- 03 8月, 2020 3 次提交
-
-
由 David Woodhouse 提交于
Instead of naïvely trying to truncate at the first colon, use BIO_get_conn_hostname(). That handles IPv6 literals correctly, even stripping the [] from around them. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201)
-
由 David Woodhouse 提交于
There is a slight mismatch here because X509_VERIFY_PARAM copes only with a single IP address, and doesn't let it be cleared once it's set. But this fixes up the major use case, making things easier for users to get it right. The sconnect demo now works for Legacy IP literals; for IPv6 it needs to fix up the way it tries to split the host:port string, which will happen in a subsequent patch. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201)
-
由 Dr. David von Oheimb 提交于
Fixes #12514 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12537)
-
- 01 8月, 2020 9 次提交
-
-
由 Matt Caswell 提交于
Commit 6725682d introduced a call to ENGINE_get_digest_engine() into the function asn1_item_digest_with_libctx() to determine whether there is an ENGINE registered to handle the specified digest. However that function increases the ref count on the returned ENGINE object, so it must be freed. Fixes #12558 [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12560)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
Depending on the BIO used, using BIO_reset() may lead to "interesting" results. For example, a BIO_f_buffer() on top of another BIO that handles BIO_reset() as a BIO_seek(bio, 0), the deserialization process may find itself with a file that's rewound more than expected. Therefore, OSSL_DESERIALIZER_from_{bio,fp}'s behaviour is changed to rely purely on BIO_tell() / BIO_seek(), and since BIO_s_mem() is used internally, it's changed to handle BIO_tell() and BIO_seek() better. This does currently mean that OSSL_DESERIALIZER can't be easily used with streams that don't support BIO_tell() / BIO_seek(). Fixes #12541 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
It's not the best idea to set a whole bunch of parameters in one call, that leads to functions that are hard to update. Better to re-model this into several function made to set one parameter each. This also renames "finalizer" to "constructor", which was suggested earlier but got lost at the time. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
We use this in test/serdes_test.c, to compare serializations into PEM, which aren't necessarily terminated with a NUL byte when they were written to a BIO_s_mem(). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
The OSSL_DESERIALIZER API makes the incorrect assumption that the caller must cipher and other pass phrase related parameters to the individual desserializer implementations, when the reality is that they only need a passphrase callback, and will be able to figure out the rest themselves from the input they get. We simplify it further by never passing any explicit passphrase to the provider implementation, and simply have them call the passphrase callback unconditionally when they need, leaving it to libcrypto code to juggle explicit passphrases, cached passphrases and actual passphrase callback calls. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
This is needed so RSA keys created from different code paths have a chance to compare as equal. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
- 31 7月, 2020 5 次提交
-
-
由 Richard Levitte 提交于
For now, that's what we see being used. It's possible that we will have to figure out a way to specific if these should be implicit or explicit on a case by case basis. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
-
由 Dr. David von Oheimb 提交于
Fixes #12403 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
-
- 30 7月, 2020 9 次提交
-
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
-
由 Pauli 提交于
Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in the default provider. Add additional code to the list command to display what kind of serialisation each entry is capable of. Having the FIPS provider auto load the base provider is a future (but necessary) enhancement. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
-
由 Matt Caswell 提交于
The test_cmp_cli was failing in the extended tests on cross-compiled mingw builds. This was due to the test not using wine when it should do. The simplest solution is to just skip the test in this case. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12555)
-
由 Matt Caswell 提交于
The only reason we should fallback to legacy codepaths in DigestSignInit/ DigestVerifyInit, is if we have an engine, or we have a legacy algorithm that does not (yet) have a provider based equivalent (e.g. SM2, HMAC, etc). Currently we were falling back even if we have a suitable key manager but the export of the key fails. This might be for legitimate reasons (e.g. we only have the FIPS provider, but we're trying to export a brainpool key). In those circumstances we don't want to fallback to the legacy code. Therefore we tighten then checks for falling back to legacy. Eventually this particular fallback can be removed entirely (once all legacy algorithms have provider based key managers). Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12550)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12431)
-
由 Dr. David von Oheimb 提交于
Fixes #12395 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12431)
-
由 Nicola Tuveri 提交于
Minor changes to `custom_generator_test`: - this is to align to the 1.1.1 version of the test (simplify the code as there is no need to use `EC_GROUP_get_field_type()`) - add comment to explain how the buffer size is computed Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12507)
-
由 Nicola Tuveri 提交于
This commit adds a new test (run on all the built-in curves) to create `EC_GROUP` with **unknown** *explicit parameters*: from a built-in group we create an alternative group from scratch that differs in the generator used. At the `EC_GROUP` layer we perform a basic math check to ensure that the math on the alternative group still makes sense, using comparable results from the origin group. We then create two `EC_KEY` objects on top of this alternative group and run key generation from the `EC_KEY` layer. Then we promote these two `EC_KEY`s to `EVP_PKEY` objects and try to run the derive operation at the highest abstraction layer, comparing results in both directions. Finally, we create provider-native keys using `EVP_PKEY_fromdata` and data derived from the previous objects, we compute an equivalent shared secret from these provider keys, and compare it to the result obtained from the previous steps. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12507)
-
- 29 7月, 2020 1 次提交
-
-
由 Pauli 提交于
The locking was too fine grained when adding entries to a namemap. Refactored the working code into unlocked functions and call these with appropriate locking. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12545)
-
- 28 7月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
A recently added certificate in test/certs expired causing test_verify to fail. This add a replacement certificate with a long expiry date. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12549)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12495)
-
- 27 7月, 2020 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492)
-
由 Richard Levitte 提交于
- EVP_PKEY_is_a() didn't recognise "RSA-PSS" for legacy keys. - The RSA-PSS keymgmt didn't have a OSSL_FUNC_keymgmt_match() function. - ossl_prov_prepare_rsa_params() didn't return 1 for unrestricted RSA-PSS params. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12526)
-
- 26 7月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12535)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12525)
-
- 24 7月, 2020 5 次提交
-
-
由 Read Hughes 提交于
Fix EVP_EncodeBlock description using incorrect parameter name for encoding length CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12518)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
-
由 Richard Levitte 提交于
This adds legacy PEM variants of already existing tests. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
-
由 Richard Levitte 提交于
This adds variants of already existing tests, but where the object is encrypted / decrypted along the way as well. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
-