| Age | Commit message (Collapse) | Author |
|---|
|
Increase the signature's length, that is passed to EVP_DigestSign(). The
implementation should set this parameter back to the actual length, that
has been written.
This (oneshot_digestsign_test_run()) fails for the ed25519/ ed448
implementation of s390 prio the fix. The change in digestsign_test_run()
follows the same pattern and is for collecting bonus points.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18928)
(cherry picked from commit fc5888ccb60f33b366972299f30b976c4dc12162)
|
|
Fixes test error in #18714
This only happens currently during minimal builds.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18737)
(cherry picked from commit c8a016cac44d5402df3106f46c9725aa1b480e40)
|
|
As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18592)
(cherry picked from commit 5203a8dfdc209f05c7dbd9c1e5208743fcaa6752)
|
|
EVP_PKEY_derive() should be able to cope with a too big buffer for fixed
size outputs. However, we don't test that.
This change modifies the PKEYKDF tests to ask EVP_PKEY_derive() what the
desired output buffer size is, and as long as the returned value isn't
absurd (indicating that anything goes), the output buffer is made to be
twice as big as what is expected.
Tests #18517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18533)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18368)
(cherry picked from commit d649c51a5388912277dffb56d921eb720db54be1)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18103)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18100)
(cherry picked from commit e58ba181de6b0dfad0dc371f8d962c82138a906e)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)
(cherry picked from commit 4413fe3520da3ad42c417828b1785eeedcde50d3)
|
|
sk_OPENSSL_STRING_new_null
Since the memory allocation may fail, the 'mac_name' and 'controls'
could be NULL.
And the 'mac_name' will be printed in mac_test_run_mac() without check.
Also the result of 'params_n +
sk_OPENSSL_STRING_num(expected->controls)' in
mac_test_run_mac() will be 'params_n - 1' if allocation fails , which
does not make sense.
Therefore, it should be better to check them in order to guarantee the
complete success of initiation.
If fails, we also need to free the 'mdat' to avoid the memory leak.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17628)
(cherry picked from commit b2f90e93a07d992515782511a5770aa7cf7dc28f)
|
|
The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() deals
with.
CLA: trivial
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)
(cherry picked from commit 2208ba56ebefe4cf7d924e2ac7044ccd3307250b)
|
|
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17443)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16495)
(cherry picked from commit 21a0d9f3edda78d27d12cd7704de9e32976393ba)
|
|
This test did not really execute, since usually
the OPENSSL_malloc(0) will fail and prevent the
execution of the KDF.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16444)
|
|
Fixes #15917
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15920)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
|
|
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
|
|
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
|
|
Add a few testcases.
Fixes #15749
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15827)
|
|
If we have an unsupported key type we may get a decode error and
therefore we should detect that.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)
|
|
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15427)
|
|
function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15041)
|
|
The EVP test didn't recognise ERR_R_UNSUPPORTED, now does
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)
|
|
Change:
EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params
EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params
Which brings them in line with the other similar functions for other algorithm
types.
Fixes #14880
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14893)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14841)
|
|
Fixes #14808
Validation checks were moved into EVP_PKEY_derive_set_peer() which broke
an external negative test. Originally the old code was semi working by checking the peers public key was in the range of other parties p. It was not actually ever
checking that the domain parameters were consistent between the 2
parties. It now checks the parameters match as well as validating the
peers public key.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14823)
|
|
Fixes #14401
Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
|
|
A trivial PR to remove some commonly repeated words. It looks like this is
not the first PR to do this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14420)
|
|
EVP_RAND_CTXs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
|
|
EVP_KEY_new_CMAC_key_ex was in the pre-release 3.0 only, so is safe
to remove.
Restore 1.1.1 version of EVP_PKEY_new_CMAC_key documentation.
Also make testing of EVP_PKEY_new_CMAC_key properly #ifdef'd.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13829)
|
|
To clarify the purpose of these two calls rename them to
EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv.
Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV
to better align with the function name.
Fixes #13411
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13870)
|
|
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13001)
|
|
The X942 KDF had been modified so that it supports all optional fields - not
just the fields used by CMS.
As there are 2 types of KDF for X942 - this has been made a bit clearer
by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an
alias of X963KDF.
This work was instigated as a result of the ACVP tests optionally being
able to use keybits for the supp_pubinfo field.
Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this
to be disabled.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13418)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)
|
|
Fixes #12627
Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error when using config opt 'no-fips-securitychecks'
Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13387)
|
|
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
|
|
Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)
|
|
Changes merged from a patch by @richsalz.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
|
|
Instead of sometimes, and sometimes not reporting an error in the
caller of EVP_XXX_fetch(), where the error may or may not be very
accurate, it's now centralised to the inner EVP fetch functionality.
It's made in such a way that it can determine if an error occured
because the algorithm in question is not there, or if something else
went wrong, and will report EVP_R_UNSUPPORTED_ALGORITHM for the
former, and EVP_R_FETCH_FAILED for the latter.
This helps our own test/evp_test.c when it tries to figure out why an
EVP_PKEY it tried to load failed to do so.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12857)
|
