- 06 10月, 2020 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13048)
-
- 05 10月, 2020 1 次提交
-
-
由 Dmitry Belyavskiy 提交于
OBJ_OGRNIP denotes a specific legal status of the certificate owner. OBJ_classSignTool* denotes a level of certification of the software created the certificate. http://www.garant.ru/products/ipo/prime/doc/70033464/ is the relevant link (in Russian). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8309)
-
- 04 10月, 2020 4 次提交
-
-
由 Richard Levitte 提交于
Some of our apps turn off deprecation warnings solely for the sake of ENGINE, and thereby shadowing other deprecations that we should take better care of. To solve this, all apps ENGINE functionality is move to one file, where deprecation warning suppression is activate, and the same suppression can then easily be removed in at least some of the apps. Any remaining suppression that we still need to deal with should happen as separate efforts. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13044)
-
由 Richard Levitte 提交于
There is some data that is very difficult to guess. For example, DSA parameters and X9.42 DH parameters look exactly the same, a SEQUENCE of 3 INTEGER. Therefore, callers may need the possibility to select the exact keytype that they expect to get. This will also allow use to translate d2i_TYPEPrivateKey(), d2i_TYPEPublicKey() and d2i_TYPEParams() into OSSL_DECODER terms much more smoothly. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13061)
-
由 Richard Levitte 提交于
The PEM->DER decoder passes the data type of its contents, something that decoder_process() ignored. On the other hand, the PEM->DER decoder passed nonsense. Both issues are fixed here. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13060)
-
由 Richard Levitte 提交于
This makes Configure work it's automatic config detection, at least for the simple straightforward cases. Fixes #12972 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12973)
-
- 03 10月, 2020 2 次提交
-
-
由 drgler 提交于
Since glibc 2.8, these defines like `NI_MAXHOST` are exposed only if suitable feature test macros are defined, namely: _GNU_SOURCE, _DEFAULT_SOURCE (since glibc 2.19), or _BSD_SOURCE or _SVID_SOURCE (before glibc 2.19), see GETNAMEINFO(3). CLA: trivial Fixes #13049 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13054)
-
由 Nicola Tuveri 提交于
A provider without `provider_query_operation()` is admittedly quite useless, yet technically the base provider functions are not mandatory according to our documentation. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13058)
-
- 02 10月, 2020 2 次提交
-
-
由 Maxim Masiutin 提交于
Fixes #12007 The key_block length was not written to trace, thus it was not obvious that extra key_bytes were generated for TLS AEAD. The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers to figure out how many bytes from the key_block were needed for the IV. The correct way was to take cipher mode (GCM, CCM, etc) into consideration rather than simply callin the general function EVP_CIPHER_iv_length. The new function tls_iv_length_within_key_block takes this into consideration. Besides that, the order of addendums was counter-intuitive MAC length was second, but it have to be first to correspond the order given in the RFC. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13035)
-
由 Richard Levitte 提交于
We've had explicit checks for when to fall back to legacy code for operations that use an EVP_PKEY. Unfortunately, the checks were radically different in different spots, so we refactor that into a macro that gets used everywhere. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13043)
-
- 01 10月, 2020 15 次提交
-
-
由 Dr. David von Oheimb 提交于
Was detected via test_req_distinguishing_id() with config having no-ec but not no-sm2 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13021)
-
由 Matt Caswell 提交于
The previous commit ran an automated rename throughout the codebase. There are a small number of things it didn't quite get right so we fix those in this commit. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
-
由 Matt Caswell 提交于
Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13038)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13038)
-
由 Shane Lontis 提交于
Reported by Tim Hudson Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13011)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13030)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13030)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13019)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13019)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13019)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13023)
-
由 Dr. David von Oheimb 提交于
Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13023)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13023)
-
- 29 9月, 2020 3 次提交
-
-
由 Richard Levitte 提交于
Some very basic config targets don't defined the 'shared_target' attribute at all. This wasn't handled well enough in Configure. This also cleans away an explicit reference to the ossltest engine in Configurations/unix-Makefile.tmpl, which isn't necessary since the build.info attributes were added. Fixes openssl/web#197 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13031)
-
由 Pauli 提交于
Also convert the names to lower case. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13014)
-
由 Pauli 提交于
This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
-
- 28 9月, 2020 6 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13022)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13022)
-
由 Pauli 提交于
Introduced by #12923 Fixes #13004 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13005)
-
由 Shane Lontis 提交于
Fixes #12993 The implementation follows the standards/recommendations specified by https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12999)
-
由 Pauli 提交于
Fixes #12984 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12997)
-
由 hklaas 提交于
Return immediately on matched cipher. Without this patch the code only breaks out of the inner for loop, meaning for a matched TLS13 cipher the code will still loop through 160ish SSL3 ciphers. CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13000)
-
- 27 9月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
We now have decoder support for SM2, so the cheats that were in place for the sake of lacking decoders aren't needed any more. Fixes #12982 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12986)
-
- 26 9月, 2020 5 次提交
-
-
由 Dr. David von Oheimb 提交于
Fixes #7761 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12947)
-
由 Tomas Mraz 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/12947)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12947)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12947)
-
由 Shane Lontis 提交于
The pkey created in one loop was being fed into the keygen of the next loop - since it was not set to NULL after the free. This meant that the 2 EVP_MD_CTX objects that still had ref counts to this key were getting confused. All other tests clear the key after freeing the key if they loop (some do this by declaring/initing the pkey inside the loop). The offending code is a recent addition to the speed app. This was found using the -async_jobs option. Similar code was tried for an RSA key using 111 which resulted in the same issue. Found while trying to test issue #128867 (It is not known if this will fix that issue yet). Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12975)
-