- 19 6月, 2020 1 次提交
-
-
由 haykam821 提交于
CLA: trivial Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12161)
-
- 18 6月, 2020 3 次提交
-
-
由 Matthias Kraft 提交于
The binder of the AIX linker needs to be told which functions to call on loading and initializing a shared object. Therefore another configuration variable shared_fipsflag is introduced, which is appended to shared_defflag when the providers/fips module gets configured. It was suggested to refactor the line in the build file template to become more generic and less magic. There is, however, currently no suggestion how to actually achive this, so we leave a TODO comment. The possible shared_fipsflag must only be appended to the shared_def iff this code is acting on behalf of the fips provider module build. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11950)
-
Signed-off-by: NSebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12172)
-
由 Shane Lontis 提交于
This is a result of removal of interactive mode. Redirected it to now use 'openssl help'. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12164)
-
- 17 6月, 2020 8 次提交
-
-
由 Pauli 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12149)
-
由 Pauli 提交于
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12149)
-
由 Shane Lontis 提交于
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11572)
-
由 Dmitry Belyavskiy 提交于
[extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12124)
-
由 Nicola Tuveri 提交于
Closes #12129 As described in https://github.com/openssl/openssl/issues/12129 the readability of the internal functions providing the two alternative implementations for `BN_mod_inverse()` is a bit lacking. Both these functions are now completely internal, so we have the flexibility needed to slightly improve readability and remove unnecessary NULL checks. The main changes here are: - rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`: this function is `static` so it is not even visible within the rest of libcrypto. By convention upcase prefixes are reserved for public functions. - remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this function is internal to the BN module and we can guarantee that all callers pass non-NULL arguments. - `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so that it can signal if no inverse exists for the given inputs: in this way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the case for the non-consttime implementation of `int_bn_mod_inverse()`. - `BN_mod_inverse()` is a public function and must guarantee that the internal functions providing the actual implementation receive valid arguments. If the caller passes a NULL `BN_CTX` we create a temporary one for internal use. - reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward declaration of `static` functions (in preparation for inlining). - inline `bn_mod_inverse_no_branch()`. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12142)
-
由 Dr. David von Oheimb 提交于
Add/extend range check for 'fd' argument of BIO_socket_wait() and bio_wait() Correct nap time calculations in bio_wait(), thus correcting also BIO_wait() Update a type cast from 'unsigned long' to 'unsigned int' Extend the comments and documentation of BIO_wait() Rename BIO_connect_retry() to BIO_do_connect_retry() Make its 'timeout' argument < 0 lead to BIO_do_connect() tried only once Add optional 'nap_milliseconds' parameter determining the polling granularity Correct and generalize the retry case checking Extend the comments and documentation of BIO_do_connect_retry() Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11986)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11986)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11986)
-
- 16 6月, 2020 2 次提交
-
-
由 olszomal 提交于
CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12055)
-
由 Richard Levitte 提交于
This is a simple check order correction. Fixes #12143 Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12144)
-
- 15 6月, 2020 1 次提交
-
-
由 Benjamin Kaduk 提交于
The assembly code is not PIC, so we should only try to build it when the configuration has disabled PIC, not the other way around. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12128)
-
- 14 6月, 2020 1 次提交
-
-
由 Nicola Tuveri 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12127)
-
- 13 6月, 2020 24 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12098)
-
由 Dr. David von Oheimb 提交于
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
as checking expected_sender and adding caPubs is not part of msg validation. Also constify a couple of internal and public functions related to cmp_vfy.c Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Bugfix: allow using extraCerts contained in msg already while checking signature Improve function name, simplify its return value, and update its documentation Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
-
由 Pauli 提交于
[extended tests] Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12121)
-