The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless).
>rm -f `find . -name '*.d' \! -name '.*' -print`
>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory
>make: [Makefile:1910: clean] Error 1 (ignored)
Exclude directories from being matched by the `find` commands.
CLA: trivial
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10264)
The kernel will generate the MAC when transmitting the frame. Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts. Note that this path is not taken when
using stitched cipher suites.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
This partially reverts 3119ab3c9e. In the
case of a simple openssl s_server instance, the bio in s->wbio is a
BIO_TYPE_BUFFER BIO, not BIO_TYPE_SOCKET. This caused all of the checks
to fail breaking KTLS.
The default return value of control methods I have looked it is zero
for unknown control requests, so invoking the control requests should
be returning 0 for non-socket BIOs already.
This does still map the requests to 0 at compile time for the non-KTLS
case so that the compiler can optimize the checks away entirely.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error. BIO_get_ktls_send()
should never be true in the NO_KTLS path, so the #ifdef could be
moved even higher up to assume that error path in the NO_KTLS case
instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Only the KDF and PRF algorithms used the macros for their names, all other
algorithms used a string name directly. This brings the KDFs and PRFs into
line with the rest.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10293)
This template automatically adds the [issue: documentation] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
Actually, we would rather see general questions posted to the
openssl-users mailing list. But habits have changed and more and
more users ask questions on GitHub. Many of them are currently tagged
as bug reports or feature requests, because there is no appropriate
template for questions. This commit adds the missing template.
This template automatically adds the [issue: question] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
... if the fixed-size buffer is too small.
Fixes#9732
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10276)
Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.
GET /..\myfile.txt HTTP/1.0
There exists a check for this for Unix paths but it is not sufficient
for Windows.
Since s_server is a test tool no CVE is assigned.
Thanks to Jobert Abma for reporting this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)
The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)
RSA-PSS keys use the same internal structure as RSA keys but do not
allow accessing it through EVP_PKEY_get0_RSA. This commit changes that
behavior.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10217)
The hardcoded code points for TLSv1.3 cipher suites are used in the TLS
PSK server callback. However, they seem to have been refactored a while
ago to use tls13_aes128gcmsha256_id, so these defines are not necessary
within the s_server code anymore.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10243)
Also tweak find-doc-nits while fixing a bug (don't need .in files)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10242)
Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)
PR https://github.com/openssl/openssl/pull/10122 introduced changes to
the BN_gcd function and the control logic inside it accessed `g->d[0]`
irrespective of `g->top`.
When BN_add is called, in case the result is zero, `BN_zero` is called.
The latter behaves differently depending on the API compatibility level
flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only
`g->top` is set to zero.
This commit uses bitwise logic to ensure that `g` is treated as zero if
`g->top` is zero, irrespective of `g->d[0]`.
Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
- Use `()` to qualify function names, consistently
- Limit line width to 80 chars
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
for the following functions.
EC_GROUP_get_order
EC_GROUP_get_cofactor
EC_GROUP_get_curve_name
EC_GROUP_get_asn1_flag
EC_GROUP_get_point_conversion_form
EC_GROUP_get_degree
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9664)
HWCAP_S390_VX is missing on SUSE Linux Enterprise Server 12 SP1, so we
add a guard that checks the present of that macro. While we're at it,
we do the same with HWCAP_S390_STFLE, for consistency.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9892)
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10194)
We were not consistently using one or the other, and the perlasm
code assumes dashes, which MSVC tolerates.
Fixes#10075
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10222)
include/openssl/crypto.h is where older similar functions already
live, and since opensslv.h became a template, it's no longer useful
for parsing by util/mknum.pl.
Affected declarations:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
It's cumbersome to have to edit it at release time, it can't be made a
README.in for display reasons (Github won't show it), and having the
version number here gives no special benefit.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
The added benefit is that the result becomes much simple, and easier to
digest for those that still rely on the pre-3.0 opensslv.h contents.
Fixes#10203
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
'VERSION' is a very easy file to parse, as opposed to a header file.
We also have the benefit of holding the version information in one
very well known place and can then generate all other version texts
as we see fit, for example opensslv.h.
Fixes#10203
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
This leaves minimal implementations of EVP_blake2b512 and EVP_blake2s256,
that are now only there to provide a name for implicit fetches.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9075)
It may be that the OSSL_PARAM array we used for getting parameter
values for a key had a few too many entries. These are detected by
their return_size == 0. Before making second export call, we prune
away these items so we only ask for parameters that exist.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
