- 28 10月, 2021 1 次提交
-
-
由 x2018 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
-
- 27 10月, 2021 19 次提交
-
-
由 Richard Levitte 提交于
When remaking how programs were linked, the variable `$ress` was forgotten. Unfortunately, perl treats this with silence. Fixes #16870 Fixes #16667 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16875)
-
由 Matt Caswell 提交于
gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning when compiling test/packettest.c, which causes --strict-warnings builds to fail. A simple fix avoids the warning. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16887)
-
由 Matt Caswell 提交于
Make it clear that the cipher/digest objects returned from EVP_get_cipherbyname() and EVP_get_digestbyname() functions have no associated implementation fetched from a provider. Fixes #16864 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16893)
-
由 Tomas Mraz 提交于
Co-author: Selva Nair <selva.nair@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This mostly entails passing around a provider pointer, and handling queries that includes a pointer to a provider, where NULL means "any". This also means that there's a need to pass the provider pointer, not just down to the cache functions, but also be able to get it from ossl_method_store_fetch(). To this end, that function's OSSL_PROVIDER pointer argument is modified to be a pointer reference, so the function can answer back what provider the method comes from. Test added. Fixes #16614 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
Functions like EVP_PKEY_sign_init() do an implicit fetch of the operation implementation (EVP_SIGNATURE in this case), then get the KEYMGMT from the same provider, and tries to export the key there if necessary. If an export of the key isn't possible (because the provider that holds the key is an HSM and therefore can't export), we would simply fail without looking any further. This change modifies the behaviour a bit by trying a second fetch of the operation implementation, but specifically from the provider of the EVP_PKEY that's being used. This is done with the same properties that were used with the initial operation implementation fetch, and should therefore be safe, allowing only what those properties allow. Fixes #16614 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
Added functions: evp_signature_fetch_from_prov(), evp_asym_cipher_fetch_from_prov(), evp_keyexch_fetch_from_prov(), evp_kem_fetch_from_prov() These are all like the public conterparts, except they all take a provider instead of a library context as first argument. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
In all initializing functions for functionality that use an EVP_PKEY, the coded logic was to find an KEYMGMT implementation first, and then try to find the operation method (for example, SIGNATURE implementation) in the same provider. This implies that in providers where there is a KEYMGMT implementation, there must also be a SIGNATURE implementation, along with a KEYEXCH, ASYM_CIPHER, etc implementation. The intended design was, however, the opposite implication, i.e. that where there is a SIGNATURE implementation, there must also be KEYMGMT. This change reverses the logic of the code to be closer to the intended design. There is a consequence; we now use the query_operation_name function from the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by the application). Previously, we used the query_operation_name function from the KEYMGMT found alongside the SIGNATURE implementation. Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX is now always a reference to the KEYMGMT of the |pkey| field if that one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt| isn't NULL). Fixes #16614 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This is an internal function to fetch a keymgmt method from a specific provider. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This function leverages the generic possibility to fetch EVP methods from a specific provider. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This makes it possible to limit the search of methods to that particular provider. This uses already available possibilities in ossl_algorithm_do_all(). Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Jiasheng Jiang 提交于
In openssl-3.0.0 and system provided, it is not reasonable to check null pointer after use. The order was accidentally reversed. Therefore, it is better to correct it. CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16915)
-
由 x2018 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16917)
-
由 Jiasheng Jiang 提交于
In the openssl-3.0.0 and system provided, the variable 'sctx' is unused in test_509_dup_cert. Therefore, it might be better to remove the definition and operation of it. CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16916)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16911)
-
由 Matt Caswell 提交于
If asked to encode an EC_KEY public key, but no public key value is present in the structure, we should fail rather than crash. Fixes the crash seen here: https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.htmlReviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16911)
-
由 x2018 提交于
EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new(). Otherwise may result in memory errors. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16892)
-
由 Pauli 提交于
For machines where sizeof(size_t) == sizeof(int) there is a possible overflow which could cause a crash. For machines where sizeof(size_t) > sizeof(int), the existing checks adequately detect the situation. Fixes #16899 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16904)
-
- 26 10月, 2021 4 次提交
-
-
由 Kinshuk Dua 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16885)
-
由 PW Hu 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16897)
-
由 Pauli 提交于
The test-rand RNG was returning success when it had some but insufficient data. Now, it returns failure and doesn't advance the data pointer. The test-rand RNG was failing when a parent was specified. This case is now ignored. Fixes #16785 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16905)
-
由 Arne Schwabe 提交于
The exclusion of SHA1 for X509 signatures is not obvious as the "intuative" idea is that SHA1 should have 80 security bits. However the security bits of SHA1 are explicitly set to 63 to avoid the it being strong enough for security level 1. x509_set.c has the comment: /* * SHA1 and MD5 are known to be broken. Reduce security bits so that * they're no longer accepted at security level 1. * The real values don't really matter as long as they're lower than 80, * which is our security level 1. */ Signed-off-by: NArne Schwabe <arne@rfc2549.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16895)
-
- 25 10月, 2021 8 次提交
-
-
由 Tomas Mraz 提交于
Fixes #16817 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16879)
-
由 Tomas Mraz 提交于
This prevents a compile-time warning on newer gcc. Also fix the related warning message. Fixes #16814 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16821)
-
由 Tomas Mraz 提交于
We try EVP_PKEY_dup() and if it fails we re-decode it using the legacy method as provided keys should be duplicable. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16648)
-
由 Tomas Mraz 提交于
The EVP_PKEY will be recreated from scratch which is OK. Fixes #16606 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16648)
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16648)
-
由 Matt Caswell 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16894)
-
由 Tomas Mraz 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16886)
-
由 PW Hu 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16874)
-
- 23 10月, 2021 2 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16888)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16888)
-
- 22 10月, 2021 6 次提交
-
-
由 Michael Baentsch 提交于
Also add digest parameter documentation for add_sigid and permit NULL as digest name in the provider upcall. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16770)
-
由 Kinshuk Dua 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16877)
-
由 Matt Caswell 提交于
Commit 0007ff25 added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/16838)
-
由 yuanjungong 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16316)
-
由 PW Hu 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16767)
-
由 PW Hu 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16794)
-