#
f3090fc7 |
| 15-Jul-2022 |
slontis |
Implement deterministic ECDSA sign (RFC6979) This PR is based off the contributions in PR #9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (
Implement deterministic ECDSA sign (RFC6979) This PR is based off the contributions in PR #9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (2) Support ECDSA and DSA (3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG. A nonce_type is passed around inside the Signing API's, in order to support any future deterministic algorithms. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18809)
show more ...
|
#
6cdf83ea |
| 25-Nov-2022 |
Xu Yizhou |
test: add sm4 xts test cases Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19619)
|
#
e1289d90 |
| 13-Sep-2022 |
Tomas Mraz |
With fips provider 3.0.0 skip tests related to explicit curves handling Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by:
With fips provider 3.0.0 skip tests related to explicit curves handling Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19201)
show more ...
|
#
54a7bbed |
| 12-Sep-2022 |
Pauli |
evp_test: allow FIPS provider version based escapes in evp_test Also fix a number of regressions when run against the 3.0.0 FIPS provider that result from bug fixes. Reviewed-by
evp_test: allow FIPS provider version based escapes in evp_test Also fix a number of regressions when run against the 3.0.0 FIPS provider that result from bug fixes. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19201)
show more ...
|
#
fc5888cc |
| 01-Aug-2022 |
Sebastian Andrzej Siewior |
test/evp_test: Test if EVP_DigestSign() set signature's length. Increase the signature's length, that is passed to EVP_DigestSign(). The implementation should set this parameter back to
test/evp_test: Test if EVP_DigestSign() set signature's length. Increase the signature's length, that is passed to EVP_DigestSign(). The implementation should set this parameter back to the actual length, that has been written. This (oneshot_digestsign_test_run()) fails for the ed25519/ ed448 implementation of s390 prio the fix. The change in digestsign_test_run() follows the same pattern and is for collecting bonus points. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18928)
show more ...
|
#
0113ec84 |
| 28-Apr-2022 |
Todd Short |
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
show more ...
|
#
c8a016ca |
| 07-Jul-2022 |
slontis |
Make evp_test skip mac tests if digest or ciphers are disabled. Fixes test error in #18714 This only happens currently during minimal builds. Reviewed-by: Tomas Mraz <tomas@open
Make evp_test skip mac tests if digest or ciphers are disabled. Fixes test error in #18714 This only happens currently during minimal builds. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18737)
show more ...
|
#
5203a8df |
| 17-Jun-2022 |
Jiasheng Jiang |
test/evp_test.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Sign
test/evp_test.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18592)
show more ...
|
#
f68283c1 |
| 12-Jun-2022 |
Richard Levitte |
test/evp_test.c: Check too big output buffer sizes in PKEYKDF tests EVP_PKEY_derive() should be able to cope with a too big buffer for fixed size outputs. However, we don't test that.
test/evp_test.c: Check too big output buffer sizes in PKEYKDF tests EVP_PKEY_derive() should be able to cope with a too big buffer for fixed size outputs. However, we don't test that. This change modifies the PKEYKDF tests to ask EVP_PKEY_derive() what the desired output buffer size is, and as long as the returned value isn't absurd (indicating that anything goes), the output buffer is made to be twice as big as what is expected. Tests #18517 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18533) (cherry picked from commit a0587aaeff7391b8cf4ee4c6a233d0f4dca7d62f)
show more ...
|
#
d649c51a |
| 21-May-2022 |
Peiwei Hu |
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
e58ba181 |
| 12-Apr-2022 |
Tomas Mraz |
evp_test: Try computing MACs twice with reinitialization of EVP_MAC_CTX Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://g
evp_test: Try computing MACs twice with reinitialization of EVP_MAC_CTX Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18100)
show more ...
|
#
4413fe35 |
| 10-Mar-2022 |
Tomas Mraz |
evp_test: Add testcases for DH KEX with X9.42 KDF Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.c
evp_test: Add testcases for DH KEX with X9.42 KDF Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17859)
show more ...
|
#
bbbd1210 |
| 09-Feb-2022 |
Tomas Mraz |
evp_test: Skip testcase if r parameter is unsupported The r parameter of the KBKDF is unsupported by 3.0 FIPS module. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from htt
evp_test: Skip testcase if r parameter is unsupported The r parameter of the KBKDF is unsupported by 3.0 FIPS module. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17671)
show more ...
|
#
b2f90e93 |
| 02-Feb-2022 |
Jiasheng Jiang |
evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null Since the memory allocation may fail, the 'mac_name' and 'controls' could be NULL. And the
evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null Since the memory allocation may fail, the 'mac_name' and 'controls' could be NULL. And the 'mac_name' will be printed in mac_test_run_mac() without check. Also the result of 'params_n + sk_OPENSSL_STRING_num(expected->controls)' in mac_test_run_mac() will be 'params_n - 1' if allocation fails , which does not make sense. Therefore, it should be better to check them in order to guarantee the complete success of initiation. If fails, we also need to free the 'mdat' to avoid the memory leak. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17628)
show more ...
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
c8adf19d |
| 24-Jan-2022 |
Pauli |
evp_test: add a ctx dup operation to the KDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
|
#
2208ba56 |
| 24-Jan-2022 |
Jiasheng Jiang |
evp_test: Add the missing check after calling OPENSSL_malloc The OPENSSL_zalloc() could return NULL pointer if fails. Add the check for it does make sense, like how digest_test_init() de
evp_test: Add the missing check after calling OPENSSL_malloc The OPENSSL_zalloc() could return NULL pointer if fails. Add the check for it does make sense, like how digest_test_init() deals with. CLA: trivial Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17571)
show more ...
|
#
ed16b0fc |
| 17-Jan-2022 |
Pauli |
test: add cipher context dup test Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17529)
|
#
0be4b040 |
| 07-Jan-2022 |
Pauli |
test: add digest context dup tests Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17529)
|
#
10481d33 |
| 05-Jan-2022 |
Peiwei Hu |
Fix: some patches related to error exiting Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Fix: some patches related to error exiting Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17417)
show more ...
|
#
0e9a265e |
| 18-Nov-2021 |
Patrick Uiterwijk |
Support different R_BITS lengths for KBKDF Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Support different R_BITS lengths for KBKDF Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17063)
show more ...
|
#
747adb6a |
| 24-Jun-2021 |
Dr. David von Oheimb |
Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and HAS_CASE_SUFFIX() Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
|
#
2ff286c2 |
| 21-Jun-2021 |
Dr. David von Oheimb |
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
show more ...
|