summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* It isn't necessary to initialise a struct stat before a stat(2) system call.Pauli2019-03-291-1/+1
| | | | | | | | The initialisation was also flawed, failing to account for padding and alignment bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
* Ensure that the struct msghdr is properly zeroed.Pauli2019-03-292-2/+4
| | | | | | | This is probably harmless but best to properly initialise things. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
* openssl dgst: show MD name at all times - CHANGES entryRichard Levitte2019-03-291-0/+4
| | | | | | | Related to #8609 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8612)
* openssl dgst: show MD name at all timesRichard Levitte2019-03-291-4/+5
| | | | | | | | | When 'openssl dgst' is called with a MD alias (such as sha256) and no further arguments (i.e. input is taken from stdin), the MD name wasn't shown. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8609)
* Clear seed source structures.Pauli2019-03-293-6/+24
| | | | | | | | | If the structures have empty padding bytes, ensure they are zeroed. These structures are added to seed pools as complete blocks including any padding and alignment bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8610)
* For the lack of GetModuleHandleEx(), we use DSO route for WinCE.Soujyu Tanaka2019-03-292-3/+109
| | | | | | | | Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
* Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.Soujyu Tanaka2019-03-291-1/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
* Avoid linking error for InitializeCriticalSectionAndSpinCount().Soujyu Tanaka2019-03-291-0/+4
| | | | | | | | Replace it with InitializeCriticalSection() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
* Avoid linking error on WCE700 for _InterlockedExchangeAdd().Soujyu Tanaka2019-03-292-3/+13
| | | | | | | | This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596)
* Add the FIPS related continuous random number generator (CRNG) testing.Pauli2019-03-296-8/+301
| | | | | | | | | | | | Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. The check is fairly simplistic, being for the entropy sources to not feed the DRBG the same block of seed material twice in a row. Only the first DRBG in a chain is subject to this check, latter DRBGs are assumed to be safely seeded via the earlier DRBGs. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8599)
* Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64.Andy Polyakov2019-03-291-0/+2
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8540)
* IA64 assembly pack: add {chacha|poly1305}-ia64 modules.Andy Polyakov2019-03-293-0/+658
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8540)
* Fixed unmatched BN_CTX_start/end if an invalid exponent is used.Shane Lontis2019-03-291-1/+1
| | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8569)
* Fix broken change from b3d113e.Pauli2019-03-291-1/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8606)
* conn_is_closed should return 1 if get_last_sys_error is WSAECONNRESETPaul Monson2019-03-281-0/+4
| | | | | | | | CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8590)
* coverity fixes for SSKDF + mac_app + kdf test cleanupShane Lontis2019-03-283-259/+125
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8566)
* Add some checks of OCSP functionsDmitry Belyavskiy2019-03-281-3/+8
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8308)
* Make OCSP_id_cmp and OCSP_id_issuer_cmp accept const paramsMatt Caswell2019-03-283-6/+6
| | | | | | | Fixes #8589 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8597)
* Fix test builds.Pauli2019-03-282-1/+1
| | | | | | | | /usr/include/bits/waitstatus.h includes endian.h under some libc's. This clashes with the new test header file, so rename the latter. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8600)
* Detect endian without relying on defined symbols.Pauli2019-03-282-10/+35
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8572)
* Increase rounds of Miller-Rabin testing DH_checkJake Massimo2019-03-271-3/+5
| | | | | | | | | | | | DH_check is used to test the validity of Diffie-Hellman parameter sets (p, q, g). Among the tests performed are primality tests on p and q, for this BN_is_prime_ex is called with the rounds of Miller-Rabin set as default. This will therefore use the average case error estimates derived from the function BN_prime_checks_for_size based on the bit size of the number tested. However, these bounds are only accurate on testing random input. Within this testing scenario, where we are checking the validity of a DH parameter set, we can not assert that these parameters are randomly generated. Thus we must treat them as if they are adversarial in nature and increase the rounds of Miller-Rabin performed. Generally, each round of Miller-Rabin can declare a composite number prime with probability at most (1/4), thus 64 rounds is sufficient in thwarting known generation techniques (even in safe prime settings - see https://eprint.iacr.org/2019/032 for full analysis). The choice of 64 rounds is also consistent with SRP_NUMBER_ITERATIONS_FOR_PRIME 64 as used in srp_Verify_N_and_g in openssl/apps/s_client.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8593)
* Don't allow SHAKE128/SHAKE256 with HMACMatt Caswell2019-03-274-1/+21
| | | | | | | | | See discussion in github issue #8563 Fixes #8563 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8584)
* Correctly check the return code of EVP_MAC_ctrl everwhere it is usedMatt Caswell2019-03-273-12/+12
| | | | | | | | EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places were not getting this check correct. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8584)
* Fix a memory leak in ARIA GCMMatt Caswell2019-03-272-2/+44
| | | | | | | Fixes #8567 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8586)
* Tolerate 0 byte input length for Update functionsMatt Caswell2019-03-272-0/+5
| | | | | | | | | | | We treat that as automatic success. Other EVP_*Update functions already do this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is a bit of an anomoly. That treats 0 byte input length as an error. Fixes #8576 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8587)
* Fix no-ecMatt Caswell2019-03-271-18/+23
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8588)
* Fix three identical grammatical errorsDr. Matthias St. Pierre2019-03-273-3/+3
| | | | | | | Reported by Mak Kolybabi Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8591)
* style nit fixShane Lontis2019-03-261-2/+2
| | | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8580)
* ts(1): digest option is mandatoryHubert Kario2019-03-251-2/+3
| | | | | | | | | | | | not specifying the digest both on command line and in the config file will lead to response generation aborting with 140617514493760:error:2F098088:time stamp routines:ts_CONF_lookup_fail: \ cannot find config variable:crypto/ts/ts_conf.c:106:tsr_test::signer_digest Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8421)
* replaced snprintf with BIO version (for windows builds)Shane Lontis2019-03-252-4/+4
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8571)
* Modify the RSA_private_decrypt functions to check the padding inBernd Edlinger2019-03-223-48/+48
| | | | | | | | | | constant time with a memory access pattern that does not depend on secret information. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8543)
* Make err_clear_constant_time really constant timeBernd Edlinger2019-03-223-27/+25
| | | | | | | [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8542)
* Cosmetic rand/drbg changes.Pauli2019-03-222-7/+7
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8554)
* Document the functions EVP_MD_fetch() and EVP_MD_upref()Matt Caswell2019-03-212-4/+175
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* Add a test for EVP_MD_fetchMatt Caswell2019-03-211-0/+102
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* Implement SHA256 in the default providerMatt Caswell2019-03-216-1/+90
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* Make EVP_Digest* functions provider awareMatt Caswell2019-03-218-26/+246
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* Implement EVP_MD_fetch()Matt Caswell2019-03-216-1/+164
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* Add a skeleton default providerMatt Caswell2019-03-216-5/+127
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* fixed mismatching #ifdef cppShane Lontis2019-03-211-4/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8544)
* Reorganized signature-scheme detection in ↵Lorinczy Zsigmond2019-03-201-25/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | 'apps/s_cb.c:security_callback_debug' callback-function. So far, it only handled hash-and-algorithm pairs from TLS1.2, now it also handles 'schemes' defined in TLS1.3 like 0x0807=ed25519 or 0x0809=rsa_pss_pss_sha256 Now it prints information in one of these formats: ... Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128 ... TLS1.3 ... Algorithm digest=SHA384, algorithm=DSA, security bits=192 ... TLS1.2 ... Algorithm scheme=unknown(0x0e01), security bits=128 ... unhandled case To implement this added three new lookup-tables: signature_tls13_scheme_list, signature_tls12_alg_list, signature_tls12_hash_list. Also minor changes in 'security_callback_debug', eg adding variable 'show_nm' to indicate if we should show 'nm'. Also coding-styles fixes from matcaswell Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8445)
* OPENSSL_config(): restore error agnosticismRichard Levitte2019-03-201-0/+1
| | | | | | | | | | | | | | Great effort has been made to make initialization more configurable. However, the behavior of OPENSSL_config() was lost in the process, having it suddenly generate errors it didn't previously, which is not how it's documented to behave. A simple setting of default flags fixes this problem. Fixes #8528 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8533)
* Updated doc for BN_clear, BN_CTX_end when param is NULLShane Lontis2019-03-202-0/+2
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8532)
* replace 'OpenSSL license' by 'Apache License 2.0'David von Oheimb2019-03-2011-11/+11
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8527)
* removed BN_clear NULL checksShane Lontis2019-03-202-27/+66
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8507)
* Replumbing: Add a mechanism to pre-populate the provider storeRichard Levitte2019-03-197-26/+111
| | | | | | | | | | | | | | | | | OpenSSL will come with a set of well known providers, some of which need to be accessible from the start. These are typically built in providers, or providers that will work as fallbacks. We do this when creating a new provider store, which means that this will happen in every library context, regardless of if it's the global default one, or an explicitely created one. We keep the data about the known providers we want to make accessible this way in crypto/provider_predefined.h, which may become generated. For now, though, we make it simple and edited manually. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8480)
* Replumbing: add fallback provider capabilityRichard Levitte2019-03-196-19/+134
| | | | | | | | | | | To ensure that old applications aren't left without any provider, and at the same time not forcing any default provider on applications that know how to deal with them, we device the concept of fallback providers, which are automatically activated if no other provider is already activated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8480)
* Update pkeyutl documentation about the digest optionMatt Caswell2019-03-191-6/+5
| | | | | | | | | | DSA can accept other digests other than SHA1. EC ignores the digest option altogether. Fixes #8425 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8432)
* Single step kdf implementationShane Lontis2019-03-1917-7/+2047
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8230)
* Move ASN1_BROKEN macrosRich Salz2019-03-192-7/+6
| | | | | | | | They're only used in one place, and only for a legacy datatype. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8302)
View Lorry Controller Status