- 29 4月, 2021 4 次提交
-
-
由 Matt Caswell 提交于
SHA1 is now in security level 0. SHA1 is required for DTLSv1.1. Therefore ssl_test_new needed some adjustments in the event that DTLSv1.2 is disabled. There are also adjustments required if using the FIPS module and DTLSv1.2 is disabled. The only DTLS version supported by the FIPS module is DTLSv1.2. Fixes #14956 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15047)
-
由 Matt Caswell 提交于
SHA1 is now in security level 0. SHA1 is required for DTLSv1.1. Therefore sslapitest needed some adjustments in the event that DTLSv1.2 is disabled. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15047)
-
由 Matt Caswell 提交于
SHA1 is now in security level 0. SHA1 is required for DTLSv1.1. Therefore dtlstest needed some adjustments in the event that DTLSv1.2 is disabled. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15047)
-
由 Tomas Mraz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15044)
-
- 28 4月, 2021 9 次提交
-
-
由 Matt Caswell 提交于
We test that sending a Finished message instead of a ClientHello results in an unexpected message error. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14930)
-
由 Matt Caswell 提交于
Check that we don't see any threading issues when loading/unloading a provider from multiple threads. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15010)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14601)
-
由 Tomas Mraz 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/15027)
-
由 David Benjamin 提交于
The X509 version APIs return the numerical values of the version numbers, which are one off from the names. This is a bit confusing. Where they don't get it wrong (accidentally making an "X509v4" certificate), callers tend to try commenting every call site to explain the mismatch, including in OpenSSL itself. Define constants for these values, so code can be self-documenting and callers are nudged towards the right values. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14549)
-
由 Kevin Cadieux 提交于
Disabling memleaktest under MSVC because leak detection is not a supported feature with MSVC's AddressSanitizer. Leaving ASan enabled in this case causes a test failure because the test suite is expecting the leak to be detected. CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14581)
-
由 Jon Spillett 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15041)
-
由 Tomas Mraz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15028)
-
由 Tomas Mraz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15028)
-
- 27 4月, 2021 4 次提交
-
-
由 Shane Lontis 提交于
Fixes #14667 Reworked test supplied by @smcpeak into a unit test. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14938) (cherry picked from commit 7c65179ad95d0f6f598ee82e763fce2567fe5802)
-
由 Paul Kehrer 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15018)
-
由 Shane Lontis 提交于
The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14997)
-
由 Shane Lontis 提交于
Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444 Updated documentation for app to indicate what options are available for DH and DHX keys. DH and DHX now have different keymanager gen_set_params() methods. Added CHANGES entry to indicate the breaking change. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14883)
-
- 26 4月, 2021 1 次提交
-
-
由 Tomas Mraz 提交于
Fixes #14701 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14898)
-
- 24 4月, 2021 1 次提交
-
-
由 Richard Levitte 提交于
Some keys with groups that aren't supported by FIPS were still used for Derive stanzas, even when testing with the FIPS provider. This was due to the flaw in evp_keymgmt_util_try_import() that meant that even though the key was invalid for FIPS, it could still come through, because the imported keydata wasn't cleared on import error. With that flaw corrected, these few Derive stanzas start failing. We mitigate this by making of "offending" Derive stanzas only available with the default provider. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15008)
-
- 23 4月, 2021 6 次提交
-
-
由 Pauli 提交于
One of the KDFs and one of the MACs use DES as an underlying algorithm in some tests. Separate these out into their own files which are conditionally excluded. Fixes #14958 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14975)
-
由 Pauli 提交于
Fixes #14958 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14975)
-
由 Pauli 提交于
In this case, there was a slight different error output format that wasn't being accounted for in the error test. Fixes #14961 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14976)
-
由 Pauli 提交于
The TLS curves test strong assumes that TLS 1.2 and TLS 1.3 are present. It is only conditioned out if TLS 1.2 isn't. This changes also conditions it out if TLS 1.3 isn't present. Fixes ##14965 Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14978)
-
由 Pauli 提交于
The evp_extra_test program was trying to validate these curves when they were not build. Fixes #14959 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14977)
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14942)
-
- 22 4月, 2021 4 次提交
-
-
由 Tomas Mraz 提交于
Fixes runchecker failure of no-tls1_2 build. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14955)
-
由 Tomas Mraz 提交于
Fixes Coverity ID 1476283 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14928)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14986)
-
由 MichaM 提交于
CLA: trivial Signed-off-by: NMichaM <contact-micha+github@posteo.de> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14879)
-
- 21 4月, 2021 2 次提交
-
-
由 Richard Levitte 提交于
The EVP test didn't recognise ERR_R_UNSUPPORTED, now does Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14834)
-
由 Pauli 提交于
In function test_EVP_PKEY_ffc_priv_pub, params is freed via OSSL_PARAM_free() at line 577. If the condition at line 581 is true, the execution will goto err, and params will be freed again at line 630. The same problem also happens at line 593 and line 609, which causes two double free bugs. Bugs reported by @Yunlongs Fixes 14916 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14921)
-
- 20 4月, 2021 2 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14128)
-
由 Tomas Mraz 提交于
Fixes #14902 Also add workaround of `sudo hostname localhost` for the intermittent test failures seen in CI. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/14872)
-
- 19 4月, 2021 4 次提交
-
-
由 Matt Caswell 提交于
Also includes testing for OSSL_LIB_CTX_get0_global_default(). Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14890)
-
由 Matt Caswell 提交于
One was related to probing for the combination of signature and hash algorithm together. This is currently not easily possible. The TODO(3.0) is converted to a normal comment and I've raised the problem as issue number #14885 as something to resolve post 3.0. The other TODO was a hard coded limit on the number of groups that could be registered. This has been amended so that there is no limit. Fixes #14333 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14886)
-
由 Tanzinul Islam 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13540)
-
由 Tomas Mraz 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14882)
-
- 18 4月, 2021 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
-
由 Richard Levitte 提交于
Because of aliases, retrieved names won't always match one specific string. A safer way to check is to fetch the digest from the retrieved name and check it's the expected one with the help of EVP_MD_is_a(). Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
-
由 Richard Levitte 提交于
When test cases were added with ADD_ALL_TESTS_NOSUBTEST(), all those iteration verdicts were summarized as if it was one single case. This modification gets each iteration verdict displayed separately instead. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
-