- 01 7月, 2019 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9277)
-
- 27 6月, 2019 1 次提交
-
-
由 Pauli 提交于
A better explanation of where the "CLA: trivial" line goes and how to add it post hoc. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9265)
-
- 30 6月, 2019 2 次提交
-
-
由 Patrick Steuer 提交于
Add description of capability vector's pcc and kma parts. Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9258)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9258)
-
- 28 6月, 2019 10 次提交
-
-
由 Paul Yang 提交于
SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
-
由 Matt Caswell 提交于
As per the previous commit we make the same change for DRBG HMAC and more closely align the FIPS_MODE and non FIPS_MODE implementations. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
-
由 Matt Caswell 提交于
We use the new function ossl_prov_util_nid_to_name() to look up the algorithm and unify the FIPS_MODE and non-FIPS_MODE handling. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
-
由 Matt Caswell 提交于
Providers that link against libcrypto can just use OBJ_nid2sn() to look up the name of an algorithm given a NID. However that doesn't work for the FIPS provider because OBJ_nid2sn() is not available there (due to the reliance of the code on ASN.1 types). Therefore we provider a new function to do this mapping. For providers linking against libcrypto the new function just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the NIDs known there. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
-
由 Matt Caswell 提交于
Insert a dummy call to RAND_DRBG_bytes from inside the FIPS provider to demonstrate that it is possible to use the RAND code from inside the module. This is temporary and will be removed once real uses of the RAND code are available inside the module. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
-
由 Matt Caswell 提交于
In some circumstances the global data held in the "global" variable can be NULL, so we should error out in the circumstance instead of crashing. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
-
由 Matt Caswell 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
-
由 Matt Caswell 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9233)
-
由 Matt Caswell 提交于
All the other upref functions are spelled as "up_ref". These new functions should be consistent. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9233)
-
由 Matt Caswell 提交于
We extend the EVP_MD_fetch documentation to be more generic and to also cover EVP_CIPHER_fetch. We expect this to be further expanded with other "fetch" functions in the future. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9233)
-
- 27 6月, 2019 7 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The manual pages require for some API functions that the 'random number generator must be seeded' before calling the function. Initially, this was meant literally, i.e. the OpenSSL CSPRNG had to be seeded manually before calling these functions. Since version 1.1.1, the CSPRNG is seeded automatically on first use, so it's not the responsibility of the programmer anymore. Still, he needs to be aware that the seeding might fail. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9257)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9260)
-
由 Matt Caswell 提交于
SIV mode is accessible via EVP. There should be no reason to make the low level SIV functions from the modes directory part of the public API. Since these functions do not exist in 1.1.1 we are still able to make this change. This also reduces the list of newly added undocumented symbols from issue #9095. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9232)
-
由 Benjamin Kaduk 提交于
It was only ever in cert_st because ssl_st was a public structure and could not be modified without breaking the API. However, both structures are now opaque, and thus we can freely change their layout without breaking applications. In this case, keeping the shared sigalgs in the SSL object prevents complications wherein they would inadvertently get cleared during SSL_set_SSL_CTX() (e.g., as run during a cert_cb). Fixes #9099 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9157)
-
由 Benjamin Kaduk 提交于
This reverts commit 524006dd. While this change did prevent the sigalgs from getting inadvertently clobbered by SSL_set_SSL_CTX(), it also caused the sigalgs to not be set when the cert_cb runs. This, in turn, caused significant breakage, such as SSL_check_chain() failing to find any valid chain. An alternate approach to fixing the issue from #7244 will follow. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9157)
-
由 Benjamin Kaduk 提交于
Augment the cert_cb sslapitest to include a run that uses SSL_check_chain() to inspect the certificate prior to installing it on the SSL object. If the check shows the certificate as not valid in that context, we do not install a certificate at all, so the handshake will fail later on in processing (tls_choose_sigalg()), exposing the indicated regression. Currently it fails, since we have not yet set the shared sigalgs by the time the cert_cb runs. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9157)
-
由 Bernd Edlinger 提交于
and rename the internally used macro to BIO_FLAGS_UPLINK_INTERNAL. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7307)
-
- 26 6月, 2019 2 次提交
-
-
由 Paul Yang 提交于
test/x509_check_cert_pkey_test.c has incorrect usage description. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9250)
-
由 Pauli 提交于
Before the return size was included in the OSSL_PARAM structure, the size global was updated via a pointer. The size global variable has been removed and the in structure return size used instead. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9248)
-
- 25 6月, 2019 2 次提交
-
-
由 Shane Lontis 提交于
Once there are buildable fips tests, some tests that are data driven from files will need to be modified to exclude non approved curves in fips mode. These changes were tested by temporarily adding #define FIPS_MODE 1 to all the modified source files. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9081)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9236)
-
- 24 6月, 2019 9 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
- Add the following macros to the NAME section: - with synopsis OSSL_TRACE_CANCEL, OSSL_TRACE, OSSL_TRACE_ENABLED - without synopsis OSSL_TRACEV (helper macro, not intended for public use) OSSL_TRACE[3-8] (omitted on purpose) - Revise the NOTES section Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9224)
-
由 Santhosh Rameshwarapu 提交于
Fixes #8784 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9228)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8967)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8967)
-
由 Richard Levitte 提交于
Algorithms may have multiple names, as seen in the legacy names database. We need to support that as well. This implementations modifies ossl_namemap to support multiple names for the same identifier. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8967)
-
由 Pauli 提交于
This feature is enabled by default outside of FIPS builds which ban such actions completely. Encryption is always disallowed and will generate an error. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9112)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9200)
-
由 Pauli 提交于
Instead of referencing the return size from the OSSL_PARAM structure, make the size a field within the structure. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9135)
-
由 Pauli 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9225)
-
- 23 6月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reverts an inadvertent change from commit fe26f798 Fixes #9220 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9218)
-
- 22 6月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
When OSSL_TRACE functionality is called before anything else, it finds itself uninitialised, i.e. its global lock hasn't been created yet. Fortunately, we have an internal general setup function for the trace functionality, that makes for a perfect spot to trigger initialisation. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9212)
-
- 21 6月, 2019 4 次提交
-
-
由 Bernd Edlinger 提交于
This is a bit annoying, if for instance "openssl genrsa -aes128" tries to read a 4+ character size password, but CTRL-C does no longer work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by UI_set_result_ex, together with the error "You must type in 4 to 1023 characters". Thus remove the REDOABLE flag to allow CTRL-C to work. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9170)
-
由 Pauli 提交于
After avoiding OPENSSL_memcmp for EC curve comparison, there are no remaining uses in the source code. The function is only defined in an internal header and thus should be safe to remove for 3.0.0. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9207)
-
由 Pauli 提交于
Remove the union that effectively cast thread IDs to long integers before display and instead print a hex dump of the entire object. Refer #9191 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9194)
-
由 Richard Levitte 提交于
It turned out that the internal trace cleanup handler was added too late, so it would be executed before OPENSSL_cleanup(). This results in address errors, as the trace code that's executed in OPENSSL_cleanup() itself tries to reach for data that's been freed at that point. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9196)
-