- 05 2月, 2021 6 次提交
-
-
由 Jon Spillett 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14063)
-
由 Richard Levitte 提交于
These functions are modified to use EVP_PKEY_set_octet_string_param() and EVP_PKEY_get_octet_string_param() instead of evp_keymgmt_set_params() and evp_keymgmt_get_params(). To accomplish this fully, EVP_PKEY_get_octet_string_param() is changed slightly to populate |*out_sz| with the return size, even if getting the params resulted in an error. We also modify EVP_PKEY_get_utf8_string_param() to match EVP_PKEY_get_octet_string_param() Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14056)
-
由 Richard Levitte 提交于
The checks of the type of EVP_PKEY were from before we had the macro evp_pkey_is_provided(). Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14056)
-
由 Richard Levitte 提交于
They were calling evp_keymgmt_set_params() directly. Those calls are changed to go through EVP_PKEY_set_params(). We take the opportunity to constify these functions. They have to unconstify internally for the compiler to stop complaining when placing those pointers in an OSSL_PARAM element, but that's still better than forcing the callers to do that cast. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14056)
-
由 Richard Levitte 提交于
When the internal key is changed, we must count it as muted, so that next time the affected key is considered for an operation, it gets re-exported to the signing provider. In other words, this will clear the EVP_PKEY export cache when the next export attempt occurs. This also updates evp_keymgmt_util_export_to_provider() to actually look at the dirty count for provider native origin keys, and act appropriately. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14056)
-
由 Petr Gotthard 提交于
Fixes #13656. Right now all openssl commands use a NULL propq. This patch adds a possibility to specify a custom propq. The implementation follows the example of set_nameopt/get_nameopt. Various tools had to be modified to call app_get0_propq after it has been populated. Otherwise the -propquery has no effect. The tests then verify the -propquery affects the tool behaviour by requesting a non-existing property. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13707)
-
- 04 2月, 2021 14 次提交
-
-
由 Dr. David von Oheimb 提交于
No changes in semantics. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13070)
-
由 Matt Caswell 提交于
There are no instances of the macros that this comment is referring to being used anywhere within current master. All of the macros were deprecated by commit f41ac0ee. Therefore this TODO should just be removed. Fixes #13020 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14038)
-
由 Matt Caswell 提交于
We had a couple of stray references to OpenSSL1.2 in libssl. We just reword the comments to remove those references without changing any behaviour. The first one in t1_lib.c is a technical non-compliance in the TLSv1.3 spec where, under some circumstances, we offer DSA sigalgs even in a ClientHello that eventually negotiates TLSv1.3. We explicitly chose to accept this behaviour in 1.1.1 and we're not planning to change it for 3.0. The second one in s3_lib.c is regarnding the behaviour of SSL_set_tlsext_host_name(). Technically you shouldn't be able to call this from a server - but we allow it and just ignore it rather than raising an error. The TODO suggest we consider raising an error instead. However, with 3.0 we are trying to minimise breaking changes so I suggest not making this change now. Fixes #13161 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14037)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13930)
-
由 Dr. David von Oheimb 提交于
This simplifies many usages Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14040)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Dr. David von Oheimb 提交于
The HTTP-based tests are now in 80_test_cmp_http.t, to start a little earlier. This should decrease total test run time due to better parallelization. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14053)
-
由 Richard Levitte 提交于
The default was OPENSSL_EC_NAMED_CURVE, but that's not true until a curve name has been set, so we change the initial value to OPENSSL_EC_EXPLICIT_CURVE and let EC_GROUP_set_curve_name() change it to OPENSSL_EC_NAMED_CURVE. Submitted by Matt Caswell Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13973)
-
由 Richard Levitte 提交于
It assumed there would always be a non-NULL ctx->pmeth, leading to a crash when that isn't the case. Since it needs to check 'keytype' when that one isn't -1, we also add a corresponding check for the provider backed EVP_PKEY_CTX case. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13973)
-
由 Richard Levitte 提交于
EVP_PKEY_meth_find() got called automatically any time a new EVP_PKEY_CTX allocator was called with some sort of key type data. Since we have now moved all our standard algorithms to our providers, this is no longer necessary. We do retain looking up EVP_PKEY_METHODs that are added by the calling application. Fixes #11424 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13973)
-
由 Richard Levitte 提交于
There was a remaining function signature declaration, but no OSSL_DISPATCH number for it nor any way it's ever used. It did exist once, but was replaced with an OSSL_PARAM item to retrieve. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14048)
-
- 03 2月, 2021 4 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14043)
-
由 Armin Fuerst 提交于
Fixes #13944 + changed ASN1_UTCTIME to ASN1_TIME + removed all Y2K code from do_updatedb + changed compare to ASN1_TIME_compare Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14026) (cherry picked from commit dabea5447dc487983a50a40856f731db0db17a8e)
-
由 Rich Salz 提交于
They are still used internally in legacy code. Also fixed up some minor things in EVP_DigestInit.pod Fixes: #14003 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14008)
-
由 Tomas Mraz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14044)
-
- 02 2月, 2021 16 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13958)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #13815 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14029)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
The EVP_PKEY operation_cache caches references to provider side key objects that have previously been exported for this EVP_PKEY, and their associated key managers. The cache may be updated from time to time as the EVP_PKEY is exported to more providers. Since an EVP_PKEY may be shared by multiple threads simultaneously we must be careful to ensure the cache updates are locked. Fixes #13818 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
These variables can be accessed concurrently from multiple threads so we ensure that we properly lock them before read or write. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
Otherwise we can get data races. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
TSAN was reporting a race of the exported ciphers cache that we create in the default and fips providers. This was because we cached it in the query function rather than the init function, so this would cause a race if multiple threads queried at the same time. In practice it probably wouldn't make much difference since different threads should come up with the same answer. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
Make sure we never read or write to dgbl->primary outside of a lock. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
EVP_PKEYs may be shared across mutliple threads. For example this is common for users of libssl who provide a single EVP_PKEY private key for an SSL_CTX, which is then shared between multiple threads for each SSL object. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Rich Salz 提交于
Fixes: #13997 Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14002)
-
由 Job Snijders 提交于
References: RFC6482 - A Profile for Route Origin Authorizations (ROAs) RFC6484 - Certificate Policy (CP) for the RPKI RFC6493 - The RPKI Ghostbusters Record RFC8182 - The RPKI Repository Delta Protocol (RRDP) RFC8360 - RPKI Validation Reconsidered draft-ietf-sidrops-rpki-rta - A profile for RTAs CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13948)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Also rename internal structure fields iobuf(len) to readbuf(len) for clarity Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Provides partial fix of #13127. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-