- 17 6月, 2020 6 次提交
-
-
由 Shane Lontis 提交于
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11572)
-
由 Dmitry Belyavskiy 提交于
[extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12124)
-
由 Nicola Tuveri 提交于
Closes #12129 As described in https://github.com/openssl/openssl/issues/12129 the readability of the internal functions providing the two alternative implementations for `BN_mod_inverse()` is a bit lacking. Both these functions are now completely internal, so we have the flexibility needed to slightly improve readability and remove unnecessary NULL checks. The main changes here are: - rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`: this function is `static` so it is not even visible within the rest of libcrypto. By convention upcase prefixes are reserved for public functions. - remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this function is internal to the BN module and we can guarantee that all callers pass non-NULL arguments. - `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so that it can signal if no inverse exists for the given inputs: in this way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the case for the non-consttime implementation of `int_bn_mod_inverse()`. - `BN_mod_inverse()` is a public function and must guarantee that the internal functions providing the actual implementation receive valid arguments. If the caller passes a NULL `BN_CTX` we create a temporary one for internal use. - reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward declaration of `static` functions (in preparation for inlining). - inline `bn_mod_inverse_no_branch()`. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12142)
-
由 Dr. David von Oheimb 提交于
Add/extend range check for 'fd' argument of BIO_socket_wait() and bio_wait() Correct nap time calculations in bio_wait(), thus correcting also BIO_wait() Update a type cast from 'unsigned long' to 'unsigned int' Extend the comments and documentation of BIO_wait() Rename BIO_connect_retry() to BIO_do_connect_retry() Make its 'timeout' argument < 0 lead to BIO_do_connect() tried only once Add optional 'nap_milliseconds' parameter determining the polling granularity Correct and generalize the retry case checking Extend the comments and documentation of BIO_do_connect_retry() Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11986)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11986)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11986)
-
- 16 6月, 2020 2 次提交
-
-
由 olszomal 提交于
CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12055)
-
由 Richard Levitte 提交于
This is a simple check order correction. Fixes #12143 Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12144)
-
- 15 6月, 2020 1 次提交
-
-
由 Benjamin Kaduk 提交于
The assembly code is not PIC, so we should only try to build it when the configuration has disabled PIC, not the other way around. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12128)
-
- 14 6月, 2020 1 次提交
-
-
由 Nicola Tuveri 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12127)
-
- 13 6月, 2020 25 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12098)
-
由 Dr. David von Oheimb 提交于
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
as checking expected_sender and adding caPubs is not part of msg validation. Also constify a couple of internal and public functions related to cmp_vfy.c Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Bugfix: allow using extraCerts contained in msg already while checking signature Improve function name, simplify its return value, and update its documentation Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Pauli 提交于
[extended tests] Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12121)
-
由 Pauli 提交于
[extended tests] Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12121)
-
- 12 6月, 2020 1 次提交
-
-
由 John Baldwin 提交于
BSD-generic32 already uses this for building shared libraries on other 32-bit BSD platforms. Commit b7efa56a collapsed various *BSD targets down to the BSD-generic ones and BSD-x86. At the time only OpenBSD/i386 used `bsd-shared` while both FreeBSD and NetBSD used `bsd-gcc-shared`. In practice, all of the BSDs are using either a GCC/ld.bfd toolchain or a clang/lld toolchain both of which are compatible with 'bsd-gcc-shared'. Retire 'bsd-shared' since this removes the last user. Fixes #12050. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12110)
-
- 11 6月, 2020 4 次提交
-
-
Some hash algorithms are only provided by the legacy provider. This information is not mentioned in EVP_md4(3) for md4 and one might wonder why it is no longer working. Add a note to the EVP_ man page for md2, md4, mdc2, ripemd160 and whirlpool that it is only available with the legacy provider. Fixes #11650 Signed-off-by: NSebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12074)
-
Verify for the two EdDSA algorithms fails in "speed eddsa". It appears that the same ctx can not be used for the sign and verify process. Create a second EVP_MD_CTX for the verify purpose. Fixes #11650 Signed-off-by: NSebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12074)
-
Legacy crypto algorithms are not provided by the default "provider" leading to a warning. Remove legacy algorithms from the set that is tested by default. The algorihms can be tested manually if selected manually and using the legacy provider. Fixes #11650 Signed-off-by: NSebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12074)
-
由 Pauli 提交于
functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11997)
-