db9eb0f9 | 29-Jul-2024 |
Pauli |
test: add unit tests for disallowed XOF digests Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com
test: add unit tests for disallowed XOF digests Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
5ab9f7e2 | 29-Jul-2024 |
Pauli |
signatures: disallow XOF digests when doing signatures Except for Ed448 and RSA PSS where they are mandatory and allow respectively. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.co
signatures: disallow XOF digests when doing signatures Except for Ed448 and RSA PSS where they are mandatory and allow respectively. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
d8783a18 | 29-Jul-2024 |
Pauli |
fipsinstall: use correct macro for no drbg trunc digest option Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from htt
fipsinstall: use correct macro for no drbg trunc digest option Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
fcf83905 | 29-Jul-2024 |
Pauli |
test: update fipsinstall tests to cover signature_digest_check option Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged f
test: update fipsinstall tests to cover signature_digest_check option Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
c613f080 | 26-Jul-2024 |
Pauli |
Add signature digest check option to fipsinstall Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.co
Add signature digest check option to fipsinstall Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
5d6e692c | 25-Jul-2024 |
Pauli |
doc: document -signature_digest_check option to fipsinstall Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https:
doc: document -signature_digest_check option to fipsinstall Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
a46abbd6 | 26-Jul-2024 |
Neil Horman |
Fix typing on call to interlockedExchange for windows mingw is complaining on builds about the use of InterlockedExchange on a uint32_t type, as the input parameter here is expected to b
Fix typing on call to interlockedExchange for windows mingw is complaining on builds about the use of InterlockedExchange on a uint32_t type, as the input parameter here is expected to be LONG (defined as signed 32 bit on all versions of windows). the input value (reader_idx) will never grow larger than the group size of the lock (nominally 2, but always a reasonably small value), so it should be safe to just cast it to the appropriate type here. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25015)
show more ...
|
d7b659e1 | 08-Aug-2024 |
Dmitry Belyavskiy |
Fix PBMAC1 MAC verification in FIPS mode The check for fetchability PKCS12KDF doesn't make sense when we have a different MAC mechanism Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Fix PBMAC1 MAC verification in FIPS mode The check for fetchability PKCS12KDF doesn't make sense when we have a different MAC mechanism Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25144)
show more ...
|
3416c0bf | 08-Aug-2024 |
Pauli |
test: add error reasons to KBKDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/op
test: add error reasons to KBKDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
fb51e4f6 | 08-Aug-2024 |
Pauli |
test: add positive FIPS indicator failure tests for DRBGs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://gi
test: add positive FIPS indicator failure tests for DRBGs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
dc16db61 | 08-Aug-2024 |
Pauli |
test: add error reasons to TLS 1 PRF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openss
test: add error reasons to TLS 1 PRF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
90f64d06 | 08-Aug-2024 |
Pauli |
test: add error reasons to X9.63 test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/ope
test: add error reasons to X9.63 test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
0acf9f89 | 08-Aug-2024 |
Pauli |
test: add error reasons to X9.42 test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/ope
test: add error reasons to X9.42 test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
41a9aeb6 | 08-Aug-2024 |
Pauli |
test: add error reasons to TLS 1.3 KDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/open
test: add error reasons to TLS 1.3 KDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
a969c466 | 08-Aug-2024 |
Pauli |
test: add error reasons to TLS 1.2 PRF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/open
test: add error reasons to TLS 1.2 PRF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
3cccd17e | 08-Aug-2024 |
Pauli |
test: add error reasons to Single Step KDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/
test: add error reasons to Single Step KDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
20284908 | 08-Aug-2024 |
Pauli |
test: add error reasons to SSHKDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/o
test: add error reasons to SSHKDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
bb3b3abf | 08-Aug-2024 |
Pauli |
test: add error reasons to PBKDF2 tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/o
test: add error reasons to PBKDF2 tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
8c24acda | 08-Aug-2024 |
Pauli |
test: add error reasons to HKDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/ope
test: add error reasons to HKDF tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
77915ae8 | 08-Aug-2024 |
Pauli |
test: add error reasons to KMAC tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/ope
test: add error reasons to KMAC tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
068c9bee | 08-Aug-2024 |
Pauli |
test: add error reasons to RSA tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/open
test: add error reasons to RSA tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
8e316edd | 08-Aug-2024 |
Pauli |
fips: change from function call to macro in rsa_enc.c Use of the function instead of the macro for the indicator unapproved check was noted in: https://github.com/openssl/openssl/pull/25
fips: change from function call to macro in rsa_enc.c Use of the function instead of the macro for the indicator unapproved check was noted in: https://github.com/openssl/openssl/pull/25070#discussion_r1706564363 Fix things to use the macro properly. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25134)
show more ...
|
f0768376 | 26-Jul-2024 |
Neil Horman |
limit bignums to 128 bytes Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmai
limit bignums to 128 bytes Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25013)
show more ...
|
250a7adb | 01-Aug-2024 |
slontis |
Add "no-fips-post" configure option. Using this option disables the OpenSSL FIPS provider self tests. This is intended for debugging purposes only, as it breaks FIPS compliance.
Add "no-fips-post" configure option. Using this option disables the OpenSSL FIPS provider self tests. This is intended for debugging purposes only, as it breaks FIPS compliance. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25063)
show more ...
|
ea3888a3 | 07-Aug-2024 |
slontis |
Fix FIPS indicator defines for larger indicies. A newer PR is using setable3 now so these indicies should be fixed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul
Fix FIPS indicator defines for larger indicies. A newer PR is using setable3 now so these indicies should be fixed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25118)
show more ...
|