| 33ac7b32 | 26-Feb-2021 |
Richard Levitte |
Add a new test recipe to verify the generated test fipsmodule.cnf
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320) |
| c9b0214e | 25-Feb-2021 |
Richard Levitte |
Fix the perl code to get FIPSMODULENAME
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320) |
| e25b4db7 | 29-Sep-2020 |
Richard Levitte |
TEST: Remove the build of fipsmodule.cnf from test recipes
The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's
TEST: Remove the build of fipsmodule.cnf from test recipes
The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's safe.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
show more ...
|
| e9d74dbd | 28-Sep-2020 |
Richard Levitte |
APPS: Modify 'fipsinstall' to output all notifications on stderr
The actual output of the 'fipsinstall' is the config file it outputs.
It should be possible to output that to standard ou
APPS: Modify 'fipsinstall' to output all notifications on stderr
The actual output of the 'fipsinstall' is the config file it outputs.
It should be possible to output that to standard output, and diverse
notification messages shouldn't be mixed in. Therefore, we output
them to standard error instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
show more ...
|
| 05869bba | 25-Feb-2021 |
Richard Levitte |
Make 'tests' depend on a generated 'providers/fipsmodule.cnf'
providers/fipsmodule.cnf is generated using 'openssl fipsinstall' with
the openssl program in the build directory.
Make 'tests' depend on a generated 'providers/fipsmodule.cnf'
providers/fipsmodule.cnf is generated using 'openssl fipsinstall' with
the openssl program in the build directory.
Fixes #14315
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
show more ...
|
| 79f47ef5 | 25-Feb-2021 |
Richard Levitte |
build.info: Make it possible to use compiled programs as generators
Our goal is to be able to produce fipsmodule.cnf with the help of
'openssl fipsinstall', using the openssl program tha
build.info: Make it possible to use compiled programs as generators
Our goal is to be able to produce fipsmodule.cnf with the help of
'openssl fipsinstall', using the openssl program that we build.
This refactors the generatesrc code in all the build file templates to
replace $generator and $generator_incs with $gen0, $gen_args and $gen_incs,
which makes it easier and more consistent to manipulate different bits
of the generator command, and also keeps the variable names consistent
while not overly long.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
show more ...
|
| 3f399e37 | 25-Feb-2021 |
Richard Levitte |
build.info: Add the possibility to add dependencies on raw targets
We need to add something for the 'tests' target to depend on, so a
special syntax for those is introduced:
build.info: Add the possibility to add dependencies on raw targets
We need to add something for the 'tests' target to depend on, so a
special syntax for those is introduced:
DEPEND[|tests|]=fipsmodule.cnf
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
show more ...
|
| 8593ff00 | 01-Mar-2021 |
Richard Levitte |
DOCS: Fix provider-mac.pod and the docs of our implementations
The idea being that doc/man7/provider-mac.pod is for provider authors,
while provider users find the documentation for each
DOCS: Fix provider-mac.pod and the docs of our implementations
The idea being that doc/man7/provider-mac.pod is for provider authors,
while provider users find the documentation for each implementation in
doc/man7/EVP_MAC-*.pod, the documentation of parameters wasn't quite
aligned. This change re-arranges the parameter documentation to be
more aligned with this idea.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14380)
show more ...
|
| cb54d1b9 | 02-Mar-2021 |
Pauli |
doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type.
The type needs to be set before the DRBGs are created.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(
doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type.
The type needs to be set before the DRBGs are created.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14386)
show more ...
|
| f21afe63 | 02-Mar-2021 |
Tomas Mraz |
ossl_rsa_sp800_56b_check_public: Be more lenient with small keys
Fixes #13995
For small keys the MR test on the modulus can return
BN_PRIMETEST_COMPOSITE_WITH_FACTOR status alth
ossl_rsa_sp800_56b_check_public: Be more lenient with small keys
Fixes #13995
For small keys the MR test on the modulus can return
BN_PRIMETEST_COMPOSITE_WITH_FACTOR status although the modulus
is correct.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14389)
show more ...
|
| 87994aa8 | 01-Mar-2021 |
Pauli |
rand: remove FIPS mode conditional code.
The FIPS provider no longer has seeding sources inside the boundary, the
related conditional code can therefore be removed.
Fixes #14358
rand: remove FIPS mode conditional code.
The FIPS provider no longer has seeding sources inside the boundary, the
related conditional code can therefore be removed.
Fixes #14358
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14382)
show more ...
|
| fb67126e | 26-Feb-2021 |
Tomas Mraz |
EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with
EV
EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with
EVP_DigestSign/VerifyInit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14338)
show more ...
|
| 4e4ae840 | 24-Feb-2021 |
Shane Lontis |
Fix NULL access in ssl_build_cert_chain() when ctx is NULL.
Fixes #14294
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from
Fix NULL access in ssl_build_cert_chain() when ctx is NULL.
Fixes #14294
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14295)
show more ...
|
| 81f9af34 | 01-Mar-2021 |
Tomas Mraz |
Remove todos in decode_der2key.c and decode_ms2key.c
Those TODOs do not really apply to 3.0 as the legacy internal
keys will stay.
Reviewed-by: Paul Dale <pauli@openssl.org>
Remove todos in decode_der2key.c and decode_ms2key.c
Those TODOs do not really apply to 3.0 as the legacy internal
keys will stay.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| 77b03f0e | 01-Mar-2021 |
Tomas Mraz |
Improve error reporting in key exchange provider implementations
Added some error reporting in dh_exch.c and unified error reporting
with it in other key exchange methods.
Revie
Improve error reporting in key exchange provider implementations
Added some error reporting in dh_exch.c and unified error reporting
with it in other key exchange methods.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| f5c629a0 | 01-Mar-2021 |
Tomas Mraz |
Remove unused MAX_TLS_MAC_SIZE define
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367) |
| fffb6734 | 01-Mar-2021 |
Tomas Mraz |
Remove todos in providers/implementations/include/prov
Those TODOs are not relevant anymore as the headers
are now in providers.
Also make the header guard defines better reflec
Remove todos in providers/implementations/include/prov
Those TODOs are not relevant anymore as the headers
are now in providers.
Also make the header guard defines better reflect the
header placement.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| 8d05a652 | 26-Feb-2021 |
Tomas Mraz |
Resolve TODOs in signature implementations.
The DER writing errors can be ignored safely.
Document that the EVP_MAX_MD_SIZE is a hardcoded limit
for digest sizes.
Revie
Resolve TODOs in signature implementations.
The DER writing errors can be ignored safely.
Document that the EVP_MAX_MD_SIZE is a hardcoded limit
for digest sizes.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| f378755d | 26-Feb-2021 |
Tomas Mraz |
statem_lib.c: Remove TODOs that are unnecessary
If the EVP_MD_CTX_ctrl is deprecated the code will
generate deprecation warnings. So there is no point in marking
all EVP_MD_CTX_ctrl(
statem_lib.c: Remove TODOs that are unnecessary
If the EVP_MD_CTX_ctrl is deprecated the code will
generate deprecation warnings. So there is no point in marking
all EVP_MD_CTX_ctrl() calls with TODOs.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| 5e2f580d | 26-Feb-2021 |
Tomas Mraz |
test_ssl_new: X448, X25519, and EdDSA are supported with fips
Removed the related TODOs.
Also adjusted the DH parameters used for the DH test to be acceptable
for FIPS as that n
test_ssl_new: X448, X25519, and EdDSA are supported with fips
Removed the related TODOs.
Also adjusted the DH parameters used for the DH test to be acceptable
for FIPS as that now allows only known safe prime parameters.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| 21b7dfa8 | 26-Feb-2021 |
Tomas Mraz |
evp_extra_test2: Remove TODO 3.0
The TODO marks optional cleanup that can be done any time in future.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/
evp_extra_test2: Remove TODO 3.0
The TODO marks optional cleanup that can be done any time in future.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| b3c155b8 | 26-Feb-2021 |
Tomas Mraz |
evp_extra_test: Remove TODO comment as setting the curve is mandatory
Even with the SM2 algorithm the curve is needed for the paramgen.
Reviewed-by: Paul Dale <pauli@openssl.org>
evp_extra_test: Remove TODO comment as setting the curve is mandatory
Even with the SM2 algorithm the curve is needed for the paramgen.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| d36a5dd0 | 01-Mar-2021 |
Matt Caswell |
Fix a copy&paste error in evp_extra_test
test_EC_priv_pub fails to test the case where both a private and public
key have been supplied.
Fixes #14349
Reviewed-by: Richa
Fix a copy&paste error in evp_extra_test
test_EC_priv_pub fails to test the case where both a private and public
key have been supplied.
Fixes #14349
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14351)
show more ...
|
| d7d8e2c8 | 25-Feb-2021 |
Fangming.Fang |
Fix compiling error on arm
Fixes #14313
Change-Id: I0dc9dd475a1ed1331738355fbbec0c51fbcb37f1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@
Fix compiling error on arm
Fixes #14313
Change-Id: I0dc9dd475a1ed1331738355fbbec0c51fbcb37f1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14346)
show more ...
|
| 025c0f52 | 01-Mar-2021 |
Dr. David von Oheimb |
openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14018) |
