- 10 9月, 2020 12 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12822)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12655)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12655)
-
由 Dr. David von Oheimb 提交于
Also some minor improvements mostly of test cases regarding PKCS#10 CSR input Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12655)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12655)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12823)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12824)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12824)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12741)
-
由 Dr. David von Oheimb 提交于
* Use strenghtened cert chain building, verifying chain using optional trust store while making sure that no certificate status (e.g., CRL) checks are done * Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod * Simplify certificate and cert store loading in apps/cmp.c Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12741)
-
由 Rich Salz 提交于
And add a comment that this file is in markdown, but has a .txt extension on purpose. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12805)
-
由 Kurt Roeckx 提交于
Fixes: #6855 Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #8743
-
- 09 9月, 2020 10 次提交
-
-
由 Richard Levitte 提交于
The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
-
由 Jon Spillett 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12812)
-
由 Pauli 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12808)
-
由 Pauli 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
-
由 Pauli 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
-
由 Pauli 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
-
由 Pauli 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
-
由 Pauli 提交于
This reverts commit a978dc3b. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12806)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12807)
-
- 08 9月, 2020 14 次提交
-
-
由 Richard Levitte 提交于
Now that PEM_write_bio_PrivateKey_traditional() can handle provider-native EVP_PKEYs, we don't need to use explicitly legacy ones. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12738)
-
由 Richard Levitte 提交于
PEM_write_bio_PrivateKey_traditional() didn't handle provider-native keys very well. Originally, it would simply use the corresponding encoder, which is likely to output modern PEM (not "traditional"). PEM_write_bio_PrivateKey_traditional() is now changed to try and get a legacy copy of the input EVP_PKEY, and use that copy for traditional output, if it has such support. Internally, evp_pkey_copy_downgraded() is added, to be used when evp_pkey_downgrade() is too intrusive for what it's needed for. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12738)
-
由 Jakub Zelenka 提交于
Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8024)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12786)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12786)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12786)
-
由 Richard Levitte 提交于
Those functions were located in the EC files, but is really broader than that, even thought currently only used for SM2. They should therefore be in a more central location, which was also indicated by diverse TODOs. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12789)
-
由 Richard Levitte 提交于
Setting a hash function was reserved for signature operations. However, it turns out that SM2 uses a hash function for encryption and decryption as well. Therefore, EVP_PKEY_CTX_md() must be called with an expanded operation type combination that includes EVP_PKEY_OP_TYPE_CRYPT when used in a generic way. For SM2, test/recipes/30-test_evp_data/evppkey_sm2.txt is expanded to test decryption both with an implicit and an explicit digest. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12789)
-
由 Richard Levitte 提交于
They get called "delayed parameters" because they may make it to the implementation at a later time than when they're given. This currently only covers the distinguished ID, as that's the only EVP_PKEY operation parameter so far that has been possible to give before the operation has been initialized. This includes a re-implementation of EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id(), and EVP_PKEY_CTX_get1_id_len(). Also, the more rigorous controls of keytype and optype are restored. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12789)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12780)
-
由 Richard Levitte 提交于
Because EVP_PKEY_CTX_new_from_name() could return a non-NULL context with no value in it, the lack of legacy implementation when OpenSSL was configured with 'no-ec' went through undetected. This adds the necessary guards to skip a test of SM2 in that case. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/12785)
-
由 Richard Levitte 提交于
There are places that add an ERR_R_MALLOC_FAILURE record when any of EVP_PKEY_CTX_new*() return NULL, which is 1) inaccurate, and 2) shadows the more accurate error record generated when trying to create the EVP_PKEY_CTX. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/12785)
-
由 Richard Levitte 提交于
As long as there are internal legacy keys for EVP_PKEY, we need to preserve the EVP_PKEY numeric identity when generating a key, and when creating the EVP_PKEY_CTX. For added consistency, the EVP_PKEY_CTX contructor tries a little harder to find a EVP_PKEY_METHOD. Otherwise, we may run into situations where the EVP_PKEY_CTX ends up having no associated methods at all. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/12785)
-
由 Jon Spillett 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12775)
-
- 07 9月, 2020 4 次提交
-
-
由 luxinyou 提交于
Fixes #12471 CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12533)
-
由 Richard Levitte 提交于
We're hitting problems that the 'ar' command line becomes too long for some 'make' versions, or the shell it uses. We therefore change the way we create a static library by doing so one object file at a time. This is slower, but has better guarantees to work properly on limited systems. Fixes #12116 Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/12706)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12389)
-
由 Richard Levitte 提交于
The example to create an EC key from user data didn't show what one could expect and application to do, especially with regard to how it's done with raw EC functions. We therefore refactor it to make proper use of a BIGNUM where expected, and also use OSSL_PARAM_BLD(3) for easier handling of the OSSL_PARAM array. Fixes #12388 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12389)
-