- 11 2月, 2021 2 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14096)
-
由 Pauli 提交于
The existing code prints a warning saying that verbose mode is ignored with parallel jobs. This seems backward, more useful is disabling parallel jobs when verbose is enabled. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14137)
-
- 10 2月, 2021 6 次提交
-
-
由 Oleksandr Tymoshenko 提交于
Add a handler for EBUSY sendfile error in addition to EAGAIN. With EBUSY returned the data still can be partially sent and user code has to be notified about it, otherwise it may try to send data multiple times. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13716)
-
由 Benjamin Kaduk 提交于
This field has not been used since #3858 was merged in 2017 when we moved to a table-based lookup for certificate type properties instead of an index-based one. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/13991)
-
由 Shane Lontis 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13830)
-
由 Shane Lontis 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13830)
-
由 Shane Lontis 提交于
Fixes #12992 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13830)
-
由 Shane Lontis 提交于
This 'special' way of specifying the data should only be used for testing purposes. It should not be used in production environments. ACVP passes a blob of DER encoded data for some of the fields rather than passing them as separate fields that need to be DER encoded. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14077)
-
- 09 2月, 2021 8 次提交
-
-
由 Dr. David von Oheimb 提交于
Also simplify first part of verify_chain() Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14095)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14095)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14127)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14127)
-
由 Tomas Mraz 提交于
Fixes #14068 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14073)
-
由 Tomas Mraz 提交于
The functions are obsolete aliases for BN_rand() and BN_rand_range() since 1.1.0. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14080)
-
由 Petr Gotthard 提交于
Fixes #14041 and additional bugs discovered by the newly created tests. This patch: - Introduces support for 0x prefixed integers - Fixes parsing of negative integers (negative numbers were shifted by -2) - Fixes ability to parse maximal unsigned numbers ("too small buffer" error used to be reported incorrectly) - Fixes a memory leak when OSSL_PARAM_allocate_from_text fails leaving a temporary BN allocated Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14093)
-
由 Richard Levitte 提交于
'no-tests' wasn't entirely respected when specifying subdirs in the top build.info. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14082)
-
- 08 2月, 2021 3 次提交
-
-
由 Randall S. Becker 提交于
CLA: Trivial Fixes: #14005 Signed-off-by: NRandall S. Becker <rsbecker@nexbridge.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14006)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14074)
-
由 Shane Lontis 提交于
The existing names such as EVP_PKEY_param_fromdata_settable were a bit confusing since the 'param' referred to key params not OSSL_PARAM. To simplify the interface a 'selection' parameter will be passed instead. The changes are: (1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init(). (2) EVP_PKEY_fromdata() has an additional selection parameter. (3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable(). EVP_PKEY_fromdata_settable() also uses a selection parameter. Fixes #12989 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14076)
-
- 07 2月, 2021 2 次提交
-
-
由 Pauli 提交于
This fixes a race condition where the index to the cache location was found under a read lock and a later write lock set the cache entry. The issue being that two threads could get the same location index and then fight each other over writing the cache entry. The most likely outcome is a memory leak, however it would be possible to set up an invalid cache entry. The operation cache was a fixed sized array, once full an assertion failed. The other fix here is to convert this to a stack. The code is simplified and it avoids a cache overflow condition. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14062)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14021)
-
- 05 2月, 2021 19 次提交
-
-
由 Richard Levitte 提交于
All {MD}WithRSAEncryption signature AlgorithmID have the parameters being NULL, according to PKCS#1. We didn't. Now corrected. This bug was the topic of this thread on openssl-users@openssl.org: https://mta.openssl.org/pipermail/openssl-users/2021-January/013416.htmlReviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14030)
-
由 Matt Caswell 提交于
Now that libssl no longer has any OPENSSL_NO_ALG guards the internal cipher_overhead_test wasn't quite handling disabled ciphers correctly. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
We may have compiled in sigalg values that we can't support at runtime. Make sure we only use sigalgs that are actually enabled. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
By recognising the nist group names directly we can avoid having to call EC_curve_nist2nid in libssl, which is not available in a no-ec build. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
With 3.0 we need to know whether algs are available at run time not at compile time. Actually the code as written is sufficient to do this, so we can simply remove the guards. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
In 1.1.1 and below we would check for the availability of certain algorithms based on compile time guards. However with 3.0 this is no longer sufficient. Some algorithms that are unavailable at compile time may become available later if 3rd party providers are loaded. Similarly, algorithms that exist in our built-in providers at compile time may not be available at run time if those providers are not loaded. Fixes #13184 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provider. Fixes #13767 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
The supported groups code was checking the OPENSSL_NO_EC and OPENSSL_NO_DH guards in order to work, and the list of default groups was based on those guards. However we now need it to work even in a no-ec and no-dh build, because new groups might be added from providers. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
The default supported groups code was disabled in the event of a build with no-ec and no-dh. However now that providers can add there own groups (which might not fit into either of these categories), this is no longer appropriate. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Matt Caswell 提交于
This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that libssl is entirely using the EVP APIs and implementations can be plugged in via providers it is no longer needed to disable DH at compile time in libssl. Instead it should detect at runtime whether DH is available from the loaded providers. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
-
由 Richard Levitte 提交于
We do this by adding the attribute 'pod' to all .pod.in -> .pod generations, like this: DEPEND[NAME.pod]{pod}=NAME.pod.in, ... and selecting out the target files for those dependencies into a dedicated target 'build_generated_pods', which the 'doc-nits' and 'cmd-nits' make targets are made to depend on. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14067)
-
由 Richard Levitte 提交于
The dependency was made in such a way that .pod.in -> .pod generation would always be done, no matter what. This changes the procedure so that the generation is made "on demand", i.e. when the resulting .pod files are needed. This turned out to be duplicated dependencies, as the .pod -> .pod.in dependencies were already in place. Just removing the duplicate fixes the situation. 'make build_all_generated' still works, for those who do want to have all file generations performed. (as a reminder, this is suitable to generate the files a fast system and then copy the result to a slower system, or system where there's no perl) Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14067)
-
由 Richard Levitte 提交于
Providers produce algorithm IDs of their own, and we need to compare them against the same thing produced by libcrypto's ASN.1 code and with legacy keys. This tester can compare algorithm IDs for signatures and for keys, given certificates that hold such data. To verify key algorithm IDs, only one certificate is necessary, and its public key is used. To verify certificate algorithm IDs, we need to launch the signature operation that would verify a certificate against the public key of its signing CA, so that test needs two files. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14049)
-
由 Richard Levitte 提交于
We used evp_pkey_downgrade() on 'from', which permanently converts 'from' to have a legacy internal key. Now that we have evp_pkey_copy_downgraded(), it's better to use that (and thereby restore the constness contract). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13341)
-
由 Richard Levitte 提交于
tagley -> tagkey Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14061)
-
由 Richard Levitte 提交于
They serve no purpose any more Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13461)
-
由 Richard Levitte 提交于
This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13392)
-