- 10 8月, 2020 7 次提交
-
-
由 Matt Caswell 提交于
Following the previous commits where we moved the KDF bridge into provider side code, we need to update the documentation accordingly. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
-
由 Matt Caswell 提交于
The KDF bridge is now done provider side so the old EVP_PKEY_METHODS for this are no longer required. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
-
由 Matt Caswell 提交于
Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between the old API and the EVP_KDF API however this bridge itself uses a legacy EVP_PKEY_METHOD. This commit implements a provider side bridge without having to use any legacy code. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
-
由 C.W. Betts 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12591)
-
由 Shane Lontis 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12613)
-
- 09 8月, 2020 12 次提交
-
-
由 Shane Lontis 提交于
The default and legacy providers currently return 1 for status and self test checks. Added test to show the 3 different stages the self test can be run (for installation, loading and on demand). For the fips provider: - If the on demand self test fails, then any subsequent fetches should also fail. To implement this the cached algorithms are flushed on failure. - getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11752)
-
由 Shane Lontis 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
A DHX related test has been commented out and TODO(3) added, until DHX is added correctly to a provider. Added generated files. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
-Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx() -Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx() Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
Code is now correctly included in the fips provider. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
Fix EVP_PKEY_CTX_get_rsa_oaep_md() & EVP_PKEY_CTX_get_rsa_mgf1_md() so they use a libctx to retrieve the digest Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
-Public PKCS7 methods that create a PKCS7 object now have variants that also add a libctx and propq. This includes PKCS7_new_with_libctx(), PKCS7_sign_with_libctx() and PKCS7_encrypt_with_libctx() -Added SMIME_read_PKCS7_ex() so that a created PKCS7 object can be passed to the read. -d2i_PKCS7_bio() has been modified so that after it loads the PKCS7 object it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
Added SMIME_write_ASN1_with_libctx() since it fetches rand internally. Added SMIME_read_CMS_ex() so that a created object (CMS_ContentInfo) can be passed to the read. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
This should only be called during (or right after) using d2iXXX on a object that contains embedded certificate(s) that require a non default library context. X509_new_with_libctx() should be used if possible. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Shane Lontis 提交于
-Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12608)
-
- 08 8月, 2020 1 次提交
-
-
由 Dmitry Belyavskiy 提交于
[extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12599)
-
- 07 8月, 2020 19 次提交
-
-
由 Kelvin Lee 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12592)
-
由 Shane Lontis 提交于
Changed many tests so they also test fips (and removed 'availablein = default' from some tests). Seperated the monolithic evppkey.txt file into smaller maintainable groups. Changed the availablein option so it must be first - this then skips the entire test before any fetching happens. Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg), before the fetch happens. Added missing libctx's found by adding a libctx to test_evp. Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default' Added missing algorithm aliases for cipher/digests to the providers. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12236)
-
由 Pauli 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509)
-
由 Pauli 提交于
The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12601)
-
由 Richard Levitte 提交于
Trust the returned value from EVP_PKEY_get_default_digest_name()! It mimics exactly the values that EVP_PKEY_get_default_digest_nid() is supposed to return, and that value should simply be passed unchanged. Callers depend on it. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12586)
-
由 Richard Levitte 提交于
Because PVK uses RC4, we must ensure that default + legacy providers are active. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
-
由 Richard Levitte 提交于
A key type may be deserialized from one of several sources, which means that more than one deserializer with the same name should be possible to add to the stack of deserializers to try, in the OSSL_DESERIALIZER_CTX collection. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
-
由 Richard Levitte 提交于
Fly-by fix is to move crypto/include/internal/pem_int.h to include/internal/pem.h. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
-
由 Richard Levitte 提交于
We have a key in test/recipes/30-test_evp_data/evppkey.txt with bad PSS parameters (RSA-PSS-BAD), which is supposed to trigger signature computation faults. However, if this key needs to be exported to the RSA provider implementation, the result would be an earlier error, giving the computation that's supposed to be checked n chance to even be reached. Either way, the legacy to provider export is no place to validate the values of the key. We also ensure that the provider implementation can handle and detect signed (negative) saltlen values. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12583)
-
由 Pauli 提交于
The various MACs were all over the place with respects to what they did with the output length in the final call. Now they all unconditionally set the output length and the EVP layer handles the possibility of a NULL pointer. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12582)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
-
由 Jon Spillett 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10063)
-
由 Sahana Prasad 提交于
Fixes #11672 Add "-legacy" option to load the legacy provider and fall back to the old legacy default algorithms. doc/man1/openssl-pkcs12.pod.in: updates documentation about the new "-legacy" option Signed-off-by: NSahana Prasad <sahana@redhat.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12540)
-
- 06 8月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
-