Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
e25b4db7 |
| 29-Sep-2020 |
Richard Levitte |
TEST: Remove the build of fipsmodule.cnf from test recipes The exception is the test recipe that tests 'openssl fipsinstall'. However, that one uses a different output file name, so it's
TEST: Remove the build of fipsmodule.cnf from test recipes The exception is the test recipe that tests 'openssl fipsinstall'. However, that one uses a different output file name, so it's safe. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14320)
show more ...
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
5744dacb |
| 29-Jun-2020 |
Rich Salz |
Make -provider_name and -section_name optional Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https:
Make -provider_name and -section_name optional Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12311)
show more ...
|
#
31214258 |
| 29-Jun-2020 |
Rich Salz |
Add --fips-key configuration parameter to fipsinstall application. Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in
Add --fips-key configuration parameter to fipsinstall application. Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in fipsinstall optional Make all tests, except fipsinstall, use the default -macopt and -mac_name flags. Define and use FIPSDIR variable on VMS/MMS. Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12235)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
6ed34b3e |
| 30-Apr-2020 |
Matt Caswell |
Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidental
Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidentally use this or other enviroment variables from the user's environment we automatically set them centrally for all tests. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11691)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
1cd2c1f8 |
| 25-Feb-2020 |
Rich Salz |
Update some nits around the FIPS module - Changed the generated FIPS signature file to be "fipsmodule.conf" since it contains information about the FIPS module/file. - Add -q option
Update some nits around the FIPS module - Changed the generated FIPS signature file to be "fipsmodule.conf" since it contains information about the FIPS module/file. - Add -q option to fipsinstall command, to stop chatty verbose status messages. - Document env var OPENSSL_CONF_INCLUDE Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11177)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
1e78a50f |
| 21-Apr-2020 |
Richard Levitte |
Revert "TEST: make and use a fipsinstall script" Unfortunately, this won't work on MacOS because of system integrity measures on that platform, which clears DYLD_LIBRARY_PATH before
Revert "TEST: make and use a fipsinstall script" Unfortunately, this won't work on MacOS because of system integrity measures on that platform, which clears DYLD_LIBRARY_PATH before starting a sub-process executable. Ref: https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/RuntimeProtections/RuntimeProtections.html This reverts commit ae6b654b669638882a6ddce012ff55adc7cf6a82. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11592)
show more ...
|
#
ae6b654b |
| 18-Apr-2020 |
Richard Levitte |
TEST: make and use a fipsinstall script We have copies of the exact same fipsinstall call in several test recipes. This refactors those calls into a single simple script. Revie
TEST: make and use a fipsinstall script We have copies of the exact same fipsinstall call in several test recipes. This refactors those calls into a single simple script. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11565)
show more ...
|
#
22e27978 |
| 20-Mar-2020 |
Shane Lontis |
Add support for passing the libctx to the config loader The self tests for the fips module are triggered on startup and they need to know the core's libctx in order to function correctly
Add support for passing the libctx to the config loader The self tests for the fips module are triggered on startup and they need to know the core's libctx in order to function correctly. As the provider can be autoloaded via configuration it then needs to propagate the callers libctx down to the provider via the config load. Note that OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, ..) is still called, but will only load the default configuration if the OPENSSL_CONF environment variable is set. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11240)
show more ...
|
#
433deaff |
| 25-Feb-2020 |
Rich Salz |
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (except for Configurations) to foo.cnf Fixes #11174 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11176)
show more ...
|
#
745fc918 |
| 14-Feb-2020 |
Matt Caswell |
Introduce the provider property Replace the properties default, fips and legacy with a single property called "provider". So, for example, instead of writing "default=yes" to get alg
Introduce the provider property Replace the properties default, fips and legacy with a single property called "provider". So, for example, instead of writing "default=yes" to get algorithms from the default provider you would instead write "provider=default". We also have a new "fips" property to indicate that an algorithm is compatible with FIPS mode. This applies to all the algorithms in the FIPS provider, as well as any non-cryptographic algorithms (currently only serializers). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11097)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
be3acd79 |
| 23-Nov-2019 |
Dr. Matthias St. Pierre |
Fix typos in fipsinstall test Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10506)
|
#
e0d952fc |
| 29-Sep-2019 |
Richard Levitte |
Make relevant tests more sensitive to 'no-fips' This applies to test/recipes/30-test_evp.t and test/recipes/30-test_evp_fetch_prov.t. Additionally, we make test/recipes/30-test_
Make relevant tests more sensitive to 'no-fips' This applies to test/recipes/30-test_evp.t and test/recipes/30-test_evp_fetch_prov.t. Additionally, we make test/recipes/30-test_evp_fetch_prov.t data driven, to make test number planning more automated, and to separate what is unique from what is common to all the test cases. [extended tests] Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10047)
show more ...
|
#
7bb82f92 |
| 15-Sep-2019 |
Shane Lontis |
Add fips module integrity check Add environment variable for setting CONF .include path Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openss
Add fips module integrity check Add environment variable for setting CONF .include path Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9769)
show more ...
|