This project is mirrored from https://github.com/openssl/openssl.git.
Pull mirroring failed .
Last successful update .
Last successful update .
- 05 Nov, 2020 3 commits
-
-
Matt Caswell authored
Reviewed-by:Tomas Mraz <tmraz@fedoraproject.org>
-
Matt Caswell authored
Reviewed-by:
-
Pauli authored
Ed25519 and Ed448 contained aliases that were the same as the primary name. This removes the aliases leaving ED25519 and ED448 as the canonical names. Matching is case insensitive, so no functionality is lost. The FIPS provider didn't include the duplicates. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13308)
-
- 04 Nov, 2020 2 commits
-
-
Randall S. Becker authored
These methods should ultimately be deprecated. The move is to insulate non-UNIX platforms from these undefined symbols. CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #13273 Signed-off-by:
Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by:
-
Hu Keping authored
Remove gost-engine from the distribution tarball. Signed-off-by:
Hu Keping <hukeping@huawei.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13301)
-
- 03 Nov, 2020 1 commit
-
-
Ichinose Shogo authored
CLA: trivial Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13289)
-
- 02 Nov, 2020 6 commits
-
-
Benjamin Kaduk authored
We had several cases where the connection failed but we did not have an error message to differentiate which failure condition had been triggered. Add some more messages to help clarify what is going wrong. [extended tests] Reviewed-by:
-
Benjamin Kaduk authored
Use SSL_R_NO_PROTOCOLS_AVAILABLE instead of ERR_R_INTERNAL_ERROR, to match what the BoringSSL tests expect for this case. Reviewed-by:
-
Benjamin Kaduk authored
DTLS by design ignores records/packets with bad MAC or failed AEAD tag validation. However, recent changes to have provided cipher implementations caused tls1_enc() to leave an entry on the error queue for invalid GCM tags, e.g.: 800BEAEF487F0000:error::Provider routines:gcm_stream_update:cipher operation failed:providers/implementations/ciphers/ciphercommon_gcm.c:306 The BoringSSL tests check for entries on the error queue with SSL_get_error() and so we were seeing spurious test failures due to the additional item on the error queue. To avoid leaving such spurious entries on the error queue, set a mark before calling the ssl3_enc 'enc' method, and pop to that mark before ignoring invalid packets. Reviewed-by:
-
jwalch authored
I discovered the potential for use-after-free on glob_tevent_reg & its members in this function as a consequence of some static (de-)initialization fiasco in C++ client code. Long story short, an EVP_PKEY_free() was happening after OPENSSL_cleanup(). Aside from being freed the EVP_PKEY object wasn't actually being used after cleanup, it was basically just an ordering issue. Obviously the application behavior here is somewhat suspect, but IMO is basically benign. Crashing (most typical outcome of a UAF) doesn't seem the optimal response. At any rate, the issue can be avoided (at least with regard to this function) by simply updating the pointer to NULL rather than leaving it pointing to the freed memory, as is the typical practice. Reviewed-by:
-
Daniel Bevenius authored
Reviewed-by:
-
jwalch authored
Fixes #12734 Reviewed-by:
-
- 01 Nov, 2020 5 commits
-
-
Shane Lontis authored
Reviewed-by:
-
Randall S. Becker authored
The Standard POSIX Threads (SPT) implementation hangs in some test cases if FLOSS is not used. CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #13277 Signed-off-by:
-
Richard Levitte authored
Because this test loads the shared libraries dynamically, there are cases where that results in errors because the ASAN library wasn't loaded first. That makes this test unsuitable in an ASAN build. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
doc/internal/man7/deprecation.pod was unclear in some areas, and included general documentation that has no place there. Reviewed-by:
-
- 30 Oct, 2020 5 commits
-
-
jwalch authored
Reviewed-by:
-
Matt Caswell authored
The OSSL_DEPRECATEDIN_3_0 macro introduced in PR #13074 is intended to be passed as a parameter to the various PEM declaration macros. However, in some cases OSSL_DEPRECATEDIN_3_0 is defined to be empty, and it is not allowed to pass empty macro arguments in C90. Therefore we ensure these macros are always defined. In the case where they were empty previously we use a no-op value instead. Reviewed-by:
-
Matt Caswell authored
PR#12860 fixed issues with the Lhash code. It replaced usage of DEFINE_LHASH_OF() in the public headers. Unfortunately it missed a couple of instances. Reviewed-by:
-
Richard Levitte authored
These are meant to be used with functions like OSSL_ENCODER_CTX_new_by_EVP_PKEY() The OSSL_ENCODER_CTX_new_by_EVP_PKEY() manual is also expanded on the topics of output types and selections. Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13189)
-
Richard Levitte authored
There is no option to output DH params in DER form. -outform doesn't apply to -genparam with 'openssl genpkey', and it shouldn't. Reviewed-by:
-
- 29 Oct, 2020 3 commits
-
-
Benjamin Kaduk authored
The handling for the SCSVs was the same as for regular ciphers; just merge them into the same table-driven handler. Reviewed-by:
-
Ard Biesheuvel authored
PAC pointer authentication signs the return address against the value of the stack pointer, to prevent stack overrun exploits from corrupting the control flow. However, this requires that the AUTIASP is issued with SP holding the same value as it held when the PAC value was generated. The Poly1305 armv8 code got this wrong, resulting in crashes on PAC capable hardware. Reviewed-by:
-
Pauli authored
Fixes #13260 Reviewed-by:
-
- 28 Oct, 2020 1 commit
-
-
Randall S. Becker authored
CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #13237 Signed-off-by:
-
- 27 Oct, 2020 3 commits
-
-
Richard Levitte authored
The private key length is supposed to be a user settable parameter. We do check if it's set or not, and if not, we do apply defaults. Fixes #12071 Reviewed-by:
-
Richard Levitte authored
Fixes #13221 Fixes #12743 Fixes #12078 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13225)
-
Shane Lontis authored
cipher_hw_generic_##mode has been renamed to ossl_cipher_hw_generic_##mode. There were a few missing renames for t4 in .inc files. Reviewed-by:
-
- 26 Oct, 2020 3 commits
-
-
Matt Caswell authored
We were missing a call to SSLfatal. A comment claimed that we had already called it - but that is incorrect. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13229)
-
Richard Levitte authored
Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call load_cert_pass() with a corresponding argument where load_cert() was used in OpenSSL 1.1.1. Fixes #13235 Reviewed-by:
-
Kan authored
Fixes #7930 CLA: trivial Reviewed-by:
-
- 23 Oct, 2020 1 commit
-
-
Nicola Tuveri authored
The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only. Reviewed-by:
-
- 22 Oct, 2020 7 commits
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
Shane Lontis authored
Fixes #11320 Reviewed-by:
-
Shane Lontis authored
This removes a TODO. This function is not needed since any place that needs to do the conversion normally has a special case name2nid table. Reviewed-by:
-
Nicola Tuveri authored
The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only. Reviewed-by:
-
