- 31 7月, 2019 8 次提交
-
-
由 Richard Levitte 提交于
The core now supplies its own versions of ERR_new(), ERR_set_debug() and ERR_vset_error(). This should suffice for a provider to have any OpenSSL compatible functionlity it desires. The main difference between the ERR functions and the core counterparts is that the core counterparts take an OSSL_PROVIDER parameter instead of the library number. That way, providers do not need to know what number they have been assigned, that information stays in the core. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
-
由 Richard Levitte 提交于
Also, deprecate ERR_put_error() Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
-
由 Richard Levitte 提交于
The ERR_raise() macro uses a trick in C. The following is permitted: #include <stdio.h> void first(void) { printf("Hello! "); } void foo(const char *bar) { printf("%s", bar); } int main() { /* This */ (first(),foo)("cookie"); } ERR_raise_data() can be used to implement FUNCerr() as well, which takes away the need for the special function ERR_put_func_error(). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
-
由 Richard Levitte 提交于
The new building block are ERR_new(), ERR_set_debug(), ERR_set_error(), ERR_vset_error(), which allocate a new error record and set the diverse data in them. They are designed in such a way that it's reasonably easy to create macros that use all of them but then rely completely on the function signature of ERR_set_error() or ERR_vset_error(). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
-
由 Richard Levitte 提交于
The useful inner macros are now static inline functions. That will make them easier to debug in the future. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
-
由 Richard Levitte 提交于
New header file, include/openssl/macros.h, which contains diverse useful macros that we use elsewhere. We also add the new macro OPENSSL_FUNC, which is an alias for __FUNC__, __FUNCTION__, __FUNCSIG or __func__, depending on what the compiler supports. In the worst case, it's an alias for the string "(unknown function)". Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
-
由 Bernd Edlinger 提交于
[extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9479)
-
由 Bernd Edlinger 提交于
This avoids a spurious gcc warning: ./config enable-asan --strict-warnings => In function 'afalg_create_sk', inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11: engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation] 376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); | ^~~~~~~ [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9478)
-
- 30 7月, 2019 3 次提交
-
-
由 Matt Caswell 提交于
Extends the existing provider documentation with information about the CIPHER operation. This is primarily for provider authors. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9473)
-
由 Pauli 提交于
Fix coverity 1452083 Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9470)
-
由 Richard Levitte 提交于
To deallocate the err_data field and then allocating it again might be a waste of processing, but may also be a source of errors when memory is scarce. While we normally tolerate that, the ERR sub-system is an exception and we need to pay closer attention to how we handle memory. This adds a new err_data flag, ERR_TXT_IGNORE, which means that even if there is err_data memory allocated, its contents should be ignored. Deallocation of the err_data field is much more selective, aand should only happen when ERR_free_state() is called. Fixes #9458 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9459)
-
- 29 7月, 2019 1 次提交
-
-
由 Pauli 提交于
Implement the GNU C library's random(3) pseudorandom number generator. The algorithm is described: https://www.mscs.dal.ca/~selinger/random/ The rationale is to make the tests repeatable across differing platforms with different underlying implementations of the random(3) library call. More specifically: when executing tests with random ordering. [extended tests] Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9463)
-
- 27 7月, 2019 4 次提交
-
-
由 Patrick Steuer 提交于
if available. Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9410)
-
由 Richard Levitte 提交于
Different providers will give different results, and we need to test them all. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9398)
-
由 Richard Levitte 提交于
This changes the stanza format used so far. Some test stanza had the following line, only possible for digests: Legacy = 1 These have been traded for the following: Availablein = legacy That line is globally available in all test stanza and can be used to tell what providers a certain algorithm may be available in. Only one provider needs to match, so one might have something like this for some tests: Availablein = default fips This means that one of those providers must be available for the test stanza to be performed. If the providers mentioned for a stanza aren't available, the test is skipped. If this line isn't used in a stanza, the algorithm is assumed to be available unconditionally (either by fallback providers, or providers loaded by the config file). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9398)
-
由 Richard Levitte 提交于
Public function OSSL_PROVIDER_available() takes a library context and a provider name, and returns 1 if it's available for use, i.e. if it's possible to fetch implementations from it, otherwise 0. Internal function ossl_provider_activated() returns 1 if the given OSSL_PROVIDER is activated, otherwise 0. To make this possible, the activation of fallbacks got refactored out to a separate function, which ended up simplifying the code. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9398)
-
- 26 7月, 2019 1 次提交
-
-
由 David Benjamin 提交于
tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9445)
-
- 25 7月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Extends the existing provider documentation with information about the DIGEST operation. This is primarily for provider authors. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9453)
-
- 24 7月, 2019 5 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The HEADER_X509_H check is redundant, because <openssl/x509.h> is already included. Instead of of checking for HEADER_SSL_H, include <openssl/ssl.h> explicitly in "s_apps.h" and don't include "s_apps.h" where it's not necessary. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9364)
-
由 Dr. Matthias St. Pierre 提交于
The check is redundant, because <openssl/x509v3.h> is included. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9364)
-
由 Dr. Matthias St. Pierre 提交于
This include guard inside an object file comes as a surprise and serves no purpose anymore. It seems like this object file was included by crypto/threads/mttest.c at some time, but the include directive was removed in commit bb8abd67. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9364)
-
由 Bernd Edlinger 提交于
[extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9437)
-
由 Richard Levitte 提交于
The biggest part in this was to move the key->param builder from EVP to the DH ASN.1 method, and to implement the KEYMGMT support in the provider DH. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9394)
-
- 23 7月, 2019 17 次提交
-
-
由 Matt Caswell 提交于
The core provides a number of essential functions as "upcalls" to providers. Some of those were just utility functions that wrap other upcalls - which don't seem essential and bloat the interface. We should remove them in order to simplify the interface. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9432)
-
由 Rich Salz 提交于
The "function" argument is now unused in the XXXerr defines, so mkerr doesn't need to check if the value/name match. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9413)
-
由 Pauli 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9428)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9438)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9346)
-
由 Richard Levitte 提交于
This affects doc/man3/OSSL_PARAM.pod and doc/man7/openssl-core.h.pod Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9346)
-
由 Richard Levitte 提交于
They now display both legacy and provided algorithms. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
This function is used to traverse all algorithm implementations for a given operation type, and execute the given function for each of them. For each algorithm implementation, a method is created and passed to the given function, and then freed after that function's return. If the caller wishes to keep the method for longer, they must call the appropriate up_ref function on the method, and they must also make sure to free the passed methods at some point. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
This function is used to traverse all the implementations provided by one provider, or all implementation for a specific operation across all loaded providers, or both, and execute a given function for each occurence. This will be used by ossl_method_construct(), but also by information processing functions. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
They will do the same as usual for non-provider algorithms implementations, but can handle provider implementations as well. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
This will be useful for information display, as well as for code that want to check the name of an algorithm. This can eventually replace all NID checks. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9429)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9417)
-