| #
62457fd9 |
| 14-Dec-2023 |
Neil Horman |
Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT
The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and
OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider,
Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT
The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and
OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider,
and the former causes a segfault when the provider attempts to call
EVP_MAC_init on an EVP_MAC object that has been instructed not to be
initalized (as the update function will not have been set in the MAC
object, which is unilaterally called from EVP_MAC_init
Remove the tests for the above flags, and document them as being
deprecated and ignored.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23054)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays
Fixes #20710
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays
Fixes #20710
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
| #
25624c90 |
| 11-Nov-2022 |
Tomas Mraz |
Rationalize FIPS sources
Avoid including QUIC related stuff in the FIPS sources.
Also avoid including libssl headers in ssl3_cbc.c.
Reviewed-by: Paul Dale <pauli@openssl.org>
Rationalize FIPS sources
Avoid including QUIC related stuff in the FIPS sources.
Also avoid including libssl headers in ssl3_cbc.c.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19658)
show more ...
|
| #
50023e9b |
| 09-May-2022 |
Matt Caswell |
Move protocol version specific code into separate files
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope
Move protocol version specific code into separate files
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
| #
cec1699f |
| 08-Jun-2022 |
Bernd Edlinger |
Fix a use after free in error handling of hmac_dup
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed
Fix a use after free in error handling of hmac_dup
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
c9ddc5af |
| 12-Apr-2022 |
Tomas Mraz |
Avoid undefined behavior of provided macs on EVP_MAC reinitialization
When the context is reinitialized, i.e. the same key should be used
we must properly reinitialize the underlying imp
Avoid undefined behavior of provided macs on EVP_MAC reinitialization
When the context is reinitialized, i.e. the same key should be used
we must properly reinitialize the underlying implementation.
However in POLY1305 case it does not make sense as this special MAC
should not reuse keys. We fail with this provided implementation
when reinitialization happens.
Fixes #17811
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18100)
show more ...
|
| #
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
| #
eb1b66f0 |
| 24-May-2021 |
Pauli |
mac: add a getter for the MAC block size.
Fixes #12342
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi
mac: add a getter for the MAC block size.
Fixes #12342
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15427)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
5a6b62bb |
| 10-Mar-2021 |
Pauli |
update set_ctx_param MAC calls to return 1 for a NULL params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
|
| #
c23f96f3 |
| 25-Feb-2021 |
Pauli |
prov: update hmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
|
| #
eee323c3 |
| 23-Feb-2021 |
Pauli |
prov: support modified gettable/settable ctx calls for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
|
|
Revision tags: openssl-3.0.0-alpha12 |
|
| #
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
|
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
| #
36978c19 |
| 14-Dec-2020 |
Shane Lontis |
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Fixes #12992
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Fixes #12992
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
show more ...
|
| #
8ce04db8 |
| 02-Feb-2021 |
Richard Levitte |
CORE & PROV: clean away OSSL_FUNC_mac_size()
There was a remaining function signature declaration, but no
OSSL_DISPATCH number for it nor any way it's ever used. It did exist
once,
CORE & PROV: clean away OSSL_FUNC_mac_size()
There was a remaining function signature declaration, but no
OSSL_DISPATCH number for it nor any way it's ever used. It did exist
once, but was replaced with an OSSL_PARAM item to retrieve.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14048)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
| #
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term libctx was used by far most often.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
| #
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
| #
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_
This stops them leaking into other namespaces in a static build.
They remain internal.
Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_
This stops them leaking into other namespaces in a static build.
They remain internal.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
|
Revision tags: OpenSSL_1_1_1h |
|
| #
00108705 |
| 08-Sep-2020 |
Jon Spillett |
Allow zero-length secret for EVP_KDF API
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fr
Allow zero-length secret for EVP_KDF API
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12826)
show more ...
|
| #
5b104a81 |
| 07-Sep-2020 |
Pauli |
mac: add FIPS error state handling
Check for provider being runnable in new, dup, init and final calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.
mac: add FIPS error state handling
Check for provider being runnable in new, dup, init and final calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
| #
e08f86dd |
| 20-Aug-2020 |
Matt Caswell |
Make ssl3_cbc_digest_record() use the real data_size
Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.
Reviewed-by
Make ssl3_cbc_digest_record() use the real data_size
Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha6 |
|
| #
2e2084da |
| 30-Jul-2020 |
Matt Caswell |
Start using the provider side TLS HMAC implementation
This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.
Reviewed-by:
Start using the provider side TLS HMAC implementation
This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
show more ...
|
| #
3fddbb26 |
| 30-Jul-2020 |
Matt Caswell |
Add an HMAC implementation that is TLS aware
The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
Add an HMAC implementation that is TLS aware
The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
amount of padding.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
show more ...
|
| #
1017ab21 |
| 07-Aug-2020 |
Pauli |
provider: add the unused paramater tag to the gettable and settable functions
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12603)
|
