- 12 2月, 2020 8 次提交
-
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10977)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10977)
-
由 Matt Caswell 提交于
Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
-
由 Matt Caswell 提交于
Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
-
由 Matt Caswell 提交于
Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
-
由 Matt Caswell 提交于
Add ref counting and control how we allocate storage for the private key. We will need this type in following commits where we move the ecx code to be provider aware. Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
-
由 Kurt Roeckx 提交于
Signature algorithms not using an MD weren't checked that they're allowed by the security level. Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #10785
-
由 Kurt Roeckx 提交于
Create a whole chain of Ed488 certificates so that we can use it at security level 4 (192 bit). We had an 2048 bit RSA (112 bit, level 2) root sign the Ed488 certificate using SHA256 (128 bit, level 3). Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #10785
-
- 11 2月, 2020 2 次提交
-
-
由 Bernd Edlinger 提交于
[extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9982)
-
由 Richard Levitte 提交于
With the provided method of creating the new X509_PUBKEY, an extra EVP_PKEY is created and needs to be properly cleaned away. (note: we could choose to keep it just as well, but there are consequences, explained in a comment in the code) Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11038)
-
- 10 2月, 2020 4 次提交
-
-
由 Dr. David von Oheimb 提交于
The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests and responses (ASN.1-encoded and plain) * does not include potentially busy loops when waiting for responses but * makes use of a new timeout mechanism integrated with socket-based BIO * supports the use of HTTP proxies and TLS, including HTTPS over proxies * supports HTTP redirection via codes 301 and 302 for GET requests * returns more useful diagnostics in various error situations Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/, crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10667)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10667)
-
由 Richard Levitte 提交于
When setting up the hash function for DSA signature, the encoded AlgorithmIdentifier for the DSA+hash combination is queried, but not stored, which leads to problems when signing ASN.1 items in libcrypto. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11037)
-
由 Davide Galassi 提交于
Typedefs of CRYPTO malloc, realloc and free. MEM_CHECK "modes" are used only as a CRYPTO_mem_ctrl() parameter The CRYPTO_mem_ctrl is defined only if OPENSSL_NO_CRYPTO_MDEBUG is defined, thus define the MEM_CHECK modes under the same condition. Maybe the macros can be removed at all since: 1. CRYPTO_mem_ctrl() just returns -1 and ignores the parameter 2. CRYPTO_mem_ctr() is declared as DEPRECATED by 3.0 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11042)
-
- 08 2月, 2020 7 次提交
-
-
由 H.J. Lu 提交于
We should always generate .note.gnu.property section in x86 assembly codes for ELF outputs to mark Intel CET support since all input files must be marked with Intel CET support in order for linker to mark output with Intel CET support. Verified with $ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86 -fcf-protection $ make $ make test Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11044)
-
由 Matt Caswell 提交于
Compile failures were occuring on systems that weren't AESNI capable because the detection wasn't quite right in a couple of files. This fixes a run-checker build failure for the 386 compile option. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11022)
-
由 Matt Caswell 提交于
Don't attempt to self-test DES in the FIPS provider if we have been built without FIPS support. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11034)
-
由 Matt Caswell 提交于
We don't need to check if an engine has a cipher/digest in a no-engine build. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11031)
-
由 Matt Caswell 提交于
Don't use DH specific macros that might need to be used in a no-dh build. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11030)
-
由 Matt Caswell 提交于
Recent SM2 related changes were not properly guarded with OPENSSL_NO_EC Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11029)
-
由 H.J. Lu 提交于
When Intel CET is enabled, makecontext will create a different shadow stack for each context. async_fibre_swapcontext cannot use _longjmp. It must call swapcontext to swap shadow stack as well as normal stack. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10983)
-
- 07 2月, 2020 15 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11027)
-
由 Richard Levitte 提交于
In C, we have macros like OPENSSL_NO_DEPRECATED_3_0 to check if some section of code should be disabled to simulate a removal of things deprecated in the version. In perl, we had to check $disabled{deprecated} and compare $config{api} with the proper version code, which is doable but tedious and error prone. This change adds $disabled{'deprecated-x.y'} (x.y being a version number) which directly corresponds to OPENSSL_NO_DEPRECATED_x_y, for use in build.info conditions, test recipes and other perl stuff. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11027)
-
由 Dr. Matthias St. Pierre 提交于
It took me a little while to realize why the test_rand_drbg_reseed test kept crashing after replacing the RAND_DRBG_{gs}et_ex_data() calls by RAND_DRBG_{gs}et_callback_data(). The reason was that the ex_data API prohibits modifying the callbacks or callback data of chained DRBGs and returned an error which was ignored by the `test_rand_drbg_reseed` test, for good reasons. The `test_rand_drbg_reseed` test is special in this respect, because it needs to install callbacks for all DRBGs, in order to intercept and count the reseeding events. Since the drbgtest module has access to the internal structures of the DRBG anyway, the problem could be solved by accessing the members directly. I added a warning comment in hook_drbg(). [extended tests] Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10950)
-
由 Dr. Matthias St. Pierre 提交于
The callback data allows passing context specific data from the application of the DRBG to to the entropy callbacks. This a rather specialized feature which is useful for implementing known answer tests (KATs) or deterministic signatures (RFC6979), which require passing a specified entropy and nonce for instantiating the DRBG. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10950)
-
由 FdaSilvaYY 提交于
Default image was currently "Visual Studio 2015" Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10327)
-
由 Richard Levitte 提交于
The same go for the pairs import + import_types and export + export_types. This required some additional changes in our KEYMGMT implementations. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11006)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11006)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11006)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11006)
-
由 Richard Levitte 提交于
The KEYMGMT libcrypto <-> provider interface currently makes a few assumptions: 1. provider side domain parameters and key data isn't mutable. In other words, as soon as a key has been created in any (loaded, imported data, ...), it's set in stone. 2. provider side domain parameters can be strictly separated from the key data. This does work for the most part, but there are places where that's a bit too rigid for the functionality that the EVP_PKEY API delivers. Key data needs to be mutable to allow the flexibility that functions like EVP_PKEY_copy_parameters promise, as well as to provide the combinations of data that an EVP_PKEY is generally assumed to be able to hold: - domain parameters only - public key only - public key + private key - domain parameters + public key - domain parameters + public key + private key To remedy all this, we: 1. let go of the distinction between domain parameters and key material proper in the libcrypto <-> provider interface. As a consequence, functions that still need it gain a selection argument, which is a set of bits that indicate what parts of the key object are to be considered in a specific call. This allows a reduction of very similar functions into one. 2. Rework the libcrypto <-> provider interface so provider side key objects are created and destructed with a separate function, and get their data filled and extracted in through import and export. (future work will see other key object constructors and other functions to fill them with data) Fixes #10979 squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics Remedy 1 needs a rewrite: Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11006)
-
由 Richard Levitte 提交于
Some of the evp_keymgmt_ functions are just wrappers around the EVP_KEYMGMT function pointers. We move those from keymgmt_lib.c to keymgmt_meth.c. Other evp_keymgmt_ functions are utility functions to help the rest of the EVP functions. Since their names are easily confused with the functions that were moved to keymgmt_meth.c, we rename them so they all start with evp_keymgmt_util_. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11006)
-
由 Matt Caswell 提交于
PR #10942 introduced the new function ASN1_item_verify_ctx(), but did not document it with the promise that documentation would follow soon. We temporarily add this function to missingcrypto.txt until it has been done. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10980)
-
由 Matt Caswell 提交于
When we run "make doc-nits" (which happens during travis runs) it will complain if we add any new symbols that aren't documented. However it was suppressing anything starting with ASN1. There's no reason why we should allow ASN1 symbols to go undocumented any more than any others. Therefore we remove that exception. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10980)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10959)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #10998 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11000)
-
- 06 2月, 2020 4 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10972)
-
由 Rich Salz 提交于
Add -standard-commands option to list command (documented) Update standard commands list in openssl.pod Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10972)
-
由 Rich Salz 提交于
Update CHANGES to have a complete and uniform description. Fixes #9730 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10972)
-
由 Rich Salz 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10972)
-