Pauli
6436030486
rsa: make the maximum key strength check FIPS only.
...
To be reverted once key generation checks are added everywhere and a way to
disable them implemented.
Fixes #15502
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15560 )
2021-06-03 15:32:38 +10:00
yuechen-chen
691c9cd16b
Add an EVP demo for signatures using EC
...
Fixes #14115
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15429 )
2021-06-03 15:21:17 +10:00
Pauli
74613e8c97
update checksums
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15574 )
2021-06-03 11:58:18 +10:00
Pauli
c912e0c616
util: update FIPS checksumming script to be more aggressive with whitespace
...
Fixes #15562
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15574 )
2021-06-03 11:56:21 +10:00
Jon Spillett
8a5bd05da8
Add enable-fips to CI configuration
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15537 )
2021-06-03 07:33:13 +10:00
Jon Spillett
c29b71c367
Disable tracing within the FIPS module
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15537 )
2021-06-03 07:32:54 +10:00
Tomas Mraz
ea82158103
ed25519 and ed448: fix incorrect OSSL_PKEY_PARAM_MAX_SIZE
...
Fixes #15552
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15566 )
2021-06-02 17:17:51 +02:00
Dr. David von Oheimb
4388417157
80-test_cms.t: Replace use of ee-self-signed.pem by more suitable smrsa1.pem
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15499 )
2021-06-02 14:49:13 +02:00
Dr. David von Oheimb
07e84e67a6
ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15499 )
2021-06-02 14:49:13 +02:00
Pauli
5bcbdee621
list: update to not use XXX_get_number() calls
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:51 +10:00
Pauli
45e6e5073a
store: include internal header
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:51 +10:00
Pauli
d11e555082
doc: fix OSSL_(EN|DE)CODER_get0_name function names
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:51 +10:00
Pauli
bcd5d3a22d
libcrypto: make XXX_get_number() internal
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:39 +10:00
Pauli
6ea964cd4a
doc: make XXX_get_number() internal
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:39 +10:00
Pauli
2e006ae77b
Add internal get_number functions to internal headers
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:39 +10:00
Pauli
f2e3584d10
add internal get_number functons to crypto/evp.h
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:39 +10:00
Pauli
c768893e7d
doc: move XXX_get_number() documentation to internal
...
These functions are effectively useless for users outside of libcrypto.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564 )
2021-06-02 20:45:39 +10:00
Pauli
4cedf30e99
utils: remove TODO
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
71653965b3
crypto: remove TODOs
...
Fixes #15451
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
60e91cc409
http: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
4c3c2633b2
evp: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
3b90a847ec
err: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
4656d9ecd1
ec: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
3dc12810fa
dso: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
26b3e44a66
bn: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
79cabd7e27
rsa: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
c6472fec64
store: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
e73a08b400
pem: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
126e37716f
ocsp: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
29cfba8599
ct: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
e0a7ef0b51
crmf: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
1486b1fbd3
comp: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
6f6c8b0e3c
cms: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
75e1191f4d
cmp: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
69e21cb648
x509: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
1c8c5d4755
bio: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
10dbfcc91e
asn.1: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
0848b943a8
providers: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
407820c0e3
tls: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
fd009d763a
test: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
fb6ad22e36
fuzz: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Pauli
db70dc2cda
apps: remove TODOs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539 )
2021-06-02 16:30:15 +10:00
Richard Levitte
0d7d5e2490
providers/common/der/build.info: make a variable for ../include/prov
...
This is a proof of concept for GENERATE variable expansion.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15554 )
2021-06-02 08:19:23 +02:00
Richard Levitte
7058b4db82
Configure: variable expand GENERATE values too
...
Internal documentation doesn't allow for any exception... Therefore,
even GENERATE values should be variable expanded.
(there are historical reasons why GENERATE was excepted from variable
expansion, that aren't applicable any more)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15554 )
2021-06-02 08:18:47 +02:00
Jon Spillett
0608afe096
Fix up bad libcrypto.num
...
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15576 )
2021-06-02 13:04:04 +10:00
Tomas Mraz
b3c2ed7043
Add NCONF_get_section_names()
...
And a few additional fixups to make the no-deprecated configuration
to build.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466 )
2021-06-02 12:40:02 +10:00
Rich Salz
6b750b89ee
Add NCONF_get0_libctx()
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466 )
2021-06-02 12:40:02 +10:00
Rich Salz
ff234c6804
Make conf_method_st and conf_st deprecated
...
So they can be made opaque in a future release.
Fixes #15101
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466 )
2021-06-02 12:40:02 +10:00
Trev Larock
147ed5f9de
Modify ssl_handshake_hash to call SSLfatal
...
When EVP_MD_CTX_new fails call SSLfatal before the goto err.
This resolves a state machine issue on the out of memory condition.
Fixes #15491 .
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15520 )
2021-06-01 16:43:43 +02:00
Tomas Mraz
7e8d6bafd0
Make the 00-prep_*.t recipe truly mandatory
...
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550 )
2021-06-01 15:07:51 +02:00