| 2b1bc78a | 27-Apr-2020 |
Matt Caswell |
Document the new raw private/public key functions
Document the newly added EVP_PKEY_new_raw_private_key_with_libctx and
EVP_PKEY_new_raw_public_key_with_libctx functions.
Review
Document the new raw private/public key functions
Document the newly added EVP_PKEY_new_raw_private_key_with_libctx and
EVP_PKEY_new_raw_public_key_with_libctx functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| 262ff123 | 27-Apr-2020 |
Matt Caswell |
Implement key match functionality for ECX keys
This makes EVP_PKEY_cmp work for provider side ECX keys.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://
Implement key match functionality for ECX keys
This makes EVP_PKEY_cmp work for provider side ECX keys.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| 48b4b104 | 24-Apr-2020 |
Matt Caswell |
Fix the KEYNID2TYPE macro
This macro was not correctly handling Ed25519 keys
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/
Fix the KEYNID2TYPE macro
This macro was not correctly handling Ed25519 keys
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| d4fe478d | 24-Apr-2020 |
Matt Caswell |
Don't export ECX key data twice
We had a redundant couple of lines where we exported key data twice.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://git
Don't export ECX key data twice
We had a redundant couple of lines where we exported key data twice.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| c19d8978 | 24-Apr-2020 |
Matt Caswell |
Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys
If the key is a provider key then we should export it from the provider.
Fixes #11627
Reviewed-by: Shan
Ensure EVP_PKEY_get_raw_[private|public]_key work with provider keys
If the key is a provider key then we should export it from the provider.
Fixes #11627
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| f3336f40 | 24-Apr-2020 |
Matt Caswell |
Add the library ctx into an ECX_KEY
At various points we need to be able to retrieve the current library
context so we store it in the ECX_KEY structure.
Reviewed-by: Shane Lont
Add the library ctx into an ECX_KEY
At various points we need to be able to retrieve the current library
context so we store it in the ECX_KEY structure.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| 969024b4 | 24-Apr-2020 |
Matt Caswell |
Add the ability to ECX to import keys with only the private key
ECX keys can very easily crete the public key from the private key.
Therefore when we import ecx keys it is sufficent to j
Add the ability to ECX to import keys with only the private key
ECX keys can very easily crete the public key from the private key.
Therefore when we import ecx keys it is sufficent to just have the private
key.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| a6f8a834 | 24-Apr-2020 |
Matt Caswell |
Ensure OSSL_PARAM_BLD_free() can accept a NULL
All OpenSSL free functions should accept NULL.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com
Ensure OSSL_PARAM_BLD_free() can accept a NULL
All OpenSSL free functions should accept NULL.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| 1c4f340d | 24-Apr-2020 |
Matt Caswell |
Make EVP_new_raw_[private|public]_key provider aware
We also introduce variants which are OPENSSL_CTX aware
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from http
Make EVP_new_raw_[private|public]_key provider aware
We also introduce variants which are OPENSSL_CTX aware
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
show more ...
|
| 7421f085 | 30-Apr-2020 |
nia |
rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes.
Requests for more than 256 bytes will fail.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Cas
rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes.
Requests for more than 256 bytes will fail.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11689)
show more ...
|
| 0c27ce73 | 30-Apr-2020 |
nia |
rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://gith
rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11689)
show more ...
|
| e2e4b784 | 30-Apr-2020 |
nia |
rand_unix.c: Include correct headers for sysctl() on NetBSD
This allows sysctl(KERN_ARND) to be detected properly.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Mat
rand_unix.c: Include correct headers for sysctl() on NetBSD
This allows sysctl(KERN_ARND) to be detected properly.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11689)
show more ...
|
| e4ec769e | 17-Mar-2020 |
Leo Neat |
CIFuzz turning dry_run off
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11339) |
| 12cbb8e0 | 01-May-2020 |
Richard Levitte |
WPACKET: don't write DER length when we don't want to
With endfirst writing, it could be that we want to abandon any zero
length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LE
WPACKET: don't write DER length when we don't want to
With endfirst writing, it could be that we want to abandon any zero
length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH
was supposed to make happen, but the DER length writing code didn't
look at that flag. Now it does.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11703)
show more ...
|
| 200e5ee5 | 02-May-2020 |
Richard Levitte |
Fix reason code clash
EVP_R_NULL_MAC_PKEY_CTX vs EVP_R_SET_DEFAULT_PROPERTY_FAILURE
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/o
Fix reason code clash
EVP_R_NULL_MAC_PKEY_CTX vs EVP_R_SET_DEFAULT_PROPERTY_FAILURE
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11708)
show more ...
|
| 6d81bb26 | 01-May-2020 |
Richard Levitte |
util/perl/OpenSSL/OID.pm: remove the included unit test
The unit test uses features that appeared in perl 5.12, and is
therefore a source of trouble when building.
Reviewed-by:
util/perl/OpenSSL/OID.pm: remove the included unit test
The unit test uses features that appeared in perl 5.12, and is
therefore a source of trouble when building.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11704)
show more ...
|
| c450922c | 01-May-2020 |
Shane Lontis |
Add solaris assembler fixes for legacy provider
The legacy provider contains assembler references. Most code is automagically pulled in from the libcrypto - but the platform specific assembl
Add solaris assembler fixes for legacy provider
The legacy provider contains assembler references. Most code is automagically pulled in from the libcrypto - but the platform specific assembler functions will not be visible in the symbol table. Copying BNASM and DESASM into liblegacy seems to be a better solution than exposing platform specific function in libcrypto.num.
Added a missing call in the des_cbc code for sparc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11697)
show more ...
|
| e0624f0d | 02-May-2020 |
Shane Lontis |
Add default property API's to enable and test for fips
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11239) |
| e908f292 | 02-Apr-2020 |
Benjamin Kaduk |
make update for SSL_new_session_ticket
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11416) |
| f0049b86 | 17-Mar-2020 |
Benjamin Kaduk |
Add test for SSL_new_session_ticket()
Run a normal handshake and then request some extra tickets,
checking that the new_session_cb is called the expected number of
times. Since the
Add test for SSL_new_session_ticket()
Run a normal handshake and then request some extra tickets,
checking that the new_session_cb is called the expected number of
times. Since the tickets are generated in the same way as other
tickets, there should not be a need to verify that these specific ones
can be used to resume.
Run the test with both zero and a non-zero number of tickets issued in the
initial handshake.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11416)
show more ...
|
| 3bfacb5f | 16-Mar-2020 |
Benjamin Kaduk |
Add SSL_new_session_ticket() API
This API requests that the TLS stack generate a (TLS 1.3)
NewSessionTicket message the next time it is safe to do so (i.e., we do
not have other data
Add SSL_new_session_ticket() API
This API requests that the TLS stack generate a (TLS 1.3)
NewSessionTicket message the next time it is safe to do so (i.e., we do
not have other data pending write, which could be mid-record). For
efficiency, defer actually generating/writing the ticket until there
is other data to write, to avoid producing server-to-client traffic when
not needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11416)
show more ...
|
| 6250282f | 16-Mar-2020 |
Benjamin Kaduk |
Fix whitespace nit in ossl_statem_server_pre_work
An 'if' clause was nestled against a previous closing brace as it if was
an 'else if', but should properly stand on its own line.
Fix whitespace nit in ossl_statem_server_pre_work
An 'if' clause was nestled against a previous closing brace as it if was
an 'else if', but should properly stand on its own line.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11416)
show more ...
|
| 90113096 | 22-Apr-2020 |
Mat Berchtold |
Add a test for EVP_PKEY_*_check functions for "DSA" keys
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://gi
Add a test for EVP_PKEY_*_check functions for "DSA" keys
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11598)
show more ...
|
| 2fc2e37b | 21-Apr-2020 |
Mat Berchtold |
When a private key is validated and there is no private key, return early.
Affected functions:
dsa_validate_public
dsa_validate_private
dh_validate_public
dh_validate_pr
When a private key is validated and there is no private key, return early.
Affected functions:
dsa_validate_public
dsa_validate_private
dh_validate_public
dh_validate_private
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11598)
show more ...
|
| 64e54bf5 | 26-Apr-2020 |
Pauli |
coverity 1462581 Dereference after null check
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11651) |
