- 19 1月, 2020 3 次提交
-
-
由 Pauli 提交于
Use of the low level MD5 functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10791)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10791)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10791)
-
- 18 1月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
This appears to be emitted with gcc and clang with -fcf-protection selected, so we should do the same. We're trying to be smart, and only emit this when the 'endbranch' pseudo-mnemonic has been used at least once. This is inspired by and owes to work done by @hjl-tools (github) Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10875)
-
由 Richard Levitte 提交于
The code to ensure that an EVP_PKEY is exported to providers is repeated all over the place, enough that copying it again has the usual future hazards with code copying. Instead, we refactor that code into one function, evp_pkey_make_provided(), and make sure to use that everywhere. It relies on the creation of EVP_PKEY_CTX to figure out facts about the input key, should it need to. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10850)
-
- 17 1月, 2020 17 次提交
-
-
由 Richard Levitte 提交于
An amount of upcoming work does this to make space for new functions in different groups. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/10804)
-
由 Richard Levitte 提交于
... to make them accessible from the FIPS provider module. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
-
由 Richard Levitte 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
-
由 Richard Levitte 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
-
由 Richard Levitte 提交于
We change the description to be about the key rather than the signature. How the key size is related to the signature is explained in the description of EVP_SignFinal() anyway. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
-
由 Richard Levitte 提交于
This is for the case where we build keys from user data Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
-
由 Richard Levitte 提交于
They now all respond to requests for key size, bits and security bits. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
-
由 Richard Levitte 提交于
These functions relied entirely on the presence of 'pkey->pmeth', which is NULL on provider only keys. This adds an interface to get domparam and key data from a provider, given corresponding provider data (the actual domparam or key). The retrieved data is cached in the EVP_PKEY structure (lending the idea from provided EVP_CIPHER). Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
-
由 Richard Levitte 提交于
These functions would only handle provided methods, but there are cases where the caller just passes along a received method without knowing the underlying method tech, so might pass along a legacy method. We therefore need to have them handle this case as well so they don't cause any unnecessary surprises. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10845)
-
由 Richard Levitte 提交于
Fixes #10853 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10855)
-
由 Richard Levitte 提交于
When generating html or manpages from POD files, we used $< or $? to get the file name to process. It turns out, though, that some make implementations only define $< with implicit rules, so its expansion remains empty in explicit rules. $? is a fine replacement, but only as long as we have one dependency, so it may cause problems in the future. The final solution seems to be to use explicit POD file names instead. That leaves no doubts. Fixes #10817 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/10849)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10820)
-
由 Pauli 提交于
[skip ci] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10820)
-
由 Paul Yang 提交于
Fixes #10600. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10823)
-
由 Pauli 提交于
Add a changes entry to cover the deprecation of the low level digest functions: MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and Whirlpool [skip ci] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10802)
-
由 Benjamin Kaduk 提交于
The existing documentation for the new-session callback was unclear about the requirements on the callback with respect to reference-handling of the session object being created. Be more explicit about the (non-)requirements on the callback code for "success" (1) and "ignore" (0) return values. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10848)
-
由 Richard Levitte 提交于
Prepopulation of the stored namemap from the legacy method object database happened on first EVP fetch. However, there are moments when that prepopulation needs to happen even though no fetching has been performed yet. We therefore move pre-population to happen when the namemap is constructed. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10846)
-
- 16 1月, 2020 11 次提交
-
-
由 Paul Yang 提交于
This addition is based on PR #9472. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9838)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10837)
-
由 Richard Levitte 提交于
These fields are purely application data, and applications don't reach into the bowels of the FIPS module, so these fields are never used there. Fixes #10835 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10837)
-
由 Pauli 提交于
Use of the low level RC5 functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt functions. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10834)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10834)
-
由 Pauli 提交于
Use of the low level RC4 functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt functions. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10834)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10834)
-
由 Pauli 提交于
Use of the low level RC2 functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10834)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10834)
-
由 Pauli 提交于
Use of the low level SEED functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10833)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10833)
-
- 15 1月, 2020 4 次提交
-
-
由 Dmitry Belyavskiy 提交于
The fix inroduced in #10758 was rolled back by accident. Restoring it. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10839)
-
由 Shane Lontis 提交于
Added an API to optionally set a self test callback. The callback has the following 2 purposes (1) Output information about the KAT tests. (2) Allow the ability to corrupt one of the KAT's The fipsinstall program uses the API. Some KATS are not included in this PR since the required functionality did not yet exist in the provider. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10374)
-
由 Richard Levitte 提交于
The returned -2 was to mark when these operations are unsupported. However, that breaks away from the previous API and expectations, and there's not enough justification for that not being zero. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10815)
-
由 kinichiro 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10794)
-
- 14 1月, 2020 3 次提交
-
-
由 Richard Levitte 提交于
providers/implementations/ciphers/ciphercommon_gcm_hw.c had an AES specific GCM update function, while providers/implementations/ciphers/cipher_aria_gcm_hw.c had the more general implementation. This moves them around to have the more general implementation in the common source, and place the AES specialiation where it belongs. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10783)
-
由 Richard Levitte 提交于
For provider only keys where the initialization didn't catch, we may end up crashing because the legacy code path didn't check that it had support carefully enough. This only happens if the caller didn't check if initialization worked or not. For the one-shot case, it's very simply handling the case where the key has no legacy implementation an fall back to the standard init+update+final mechanism. While at it, EVP_DigestSignFinal() and EVP_DigestVerifyFinal() got a slight code cleanup. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10806)
-
由 Pauli 提交于
The test can be moved into the EVP tests and the separate executable removed. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10821)
-