| 6c689e58 | 26-Jun-2020 |
Matt Caswell |
Make the ASYNC code default libctx aware
Since the default libctx is now stored in a thread local variable
swapping in and out of fibres in the ASYNC code could mean that the
"curren
Make the ASYNC code default libctx aware
Since the default libctx is now stored in a thread local variable
swapping in and out of fibres in the ASYNC code could mean that the
"current" default libctx can get confused. Therefore we ensure that
everytime we call async_fibre_swapcontext() we always restore the default
libctx to whatever it was the last time the fibre ran. Similarly when
async_fibre_swapcontext() returns we need to restore the current thread's
default libctx.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
show more ...
|
| cfbd76c1 | 23-Jun-2020 |
Richard Levitte |
CORE: Add an internal function to distinguish the global default context
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228) |
| e31eda00 | 22-Jun-2020 |
Richard Levitte |
TEST: Add test to exercise OPENSSL_CTX_set0_default()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228) |
| 3bd65f9b | 22-Jun-2020 |
Richard Levitte |
Update NEWS and CHANGES
NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com
Update NEWS and CHANGES
NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
show more ...
|
| 5a975275 | 22-Jun-2020 |
Richard Levitte |
CORE: Add OPENSSL_CTX_set0_default(), to set a default library context
Applications may want to set their own default library context,
possibly per-thread. OPENSSL_CTX_set0_default() do
CORE: Add OPENSSL_CTX_set0_default(), to set a default library context
Applications may want to set their own default library context,
possibly per-thread. OPENSSL_CTX_set0_default() does that.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
show more ...
|
| 270540fd | 24-Jun-2020 |
Richard Levitte |
INSTALL.md: Restore $ as command prompt indicator
We have a notational convention in INSTALL.md, which says this among
others:
> Any line starting with a dollar sign is a comman
INSTALL.md: Restore $ as command prompt indicator
We have a notational convention in INSTALL.md, which says this among
others:
> Any line starting with a dollar sign is a command line.
>
> $ command
>
> The dollar sign indicates the shell prompt and is not to be entered as
> part of the command.
That notation exists to make it clear what is a command line and
what's output from that command line.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12257)
show more ...
|
| b1f9db69 | 25-Jun-2020 |
Attila Szakacs |
Configuration: do not overwrite BASE_unix ex_libs in AIX
BASE_unix sets ex_libs to `-lz` based the on zlib linking.
AIX platforms overwrote this instead of adding to it.
CLA: Tr
Configuration: do not overwrite BASE_unix ex_libs in AIX
BASE_unix sets ex_libs to `-lz` based the on zlib linking.
AIX platforms overwrote this instead of adding to it.
CLA: Trivial
Signed-off-by: Attila Szakacs <attila.szakacs@oneidentity.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12271)
show more ...
|
| aba03ae5 | 02-Jan-2020 |
Kurt Roeckx |
Reduce the security bits for MD5 and SHA1 based signatures in TLS
This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer s
Reduce the security bits for MD5 and SHA1 based signatures in TLS
This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer supported at the
default security level of 1, and that you need to set the security
level to 0 to use TLS < 1.2.
Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787
show more ...
|
| 526f1f1a | 23-Feb-2020 |
Kurt Roeckx |
Fix syntax of cipher string
Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787 |
| c65b1d02 | 09-Jun-2020 |
Richard Levitte |
TEST: Add TODO segments in test/recipes/15-test_genec.t
There currently do not support 'ec_param_enc:explicit' with provider
side key generation. Reflect that by encoding the expected f
TEST: Add TODO segments in test/recipes/15-test_genec.t
There currently do not support 'ec_param_enc:explicit' with provider
side key generation. Reflect that by encoding the expected failure
with a Test::More TODO section for those particular tests.
Because the tests in this recipe are data driven, we implement this
mechanism with two functions, one for stuff that's supported and one
for stuff that isn't.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12080)
show more ...
|
| 0c2bddb7 | 07-Jun-2020 |
Nicola Tuveri |
Test genpkey app for EC keygen with various args
This commit adds a new recipe to test EC key generation with the
`genpkey` CLI app.
For each built-in curve, it tests key genera
Test genpkey app for EC keygen with various args
This commit adds a new recipe to test EC key generation with the
`genpkey` CLI app.
For each built-in curve, it tests key generation with text output, in
PEM and in DER format, using `explicit` and `named_curve` for parameters
encoding.
The list of built-in curves is static at the moment, as this allows to
differentiate between prime curves and binary curves to avoid failing
when ec2m is disabled.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12080)
show more ...
|
| cc63865f | 24-Jun-2020 |
pedro martelletto |
doc/man3: fix types taken by HMAC(), HMAC_Update()
HMAC() and HMAC_Update() take size_t for 'n' and 'len' respectively.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl
doc/man3: fix types taken by HMAC(), HMAC_Update()
HMAC() and HMAC_Update() take size_t for 'n' and 'len' respectively.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12264)
show more ...
|
| 0d96afd2 | 25-Jun-2020 |
Matt Caswell |
Prepare for 3.0 alpha 5
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> |
| 38778b78 | 25-Jun-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 4
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> |
| fbd2ece1 | 25-Jun-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12273) |
| 19765f5b | 22-Jun-2020 |
Dr. David von Oheimb |
apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine
CID 1463570: (USE_AFTER_FREE)
CID 1463570: (USE_AFTER_FREE)
Passing freed pointer "e" as an argument
apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine
CID 1463570: (USE_AFTER_FREE)
CID 1463570: (USE_AFTER_FREE)
Passing freed pointer "e" as an argument to "release_engine".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
show more ...
|
| 33c41876 | 22-Jun-2020 |
Dr. David von Oheimb |
apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity
CID 1463578: Resource leaks (RESOURCE_LEAK)
CID 1463575: Resource leaks (RESOURCE_LEAK)
Reviewed-by: P
apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity
CID 1463578: Resource leaks (RESOURCE_LEAK)
CID 1463575: Resource leaks (RESOURCE_LEAK)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
show more ...
|
| 1b0f5b62 | 21-Jun-2020 |
Dr. Matthias St. Pierre |
evp_generic_fetch.pod: fix documentation error
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222) |
| 363b1e5d | 20-Jun-2020 |
Dr. Matthias St. Pierre |
Make the naming scheme for dispatched functions more consistent
The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core a
Make the naming scheme for dispatched functions more consistent
The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core and providers.
This change includes in particular all up- and downcalls, i.e., the
dispatched functions passed from core to provider and vice versa.
- OSSL_core_ -> OSSL_FUNC_core_
- OSSL_provider_ -> OSSL_FUNC_core_
For operations and their function dispatch tables, the following convention
is used:
Type | Name (evp_generic_fetch(3)) |
---------------------|-----------------------------------|
operation | OSSL_OP_FOO |
function id | OSSL_FUNC_FOO_FUNCTION_NAME |
function "name" | OSSL_FUNC_foo_function_name |
function typedef | OSSL_FUNC_foo_function_name_fn |
function ptr getter | OSSL_FUNC_foo_function_name |
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)
show more ...
|
| 23c48d94 | 20-Jun-2020 |
Dr. Matthias St. Pierre |
Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222) |
| 5b286641 | 24-Jun-2020 |
Pauli |
apps: avoid memory overrun.
NULL terminate the built in "help" argv array to avoid
reading beyond the end.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dm
apps: avoid memory overrun.
NULL terminate the built in "help" argv array to avoid
reading beyond the end.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12258)
show more ...
|
| 6926be0b | 18-Jun-2020 |
Matt Caswell |
Fix some man page typos
A few miscellaneous man page typos reported by Hal Murray on
openssl-users.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://g
Fix some man page typos
A few miscellaneous man page typos reported by Hal Murray on
openssl-users.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12185)
show more ...
|
| 1c19ff3c | 11-Jun-2020 |
Pauli |
test: add test for generation of random data in chunks.
THe EVP_RAND wrapper works with the underlying RNG to produce the amount of
random data requested even if it is larger than the la
test: add test for generation of random data in chunks.
THe EVP_RAND wrapper works with the underlying RNG to produce the amount of
random data requested even if it is larger than the largest single generation
the source allows. This test verified that this works.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
show more ...
|
| c9ed9307 | 05-Jun-2020 |
Pauli |
test: update EVP tests to include DRBG testing
[extended tests]
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/p
test: update EVP tests to include DRBG testing
[extended tests]
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
show more ...
|
| 9a31d106 | 05-Jun-2020 |
Pauli |
NIST DRBG set data
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682) |
