- 02 2月, 2021 15 次提交
-
-
由 Matt Caswell 提交于
These variables can be accessed concurrently from multiple threads so we ensure that we properly lock them before read or write. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
Otherwise we can get data races. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
TSAN was reporting a race of the exported ciphers cache that we create in the default and fips providers. This was because we cached it in the query function rather than the init function, so this would cause a race if multiple threads queried at the same time. In practice it probably wouldn't make much difference since different threads should come up with the same answer. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
Make sure we never read or write to dgbl->primary outside of a lock. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
EVP_PKEYs may be shared across mutliple threads. For example this is common for users of libssl who provide a single EVP_PKEY private key for an SSL_CTX, which is then shared between multiple threads for each SSL object. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Rich Salz 提交于
Fixes: #13997 Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14002)
-
由 Job Snijders 提交于
References: RFC6482 - A Profile for Route Origin Authorizations (ROAs) RFC6484 - Certificate Policy (CP) for the RPKI RFC6493 - The RPKI Ghostbusters Record RFC8182 - The RPKI Repository Delta Protocol (RRDP) RFC8360 - RPKI Validation Reconsidered draft-ietf-sidrops-rpki-rta - A profile for RTAs CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13948)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Also rename internal structure fields iobuf(len) to readbuf(len) for clarity Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Provides partial fix of #13127. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Otherwise, sending goes wrong in case BIO_write(rctx->wbio, ...) is incomplete at first. Fixes #13938 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Richard Levitte 提交于
The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for both EC and SM2 that checks for the presence or absence of the SM2 curve the same way as the EC / SM2 import functions. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
-
由 Richard Levitte 提交于
ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions sm2_asym_cipher_functions -> ossl_sm2_asym_cipher_functions sm2_keymgmt_functions -> ossl_sm2_keymgmt_functions sm2_signature_functions -> ossl_sm2_signature_functions Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
-
- 01 2月, 2021 2 次提交
-
-
由 Matt Caswell 提交于
We create EC keys via both the "fromdata" and legacy key routes to make sure that they can be used without a public key. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13922)
-
由 Matt Caswell 提交于
In 1.1.1 and earlier it was possible to create EC_KEYs that did not have the public key in it. We need to ensure that this continues to work in 3.0. Fixes #12612 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13922)
-
- 29 1月, 2021 1 次提交
-
-
由 Tomas Mraz 提交于
Add a testcase to the test_req covering the issue. Fixes #13957 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13967)
-
- 28 1月, 2021 12 次提交
-
-
由 Daniel Bevenius 提交于
This commit attempts to fix the an issue when generating a key of type EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds EVP_PKEY_RSA_PSS to also be accepted. The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a function and it is now called in legacy_ctrl_to_param. Fixes #12384 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13099)
-
由 Juergen Christ 提交于
These defines were never used and not needed. Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13781)
-
由 Juergen Christ 提交于
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string parameters. This caused endianness problems on big-endian machines. As a result, it is not possible to pass FIPS tests since the parameter was stored with an integer value but read via a cast to char pointer. While this works on little endian machines, big endian s390 read the most significant bits instead of the least significant (as done by, e.g., x86). Change the parameter to char array and fix the usages. Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13781)
-
由 Juergen Christ 提交于
If key==null on EVP_CipherInit_ex, the init functions for the hardware implementation is not called. The s390x implementation of OFB and CFB mode used the init function to copy the IV into the hardware causing test failures on cipher reinit. Fix this by moving the copy operation into the cipher operation. Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13984)
-
由 Dr. David von Oheimb 提交于
This is an upstream fix for #13931 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13968)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13968)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13968)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13996)
-
由 Richard Levitte 提交于
An '#include <string.h>' was mistakenly removed from apps/ec.c and apps/ecparam.c Fixes #13986 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13989)
-
- 27 1月, 2021 4 次提交
-
-
由 Matt Caswell 提交于
The dhparam test was failing to properly handle line endings when running a mingw configured build under wine. Fixes #13557 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13923)
-
由 Daniel Bevenius 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13964)
-
由 Richard Levitte 提交于
OSSL_PARAM_allocate_from_text() converted text values to UTF-8 OSSL_PARAMs with a simple strncpy(). However, if the text is EBCDIC, that won't become UTF-8. Therefore, it's made to convert from EBCDIC to ASCII on platforms where the native character encoding is the former. One might argue that the conversion should be the responsibility of the application. However, this is a helper function, and the calling application can't easily know what sort of OSSL_PARAM the input values are going to be used for. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13961)
-
由 Dr. David von Oheimb 提交于
The client-side cert verification callback function may not only return as usual for success or 0 for failure, but also -1, typically on failure verifying the server certificate. This makes the handshake suspend and return control to the calling application with SSL_ERROR_WANT_RETRY_VERIFY. The app can for instance fetch further certificates or cert status information needed for the verification. Calling SSL_connect() again resumes the connection attempt by retrying the server certificate verification step. This process may even be repeated if need be. The core implementation of the feature is in ssl/statem/statem_clnt.c, splitting tls_process_server_certificate() into a preparation step that just copies the certificates received from the server to s->session->peer_chain (rather than having them in a local variable at first) and returns to the state machine, and a post-processing step in tls_post_process_server_certificate() that can be repeated: Try verifying the current contents of s->session->peer_chain basically as before, but give the verification callback function the chance to pause connecting and make the TLS state machine later call tls_post_process_server_certificate() again. Otherwise processing continues as usual. The documentation of the new feature is added to SSL_CTX_set_cert_verify_callback.pod and SSL_want.pod. This adds two tests: * A generic test in test/helpers/handshake.c on the usability of the new server cert verification retry feature. It is triggered via test/ssl-tests/03-custom_verify.cnf.in (while the bulky auto- generated changes to test/ssl-tests/03-custom_verify.cnf can be basically ignored). * A test in test/sslapitest.c that demonstrates the effectiveness of the approach for augmenting the cert chain provided by the server in between SSL_connect() calls. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13906)
-
- 26 1月, 2021 6 次提交
-
-
由 Daiki Ueno 提交于
Since the pointer can be later be modified, the caller should have the responsibility to supply the address of that. Signed-off-by: NDaiki Ueno <dueno@redhat.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13951)
-
由 Richard Levitte 提交于
Partially fixes #13949 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13954)
-
由 Richard Levitte 提交于
This cleans away old misunderstandings of what can be done with OSSL_PARAM. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13946)
-
由 Tomas Mraz 提交于
Just comparison of the original parameter file with the -out output. Some test files have non-canonical encoding, so they are moved to a different directory. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
-