- 07 8月, 2020 4 次提交
-
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
-
由 Jon Spillett 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10063)
-
由 Sahana Prasad 提交于
Fixes #11672 Add "-legacy" option to load the legacy provider and fall back to the old legacy default algorithms. doc/man1/openssl-pkcs12.pod.in: updates documentation about the new "-legacy" option Signed-off-by: NSahana Prasad <sahana@redhat.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12540)
-
- 06 8月, 2020 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12595)
-
- 05 8月, 2020 1 次提交
-
-
由 Shane Lontis 提交于
The test added previously used a 16 byte block during the update which does not cause internal buffering in the provider. Some internal variables related to the buffering were not being cleared in the init, which meant that the second update would use the buffered data from the first update. Added test for this scenario with exclusions for ciphers that do not support partial block updates. Found by guidovranken. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12523)
-
- 04 8月, 2020 13 次提交
-
-
由 Peter Eisentraut 提交于
This allows users of this header file to compile their own code with the gcc option -Wunused-parameter. CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12459)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12534)
-
由 Richard Levitte 提交于
When the keymgmt provider and the deserializer provider differ, deserialization uses the deserializer export function instead of the keymgmt load, with a selection of what parts should be exported. That selection was set to OSSL_KEYMGMT_SELECT_ALL_PARAMETERS when it should have been OSSL_KEYMGMT_SELECT_ALL. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12571)
-
由 Dr. David von Oheimb 提交于
Fixes #12268 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
-
由 Richard Levitte 提交于
It should be noted that this may be dodgy if we ever encounter parameter objects that look like something else. However, experience with the OSSL_STORE 'file:' loader, which does exactly this kind of thing, has worked fine so far. A possibility could be that to decode parameters specifically, we demand that there's an incoming data type specifying this, which demands by extension that parameters can only come from a file format that has the parameter type encoded, such as PEM. This would be a future effort. Fixes #12568 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12569)
-
由 Norman Ashley 提交于
Fixes #12531 on master branch. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12557)
-
由 Shane Lontis 提交于
Added der_writer functions for writing octet string primitives. Generate OID's for key wrapping algorithms used by X942 KDF. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12554)
-
- 03 8月, 2020 5 次提交
-
-
由 David Woodhouse 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201)
-
由 David Woodhouse 提交于
The X509_VERIFY_PARAM can only take a single IP address, although it can have multiple hostnames. When SSL_add1_host() is given an IP address, don't accept it if there is already one configured. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201)
-
由 David Woodhouse 提交于
Instead of naïvely trying to truncate at the first colon, use BIO_get_conn_hostname(). That handles IPv6 literals correctly, even stripping the [] from around them. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201)
-
由 David Woodhouse 提交于
There is a slight mismatch here because X509_VERIFY_PARAM copes only with a single IP address, and doesn't let it be cleared once it's set. But this fixes up the major use case, making things easier for users to get it right. The sconnect demo now works for Legacy IP literals; for IPv6 it needs to fix up the way it tries to split the host:port string, which will happen in a subsequent patch. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201)
-
由 Dr. David von Oheimb 提交于
Fixes #12514 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12537)
-
- 01 8月, 2020 9 次提交
-
-
由 Matt Caswell 提交于
Commit 6725682d introduced a call to ENGINE_get_digest_engine() into the function asn1_item_digest_with_libctx() to determine whether there is an ENGINE registered to handle the specified digest. However that function increases the ref count on the returned ENGINE object, so it must be freed. Fixes #12558 [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12560)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
Depending on the BIO used, using BIO_reset() may lead to "interesting" results. For example, a BIO_f_buffer() on top of another BIO that handles BIO_reset() as a BIO_seek(bio, 0), the deserialization process may find itself with a file that's rewound more than expected. Therefore, OSSL_DESERIALIZER_from_{bio,fp}'s behaviour is changed to rely purely on BIO_tell() / BIO_seek(), and since BIO_s_mem() is used internally, it's changed to handle BIO_tell() and BIO_seek() better. This does currently mean that OSSL_DESERIALIZER can't be easily used with streams that don't support BIO_tell() / BIO_seek(). Fixes #12541 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
It's not the best idea to set a whole bunch of parameters in one call, that leads to functions that are hard to update. Better to re-model this into several function made to set one parameter each. This also renames "finalizer" to "constructor", which was suggested earlier but got lost at the time. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
We use this in test/serdes_test.c, to compare serializations into PEM, which aren't necessarily terminated with a NUL byte when they were written to a BIO_s_mem(). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
The OSSL_DESERIALIZER API makes the incorrect assumption that the caller must cipher and other pass phrase related parameters to the individual desserializer implementations, when the reality is that they only need a passphrase callback, and will be able to figure out the rest themselves from the input they get. We simplify it further by never passing any explicit passphrase to the provider implementation, and simply have them call the passphrase callback unconditionally when they need, leaving it to libcrypto code to juggle explicit passphrases, cached passphrases and actual passphrase callback calls. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
This is needed so RSA keys created from different code paths have a chance to compare as equal. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
- 31 7月, 2020 5 次提交
-
-
由 Richard Levitte 提交于
For now, that's what we see being used. It's possible that we will have to figure out a way to specific if these should be implicit or explicit on a case by case basis. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
-
由 Dr. David von Oheimb 提交于
Fixes #12403 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
-