| 12bbcee2 | 29-May-2020 |
Dr. David von Oheimb |
Make CMP server use same protection for response as for request
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(M
Make CMP server use same protection for response as for request
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
show more ...
|
| 5aed1786 | 28-May-2020 |
Dr. David von Oheimb |
Fill in transactionID on any error in OSSL_CMP_SRV_process_request()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 430efff1 | 28-May-2020 |
Dr. David von Oheimb |
Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update()
Bugfix: allow using extraCerts contained in msg already while checking signature
Improve function name, si
Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update()
Bugfix: allow using extraCerts contained in msg already while checking signature
Improve function name, simplify its return value, and update its documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
show more ...
|
| ca6f1ba9 | 28-May-2020 |
Dr. David von Oheimb |
Improve cert checking diagnostics of OSSL_CMP_validate_msg()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 7aa70fd5 | 27-May-2020 |
Dr. David von Oheimb |
Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 032b13c7 | 27-May-2020 |
Dr. David von Oheimb |
Correct error reason of verify_signature() in cmp_vfy.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| f009e37c | 26-May-2020 |
Dr. David von Oheimb |
Extend error output of apps/opt_format() to all error cases
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 2620c38b | 26-May-2020 |
Dr. David von Oheimb |
Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 50e09788 | 26-May-2020 |
Dr. David von Oheimb |
Fix use of -no-proxy option of CMP app
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 5a2ba207 | 25-May-2020 |
Dr. David von Oheimb |
Add request URL path checking and status responses to HTTP server
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 16931355 | 20-May-2020 |
Dr. David von Oheimb |
Allow subject of CMP -oldcert as sender unless protection cert is given
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 7e998a0f | 20-May-2020 |
Dr. David von Oheimb |
Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 6d934add | 20-May-2020 |
Dr. David von Oheimb |
Check expected sender not only for signature-protected CMP messages
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| 0d17c2f4 | 19-May-2020 |
Dr. David von Oheimb |
Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11
Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
show more ...
|
| b27ff9b8 | 19-May-2020 |
Dr. David von Oheimb |
Streamline the approach to set CMP message recipient and expected sender
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| ce0465ed | 18-May-2020 |
Dr. David von Oheimb |
Fix too strict checks of ossl_cmp_calc_protection()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998) |
| ffb6c866 | 11-Jun-2020 |
Pauli |
Guard new header mac.h against C++isms.
[extended tests]
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12121) |
| 5ea8afd3 | 11-Jun-2020 |
Pauli |
Fix two additional instances of the old EVP_MAC_CTX_ functions being used.
[extended tests]
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/op
Fix two additional instances of the old EVP_MAC_CTX_ functions being used.
[extended tests]
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12121)
show more ...
|
| 7f81aed4 | 10-Jun-2020 |
John Baldwin |
Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs.
BSD-generic32 already uses this for building shared libraries on other
32-bit BSD platforms. Commit b7efa56 collapsed vario
Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs.
BSD-generic32 already uses this for building shared libraries on other
32-bit BSD platforms. Commit b7efa56 collapsed various *BSD targets
down to the BSD-generic ones and BSD-x86. At the time only
OpenBSD/i386 used `bsd-shared` while both FreeBSD and NetBSD used
`bsd-gcc-shared`. In practice, all of the BSDs are using either a
GCC/ld.bfd toolchain or a clang/lld toolchain both of which are
compatible with 'bsd-gcc-shared'.
Retire 'bsd-shared' since this removes the last user.
Fixes #12050.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12110)
show more ...
|
| 0f6c3ebb | 06-Jun-2020 |
Sebastian Andrzej Siewior |
doc: Add a hint to man3/EVP_$hash that it is legacy
Some hash algorithms are only provided by the legacy provider. This
information is not mentioned in EVP_md4(3) for md4 and one might w
doc: Add a hint to man3/EVP_$hash that it is legacy
Some hash algorithms are only provided by the legacy provider. This
information is not mentioned in EVP_md4(3) for md4 and one might wonder
why it is no longer working.
Add a note to the EVP_ man page for md2, md4, mdc2, ripemd160 and
whirlpool that it is only available with the legacy provider.
Fixes #11650
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)
show more ...
|
| 1154ffbf | 06-Jun-2020 |
Sebastian Andrzej Siewior |
APPS: Use a second EVP_MD_CTX for EdDSA verify
Verify for the two EdDSA algorithms fails in "speed eddsa".
It appears that the same ctx can not be used for the sign and verify
proces
APPS: Use a second EVP_MD_CTX for EdDSA verify
Verify for the two EdDSA algorithms fails in "speed eddsa".
It appears that the same ctx can not be used for the sign and verify
process.
Create a second EVP_MD_CTX for the verify purpose.
Fixes #11650
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)
show more ...
|
| 42b2797e | 06-Jun-2020 |
Sebastian Andrzej Siewior |
APPS: Exclude legacy algorighms from speed
Legacy crypto algorithms are not provided by the default "provider"
leading to a warning.
Remove legacy algorithms from the set that is tes
APPS: Exclude legacy algorighms from speed
Legacy crypto algorithms are not provided by the default "provider"
leading to a warning.
Remove legacy algorithms from the set that is tested by default. The
algorihms can be tested manually if selected manually and using the
legacy provider.
Fixes #11650
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)
show more ...
|
| d9c2fd51 | 08-Jun-2020 |
Pauli |
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.
Before 3.0 is released, the names are mu
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.
Before 3.0 is released, the names are mutable and this prevents more
inconsistencies being introduced.
There are no functional or code changes.
Just the renaming and a little reformatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11997)
show more ...
|
| 765d04c9 | 08-Jun-2020 |
Pauli |
kdf: make function naming consistent.
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.
Reviewed-by: Richard Levitte <levitte@openssl.o
kdf: make function naming consistent.
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11996)
show more ...
|
| 5cff2df8 | 27-May-2020 |
Matt Caswell |
Make it clear that you can't use all ciphers for CMAC
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972) |
