| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19656)
(cherry picked from commit 5e38e0acf4e1681ae32fa1b164adbc08719bd613)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19273)
(cherry picked from commit 7489ada9f3fd902c5bc3c58cc03a90de2800d0ab)
|
|
The providers indication should always indicate that this is not a
legacy request.
This makes a check for engines redundant as the default return is that
legacy is ok if there are no explicit providers.
Fixes #19662
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19671)
(cherry picked from commit 2fea56832780248af2aba2e4433ece2d18428515)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19666)
(cherry picked from commit cc910f1b316a6ea3d4df57e719adda1922393f8f)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19666)
(cherry picked from commit fe84acc22757e77d48fb6ccc31abe4c72264c877)
|
|
This tests that the comparison work even if a provider can only return
a public key.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
(cherry picked from commit e5202fbd461cb6c067874987998e91c6093e5267)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
(cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf)
|
|
Note: The private key is test/certs/root-ed25519.privkey.pem
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
(cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
(cherry picked from commit a0783b83a3bd05a07ea64567995c7642621b4aa6)
|
|
Also add negative test cases for CMAC and GMAC using
a cipher with wrong mode.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
(cherry picked from commit 94976a1e8d9b127999df14c2e0c38e918c2badda)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)
(cherry picked from commit 10119e7475bb198e13b1722b186303b8a7528dfe)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17889)
(cherry picked from commit 930a7bd9128fd5e184c8a60153de5b8a16159b05)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19184)
(cherry picked from commit 0b664228a8b217751a225e383a47936fab5c1d64)
|
|
Also update the oqsprovider.sh file to not run the preptests.sh script
which is no longer required
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
(cherry picked from commit ac837d4d2eb542a9119bd8ed0ade7242887c531b)
|
|
Fixes #18898
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18899)
(cherry picked from commit 7e32ca79e33546682a5a75bb41b9d6dcd732787a)
|
|
Including running the oqsprovider external test in the
CI external test build.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17832)
(cherry picked from commit fa66f62ebbb878bef5c34591efc82b24b9b88dff)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)
(cherry picked from commit 065442165a3d339a7de469b4cd18a3f902c73443)
|
|
As the potential failure of the memory allocation, the OPENSSL_strdup()
could return NULL pointer and then be assigned to 'server_ctx'.
In order to tell the callers the failure of the configuration, it should
be better to return error.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17705)
(cherry picked from commit 17da5f2af833ef16cc2e431359139a4a2e3775b9)
|
|
The r parameter of the KBKDF is unsupported by 3.0 FIPS module.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
(cherry picked from commit bbbd1210b43d7a7aff60ccc3c92561beaf6b2bb3)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)
(cherry picked from commit d5f9166bacfb3757dfd6117310ad54ab749b11f9)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)
(cherry picked from commit 43332e405bea83a2d553e0519fdb04170879bc96)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)
(cherry picked from commit c8adf19d2da318cd7b007753d6c8a7f9dc94d4ed)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17063)
(cherry picked from commit 0e9a265e42890699dfce82f1ff6905de6aafbd41)
|
|
On a big endian machine, we get test failures in params_api_test like
# ERROR: (memory) 'buf1 == buf2' failed @ test/params_api_test.c:473
# --- buf1
# +++ buf2
# 0000:-e901
# 0000:+01e9
# ^^^^
#
# OPENSSL_TEST_RAND_ORDER=1643313367
not ok 157 - iteration 3
They are due to an additional conversion copy. Remove this copy to solve the
problem.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17608)
(cherry picked from commit 9927749ec2b8fc4b6146f0bd54cb6a44b8295974)
|
|
Add test for `.' overflows, remove the output size argument from
ossl_a2ulabel() since it was never used and greatly complicated the code.
Convert ossl_a2ulabel() to use WPACKET for building the output string.
Update the documentation to match the new definition of ossl_a2ulabel().
x509: let punycode handle the '\0' string termination. Saves a memset(3)
and some size fiddling. Also update to deal with the modified parameters.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
(cherry picked from commit 905ba924398f474e647de70345b4ae4089fedba7)
|
|
Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
(cherry picked from commit 373d90128042cb0409e347827d80b50a99d3965a)
|
|
Otherwise the powerbufLen can overflow.
Issue reported by Jiayi Lin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19632)
(cherry picked from commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8)
|
|
This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
(cherry picked from commit 75fcf1062817421d8c5850ad0d52a913a2e6499a)
|
|
This reverts commit 464c1011b02936850fc779739013dba52650840a.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
(cherry picked from commit ccc860a77e542bee24f64e44f7bcea5706068866)
|
|
This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
(cherry picked from commit c69cf38ec4b592a488f0c8d3042ecc345787ffc9)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
(cherry picked from commit ed16b0fc282d29f755e656043e8a70553ef7bea5)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
(cherry picked from commit 0be4b0403d2f65adf0d037581223dbebd0fa135e)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
The GCM mode of the SM4 algorithm is specifieded by RFC8998.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16491)
(cherry picked from commit c2ee608a234340aa735f894f8d84ead0ce58286e)
|
|
That is: ossl_property_name_str and ossl_property_value_str.
These only have high level tests during the creation of child library
contexts.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17325)
(cherry picked from commit 9f6841e9d8964943cf5f616543750cee85c4911c)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
(cherry picked from commit 291c5b3e39f4c98e61cf7f65056fe49780d1f0ac)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.
Fixes #17059
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17345)
(cherry picked from commit 7ee992a5d931ab5ad9df00d2d8e47e1b7a72d7ac)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
(cherry picked from commit e304aa87b35fac5ea97c405dd3c21549faa45e78)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17448)
(cherry picked from commit e5fb4b1469f317aa92768cdf804dfa29b72cb8f3)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
(cherry picked from commit db87f89b7393eea395b82050c7fc4e1869ef112e)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17376)
(cherry picked from commit a8251a32a0dc449fc39f44a1768e091fcc077227)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17315)
(cherry picked from commit 2080da84a49b0c52fc8c6e6caef5d373235bd3e4)
|
|
Add test cases for RNDR and RNDRRS. Combine tests for RDRAND and RNDR to
share common logic.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15361)
(cherry picked from commit 1f8ce0c9faee59ac51a5db7a8ec42c38866be090)
|
|
It uses AVX512_IFMA + AVX512_VL (with 256-bit wide registers) ISA to
keep lower power license.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14908)
(cherry picked from commit f87b4c4ea67393c9269663ed40a7ea3463cc59d3)
|
|
In addition, rework the multi tests to use common code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit 0855591e1f3559313641c13e4b7ce900ce42321c)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Either suppress the error, or better make smbuf longer.
Detected with -Werror.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19528)
(cherry picked from commit 91b7520e2385a513ad879dfa8fe8e45466315a27)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)
(cherry picked from commit e9e6827445528caf1d9d6647953fbe67a0c78716)
|
|
Fixes #19524
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19525)
(cherry picked from commit f5a10d5cc19215ab22be55b4a2ee1e41bd38fb14)
|
|
Not possible to hit but good to address.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19576)
(cherry picked from commit ce0a7cadadb973216399e70d3a69f352b0843deb)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19429)
(cherry picked from commit 15c8df81083f31dd35aedbe2d58ec702d0c0dc65)
|
|
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
|
