- 27 10月, 2021 12 次提交
-
-
由 Richard Levitte 提交于
Added functions: evp_signature_fetch_from_prov(), evp_asym_cipher_fetch_from_prov(), evp_keyexch_fetch_from_prov(), evp_kem_fetch_from_prov() These are all like the public conterparts, except they all take a provider instead of a library context as first argument. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
In all initializing functions for functionality that use an EVP_PKEY, the coded logic was to find an KEYMGMT implementation first, and then try to find the operation method (for example, SIGNATURE implementation) in the same provider. This implies that in providers where there is a KEYMGMT implementation, there must also be a SIGNATURE implementation, along with a KEYEXCH, ASYM_CIPHER, etc implementation. The intended design was, however, the opposite implication, i.e. that where there is a SIGNATURE implementation, there must also be KEYMGMT. This change reverses the logic of the code to be closer to the intended design. There is a consequence; we now use the query_operation_name function from the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by the application). Previously, we used the query_operation_name function from the KEYMGMT found alongside the SIGNATURE implementation. Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX is now always a reference to the KEYMGMT of the |pkey| field if that one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt| isn't NULL). Fixes #16614 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This is an internal function to fetch a keymgmt method from a specific provider. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This function leverages the generic possibility to fetch EVP methods from a specific provider. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This makes it possible to limit the search of methods to that particular provider. This uses already available possibilities in ossl_algorithm_do_all(). Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Jiasheng Jiang 提交于
In openssl-3.0.0 and system provided, it is not reasonable to check null pointer after use. The order was accidentally reversed. Therefore, it is better to correct it. CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16915)
-
由 x2018 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16917)
-
由 Jiasheng Jiang 提交于
In the openssl-3.0.0 and system provided, the variable 'sctx' is unused in test_509_dup_cert. Therefore, it might be better to remove the definition and operation of it. CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16916)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16911)
-
由 Matt Caswell 提交于
If asked to encode an EC_KEY public key, but no public key value is present in the structure, we should fail rather than crash. Fixes the crash seen here: https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.htmlReviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16911)
-
由 x2018 提交于
EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new(). Otherwise may result in memory errors. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16892)
-
由 Pauli 提交于
For machines where sizeof(size_t) == sizeof(int) there is a possible overflow which could cause a crash. For machines where sizeof(size_t) > sizeof(int), the existing checks adequately detect the situation. Fixes #16899 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16904)
-
- 26 10月, 2021 4 次提交
-
-
由 Kinshuk Dua 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16885)
-
由 PW Hu 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16897)
-
由 Pauli 提交于
The test-rand RNG was returning success when it had some but insufficient data. Now, it returns failure and doesn't advance the data pointer. The test-rand RNG was failing when a parent was specified. This case is now ignored. Fixes #16785 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16905)
-
由 Arne Schwabe 提交于
The exclusion of SHA1 for X509 signatures is not obvious as the "intuative" idea is that SHA1 should have 80 security bits. However the security bits of SHA1 are explicitly set to 63 to avoid the it being strong enough for security level 1. x509_set.c has the comment: /* * SHA1 and MD5 are known to be broken. Reduce security bits so that * they're no longer accepted at security level 1. * The real values don't really matter as long as they're lower than 80, * which is our security level 1. */ Signed-off-by: NArne Schwabe <arne@rfc2549.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16895)
-
- 25 10月, 2021 8 次提交
-
-
由 Tomas Mraz 提交于
Fixes #16817 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16879)
-
由 Tomas Mraz 提交于
This prevents a compile-time warning on newer gcc. Also fix the related warning message. Fixes #16814 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16821)
-
由 Tomas Mraz 提交于
We try EVP_PKEY_dup() and if it fails we re-decode it using the legacy method as provided keys should be duplicable. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16648)
-
由 Tomas Mraz 提交于
The EVP_PKEY will be recreated from scratch which is OK. Fixes #16606 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16648)
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16648)
-
由 Matt Caswell 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16894)
-
由 Tomas Mraz 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16886)
-
由 PW Hu 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16874)
-
- 23 10月, 2021 2 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16888)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16888)
-
- 22 10月, 2021 14 次提交
-
-
由 Michael Baentsch 提交于
Also add digest parameter documentation for add_sigid and permit NULL as digest name in the provider upcall. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16770)
-
由 Kinshuk Dua 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16877)
-
由 Matt Caswell 提交于
Commit 0007ff25 added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/16838)
-
由 yuanjungong 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16316)
-
由 PW Hu 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16767)
-
由 PW Hu 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16794)
-
由 Tomas Mraz 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16843)
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16869)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
-
由 Matt Caswell 提交于
Ensure we set the size of the signature buffer before we call EVP_DigestSign() Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
-
由 Matt Caswell 提交于
Make sure we correctly pass through the size of the buffer to EVP_DigestSignFinal Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
-
由 Matt Caswell 提交于
When calling EVP_PKEY_sign(), the size of the signature buffer must be passed in *siglen. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
-
由 Matt Caswell 提交于
Clarify what happens if it fails. Make it clear that you can pass a NULL "sig" buffer to get the "siglen". Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
-
由 Matt Caswell 提交于
Test that calling EVP_DigestSign(), EVP_DigestSignFinal(), EVP_PKEY_sign(), EVP_PKEY_get_raw_private_key(), or EVP_PKEY_get_raw_public_key() with a short output buffer results in a failure. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
-