This project is mirrored from https://github.com/openssl/openssl.git.
Pull mirroring failed .
Last successful update .
Last successful update .
- 25 Jun, 2020 2 commits
-
-
Matt Caswell authored
Reviewed-by:Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-
Matt Caswell authored
Reviewed-by:
-
- 24 Jun, 2020 30 commits
-
-
Dr. David von Oheimb authored
CID 1463570: (USE_AFTER_FREE) CID 1463570: (USE_AFTER_FREE) Passing freed pointer "e" as an argument to "release_engine". Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12231)
-
Dr. David von Oheimb authored
CID 1463578: Resource leaks (RESOURCE_LEAK) CID 1463575: Resource leaks (RESOURCE_LEAK) Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
-
Dr. Matthias St. Pierre authored
The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core and providers. This change includes in particular all up- and downcalls, i.e., the dispatched functions passed from core to provider and vice versa. - OSSL_core_ -> OSSL_FUNC_core_ - OSSL_provider_ -> OSSL_FUNC_core_ For operations and their function dispatch tables, the following convention is used: Type | Name (evp_generic_fetch(3)) | ---------------------|-----------------------------------| operation | OSSL_OP_FOO | function id | OSSL_FUNC_FOO_FUNCTION_NAME | function "name" | OSSL_FUNC_foo_function_name | function typedef | OSSL_FUNC_foo_function_name_fn | function ptr getter | OSSL_FUNC_foo_function_name | Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Pauli authored
NULL terminate the built in "help" argv array to avoid reading beyond the end. Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by:
-
Matt Caswell authored
A few miscellaneous man page typos reported by Hal Murray on openssl-users. Reviewed-by:
-
Pauli authored
THe EVP_RAND wrapper works with the underlying RNG to produce the amount of random data requested even if it is larger than the largest single generation the source allows. This test verified that this works. Reviewed-by:
-
Pauli authored
[extended tests] Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
EVP_RAND, the RNGs and provider-rand. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Move the three different DRBGs to the provider. As part of the move, the DRBG specific data was pulled out of a common structure and into their own structures. Only these smaller structures are securely allocated. This saves quite a bit of secure memory: +-------------------------------+ | DRBG | Bytes | Secure | +--------------+-------+--------+ | HASH | 376 | 512 | | HMAC | 168 | 256 | | CTR | 176 | 256 | | Common (new) | 320 | 0 | | Common (old) | 592 | 1024 | +--------------+-------+--------+ Bytes is the structure size on the X86/64. Secure is the number of bytes of secure memory used (power of two allocator). Reviewed-by: -
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Also separate out the TSC and RDRAND based sources into their own file in the seeding subdirectory. Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Pauli authored
POSIX mandates that time_t is a signed integer but it doesn't specify the lenght. Having wrappers lets uses ignore this. Reviewed-by:
-
Pauli authored
The test RNG can provide pre-canned entropy and nonces for testing other algorithms. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Dmitry Belyavskiy authored
Documentation for -nameopt option Reviewed-by:
-
Dmitry Belyavskiy authored
Reviewed-by:
-
- 23 Jun, 2020 8 commits
-
-
Matt Caswell authored
Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12180)
-
Matt Caswell authored
SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs configured for it. This did not work. Firstly the SSL_dup code was passing a BIO ** as the destination argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that parameter. Any attempt to use this will either (1) fail silently, (2) crash or fail in some other strange way. Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make this work. Thirdly, if rbio == wbio in the original SSL object, then an attempt is made to up-ref the BIO in the new SSL object - even though it hasn't been set yet and is NULL. This results in a crash. This appears to have been broken for a very long time with at least some of the problems described above coming from SSLeay. The simplest approach is to just remove this capability from the function. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
With thanks to Rebekah Johnson for reporting this issue. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Fixes a problem where global properties don't work with a NULL query. Specifying an algorithm with a NULL query ignores the default properties. Reviewed-by:
-
Jean-Christophe Fillion-Robin authored
CLA: trivial Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Shane Lontis authored
It should never hit this branch of code, so there is no feasible test. Found due to a similar issue in PR #12176. Reviewed-by:
-
