Age | Commit message (Collapse) | Author | Files | Lines |
|
Also improve credentials loading diagnostics for many apps.
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12905)
|
|
This streamlines with all other config targets, and draws from the
'sys_id' config attribute.
Fixes #12858
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)
|
|
This makes a difference for './Configure HASH' and './Configure TABLE'
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)
|
|
Because there are many combinations and much repetition, we add a large
number of templates to cover all aspects, and make the actual config
entries inherit from the templates combined.
Fixes #12858
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)
|
|
As per discussed in issue #12364 [1], since the format of git archive is
inferred from the output file, it's safe to remove the pipe for gzip.
[1] https://github.com/openssl/openssl/issues/12364
Fixes #12364
Signed-off-by: Hu Keping <hukeping@huawei.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12841)
|
|
The original names were more intuitive: the generate_counter counts the
number of generate requests, and the reseed_counter counts the number
of reseedings (of the principal DRBG).
reseed_gen_counter -> generate_counter
reseed_prop_counter -> reseed_counter
This is the anologue to commit 8380f453ec81 on the 1.1.1 stable branch.
The only difference is that the second renaming has already been reverted
on the master branch.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12941)
|
|
The removal of certain types of files we structured like this:
-$(RM) `find . {{options}} -print`
This isn't very kind for shells with limited command line lengths
(even when that limit is generous, in our case), so we rewrite those
like this:
-find . {{options}} -exec $(RM) {} \;
Fixes #12938
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12939)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
The parameter can be set via settable parameter OSSL_KDF_PARAM_PROPERTIES
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
rsa_pss_params_30_fromdata() now uses the OSSL_PKEY_PARAM_RSA_DIGEST_PROPS parameter also.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
in cms_sd.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)
|
|
ossl_prov_is_running()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)
|
|
ossl_prov_is_running()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)
|
|
call to evp_pkey_ctx_store_cached_data()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
|
|
This allows a user to confirm that the DRBG their configuration specified is
being used.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
|
|
This permits the default trio of DRBGs to have their type and parameters set
using configuration.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
|
|
This commit changes the man page for OSSL_DECODER_CTX_new by removing
the OPENSSL_CTX parameter which matches the declaration in decoder.h.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12935)
|
|
This is required before the RAND/DRBG framework can be made user mutable.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12904)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
|
|
CLA: Permission is granted by the author to the OpenSSL team to use these modifications.
Fixes #12918
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12928)
|
|
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #12205
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12924)
|
|
OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.
The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12419)
(cherry picked from commit 56e8fe0b4efbf582e40ae91319727c9d176c5e1e)
|
|
We are considering using the format "host-nqn controller-nqn" for
psk-id in the NVMe-oF/TCP over TLS spec, it's in the current version,
but openssl's limit was 128 upto now, we need a little longer than that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12771)
|
|
Fixes #7151
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12916)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12777)
|
|
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12915)
|
|
EVP_MAC_final had only three arguments / the buffer/tag size was missing.
Fixes #12424
Note, that I didn't try to compile the example to look for other problems.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12429)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12929)
|
|
Our matching of C symbols here was inconsistent and could therefore
give false negatives when the SYNOPSIS was parsed. Now we have
$C_symbol, which is a simple regexp that matches the common C symbol.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
|
|
Mostly source nits, but also removing a couple of OSSL_DECODER_PARAM
macros that are never used or even make sense.
Also, some function names weren't quite consistent. They were made a
bit more consistent in the OSSL_ENCODER API, now we bring that back to
OSSL_DECODER.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
|
|
This adds the convenience function EVP_PKEY_typenames_do_all(), which
does the same as EVP_KEYMGMT_names_do_all(), but without having to
expose all the internal ways to find out if the internal EVP_PKEY key
is legacy or provider-native.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
|