- 04 2月, 2021 9 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Dr. David von Oheimb 提交于
The HTTP-based tests are now in 80_test_cmp_http.t, to start a little earlier. This should decrease total test run time due to better parallelization. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14053)
-
由 Richard Levitte 提交于
The default was OPENSSL_EC_NAMED_CURVE, but that's not true until a curve name has been set, so we change the initial value to OPENSSL_EC_EXPLICIT_CURVE and let EC_GROUP_set_curve_name() change it to OPENSSL_EC_NAMED_CURVE. Submitted by Matt Caswell Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13973)
-
由 Richard Levitte 提交于
It assumed there would always be a non-NULL ctx->pmeth, leading to a crash when that isn't the case. Since it needs to check 'keytype' when that one isn't -1, we also add a corresponding check for the provider backed EVP_PKEY_CTX case. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13973)
-
由 Richard Levitte 提交于
EVP_PKEY_meth_find() got called automatically any time a new EVP_PKEY_CTX allocator was called with some sort of key type data. Since we have now moved all our standard algorithms to our providers, this is no longer necessary. We do retain looking up EVP_PKEY_METHODs that are added by the calling application. Fixes #11424 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13973)
-
由 Richard Levitte 提交于
There was a remaining function signature declaration, but no OSSL_DISPATCH number for it nor any way it's ever used. It did exist once, but was replaced with an OSSL_PARAM item to retrieve. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14048)
-
- 03 2月, 2021 4 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14043)
-
由 Armin Fuerst 提交于
Fixes #13944 + changed ASN1_UTCTIME to ASN1_TIME + removed all Y2K code from do_updatedb + changed compare to ASN1_TIME_compare Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14026) (cherry picked from commit dabea5447dc487983a50a40856f731db0db17a8e)
-
由 Rich Salz 提交于
They are still used internally in legacy code. Also fixed up some minor things in EVP_DigestInit.pod Fixes: #14003 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14008)
-
由 Tomas Mraz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14044)
-
- 02 2月, 2021 19 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13958)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #13815 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14029)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
The EVP_PKEY operation_cache caches references to provider side key objects that have previously been exported for this EVP_PKEY, and their associated key managers. The cache may be updated from time to time as the EVP_PKEY is exported to more providers. Since an EVP_PKEY may be shared by multiple threads simultaneously we must be careful to ensure the cache updates are locked. Fixes #13818 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
These variables can be accessed concurrently from multiple threads so we ensure that we properly lock them before read or write. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
Otherwise we can get data races. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
TSAN was reporting a race of the exported ciphers cache that we create in the default and fips providers. This was because we cached it in the query function rather than the init function, so this would cause a race if multiple threads queried at the same time. In practice it probably wouldn't make much difference since different threads should come up with the same answer. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
Make sure we never read or write to dgbl->primary outside of a lock. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Matt Caswell 提交于
EVP_PKEYs may be shared across mutliple threads. For example this is common for users of libssl who provide a single EVP_PKEY private key for an SSL_CTX, which is then shared between multiple threads for each SSL object. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
-
由 Rich Salz 提交于
Fixes: #13997 Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14002)
-
由 Job Snijders 提交于
References: RFC6482 - A Profile for Route Origin Authorizations (ROAs) RFC6484 - Certificate Policy (CP) for the RPKI RFC6493 - The RPKI Ghostbusters Record RFC8182 - The RPKI Repository Delta Protocol (RRDP) RFC8360 - RPKI Validation Reconsidered draft-ietf-sidrops-rpki-rta - A profile for RTAs CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13948)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Also rename internal structure fields iobuf(len) to readbuf(len) for clarity Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Provides partial fix of #13127. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Dr. David von Oheimb 提交于
Otherwise, sending goes wrong in case BIO_write(rctx->wbio, ...) is incomplete at first. Fixes #13938 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13960)
-
由 Richard Levitte 提交于
The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for both EC and SM2 that checks for the presence or absence of the SM2 curve the same way as the EC / SM2 import functions. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
-
由 Richard Levitte 提交于
ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions sm2_asym_cipher_functions -> ossl_sm2_asym_cipher_functions sm2_keymgmt_functions -> ossl_sm2_keymgmt_functions sm2_signature_functions -> ossl_sm2_signature_functions Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
-
- 01 2月, 2021 2 次提交
-
-
由 Matt Caswell 提交于
We create EC keys via both the "fromdata" and legacy key routes to make sure that they can be used without a public key. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13922)
-
由 Matt Caswell 提交于
In 1.1.1 and earlier it was possible to create EC_KEYs that did not have the public key in it. We need to ensure that this continues to work in 3.0. Fixes #12612 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13922)
-
- 29 1月, 2021 1 次提交
-
-
由 Tomas Mraz 提交于
Add a testcase to the test_req covering the issue. Fixes #13957 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13967)
-
- 28 1月, 2021 5 次提交
-
-
由 Daniel Bevenius 提交于
This commit attempts to fix the an issue when generating a key of type EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds EVP_PKEY_RSA_PSS to also be accepted. The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a function and it is now called in legacy_ctrl_to_param. Fixes #12384 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13099)
-
由 Juergen Christ 提交于
These defines were never used and not needed. Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13781)
-
由 Juergen Christ 提交于
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string parameters. This caused endianness problems on big-endian machines. As a result, it is not possible to pass FIPS tests since the parameter was stored with an integer value but read via a cast to char pointer. While this works on little endian machines, big endian s390 read the most significant bits instead of the least significant (as done by, e.g., x86). Change the parameter to char array and fix the usages. Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13781)
-
由 Juergen Christ 提交于
If key==null on EVP_CipherInit_ex, the init functions for the hardware implementation is not called. The s390x implementation of OFB and CFB mode used the init function to copy the IV into the hardware causing test failures on cipher reinit. Fix this by moving the copy operation into the cipher operation. Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13984)
-
由 Dr. David von Oheimb 提交于
This is an upstream fix for #13931 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13968)
-