| 858b5d12 | 21-Oct-2022 |
Daniel Fiala |
Add an EVP signature demo using DSA
Fixes openssl#14114
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mra
Add an EVP signature demo using DSA
Fixes openssl#14114
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19492)
show more ...
|
| 122ea851 | 22-Nov-2022 |
Richard Levitte |
test/recipes/80-test_cms.t: Fix the "CAdES ko" test
This test had commands that assumes that runner_loop() is used to perform
the tests. These tests still run fine because Unix accepts
test/recipes/80-test_cms.t: Fix the "CAdES ko" test
This test had commands that assumes that runner_loop() is used to perform
the tests. These tests still run fine because Unix accepts braces in file
names, but other operating systems might not.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19731)
(cherry picked from commit 20d3731006c9d29cbe17c2aedeba5e2abccfcd57)
show more ...
|
| c48c3280 | 16-Nov-2022 |
Tomas Mraz |
Split out thread pool tests into threadpool_test
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/ope
Split out thread pool tests into threadpool_test
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19695)
show more ...
|
| f5a3669c | 16-Nov-2022 |
Tomas Mraz |
Add functions supporting thread pool only when it is enabled
Fixes #19691
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged f
Add functions supporting thread pool only when it is enabled
Fixes #19691
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19695)
show more ...
|
| 26cfa4cd | 17-Nov-2022 |
slontis |
Fix coverity issues in X509v3_addr
CID 1516955 : Null pointer deref (REVERSE_INULL)
CID 1516954 : Null pointer deref (REVERSE_INULL)
CID 1516953 : RESOURCE_LEAK of child
Rev
Fix coverity issues in X509v3_addr
CID 1516955 : Null pointer deref (REVERSE_INULL)
CID 1516954 : Null pointer deref (REVERSE_INULL)
CID 1516953 : RESOURCE_LEAK of child
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19700)
show more ...
|
| 4741c80c | 16-Nov-2022 |
slontis |
Add missing HISTORY sections for OpenSSL 3.0 related documents.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com
Add missing HISTORY sections for OpenSSL 3.0 related documents.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)
show more ...
|
| dd1d7bcb | 02-Nov-2022 |
slontis |
Improve FIPS RSA keygen performance.
FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.
Cachegrind was showing t
Improve FIPS RSA keygen performance.
FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.
Cachegrind was showing that during a RSA keygen operation,
the function BN_gcd() was taking a considerable percentage
of the total cycles.
The default provider uses multiprime keygen, which seemed to
be much faster. This is because it uses BN_mod_inverse()
instead.
For a 4096 bit key, the entropy of a key that was taking a
long time to generate was recorded and fed back into subsequent
runs. Roughly 40% of the cycle time was BN_gcd() with most of the
remainder in the prime testing. Changing to use the inverse
resulted in the cycle count being 96% in the prime testing.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19578)
show more ...
|
| 88113f5d | 14-Nov-2022 |
Matt Caswell |
Design document for the QUIC-TLS integration
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openss
Design document for the QUIC-TLS integration
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19683)
show more ...
|
| 83c1220a | 19-Nov-2022 |
Richard Levitte |
test/timing_load_creds.c: use OPENSSL_SYS_ macros
A previous change was only half done. To avoid such mistakes again, we
switch to using the OPENSSL_SYS_ macros, as the are clearer than
test/timing_load_creds.c: use OPENSSL_SYS_ macros
A previous change was only half done. To avoid such mistakes again, we
switch to using the OPENSSL_SYS_ macros, as the are clearer than having
to check a pile of very platform and compiler specific macros.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19720)
show more ...
|
| 81929ac4 | 18-Nov-2022 |
Richard Levitte |
Disable test/timing_load_creds.c on VMS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl
Disable test/timing_load_creds.c on VMS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19713)
show more ...
|
| a275afc5 | 25-Aug-2022 |
Dr. David von Oheimb |
test/smime-certs/ca.cnf: clean up comments, simplify settings using SKID and AKID defaults
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
test/smime-certs/ca.cnf: clean up comments, simplify settings using SKID and AKID defaults
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19064)
show more ...
|
| 8a2f9a7c | 25-Aug-2022 |
Dr. David von Oheimb |
x509/v3_purp.c: rename 'require_ca' parameters to the more adequate 'non_leaf'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged
x509/v3_purp.c: rename 'require_ca' parameters to the more adequate 'non_leaf'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19064)
show more ...
|
| 3fa6dbd1 | 25-Aug-2022 |
Dr. David von Oheimb |
x509/v3_purp.c etc.: improve doc/comments on codesign and timestamp purpose checks
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Mer
x509/v3_purp.c etc.: improve doc/comments on codesign and timestamp purpose checks
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19064)
show more ...
|
| ad60cd52 | 16-Nov-2022 |
slontis |
Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.
Removed fields from missingcrypto.txt that are no longer missing.
Reviewed-by: Richard Levitte <levitte@openssl.
Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.
Removed fields from missingcrypto.txt that are no longer missing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19692)
show more ...
|
| 3c4e250e | 18-Nov-2022 |
Richard Levitte |
Fix more VMS inclusions
Including things in ../ssl/record/methods from sources in test/ presented
another challenge for the current VMS C. This is compensated for with the
usual wha
Fix more VMS inclusions
Including things in ../ssl/record/methods from sources in test/ presented
another challenge for the current VMS C. This is compensated for with the
usual whack-a-mole in Configurations/descrip.mms.tmpl.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19708)
show more ...
|
| 48cc4e0c | 08-Nov-2022 |
Matt Caswell |
Update the record layer design based on implementation experience
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://gith
Update the record layer design based on implementation experience
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17969)
show more ...
|
| 14b54475 | 25-Mar-2022 |
Matt Caswell |
Add a record layer design document
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/179
Add a record layer design document
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17969)
show more ...
|
| 5e38e0ac | 11-Nov-2022 |
Tomas Mraz |
evp_extra_test2: Test DH param checks with non-NULL libctx
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hl
evp_extra_test2: Test DH param checks with non-NULL libctx
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19656)
show more ...
|
| 7c639f0b | 11-Nov-2022 |
Tomas Mraz |
DH_check[_params]() use libctx of the dh for prime checks
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hla
DH_check[_params]() use libctx of the dh for prime checks
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19656)
show more ...
|
| c507db96 | 15-Nov-2022 |
Dr. David von Oheimb |
ParseC.pm: gracefully handle DOS-style end-of-line in source files
When header files happen to have \r\n at line end, prevent hick-ups like:
Unmatched parentheses at include/openssl
ParseC.pm: gracefully handle DOS-style end-of-line in source files
When header files happen to have \r\n at line end, prevent hick-ups like:
Unmatched parentheses at include/openssl/asn1.h line 520
make[1]: *** [Makefile:4757: util/libcrypto.num] Error 255
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:3387: build_sw] Error 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19686)
show more ...
|
| cab5b3a3 | 15-Nov-2022 |
Todd Short |
Fix openssl.txt
The values don't match those in include/openssl/sslerr.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from
Fix openssl.txt
The values don't match those in include/openssl/sslerr.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19688)
show more ...
|
| 7bc5ce4a | 16-Nov-2022 |
Richard Levitte |
Use <openssl/e_os2.h> rather than <stdint.h>
<stdint.h> is C99, which means that on older compiler, it can't be included.
We have code in <openssl/e_os2.h> that compensates.
Rev
Use <openssl/e_os2.h> rather than <stdint.h>
<stdint.h> is C99, which means that on older compiler, it can't be included.
We have code in <openssl/e_os2.h> that compensates.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19697)
show more ...
|
| 7489ada9 | 14-Nov-2022 |
Graham Woodward |
Add test to confirm IPAddressFamily_check_len catches invalid len
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://
Add test to confirm IPAddressFamily_check_len catches invalid len
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19273)
show more ...
|
| 9351f675 | 27-Sep-2022 |
Graham Woodward |
Catch incorrect IPAddressFamily lengths
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl
Catch incorrect IPAddressFamily lengths
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19273)
show more ...
|
| 2fea5683 | 14-Nov-2022 |
Simo Sorce |
Drop explicit check for engines in opt_legacy_okay
The providers indication should always indicate that this is not a
legacy request.
This makes a check for engines redundant as the
Drop explicit check for engines in opt_legacy_okay
The providers indication should always indicate that this is not a
legacy request.
This makes a check for engines redundant as the default return is that
legacy is ok if there are no explicit providers.
Fixes #19662
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19671)
show more ...
|
