- 30 1月, 2020 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10873)
-
由 Rich Salz 提交于
Add cmd-nits make target. Listing options should stop when it hits the "parameters" separator. Add missing .pod.in files to doc/man1/build.info Tweak find-doc-nits to try openssl-XXX before XXX for POD files and change an error messavge to be more useful. Fix the following pages: ca, cms, crl, dgst, enc, engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand, rehash, req, rsautil, s_server, speed, s_time, sess_id, smime, srp, ts, x509. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10873)
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10873)
-
- 29 1月, 2020 7 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10780)
-
由 Pauli 提交于
Backwards compatibility with the old ticket key call back is maintained. This will be removed when the low level HMAC APIs are finally removed. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
-
由 Pauli 提交于
Use of the low level HMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
-
由 Pauli 提交于
Use of the low level CMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
-
由 Richard Levitte 提交于
We do this by letting a serializer serialize the provider side key to a DER blob formatted according to the SubjectPublicKeyInfo structure (see RFC 5280), and deserialize it in libcrypto using the usual d2i function. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10851)
-
- 28 1月, 2020 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10920)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10920)
-
由 Richard Levitte 提交于
The mechanism to do this is to ask the signature operation for the DER encoded AlgorithmIdentifier that corresponds to the combination of signature algorithm and digest algorithm. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10920)
-
- 27 1月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
The function EVP_PKEY_CTX_new_from_pkey() infers the name of the algorithm to fetch from the EVP_PKEY that has been supplied as an argument. But there was no way to specify properties to be used during that fetch. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10926)
-
由 Richard Levitte 提交于
Because there was a bug in File::Spec::Unix' abs2rel when it was given relative paths as both PATH and BASE arguments, the directories we deal with were made to be all absolute. Unfortunately, this meant getting paths in our verbose test output which are difficult to use anywhere else (such as a separate test build made for comparison), due to the constant need to edit all the paths all the time. We're therefore getting back the relative paths, by doing an extra abs2rel() in __srctop_file, __srctop_dir, __bldtop_file and __bldtop_dir, with a 'Cwd::getcwd' call as BASE argument. Fixes #10628 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10913)
-
- 26 1月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
Curiously enough, perl only warned about the shadowing. However, the following 'plan' statement got disturbed somehow, as one could notice the test counter say "11/?" instead of "11/25". Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10944)
-
- 25 1月, 2020 6 次提交
-
-
由 Kurt Roeckx 提交于
TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the others. TLS 1.2 sends a list of supported ciphers, but allows not sending it in which case SHA1 is used. TLS 1.3 makes sending the list mandatory. When we didn't receive a list from the client, we always used the defaults without checking that they are allowed by the configuration. Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #10784
-
由 Kurt Roeckx 提交于
It replaces apps/server.pem that used a sha1 signature with a copy of test/certs/servercert.pem that is uses sha256. This caused the dtlstest to start failing. It's testing connection sbetween a dtls client and server. In particular it was checking that if we drop a record that the handshake recovers and still completes successfully. The test iterates a number of times. The first time through it drops the first record. The second time it drops the second one, and so on. In order to do this it has a hard-coded value for the expected number of records it should see in a handshake. That's ok because we completely control both sides of the handshake and know what records we expect to see. Small changes in message size would be tolerated because that is unlikely to have an impact on the number of records. Larger changes in message size however could increase or decrease the number of records and hence cause the test to fail. This particular test uses a mem bio which doesn't have all the CTRLs that the dgram BIO has. When we are using a dgram BIO we query that BIO to determine the MTU size. The smaller the MTU the more fragmented handshakes become. Since the mem BIO doesn't report an MTU we use a rather small default value and get quite a lot of records in our handshake. This has the tendency to increase the likelihood of the number of records changing in the test if the message size changes. It so happens that the new server certificate is smaller than the old one. AFAICT this is probably because the DNs for the Subject and Issuer are significantly shorter than previously. The result is that the number of records used to transmit the Certificate message is one less than it was before. This actually has a knock on impact for subsequent messages and how we fragment them resulting in one less ServerKeyExchange record too (the actual size of the ServerKeyExchange message hasn't changed, but where in that message it gets fragmented has). In total the number of records used in the handshake has decreased by 2 with the new server.pem file. Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #10784
-
由 Richard Levitte 提交于
This affects the following function, which can now deal with provider side keys: - EVP_SealInit() - EVP_OpenInit() Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10808)
-
由 Benjamin Kaduk 提交于
Provide a "simple" example for affecting the systemwide default behavior of libssl. The large number of mandatory nested sections makes this less simple than the main description might suggest. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10937)
-
由 Pauli 提交于
Use of the low level DES functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10858)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10858)
-
- 24 1月, 2020 10 次提交
-
-
由 Matt Caswell 提交于
Now that libssl knows about libctx we should use it wherever we generate a random number. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10927)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10900)
-
由 Dmitry Belyavskiy 提交于
This commit introduces functions PKCS8_pkey_add1_attr_by_OBJ and PKCS8_pkey_add1_attr Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10900)
-
由 Shane Lontis 提交于
This is required in order to share code for FIPS related parameter generation and validation routinues. Note the 'counter' field is now stored as a integer (as that is the form required for generation/validation functions). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10860)
-
由 Rich Salz 提交于
Move the x509_V_ERR_xxx definitions from openssl-verify to X509_STORE_CTX_get_error.pod. Add some missing ones. Consistently start with a lowercase letter, unless it's an acronym. Fix some markup mistakes in X509_verify_cert. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10132)
-
由 Richard Levitte 提交于
@{$config{LDFLAGS}} isn't necessarily split up in pieces, so we need to check for '-static' with a regexp rather than with an exact string match. Fixes #10867 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10878)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10824)
-
由 Richard Levitte 提交于
It is the provider version of EVP_PKEY_get_default_digest_nid(). We make sure to use it in the non-legacy section of do_sigver_init() (internal implementation for EVP_DigestSignInit() and EVP_DigestVerifyInit()) Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10824)
-
由 Richard Levitte 提交于
We've started to see "magic" numbers being used for certain sizes, such as algorithm names and property query strings. This change takes care of the few items where buffers for algorithm names and property query strings are used. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10928)
-
由 Richard Levitte 提交于
The common routine ossl_prov_print_labeled_bignum() didn't print the BIGNUM quite the way it should. It treated the limbs in a big endian fashion, when they are really organised in a little endian fashion. Furthermore, we make it inherit the behaviour from the print of legacy keys, where a number starting with the high bit set gets an extra zero printed first. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10891)
-
- 23 1月, 2020 8 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10826)
-
由 Shane Lontis 提交于
Added comments and cleared an intermediate result. KAT tests already exist in evppkey.txt (Search for "KAS_ECC_CDH_PrimitiveTest") Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10838)
-
由 Shane Lontis 提交于
make doc-nits was failing due to a merge error on master in missingcrypto.txt. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10932)
-
由 kinichiro 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10816)
-
由 Dmitry Belyavskiy 提交于
Fixes #10915. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10916)
-
由 David Benjamin 提交于
If one of the perlasm xlate drivers crashes, OpenSSL's build will currently swallow the error and silently truncate the output to however far the driver got. This will hopefully fail to build, but better to check such things. Handle this by checking for errors when closing STDOUT (which is a pipe to the xlate driver). Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10883)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10901)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10256)
-