This project is mirrored from https://github.com/openssl/openssl.git.
Pull mirroring failed .
Last successful update .
Last successful update .
- 04 Jun, 2020 2 commits
-
-
Matt Caswell authored
Reviewed-by:Tomas Mraz <tmraz@fedoraproject.org>
-
Matt Caswell authored
Reviewed-by:
-
- 03 Jun, 2020 5 commits
-
-
Pauli authored
[extended tests] Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12022)
-
Bernd Edlinger authored
This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12016)
-
Rich Salz authored
Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
Rich Salz authored
Merge test/P[12]ss.cnf into one config file Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf Remove Netscape cert extensions, add keyUsage comment from some cnf files Reviewed-by:
-
Pauli authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/12018)
-
- 02 Jun, 2020 6 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
PEM_write_bio_PKCS8PrivateKey(), i2d_PKCS8PrivateKey_bio(), PEM_write_PKCS8PrivateKey(), and i2d_PKCS8PrivateKey_fp() are affected by this. Fixes #11845 Reviewed-by:
-
Jack O'Connor authored
Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Bernd Edlinger authored
Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by:
-
Billy Brumley authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- 01 Jun, 2020 5 commits
-
-
Bernd Edlinger authored
This is left over from the past. Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11995)
-
Bernd Edlinger authored
Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by:
-
Tim Hudson authored
The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12001)
-
Dr. David von Oheimb authored
Reviewed-by:
-
Hubert Kario authored
the openssl speed command could not benchmark FFDH speed, but it could benchmark ECDH, making comparisons between the two hard this commit adds this feature fixes #9475 Signed-off-by:
Hubert Kario <hubert@kario.pl> Reviewed-by:
-
- 29 May, 2020 3 commits
-
-
Bernd Edlinger authored
There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by:
-
Richard Levitte authored
A CAVEATS section is present in this manual. That section name is borrowed from OpenBSD, where mdoc(7) explains it like this: CAVEATS Common misuses and misunderstandings should be explained in this section. Reviewed-by:Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11963)
-
Richard Levitte authored
Reviewed-by:
-
- 28 May, 2020 10 commits
-
-
Patrick Steuer authored
Signed-off-by:
-
Benjamin Kaduk authored
As of the previous commit, when a zero-length (string) parameter is present in the parameters passed to a provider for a given operation, we will produce an object corresponding to that zero-length parameter, indicating to the underlying cryptographic operation that the parameter was passed. However, rsa_cms_decrypt() was relying on the previous behavior, and unconditionally tried to call EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label was used (and thus the relevant local variable was still NULL). In the new setup that distinguishes present-but-empty and absent more clearly, it is an error to attempt to set a NULL parameter, even if it is zero-length. Exercise more caution when setting parameters, and do not call EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a label provided. Reviewed-by:
-
Benjamin Kaduk authored
Prior to this commit, if a string (or octet string) parameter was present but indicated it was zero-length, we would return success but with a NULL output value. This can be problematic in cases where there is a protocol-level distinction between parameter-absent and parameter-present-but-zero-length, which is uncommon but can happen. Since OPENSSL_malloc() returns NULL for zero-length allocation requests, make a dummy allocation for this case, to give a signal that the string parameter does exist but has zero length. Reviewed-by:
-
Benjamin Kaduk authored
Add an extra EVP test that provides empty input key material. It currently fails, since we lose the information about "key present but zero length" as we deserialize parameters in the provider. Reviewed-by:
-
Matt Caswell authored
Following on from the previous commit, add a test to check that we fail to create an EVP_PKEY_CTX if an algorithm is not available in any provider, *unless* it is an algorithm that has no provider support. Reviewed-by:
-
Matt Caswell authored
If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy. This is because some algorithms (such as MACs and KDFs used via an old style EVP_PKEY) have not been transferred to providers. Unfortunately this means that you cannot stop some algorithms from being used by not loading the provider. For example if you wanted to prevent RSA from being used, you might expect to just not load any providers that make it available. Unfortunately that doesn't work because we simply fall back to legacy if we fail to fetch the EVP_KEYMGMT. Instead we should fail *unless* the key type is one of those legacy key types that we have not transferred. Reviewed-by:
-
Dmitry Belyavskiy authored
[extended tests] Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Shane Lontis authored
Some older compilers use "unknown function" if they dont support __func, so the test using ERR_PUT_error needed to compensate for this when comparing against the expected value. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- 27 May, 2020 6 commits
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Bernd Edlinger authored
Fixes: #4983 [extended tests] Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
FdaSilvaYY authored
for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by:
-
Richard Levitte authored
Fixes #11904 Reviewed-by:
-
- 26 May, 2020 3 commits
-
-
Dr. Matthias St. Pierre authored
The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged into a single `CONF` category (see bc362b9b and 71849dff). Reviewed-by:
-
Rich Salz authored
Mostly "No items in =over/=back list" Reviewed-by:
-
Dr. David von Oheimb authored
Fixes #11870 Reviewed-by:
-
