- 08 11月, 2021 11 次提交
-
-
由 Tianjia Zhang 提交于
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/16963)
-
由 Dr. David von Oheimb 提交于
Fixes #16300 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16442)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16960)
-
由 Matt Caswell 提交于
The EVP_PKEY_fromdata man page has some code examples with various errors in them. This fixes those errors. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16973)
-
由 Pauli 提交于
The global variable `default_DSO_meth` was potentially set multiple times by different threads. It turns out that it could only be set to a single value so the race is harmless but still better avoided. The fix here simply removes the global and accesses the value it was set to via the `DSO_METHOD_openssl()` call. Problem discovered via #16970, but this does not resolve that issue because there are other concerns. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16972)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16962)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16962)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16962)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16962)
-
由 PW Hu 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16942)
-
由 Pauli 提交于
Fixes #16961 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/16969)
-
- 05 11月, 2021 5 次提交
-
-
由 slontis 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16801)
-
由 Phil Mesnier 提交于
ctx->p2 being a null pointer. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16913) (cherry picked from commit 07e6c857)
-
由 Pauli 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16953)
-
由 Pauli 提交于
Fixes #16944 Fixes #16859 Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16953)
-
由 Pauli 提交于
Removed the three checks of type against NULL since type cannot be NULL for any of them. Moved a check of ->engine inside a CPP guard for engines. Didn't address the teardown and rebuild of the provider context. Partially fixes #16947 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16952)
-
- 04 11月, 2021 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16954)
-
由 Bernd Edlinger 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16956)
-
由 Tom Cosgrove 提交于
This fixes "undefined reference to `aes_gcm_dec_128_kernel' in function `armv8_aes_gcm_decrypt'" and similar Fixes #16949 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16951)
-
- 03 11月, 2021 2 次提交
-
-
由 x2018 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16948)
-
由 Tomas Mraz 提交于
This avoids using accidentally uninitialized key schedule in applications that use DES_set_key() not expecting it to check the key which is the default on OpenSSL <= 1.1.1 Fixes #16859 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16944)
-
- 02 11月, 2021 2 次提交
-
-
由 Felipe Gasper 提交于
Since TLS v1.3 eschews renegotiation entirely it’s misleading to have these apps say it’s “not supported” when in fact the TLS version is new enough not to need renegotiation at all. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16937)
-
由 Mingjun.Yang 提交于
The process should be conforming to clause 6.1 and 6.2 of GMT 0003.2-2012. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16931)
-
- 01 11月, 2021 2 次提交
-
-
由 PW Hu 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16943)
-
由 PW Hu 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16943)
-
- 28 10月, 2021 3 次提交
-
-
由 Pauli 提交于
The test called this twice which doesn't hurt but isn't ideal. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16921)
-
由 PW Hu 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16889) [edited to remove end of line whitespace and wrap lines to eighty columns]
-
由 x2018 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
-
- 27 10月, 2021 12 次提交
-
-
由 Richard Levitte 提交于
When remaking how programs were linked, the variable `$ress` was forgotten. Unfortunately, perl treats this with silence. Fixes #16870 Fixes #16667 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16875)
-
由 Matt Caswell 提交于
gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning when compiling test/packettest.c, which causes --strict-warnings builds to fail. A simple fix avoids the warning. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16887)
-
由 Matt Caswell 提交于
Make it clear that the cipher/digest objects returned from EVP_get_cipherbyname() and EVP_get_digestbyname() functions have no associated implementation fetched from a provider. Fixes #16864 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16893)
-
由 Tomas Mraz 提交于
Co-author: Selva Nair <selva.nair@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This mostly entails passing around a provider pointer, and handling queries that includes a pointer to a provider, where NULL means "any". This also means that there's a need to pass the provider pointer, not just down to the cache functions, but also be able to get it from ossl_method_store_fetch(). To this end, that function's OSSL_PROVIDER pointer argument is modified to be a pointer reference, so the function can answer back what provider the method comes from. Test added. Fixes #16614 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
Functions like EVP_PKEY_sign_init() do an implicit fetch of the operation implementation (EVP_SIGNATURE in this case), then get the KEYMGMT from the same provider, and tries to export the key there if necessary. If an export of the key isn't possible (because the provider that holds the key is an HSM and therefore can't export), we would simply fail without looking any further. This change modifies the behaviour a bit by trying a second fetch of the operation implementation, but specifically from the provider of the EVP_PKEY that's being used. This is done with the same properties that were used with the initial operation implementation fetch, and should therefore be safe, allowing only what those properties allow. Fixes #16614 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
Added functions: evp_signature_fetch_from_prov(), evp_asym_cipher_fetch_from_prov(), evp_keyexch_fetch_from_prov(), evp_kem_fetch_from_prov() These are all like the public conterparts, except they all take a provider instead of a library context as first argument. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
In all initializing functions for functionality that use an EVP_PKEY, the coded logic was to find an KEYMGMT implementation first, and then try to find the operation method (for example, SIGNATURE implementation) in the same provider. This implies that in providers where there is a KEYMGMT implementation, there must also be a SIGNATURE implementation, along with a KEYEXCH, ASYM_CIPHER, etc implementation. The intended design was, however, the opposite implication, i.e. that where there is a SIGNATURE implementation, there must also be KEYMGMT. This change reverses the logic of the code to be closer to the intended design. There is a consequence; we now use the query_operation_name function from the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by the application). Previously, we used the query_operation_name function from the KEYMGMT found alongside the SIGNATURE implementation. Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX is now always a reference to the KEYMGMT of the |pkey| field if that one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt| isn't NULL). Fixes #16614 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This is an internal function to fetch a keymgmt method from a specific provider. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This function leverages the generic possibility to fetch EVP methods from a specific provider. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-
由 Richard Levitte 提交于
This makes it possible to limit the search of methods to that particular provider. This uses already available possibilities in ossl_algorithm_do_all(). Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
-