openssl - OpenGrok history log for /openssl

Revision (<<< Hide revision tags) (Show revision tags >>>)	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
341c3e7f	29-Aug-2020	Shane Lontis	Add fips checks for ecdh key agreement For key agreement only NIST curves that have a security strength of 112 bits or more are allowed. Fixed tests so they obey these restrictions when Add fips checks for ecdh key agreement For key agreement only NIST curves that have a security strength of 112 bits or more are allowed. Fixed tests so they obey these restrictions when testing in fips mode. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) show more ... providers/implementations/exchange/ecdh_exch.c test/recipes/30-test_evp_data/evppkey_kas.txt test/ssl-tests/14-curves.cnf test/ssl-tests/14-curves.cnf.in
8d17cca5	29-Aug-2020	Shane Lontis	Add fips checks for rsa encryption Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) providers/implementations/asymciphers/rsa_enc.c test/recipes/15-test_rsaoaep.t test/testrsa2048.pem
b8237707	29-Aug-2020	Shane Lontis	Add fips checks for dh key agreement Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) crypto/ffc/ffc_params_generate.c providers/implementations/exchange/build.info providers/implementations/exchange/dh_exch.c
0645110e	29-Aug-2020	Shane Lontis	Add fips checks for ecdsa signatures Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) providers/common/include/prov/provider_util.h providers/common/provider_util.c providers/implementations/signature/ecdsa.c test/evp_test.c test/recipes/30-test_evp_data/evppkey_ecdsa.txt test/ssl-tests/20-cert-select.cnf test/ssl-tests/20-cert-select.cnf.in
e43b4482	29-Aug-2020	Shane Lontis	Add fips checks for dsa signatures Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) providers/implementations/signature/build.info providers/implementations/signature/dsa.c test/recipes/30-test_evp_data/evppkey_dsa.txt
3f699197	29-Aug-2020	Shane Lontis	Add fips checks for rsa signatures. In fips mode SHA1 should not be allowed for signing, but may be present for verifying. Add keysize check. Add missing 'ossl_unused' to gettable an Add fips checks for rsa signatures. In fips mode SHA1 should not be allowed for signing, but may be present for verifying. Add keysize check. Add missing 'ossl_unused' to gettable and settable methods. Update fips related tests that have these restrictions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) show more ... providers/common/include/prov/provider_util.h providers/common/provider_util.c providers/implementations/signature/rsa.c test/recipes/30-test_evp.t test/recipes/30-test_evp_data/evppkey_rsa.txt test/recipes/30-test_evp_data/evppkey_rsa_common.txt test/recipes/80-test_cms.t
282de1cc	15-Sep-2020	Matt Caswell	Fix some doc-nits and make update errors The new lhash changes have confused some of the perl scripts so we add some fixes. Reviewed-by: Richard Levitte <levitte@openssl.org> Fix some doc-nits and make update errors The new lhash changes have confused some of the perl scripts so we add some fixes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12860) show more ... util/find-doc-nits util/perl/OpenSSL/ParseC.pm
028b31b3	11-Sep-2020	Matt Caswell	Remove some unneeded code from lhash.h lhash.h had some workaround code for the issue where static inline functions contained references to libcrypto symbols in public header files. Remove some unneeded code from lhash.h lhash.h had some workaround code for the issue where static inline functions contained references to libcrypto symbols in public header files. Since this issue no longer exists this workaround code can be removed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12860) show more ... include/openssl/lhash.h
efffd8a6	11-Sep-2020	Matt Caswell	Update err.h to use the new lhash generation code Generate the lhash macros for the ERR_STRING_DATA type Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https:// Update err.h to use the new lhash generation code Generate the lhash macros for the ERR_STRING_DATA type Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12860) show more ... .gitignore build.info include/openssl/err.h.in
2ca697ce	11-Sep-2020	Matt Caswell	Update conf.h.in to use the new lhash generation code Generate the lhash macros for the CONF_VALUE type Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://g Update conf.h.in to use the new lhash generation code Generate the lhash macros for the CONF_VALUE type Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12860) show more ... include/openssl/conf.h.in
726b3293	11-Sep-2020	Matt Caswell	Provide basis for fixing lhash code Following on from the earlier safestack work we provide the basis for fixing the lhash code such that unused static inline functions do not cause Provide basis for fixing lhash code Following on from the earlier safestack work we provide the basis for fixing the lhash code such that unused static inline functions do not cause linker errors for applications including those headers. This brings the lhash code into line with the safestack code. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12860) show more ... include/openssl/lhash.h util/perl/OpenSSL/stackhash.pm
ecf15b16	20-Jul-2019	Alexander Borkowski	s_client.pod: Fix grammar in NOTES section. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk s_client.pod: Fix grammar in NOTES section. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9421) show more ... doc/man1/openssl-s_client.pod.in
7f9e7440	01-Sep-2020	Shane Lontis	Add selftest callback to CRNG output test Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12795) crypto/self_test_core.c doc/man3/OSSL_SELF_TEST_new.pod doc/man7/OSSL_PROVIDER-FIPS.pod include/openssl/self_test.h providers/implementations/rands/crngt.c
4b51903d	16-Sep-2020	Shane Lontis	Fix AES_XTS on x86-64 platforms with BSAES and VPAES support. Fixes #11622 Fixes #12378 Due to a missing else it was setting up the stream for BSAES and then using this incorrec Fix AES_XTS on x86-64 platforms with BSAES and VPAES support. Fixes #11622 Fixes #12378 Due to a missing else it was setting up the stream for BSAES and then using this incorrect stream with VPAES. The correct behaviour is not to use VPAES at all in this case. Also note that the original code in e_aes could set up VPAES and then would overwrite it with the generic implementation. On a machine that supported both BSAES and VPAES the code was changed locally to force it to run both cases to verify both paths produce the correct known answers. Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12887) show more ... providers/implementations/ciphers/cipher_aes_xts_hw.c
f80d0d2f	14-Sep-2020	Dmitry Belyavskiy	HMAC should work with non-provided digests Fixes #12839 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from htt HMAC should work with non-provided digests Fixes #12839 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12874) show more ... crypto/evp/m_sigver.c
67ecd65c	11-Sep-2020	Tomas Mraz	Rename check_chain_extensions to check_chain The function does much more than just checking extensions. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Rename check_chain_extensions to check_chain The function does much more than just checking extensions. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12683) show more ... crypto/x509/v3_purp.c crypto/x509/x509_vfy.c
cccf532f	11-Sep-2020	Tomas Mraz	Disallow certs with explicit curve in verification chain The check is applied only with X509_V_FLAG_X509_STRICT. Fixes #12139 Reviewed-by: David von Oheimb <david.von.oheim Disallow certs with explicit curve in verification chain The check is applied only with X509_V_FLAG_X509_STRICT. Fixes #12139 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12683) show more ... crypto/x509/x509_txt.c crypto/x509/x509_vfy.c include/openssl/x509_vfy.h.in ssl/statem/statem_lib.c test/certs/ca-cert-ec-explicit.pem test/certs/ca-cert-ec-named.pem test/certs/ca-key-ec-explicit.pem test/certs/ca-key-ec-named.pem test/certs/ee-cert-ec-explicit.pem test/certs/ee-cert-ec-named-explicit.pem test/certs/ee-cert-ec-named-named.pem test/certs/ee-key-ec-explicit.pem test/certs/ee-key-ec-named-explicit.pem test/certs/ee-key-ec-named-named.pem test/certs/setup.sh test/recipes/25-test_verify.t
fe2f8aec	21-Aug-2020	Tomas Mraz	EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12683) show more ... crypto/ec/ec_asn1.c crypto/ec/ec_key.c crypto/ec/ec_lib.c crypto/ec/ec_local.h doc/man3/EC_KEY_new.pod include/openssl/ec.h test/ec_internal_test.c util/libcrypto.num
bde4aa8d	16-Sep-2020	Dr. David von Oheimb	Fix Coverity CID 1466708 - correct pointer calculation in one case Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12894) crypto/http/http_lib.c
ebcae87f	15-Sep-2020	Xiaofei Bai	FIX strncpy warning in apps/cmp.c. bugfix: #12872 strncpy here has compiling warning of -Wstringop-truncation, change into BIO_snprintf as before. Change-Id: I362872c4a FIX strncpy warning in apps/cmp.c. bugfix: #12872 strncpy here has compiling warning of -Wstringop-truncation, change into BIO_snprintf as before. Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/12889) show more ... apps/cmp.c
1cae59d1	14-Sep-2020	Jon Spillett	Make KDFs fail if requesting a zero-length key. Also add more test cases Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul D Make KDFs fail if requesting a zero-length key. Also add more test cases Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12826) show more ... providers/implementations/kdfs/hkdf.c providers/implementations/kdfs/kbkdf.c providers/implementations/kdfs/tls1_prf.c test/evp_kdf_test.c
00108705	08-Sep-2020	Jon Spillett	Allow zero-length secret for EVP_KDF API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fr Allow zero-length secret for EVP_KDF API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12826) show more ... providers/implementations/macs/hmac_prov.c
ec4c86d9	16-Sep-2020	Daniel Bevenius	Fix typo in bind_loader_attic comment Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/o Fix typo in bind_loader_attic comment Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12890) show more ... engines/e_loader_attic.c
3f96b687	14-Sep-2020	Matt Caswell	Document 2 newly added functions Adds documentation for EVP_PKEY_get0_first_alg_name() and EVP_KEYMGMT_get0_first_name(). Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Document 2 newly added functions Adds documentation for EVP_PKEY_get0_first_alg_name() and EVP_KEYMGMT_get0_first_name(). Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850) show more ... doc/man3/EVP_KEYMGMT.pod doc/man3/EVP_PKEY_is_a.pod
7fc6168b	14-Sep-2020	Matt Caswell	Test HMAC output from the dgst CLI We run two HMAC operations on the same file and confirm that both provide us with the expected values. Reviewed-by: Dmitry Belyavskiy <beldmit Test HMAC output from the dgst CLI We run two HMAC operations on the same file and confirm that both provide us with the expected values. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850) show more ... test/recipes/20-test_dgst.t
1...<<351 352 353 354 355 356 357 358 359360>>...1444