are no more references to the provider, it doesn't matter. The important thing is that deactivation doesn't remove the provider as long as there are references to it, for example because there are live methods associated with that provider, but still makes the provider unavailable to create new methods from. Fixes #13503 Fixes #12157 Reviewed-by:
-
