- 02 6月, 2020 4 次提交
-
-
由 Billy Brumley 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11928)
-
由 Richard Levitte 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11983)
-
由 Bernd Edlinger 提交于
This is left over from the past. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11995)
-
由 Bernd Edlinger 提交于
Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12003)
-
- 01 6月, 2020 3 次提交
-
-
由 Tim Hudson 提交于
The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12001)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11971)
-
由 Hubert Kario 提交于
the openssl speed command could not benchmark FFDH speed, but it could benchmark ECDH, making comparisons between the two hard this commit adds this feature fixes #9475 Signed-off-by: NHubert Kario <hubert@kario.pl> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10887)
-
- 29 5月, 2020 9 次提交
-
-
由 Bernd Edlinger 提交于
There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11955)
-
由 Richard Levitte 提交于
A CAVEATS section is present in this manual. That section name is borrowed from OpenBSD, where mdoc(7) explains it like this: CAVEATS Common misuses and misunderstandings should be explained in this section. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11963)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11963)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11976)
-
由 Benjamin Kaduk 提交于
As of the previous commit, when a zero-length (string) parameter is present in the parameters passed to a provider for a given operation, we will produce an object corresponding to that zero-length parameter, indicating to the underlying cryptographic operation that the parameter was passed. However, rsa_cms_decrypt() was relying on the previous behavior, and unconditionally tried to call EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label was used (and thus the relevant local variable was still NULL). In the new setup that distinguishes present-but-empty and absent more clearly, it is an error to attempt to set a NULL parameter, even if it is zero-length. Exercise more caution when setting parameters, and do not call EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a label provided. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11920)
-
由 Benjamin Kaduk 提交于
Prior to this commit, if a string (or octet string) parameter was present but indicated it was zero-length, we would return success but with a NULL output value. This can be problematic in cases where there is a protocol-level distinction between parameter-absent and parameter-present-but-zero-length, which is uncommon but can happen. Since OPENSSL_malloc() returns NULL for zero-length allocation requests, make a dummy allocation for this case, to give a signal that the string parameter does exist but has zero length. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11920)
-
由 Benjamin Kaduk 提交于
Add an extra EVP test that provides empty input key material. It currently fails, since we lose the information about "key present but zero length" as we deserialize parameters in the provider. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11920)
-
由 Matt Caswell 提交于
Following on from the previous commit, add a test to check that we fail to create an EVP_PKEY_CTX if an algorithm is not available in any provider, *unless* it is an algorithm that has no provider support. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11826)
-
由 Matt Caswell 提交于
If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy. This is because some algorithms (such as MACs and KDFs used via an old style EVP_PKEY) have not been transferred to providers. Unfortunately this means that you cannot stop some algorithms from being used by not loading the provider. For example if you wanted to prevent RSA from being used, you might expect to just not load any providers that make it available. Unfortunately that doesn't work because we simply fall back to legacy if we fail to fetch the EVP_KEYMGMT. Instead we should fail *unless* the key type is one of those legacy key types that we have not transferred. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11826)
-
- 28 5月, 2020 7 次提交
-
-
由 Dmitry Belyavskiy 提交于
[extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11970)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11969)
-
由 Shane Lontis 提交于
Some older compilers use "unknown function" if they dont support __func, so the test using ERR_PUT_error needed to compensate for this when comparing against the expected value. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11967)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11966)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11908)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11908)
-
由 Bernd Edlinger 提交于
Fixes: #4983 [extended tests] Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/6074)
-
- 27 5月, 2020 5 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11953)
-
由 FdaSilvaYY 提交于
for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8098)
-
由 Richard Levitte 提交于
Fixes #11904 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11959)
-
由 Dr. Matthias St. Pierre 提交于
The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged into a single `CONF` category (see bc362b9b and 71849dff). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11806)
-
由 Rich Salz 提交于
Mostly "No items in =over/=back list" Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11902)
-
- 26 5月, 2020 7 次提交
-
-
由 Dr. David von Oheimb 提交于
Fixes #11870 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11894)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11894)
-
由 Richard Levitte 提交于
The OAEP label wasn't freed when the operation context was freed. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11927)
-
由 Shane Lontis 提交于
Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
-
由 Shane Lontis 提交于
Fixes #11743 The ouput format had 2 issues that caused it not to match the expected documented format: (1) At some point the thread id printing was changed to use the OPENSSL_hex2str method which puts ':' between hex bytes. An internal function that skips the seperator has been added. (2) The error code no longer exists. So this was completely removed from the string. It is now replaced by :: As an example: 00:77:6E:52:14:7F:00:00:error:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Is now: 00776E52147F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11789)
-
由 Pauli 提交于
The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated build. [extended tests] Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11944)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11941)
-
- 25 5月, 2020 5 次提交
-
-
由 Dmitry Belyavskiy 提交于
Fixes #11949 [extended tests] Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11951)
-
由 Richard Levitte 提交于
Dependencies on generated files must be declared explicitly. When refactoring the DER code in providers/common/der, a few of those dependency declaration were omitted, which may lead to build errors in a parallel build. Some cleanup and extensive used of build.info variables is done while at it, to avoid unnecessary repetition. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11906)
-
由 Tomas Mraz 提交于
The existing special case code is broken and it is not needed anymore as times() and _SC_CLK_TCK should be supported on the supported VMS versions. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11905)
-
由 Tomas Mraz 提交于
The __TMS might be necessary on VMS however there is no such define on glibc even though the times() function is fully supported. Fixes #11903 This reverts commit db71d315. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11905)
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11916)
-