- 08 5月, 2020 4 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11739)
-
由 Rich Salz 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11739)
-
由 Richard Levitte 提交于
There were a few instances where we set the EVP_PKEY_CTX operation to EVP_PKEY_OP_UNDEFINED, but forgot to clean up first. After the operation is made undefined, there's no way to know what should be cleaned away, so that must be done first, in all spots. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11750)
-
由 Dr. Matthias St. Pierre 提交于
Since the BIO_SSL structure was renewed by `ssl_free(b)/ssl_new(b)`, the `bs` pointer needs to be updated before assigning to `bs->ssl`. Thanks to @suishixingkong for reporting the issue and providing a fix. Closes #10539 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11746)
-
- 07 5月, 2020 8 次提交
-
-
由 Nikolay Morozov 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11709)
-
由 Jakub Zelenka 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11529)
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11680)
-
由 Shane Lontis 提交于
Partial Fix for #11648. Some additional work still needs to be done to support RSA-PSS mode. RSA legacy digests will be addressed in another PR. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11681)
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11696)
-
由 Shane Lontis 提交于
EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation. After adding it it was noticed that it is probably not required for this type, so instead the gen_get_params and gen_gettable_params have been remnoved from the provider interface. gen_get_params was only implemented for ec to get the curve name. This seems redundant since normally you would set parameters into the keygen_init() and then generate a key. Normally you would expect to extract data from the key - not the object that we just set up to do the keygen. Added a simple settable and gettable test into a test that does keygen. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11683)
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11731)
-
由 Richard Levitte 提交于
It seems that in older perl versions '(?P' doesn't interact very well with '(?|' or '(?:'. Since we make extensive use of '(?P' in build.info parsing, we avoid combining that with '(?|' and '(?:' when parsing build.info variables, and end up parsing variable modifier twice (first generally, and then parse that result into the modifier components). Fixes #11694 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11737)
-
- 06 5月, 2020 8 次提交
-
-
由 Dmitry Belyavskiy 提交于
Partially fixes #11209 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11734)
-
由 Matt Caswell 提交于
Ensure we test scenarios where a FIPS peer is communication with a non-FIPS peer. Check that a FIPS client doesn't offer ciphersuites it doesn't have, and that a FIPS server only chooses ciphersuites it can support. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11700)
-
由 Matt Caswell 提交于
We were not correctly detecting whether TLSv1.3 ciphersuites could actually be supported by the available provider implementations. For example a FIPS client would still offer CHACHA20-POLY1305 based ciphersuites even though it couldn't actually use them. Similarly on the server would try to use CHACHA20-POLY1305 and then fail the handshake. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11700)
-
由 Matt Caswell 提交于
If OPENSSL_CONF_INCLUDE has been set then we may leak the "include" buffer. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11691)
-
由 Matt Caswell 提交于
The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidentally use this or other enviroment variables from the user's environment we automatically set them centrally for all tests. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11691)
-
由 Tomas Mraz 提交于
(to keep API compatibility with older releases) Fixes #11716 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11732)
-
由 Benjamin Kaduk 提交于
Expand a couple literal tabs, and de-indent the body of a function. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11728)
-
由 Christian Heimes 提交于
The documentation for ``EVP_default_properties_is_fips_enabled()`` uses ``fips=yes`` in one place and ``fips=true`` in another place. Stick to ``fips=yes`` like everywhere else. Signed-off-by: NChristian Heimes <christian@python.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11723)
-
- 05 5月, 2020 4 次提交
-
-
由 Dr. David von Oheimb 提交于
Add X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and X509_VERIFY_PARAM_get1_ip_asc() to support this, as well as the internal helper function ipaddr_to_asc(), which is used also for simplifying other IP address output functions. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11693)
-
由 Kurt Roeckx 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11531)
-
由 Shane Lontis 提交于
Errors were of the form 1506-226 (S) The ":" operator is not allowed between "int" and "char*". I think it is valid syntax the way it was written, But just rewrote so it compiled. The aix compiler must be looking at the type of blah() when doing test ? (blah(), NULL) : X. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11698)
-
由 Shane Lontis 提交于
Fixes #11459 It was incorrectly using 8 bytes instead of 16 as the default. This was verified by expanding the macros used in e_cast.c. The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called. evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before using EVP_CipherInit_ex(...., key, ..). Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11707)
-
- 04 5月, 2020 16 次提交
-
-
由 Matt Caswell 提交于
We may just want to know the number of octets so allow passing a NULL buffer. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
We already had soem tests for the older raw private/public key functions so we expand those to call the new versions as well and pass in a libctx. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
Document the newly added EVP_PKEY_new_raw_private_key_with_libctx and EVP_PKEY_new_raw_public_key_with_libctx functions. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
This makes EVP_PKEY_cmp work for provider side ECX keys. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
This macro was not correctly handling Ed25519 keys Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
We had a redundant couple of lines where we exported key data twice. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
If the key is a provider key then we should export it from the provider. Fixes #11627 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
At various points we need to be able to retrieve the current library context so we store it in the ECX_KEY structure. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
ECX keys can very easily crete the public key from the private key. Therefore when we import ecx keys it is sufficent to just have the private key. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
All OpenSSL free functions should accept NULL. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
We also introduce variants which are OPENSSL_CTX aware Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 nia 提交于
Requests for more than 256 bytes will fail. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11689)
-
由 nia 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11689)
-
由 nia 提交于
This allows sysctl(KERN_ARND) to be detected properly. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11689)
-
由 Leo Neat 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11339)
-
由 Richard Levitte 提交于
With endfirst writing, it could be that we want to abandon any zero length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH was supposed to make happen, but the DER length writing code didn't look at that flag. Now it does. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11703)
-