- 04 12月, 2020 15 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
-
由 Matt Caswell 提交于
Skip tests that require DSA to be available. While we're doing this we also remove an OPENSSL_NO_DSA guard in the dhparam app that is no longer necessary (even though DSA may not be present in our own providers it could be available via a third party provider). Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13599)
-
由 Shane Lontis 提交于
Discovered when fixing up ecdsa code. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13520)
-
由 Shane Lontis 提交于
Fixes #13422 ecdsa_set_ctx_params() was not setting the digest correctly. The side effect noted was that the check for sha1 when signing was not being done in fips mode. Also fixed the dupctx() so that propq is deep copied. The usage of the variable 'flag_allow_md' was also copied from the dsa code. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13520)
-
由 Shane Lontis 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12700)
-
由 Shane Lontis 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12700)
-
由 Shane Lontis 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12700)
-
由 Shane Lontis 提交于
Fixes #13486 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12700)
-
- 03 12月, 2020 17 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13580)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13580)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13580)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13580)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13580)
-
由 Dr. David von Oheimb 提交于
The certificate path validation procedure specified in RFC 5280 does not include checking the validity period of the trusted (root) certificate. Still it is common good practice to perform this check. Also OpenSSL did this until commit 0e7b1383, which accidentally killed it. The current commit restores the previous behavior. It also removes the cause of that bug, namely counter-intuitive design of the internal function check_issued(), which was complicated by checks that actually belong to some other internal function, namely find_issuer(). Moreover, this commit adds a regression check and proper documentation of the root cert validity period check feature, which had been missing so far. Fixes #13427 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13590)
-
由 Dr. David von Oheimb 提交于
Make the option order consistent in the help output and in the POD file. Give warnings when an option is ignored because -export is given or missing. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13588)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13577)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13577)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13577)
-
由 Pauli 提交于
Fixes: #13555 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13577)
-
由 Benjamin Kaduk 提交于
This code started off as a copy of ssl3_write_bytes(), and the comment was not updated with the implementation. Reported by yangyangtiantianlonglong in #13518 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13566)
-
由 Richard Levitte 提交于
This adds a bit of functionality in ossltest, so it can now be used to load PEM files. It takes the file name as key ID, but just to make sure faults aren't ignored, it requires all file names to be prefixed with 'ot:'. Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13570)
-
由 Richard Levitte 提交于
These two functions react when the FORMAT_ENGINE format is given, and use the passed ENGINE |e| and the passed key argument to form a URI suitable for the engine: loader. Co-authored-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13570)
-
由 Richard Levitte 提交于
The idea is to be able to have our apps load engine keys using a URI: org.openssl.engine:{engineid}:{keyid} This is legacy, but added for the time being to support keys given to the application like this: -engine {engineid} -key {keyid} -keyform ENGINE This latter form is recognised internally, and rewritten into the URI form. Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13570)
-
由 Matt Caswell 提交于
Ensure we correctly detect if DTLS has been disabled in the client auth test_ssl_new tests. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13587)
-
由 Matt Caswell 提交于
BIO_do_connect() can work even in no-sock builds (non socket based BIOs have the right ctrls). Therefore we move the macro outside of the OPENSSL_NO_SOCK guards Fixes #12207 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13587)
-
- 02 12月, 2020 8 次提交
-
-
由 Daiki Ueno 提交于
This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13545)
-
由 Richard Levitte 提交于
The passed 'pkey' already contains a library context, and the encoder implementations should be found within the same context, so passing an explicit library context seems unnecessary, and potentially dangerous. It should be noted that it's possible to pass an EVP_PKEY with a legacy internal key. The condition there is that it doesn't have a library context assigned to it, so the NULL library context is used automatically, thus requiring that appropriate encoders are available through that context. Fixes #13544 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13545)
-
由 Ankita Shetty 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13488)
-
由 Ankita Shetty 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13488)
-
由 Matt Caswell 提交于
When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13452)
-
由 Shane Lontis 提交于
The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X942 - this has been made a bit clearer by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an alias of X963KDF. This work was instigated as a result of the ACVP tests optionally being able to use keybits for the supp_pubinfo field. Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this to be disabled. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13418)
-
由 Shane Lontis 提交于
Fixes #12476 Note this stopped working when ECX was swapped over to using providers. The ECX_KEY keygen and exchange were converted, but not the ED signing support. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13508)
-