| #
7057dddb |
| 26-Oct-2022 |
Pauli |
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
show more ...
|
| #
8d257d0d |
| 31-Aug-2021 |
slontis |
Document that the openssl fipsinstall self test callback may not be used.
Fixes #16260
If the user autoloads a fips module from a config file, then it will run the self tests early
Document that the openssl fipsinstall self test callback may not be used.
Fixes #16260
If the user autoloads a fips module from a config file, then it will run the self tests early (before the self test callback is set),
and they may not get triggered again during the fipsinstall process.
In order for this to happen there must already be a valid fips config file.
As the main purpose of the application is to generate the fips config file, this case has just been documented.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16475)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
| #
2abffec0 |
| 05-May-2021 |
Shane Lontis |
Add fipsinstall option to run self test KATS on module load
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/opens
Add fipsinstall option to run self test KATS on module load
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15149)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
| #
3c2bdd7d |
| 08-Apr-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
|
|
Revision tags: OpenSSL_1_1_1k |
|
| #
eb78f955 |
| 19-Mar-2021 |
Rich Salz |
Make fipsinstall -out flag optional
If -out is not specified, send output to stdout.
Fix documentation errors.
Remove "-out -" from an invocation.
Reviewed-by: Shane Lontis
Make fipsinstall -out flag optional
If -out is not specified, send output to stdout.
Fix documentation errors.
Remove "-out -" from an invocation.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14623)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
| #
991a6bb5 |
| 05-Sep-2020 |
Shane Lontis |
Add option to fipsinstall to disable fips security checks at run time.
Changes merged from a patch by @richsalz.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from h
Add option to fipsinstall to disable fips security checks at run time.
Changes merged from a patch by @richsalz.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
show more ...
|
| #
35e6ea3b |
| 10-Sep-2020 |
Shane Lontis |
keygen: add FIPS error state management to conditional self tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://gith
keygen: add FIPS error state management to conditional self tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
| #
9a62ccbe |
| 10-Sep-2020 |
Shane Lontis |
Fix fipsinstall module path
If a path is specified with the -module option it will use this path to load the library when the provider is activated,
instead of also having to set the env
Fix fipsinstall module path
If a path is specified with the -module option it will use this path to load the library when the provider is activated,
instead of also having to set the environment variable OPENSSL_MODULES.
Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname().
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12761)
show more ...
|
| #
c9dcbc07 |
| 17-Aug-2020 |
Pauli |
Apps: change provider_path option to provider-path.
The applications use '-' in options not '_'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.c
Apps: change provider_path option to provider-path.
The applications use '-' in options not '_'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12662)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha6 |
|
| #
9f7bdcf3 |
| 21-Jul-2020 |
Shane Lontis |
Add ERR_raise() errors to fips OSSL_provider_init and self tests.
As the ERR_raise() is setup at this point returng a range of negative values for errors is not required.
This will need
Add ERR_raise() errors to fips OSSL_provider_init and self tests.
As the ERR_raise() is setup at this point returng a range of negative values for errors is not required.
This will need to be revisited if the code ever moves to running from the DEP.
Added a -config option to the fips install so that it can test if a fips module is loadable from configuration.
(The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file).
Added more failure tests for the raised errors.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12346)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha5 |
|
| #
5744dacb |
| 29-Jun-2020 |
Rich Salz |
Make -provider_name and -section_name optional
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https:
Make -provider_name and -section_name optional
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12311)
show more ...
|
| #
31214258 |
| 29-Jun-2020 |
Rich Salz |
Add --fips-key configuration parameter to fipsinstall application.
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in
Add --fips-key configuration parameter to fipsinstall application.
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f |
|
| #
d03b3158 |
| 20-Mar-2020 |
Rich Salz |
Revise fips_install.pod
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/1136
Revise fips_install.pod
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)
show more ...
|
| #
a6ed19dc |
| 27-Apr-2020 |
Shourya Shukla |
Amend references to "OpenSSL license"
A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend th
Amend references to "OpenSSL license"
A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend the occurences.
Fixes #11649
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11663)
show more ...
|
|
Revision tags: OpenSSL_1_1_1e |
|
| #
1cd2c1f8 |
| 25-Feb-2020 |
Rich Salz |
Update some nits around the FIPS module
- Changed the generated FIPS signature file to be "fipsmodule.conf"
since it contains information about the FIPS module/file.
- Add -q option
Update some nits around the FIPS module
- Changed the generated FIPS signature file to be "fipsmodule.conf"
since it contains information about the FIPS module/file.
- Add -q option to fipsinstall command, to stop chatty verbose status
messages.
- Document env var OPENSSL_CONF_INCLUDE
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11177)
show more ...
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
| #
5e98904c |
| 26-Feb-2020 |
Pauli |
man1: make all openssl command line tool documentation generated.
With the introduction of provider command line options which are applicable to
almost all of the command line tools, it
man1: make all openssl command line tool documentation generated.
With the introduction of provider command line options which are applicable to
almost all of the command line tools, it seemed reasonable to make them all
generated. This simplifes the .gitignore and avoids having to keep two lists
in sync.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)
show more ...
|
