- 18 10月, 2019 9 次提交
-
-
由 Richard Levitte 提交于
It's cumbersome to have to edit it at release time, it can't be made a README.in for display reasons (Github won't show it), and having the version number here gives no special benefit. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
-
由 Richard Levitte 提交于
The added benefit is that the result becomes much simple, and easier to digest for those that still rely on the pre-3.0 opensslv.h contents. Fixes #10203 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
-
由 Richard Levitte 提交于
'VERSION' is a very easy file to parse, as opposed to a header file. We also have the benefit of holding the version information in one very well known place and can then generate all other version texts as we see fit, for example opensslv.h. Fixes #10203 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
-
由 Rich Salz 提交于
Deprecate the BUF_ string macros Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10207)
-
由 Richard Levitte 提交于
This leaves minimal implementations of EVP_blake2b512 and EVP_blake2s256, that are now only there to provide a name for implicit fetches. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9075)
-
由 Richard Levitte 提交于
It may be that the OSSL_PARAM array we used for getting parameter values for a key had a few too many entries. These are detected by their return_size == 0. Before making second export call, we prune away these items so we only ask for parameters that exist. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10190)
-
由 Richard Levitte 提交于
This tests diverse internal KEYMGMT features. The current existing test checks that evp_keymgmt_export_to_provider() passes the key data correctly through two instances of the default provider, and that the resulting numbers at the end match the initial numbers. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10190)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10190)
-
由 Richard Levitte 提交于
rsa_set0_all_params() is used to set all the primes, exponents and coefficients. rsa_get0_all_params() is used to get all the primes, exponents and coefficients. "All" includes p, q, dP, dQ and qInv without making them separate. All arrays of numbers are implemented as stacks to make dynamic use easier. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10190)
-
- 17 10月, 2019 20 次提交
-
-
由 Cesar Pereida Garcia 提交于
This commit adds testing and Known Answer Tests (KATs) to OpenSSL for the `BN_gcd` function. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10122)
-
由 Cesar Pereida Garcia 提交于
This commit replaces the current `BN_gcd` function with a constant-time GCD implementation. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10122)
-
由 Cesar Pereida Garcia 提交于
This commit aims at refactoring the `BN_rshift` by making it a wrapper around `bn_rshift_fixed_top`, in order to match the current design of `BN_lshift`, as suggested in the discussion at https://github.com/openssl/openssl/pull/10122#discussion_r332474277 . As described in the code, by refactoring this function, `BN_rshift` provides a constant-time behavior for sufficiently[!] zero-padded inputs under the following assumptions: `|n < BN_BITS2|` or `|n / BN_BITS2|` being non-secret. Notice that `BN_rshift` returns a canonical representation of the BIGNUM, if a `fixed_top` representation is required, the caller should call `bn_rshift_fixed_top` instead. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10196)
-
由 Richard Levitte 提交于
test_EVP_PKEY_CTX_get_set_params() in test/evp_extra_test.c abused previously sloppy checking in EVP_PKEY_sign_init_ex(), by passing a "key to sign with" that was really just domain parameters. Now that underlying provider import of key payload has become a bit more strict, that leads to errors, so we need to provide at least a public part (even though fake), and because this is a signing operation, a private part as well. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10169)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10169)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10169)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10169)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10169)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10169)
-
由 Richard Levitte 提交于
Fixes #8961 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8990)
-
由 Richard Levitte 提交于
"name_cmp" caused a clash when linking with the static libcrypto. The slight rename is better than nothing, as v3_ is an already existing prefix. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
由 Richard Levitte 提交于
Method data was passed down as provider to ossl_algorithm_do_all(), which causes trouble as soon a it's non-NULL. Pass it via the data structure instead. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
由 Richard Levitte 提交于
The returned number can be used for comparison purposes. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
由 Richard Levitte 提交于
The following new functions all do the same thing; they traverse the set of names assigned to implementations of each algorithm type: EVP_MD_names_do_all(), EVP_CIPHER_names_do_all(), EVP_MAC_names_do_all(), EVP_KEYMGMT_names_do_all(), EVP_KEYEXCH_names_do_all(), EVP_KDF_names_do_all(), EVP_SIGNATURE_names_do_all() We add a warning to the documentation of EVP_CIPHER_name() and EVP_MD_name(), as they aren't suitable to use with multiple-name implementation. We also remove EVP_MAC_name() and evp_KDF_name(), as they serve no useful purpose. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
由 Richard Levitte 提交于
This adds the missing functions that should be common for all fetchable EVP sub-APIs: EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(), EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(), EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a(). This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(), EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex' to '_provided'. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
由 Richard Levitte 提交于
Clean up a few manual pages that we're about to touch, according to conventions found in Linux' man-pages(7); function arguments in descriptions should be in italics, and types, macros and similar should be in bold, with the exception for NULL. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
由 Richard Levitte 提交于
This control command should never be used with provided methods, but since this is publically available, someone might still make the mistake. We make sure it returns 1 so as not to be overly disruptive. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10163)
-
由 Richard Levitte 提交于
The previous fix was incomplete. Fixes #10106 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10163)
-
由 Robbie Harwood 提交于
Implement SP800-108 section 5.2 with CMAC support. As a side effect, enable 5.1 with CMAC and 5.2 with HMAC. Add test vectors from RFC 6803. Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH. Signed-off-by: NRobbie Harwood <rharwood@redhat.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10143)
-
- 16 10月, 2019 6 次提交
-
-
由 Richard Levitte 提交于
Convention source is man-pages(7) Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10184)
-
由 Richard Levitte 提交于
This works as much as possible EVP_PKEY_CTX_new_id(), except it takes data that's relevant for providers, algorithm name and property query string instead of NID and engine. Additionally, if EVP_PKEY_CTX_new() or EVP_PKEY_CTX_new_id() was called, the algorithm name in the EVP_PKEY context will be set to the short name of the given NID (explicit or the one of the given EVP_PKEY), thereby giving an easier transition from legacy methods to provided methods. The intent is that operations will use this information to fetch provider methods implicitly as needed. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10184)
-
由 Andreas Schnebinger 提交于
CLA:trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9472)
-
由 Matt Caswell 提交于
We need to pass the SSL3 Master Secret down to the provider code in order for SSLv3 to work correctly. Fixes #10182 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10186)
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10081)
-
由 Shane Lontis 提交于
Implementations are now spread across several libraries, so the assembler related defines need to be applied to all affected libraries and modules. AES_ASM define was missing from libimplementations.a which disabled AESNI aarch64 changes were made by xkqian. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10180)
-
- 15 10月, 2019 5 次提交
-
-
由 Nicola Tuveri 提交于
An unintended consequence of https://github.com/openssl/openssl/pull/9808 is that when an explicit parameters curve is matched against one of the well-known builtin curves we automatically inherit also the associated seed parameter, even if the input parameters excluded such parameter. This later affects the serialization of such parsed keys, causing their input DER encoding and output DER encoding to differ due to the additional optional field. This does not cause problems internally but could affect external applications, as reported in https://github.com/openssl/openssl/pull/9811#issuecomment-536153288 This commit fixes the issue by conditionally clearing the seed field if the original input parameters did not include it. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10140)
-
由 Rich Salz 提交于
Options moved: -rand, -writerand, -CApath, -CAfile, -no-CApath, -no-CAfile Added rand to dgst and srp manpages (they were missing them). New sections in openssl.pod: Random State Options, Trusted Certificate Options. Cleanup and add comments to find-doc-nits Remove ".in" file support; unless giving specific arguments, this only runs after configuration Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10118)
-
由 Rich Salz 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10150)
-
由 Kurt Roeckx 提交于
Add a new API to test for primes that can't be misused, deprecated the old APIs. Suggested by Jake Massimo and Kenneth Paterson Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #9272
-
由 Kurt Roeckx 提交于
When using Miller-Rabin to test for primes, it's can be faster to first do trial divisions, but when doing too many trial divisions it gets slower again. We reduce the number of trial divisions to a point that gives better performance. Based on research by Jake Massimo and Kenneth Paterson Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #9272
-