|
Revision tags: openssl-3.0.0-alpha6 |
|
| #
28ba6427 |
| 26-Jul-2020 |
Shane Lontis |
Change CMS tests to use a library context.
A DHX related test has been commented out and TODO(3) added, until DHX is added correctly to a provider.
Added generated files.
Review
Change CMS tests to use a library context.
A DHX related test has been commented out and TODO(3) added, until DHX is added correctly to a provider.
Added generated files.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
9e3c510b |
| 12-Jun-2019 |
FdaSilvaYY |
crypto/cms: add CAdES-BES signed attributes validation
for signing certificate V2 and signing certificate extensions.
CAdES: lowercase name for now internal methods.
crypto
crypto/cms: add CAdES-BES signed attributes validation
for signing certificate V2 and signing certificate extensions.
CAdES: lowercase name for now internal methods.
crypto/cms: generated file changes.
Add some CHANGES entries.
[extended tests]
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8098)
show more ...
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
| #
2d3e6d41 |
| 20-Apr-2020 |
Matt Caswell |
Fix no-des
Disable a recently added CMS test in the case of no-des.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11578)
|
| #
f5056577 |
| 09-Apr-2020 |
Shane Lontis |
Move legacy ciphers into the legacy provider
DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider.
Code shared between desx and tdes has been mov
Move legacy ciphers into the legacy provider
DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider.
Code shared between desx and tdes has been moved into a seperate file (cipher_tdes_common.c).
3 test recipes failed due to using app/openssl calls that used legacy ciphers.
These calls have been updated to supply both the default and legacy providers.
Fixed openssl app '-provider' memory leak
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11419)
show more ...
|
| #
cf6404b1 |
| 25-Jan-2020 |
Nicola Tuveri |
[CMS] Test decryption of a ciphertext encrypted from 1.1.1
Current CMS en/decryption tests only validate that our current decyption
and encryption algorithms are compatible, but they say
[CMS] Test decryption of a ciphertext encrypted from 1.1.1
Current CMS en/decryption tests only validate that our current decyption
and encryption algorithms are compatible, but they say nothing about
correctness of the output for the given set of parameters.
As a partial fix in absence of proper KAT tests, we decrypt ciphertexts
generated with OpenSSL 1.1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
show more ...
|
| #
4b3327e7 |
| 14-Feb-2020 |
Richard Levitte |
TEST: Modify test/recipes/80-test_cms.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
|
| #
19e512a8 |
| 03-Jun-2019 |
Shane Lontis |
Add the content type attribute to additional CMS signerinfo.
Fixes #8923
Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not
Add the content type attribute to additional CMS signerinfo.
Fixes #8923
Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
| #
31fc48dd |
| 02-May-2019 |
Dr. Matthias St. Pierre |
Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'
Since commit 137096a7ead it is possible to specify keywords instead
of negative magic numbers for the salt length. This
Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'
Since commit 137096a7ead it is possible to specify keywords instead
of negative magic numbers for the salt length. This commit replaces
the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes
by `rsa_pss_saltlen:max`.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8860)
show more ...
|
| #
491360e7 |
| 31-Mar-2019 |
Bernd Edlinger |
Avoid creating invalid rsa pss params
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8621)
|
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
e85d19c6 |
| 12-Dec-2018 |
Antonio Iacono |
crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of Signing Ce
crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).
This patch adds support for adding ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)
show more ...
|
| #
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
ed5c7ea2 |
| 10-Aug-2017 |
Dr. Stephen Henson |
no-ec2m fixes
Fix warning and don't use binary field certificate for ECDH CMS
key only test.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/opens
no-ec2m fixes
Fix warning and don't use binary field certificate for ECDH CMS
key only test.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4134)
show more ...
|
| #
5d09b003 |
| 08-Aug-2017 |
Dr. Stephen Henson |
Add test for ECDH CMS key only
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)
|
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15 |
|
| #
c6d67f09 |
| 22-Nov-2016 |
Dr. Stephen Henson |
add CMS SHA1 signing test
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13, OpenSSL_1_0_1t, OpenSSL_1_0_2h |
|
| #
596d6b7e |
| 22-Apr-2016 |
Rich Salz |
Unified copyright for test recipes
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0-pre5 |
|
| #
18cb0221 |
| 21-Mar-2016 |
Matt Caswell |
Skip the CMS tests if CMS is disabled
This fixes the no-cms compile time option.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
| #
83ae8124 |
| 18-Mar-2016 |
Matt Caswell |
Fix no-dsa
Misc fixes for no-dsa.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
96bea000 |
| 18-Mar-2016 |
Matt Caswell |
Fix no-des
Numerous fixes for no-des.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
bb4cc75b |
| 17-Mar-2016 |
Matt Caswell |
Fix no-rc2 in the CMS test
The CMS test uses some RC2 keys which should be skipped if the RC2 is
disabled.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
| #
42e0ccdf |
| 30-Jan-2016 |
Richard Levitte |
unified build scheme: adjust test framework for out of source build tree
To be able to run tests when we've built in a directory other than
the source tree, the testing framework needs a
unified build scheme: adjust test framework for out of source build tree
To be able to run tests when we've built in a directory other than
the source tree, the testing framework needs a few adjustments.
test/testlib/OpenSSL/Test.pm needs to know where it can find
shlib_wrap.sh, and a number of other tests need to be told a different
place to find engines than what they may be able to figure out on
their own. Relying to $TOP is not enough, $SRCTOP and $BLDTOP can be
used as an alternative.
As part of this change, top_file and top_dir are removed and
srctop_file, bldtop_file, srctop_dir and bldtop_dir take their place.
Reviewed-by: Ben Laurie <ben@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2, OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
| #
37f3a3b3 |
| 19-Sep-2015 |
Dr. Stephen Henson |
make no-dh work
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
340166a9 |
| 19-Sep-2015 |
Dr. Stephen Henson |
Change test recipes to use disabled()
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
cc0b19a7 |
| 19-Sep-2015 |
Richard Levitte |
Make sure to actually use @smime_cms_comp_test when testing it...
Obvious typo, and it took configuring with 'zlib' to discover it,
otherwise there was a previous skip that bypassed this
Make sure to actually use @smime_cms_comp_test when testing it...
Obvious typo, and it took configuring with 'zlib' to discover it,
otherwise there was a previous skip that bypassed this section
entirely.
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b, OpenSSL-fips-2_0_10 |
|
| #
fd99c6b5 |
| 30-Apr-2015 |
Richard Levitte |
Change OpenSSL::Test to be an extension of Test::More
It became tedious as well as error prone to have all recipes use
Test::More as well as OpenSSL::Test. The easier way is to make
Change OpenSSL::Test to be an extension of Test::More
It became tedious as well as error prone to have all recipes use
Test::More as well as OpenSSL::Test. The easier way is to make
OpenSSL::Test an extension of Test::More, thereby having all version
checks as well as future checks firmly there. Additionally, that
allows us to extend existing Test::More functions if the need would
arise.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
