| 24f84b4e | 15-Jul-2021 |
Tomas Mraz |
doc: It is not possible to use SSL_OP_* value in preprocessor conditions
Fixes #16082
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
doc: It is not possible to use SSL_OP_* value in preprocessor conditions
Fixes #16082
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16084)
show more ...
|
| 3bec4851 | 13-Jul-2021 |
Matt Caswell |
Disallow SSL_key_update() if there are writes pending
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Ins
Disallow SSL_key_update() if there are writes pending
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.
Fixes #12485
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)
show more ...
|
| 21ba77ca | 13-Jul-2021 |
Matt Caswell |
Don't reset the packet pointer in ssl3_setup_read_buffer
Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read b
Don't reset the packet pointer in ssl3_setup_read_buffer
Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read buffer then the
packet pointer will be set to an incorrect value. The packet pointer already
gets reset to the correct value when we first read a packet anyway, so we
don't also need to do it in ssl3_setup_read_buffer.
Fixes #13729
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)
show more ...
|
| e0ad156d | 15-Jul-2021 |
Tomas Mraz |
RSA_public_decrypt is equivalent to a verify recover operation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068) |
| 02d63fe9 | 14-Jul-2021 |
Tomas Mraz |
evp_test: Add tests for rsa_padding_mode:none
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068) |
| 07d189ce | 13-Jul-2021 |
Tomas Mraz |
Allow RSA signature operations with RSA_NO_PADDING
When no md is set, the raw operations should be allowed.
Fixes #16056
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Allow RSA signature operations with RSA_NO_PADDING
When no md is set, the raw operations should be allowed.
Fixes #16056
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068)
show more ...
|
| ca638147 | 14-Jul-2021 |
Tomas Mraz |
Drop daily run-checker build with just enable-acvp-tests
Having just enable-acvp-tests without enable-fips does not make
much sense as this just builds the test but it is skipped.
Drop daily run-checker build with just enable-acvp-tests
Having just enable-acvp-tests without enable-fips does not make
much sense as this just builds the test but it is skipped.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
show more ...
|
| f096691b | 14-Jul-2021 |
Tomas Mraz |
CI: have enable-acvp-tests in some CI build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076) |
| 033e987c | 14-Jul-2021 |
Tomas Mraz |
Signature algos: allow having identical digest in params
The flag_allow_md prevents setting a digest in params however
this is unnecessarily strict. If the digest is the same as the
Signature algos: allow having identical digest in params
The flag_allow_md prevents setting a digest in params however
this is unnecessarily strict. If the digest is the same as the
one already set, we do not return an error.
Fixes #16071
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
show more ...
|
| 59f66d8c | 14-Jul-2021 |
Tomas Mraz |
acvp_test: Fix incorrect parenthesis
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076) |
| 09c1db33 | 14-Jul-2021 |
Daiki Ueno |
apps: Use the first detected address family if IPv6 is not available
This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c. Even
when the host does not support IPv6 at all, BI
apps: Use the first detected address family if IPv6 is not available
This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c. Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.
After eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function
prefers the IPv6 address and fails on the BIO_socket call. This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.
The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface. However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16074)
show more ...
|
| 52f7e44e | 07-Jul-2021 |
Tomas Mraz |
Split bignum code out of the sparcv9cap.c
Fixes #15978
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16019) |
| 8e94c51b | 14-Jul-2021 |
Pauli |
doc: document the params arguments to the initialisation functions.
These were accidentally omitted when the arguments were added globally.
Fixes #16067
Reviewed-by: Tomas
doc: document the params arguments to the initialisation functions.
These were accidentally omitted when the arguments were added globally.
Fixes #16067
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)
show more ...
|
| 56fdb707 | 14-Jul-2021 |
Pauli |
evp: constify some OSSL_PARAM arguments
These were missed when the initialisation params were added
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o
evp: constify some OSSL_PARAM arguments
These were missed when the initialisation params were added
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)
show more ...
|
| 11f18ef1 | 13-Jul-2021 |
Tomas Mraz |
Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()
The implementation of EVP_PKEY_pairwise_check() is also changed
to handle the legacy keys.
Fixes #16046
Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()
The implementation of EVP_PKEY_pairwise_check() is also changed
to handle the legacy keys.
Fixes #16046
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16069)
show more ...
|
| 54c0480d | 13-Jul-2021 |
Tomas Mraz |
doc: Document that incomplete certificates return error
Fixes #16065
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16070) |
| e77be2e2 | 13-Jul-2021 |
Pauli |
test: add single byte IV AES GCM tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl
test: add single byte IV AES GCM tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16064)
show more ...
|
| c55c7d02 | 13-Jul-2021 |
Pauli |
Remove lower limit on GCM mode ciphers
Fixes #16057
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gith
Remove lower limit on GCM mode ciphers
Fixes #16057
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16064)
show more ...
|
| 2f0a5381 | 14-Jul-2021 |
Pauli |
apps: avoid using POSIX IO macros and functions when built without them.
Fall back to stdio functions if not available.
Fixes a daily run-checker failure (no-posix-io)
Revi
apps: avoid using POSIX IO macros and functions when built without them.
Fall back to stdio functions if not available.
Fixes a daily run-checker failure (no-posix-io)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16073)
show more ...
|
| 4e0383d8 | 13-Jul-2021 |
Syrone Wong |
Fix OSSL_TRACE9 missing arg9
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre
Fix OSSL_TRACE9 missing arg9
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16060)
show more ...
|
| 53111a88 | 12-Jul-2021 |
Richard Levitte |
Avoid empty lines in nmake rule bodies
nmake is tolerant of those empty lines, but jom isn't. That tolerance
isn't standard make behaviour, so we lean towards avoiding them.
We
Avoid empty lines in nmake rule bodies
nmake is tolerant of those empty lines, but jom isn't. That tolerance
isn't standard make behaviour, so we lean towards avoiding them.
We simply use '@rem' instead.
Fixes #16014
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16048)
show more ...
|
| db226bf2 | 12-Jul-2021 |
Tianjia Zhang |
Remove executable mode attributes of non-executable files
Remove the executable attributes of some C code files and key files,
change the file mode from 0755 to 0644.
Signed-off
Remove executable mode attributes of non-executable files
Remove the executable attributes of some C code files and key files,
change the file mode from 0755 to 0644.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16045)
show more ...
|
| a773e67b | 11-Jul-2021 |
Pauli |
asn.1: fix Coverity 1487104 Logically dead code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16042) |
| d19dacd5 | 08-Jul-2021 |
Pauli |
doc: document the new opt_legacy_okay() function's behaviour
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022) |
| 09b430cd | 08-Jul-2021 |
Pauli |
app: add library context and propq arguments to opt_md() and opt_cipher()
Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.
Reviewed-by: Tomas Mraz <tomas@opens
app: add library context and propq arguments to opt_md() and opt_cipher()
Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
show more ...
|
