- 10 8月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
Now that the EVP_PKEY KDF bridge is based on provider code a TODO item can be removed from evp_test. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
-
- 09 8月, 2020 1 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
-
- 07 8月, 2020 1 次提交
-
-
由 Shane Lontis 提交于
Changed many tests so they also test fips (and removed 'availablein = default' from some tests). Seperated the monolithic evppkey.txt file into smaller maintainable groups. Changed the availablein option so it must be first - this then skips the entire test before any fetching happens. Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg), before the fetch happens. Added missing libctx's found by adding a libctx to test_evp. Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default' Added missing algorithm aliases for cipher/digests to the providers. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12236)
-
- 22 7月, 2020 2 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082)
-
- 16 7月, 2020 3 次提交
-
-
由 Matt Caswell 提交于
The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit 765d04c9. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
-
由 Matt Caswell 提交于
The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
-
由 Shane Lontis 提交于
Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are supported. The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly. The cipher returns the flag EVP_CIPH_FLAG_CTS. EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12094)
-
- 24 6月, 2020 1 次提交
-
-
由 Pauli 提交于
[extended tests] Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
-
- 11 6月, 2020 2 次提交
-
-
由 Pauli 提交于
functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11997)
-
由 Pauli 提交于
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace for consistency. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11996)
-
- 29 5月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy. This is because some algorithms (such as MACs and KDFs used via an old style EVP_PKEY) have not been transferred to providers. Unfortunately this means that you cannot stop some algorithms from being used by not loading the provider. For example if you wanted to prevent RSA from being used, you might expect to just not load any providers that make it available. Unfortunately that doesn't work because we simply fall back to legacy if we fail to fetch the EVP_KEYMGMT. Instead we should fail *unless* the key type is one of those legacy key types that we have not transferred. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11826)
-
- 27 5月, 2020 1 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11953)
-
- 24 4月, 2020 1 次提交
-
-
由 Rich Salz 提交于
... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
-
- 23 4月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
-
- 12 3月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
There was a misunderstanding what it should return. It should return 0 on internal error, but 1 even if the thing it tests fails (the error is determined by |t->err|). Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10289)
-
- 21 2月, 2020 1 次提交
-
-
由 Pauli 提交于
The extra argument is a integer pointer and is optional. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11049)
-
- 03 2月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
PR#6975 added the ability to our test framework to have common options to all tests. For example providing the option "-test 5" to one of our test programs will just run test number 5. This can be useful when debugging tests. Unforuntately this does not work well for a number of tests. In particular those tests that call test_get_argument() without first skipping over these common test options will not get the expected value. Some tests did this correctly but a large number did not. A helper function is introduced, test_skip_common_options(), to make this easier for those tests which do not have their own specialised test option handling, but yet still need to call test_get_argument(). This function call is then added to all those tests that need it. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10975)
-
- 02 2月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
With test/ecdsatest.c, we test all the curves once for each EC key type we have, i.e. one round trip with EVP_PKEY_EC and one with EVP_PKEY_SM2. This shows that we can use "normal" EC computations on keys with the SM2 curve (which have the type EVP_PKEY_SM2 by default) and SM2 computations with any other curve (which have the type EVP_PKEY_EC by default) test/evp_test.c, on the other hand, doesn't need to explicitly set the EVP_PKEY_SM2 alias type, as that now happens automatically. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10942)
-
- 19 1月, 2020 1 次提交
-
-
由 Pauli 提交于
One of the MDC2 test applications can be done using evp_test. This makes it so. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10831)
-
- 18 11月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Fixes #10438 issue found by clusterfuzz/ossfuzz The dest was getting a copy of the src structure which contained a pointer that should point to an offset inside itself - because of the copy it was pointing to the original structure. The setup for a ctx is mainly done by the initkey method in the PROV_CIPHER_HW structure. Because of this it makes sense that the structure should also contain a copyctx method that is use to resolve any pointers that need to be setup. A dup_ctx has been added to the cipher_enc tests in evp_test. It does a dup after setup and then frees the original ctx. This detects any floating pointers in the duplicated context that were pointing back to the freed ctx. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10443)
-
- 23 10月, 2019 1 次提交
-
-
由 Simo Sorce 提交于
Signed-off-by: NSimo Sorce <simo@redhat.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9949)
-
- 17 10月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
The following new functions all do the same thing; they traverse the set of names assigned to implementations of each algorithm type: EVP_MD_names_do_all(), EVP_CIPHER_names_do_all(), EVP_MAC_names_do_all(), EVP_KEYMGMT_names_do_all(), EVP_KEYEXCH_names_do_all(), EVP_KDF_names_do_all(), EVP_SIGNATURE_names_do_all() We add a warning to the documentation of EVP_CIPHER_name() and EVP_MD_name(), as they aren't suitable to use with multiple-name implementation. We also remove EVP_MAC_name() and evp_KDF_name(), as they serve no useful purpose. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
-
- 08 10月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9991)
-
- 03 10月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10006)
-
- 27 9月, 2019 1 次提交
-
-
由 Pauli 提交于
All instances of EVP_*_CTX_gettable_params functions have been renamed to EVP_*_gettable_ctx_params. Except for the EVP_MD ones which were changed already. These functions do not take EVP_*_CTX arguments so their prior naming was misleading. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10052)
-
- 12 9月, 2019 3 次提交
-
-
由 Richard Levitte 提交于
ERR_func_error_string() essentially returns NULL, and since all function codes are now removed for all intents and purposes, this function has fallen out of use and cannot be modified to suit the data, since its only function is to interpret an error code. To compensate for the loss of error code, we instead provide new functions that extracts the function name strings from an error record: - ERR_get_error_func() - ERR_peek_error_func() - ERR_peek_last_error_func() Similarly, the once all encompasing functions ERR_peek_last_error_line_data(), ERR_peek_error_line_data() and ERR_get_error_line_data() lack the capability of getting the function name string, so we deprecate those and add these functions to replace them: - ERR_get_error_all() - ERR_peek_error_all() - ERR_peek_last_error_all() Finally, we adjust a few lines of code that used the now deprecated functions. Fixes #9756 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9756)
-
由 Richard Levitte 提交于
Instead of relying on implicit fetches, try explicit fetches when available. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9121)
-
由 Paul Yang 提交于
Fix no-scrypt. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9840)
-
- 11 9月, 2019 2 次提交
-
-
由 Pauli 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9805)
-
由 Pauli 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9805)
-
- 06 9月, 2019 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
-
- 04 9月, 2019 1 次提交
-
-
由 Pauli 提交于
If the passed string length is zero, the function computes the string length from the passed string. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9760)
-
- 28 8月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
-
- 24 8月, 2019 2 次提交
-
-
由 Richard Levitte 提交于
The EVP_PKEY MAC implementations had a diversity of controls that were really the same thing. We did reproduce that for the provider based MACs, but are changing our minds on this. Instead of that, we now use one parameter name for passing the name of the underlying ciphers or digests to a MAC implementation, "cipher" and "digest", and one parameter name for passing the output size of the MAC, "size". Then we leave it to the EVP_PKEY->EVP_MAC bridge to translate "md" to "digest", and "digestsize" to "size". Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9667)
-
由 Richard Levitte 提交于
Parsing functions are at liberty to return: 1: when parsing on processing of the parsed value succeeded 0: when the parsed keyword is unknown -1: when the parsed value processing failed Some parsing functions didn't do this quite right, they returned 0 when they should have returned -1, causing a message like this: Line 123: unknown keyword PeerKey When this message (which is displayed when the parsing function returns -1) would have been more appropriate: Line 123: error processing keyword PeerKey = ffdhe2048-2-pub Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9682)
-
- 19 8月, 2019 1 次提交
-
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9433)
-
- 16 8月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8877)
-
- 01 8月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
The "Availablein" keyword is supposed to indicate which providers are required in evp_test in order for a particular test to pass. Unfortunately this didn't work. If the provider was available then the test failed. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
-
- 27 7月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
This changes the stanza format used so far. Some test stanza had the following line, only possible for digests: Legacy = 1 These have been traded for the following: Availablein = legacy That line is globally available in all test stanza and can be used to tell what providers a certain algorithm may be available in. Only one provider needs to match, so one might have something like this for some tests: Availablein = default fips This means that one of those providers must be available for the test stanza to be performed. If the providers mentioned for a stanza aren't available, the test is skipped. If this line isn't used in a stanza, the algorithm is assumed to be available unconditionally (either by fallback providers, or providers loaded by the config file). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9398)
-