#
62457fd9 |
| 14-Dec-2023 |
Neil Horman |
Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider,
Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider, and the former causes a segfault when the provider attempts to call EVP_MAC_init on an EVP_MAC object that has been instructed not to be initalized (as the update function will not have been set in the MAC object, which is unilaterally called from EVP_MAC_init Remove the tests for the above flags, and document them as being deprecated and ignored. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23054)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
#
25624c90 |
| 11-Nov-2022 |
Tomas Mraz |
Rationalize FIPS sources Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org>
Rationalize FIPS sources Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19658)
show more ...
|
#
50023e9b |
| 09-May-2022 |
Matt Caswell |
Move protocol version specific code into separate files Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/ope
Move protocol version specific code into separate files Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
cec1699f |
| 08-Jun-2022 |
Bernd Edlinger |
Fix a use after free in error handling of hmac_dup dst->digest needs to be zeroized in case HMAC_CTX_copy or ossl_prov_digest_copy return failure. Fixes #18493 Reviewed
Fix a use after free in error handling of hmac_dup dst->digest needs to be zeroized in case HMAC_CTX_copy or ossl_prov_digest_copy return failure. Fixes #18493 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18502)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
c9ddc5af |
| 12-Apr-2022 |
Tomas Mraz |
Avoid undefined behavior of provided macs on EVP_MAC reinitialization When the context is reinitialized, i.e. the same key should be used we must properly reinitialize the underlying imp
Avoid undefined behavior of provided macs on EVP_MAC reinitialization When the context is reinitialized, i.e. the same key should be used we must properly reinitialize the underlying implementation. However in POLY1305 case it does not make sense as this special MAC should not reuse keys. We fail with this provided implementation when reinitialization happens. Fixes #17811 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18100)
show more ...
|
#
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
#
eb1b66f0 |
| 24-May-2021 |
Pauli |
mac: add a getter for the MAC block size. Fixes #12342 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://gi
mac: add a getter for the MAC block size. Fixes #12342 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15427)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
5a6b62bb |
| 10-Mar-2021 |
Pauli |
update set_ctx_param MAC calls to return 1 for a NULL params Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
c23f96f3 |
| 25-Feb-2021 |
Pauli |
prov: update hmac to have additional init arguments Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
#
eee323c3 |
| 23-Feb-2021 |
Pauli |
prov: support modified gettable/settable ctx calls for MACs Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14240)
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
36978c19 |
| 14-Dec-2020 |
Shane Lontis |
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields. Fixes #12992 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields. Fixes #12992 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13830)
show more ...
|
#
8ce04db8 |
| 02-Feb-2021 |
Richard Levitte |
CORE & PROV: clean away OSSL_FUNC_mac_size() There was a remaining function signature declaration, but no OSSL_DISPATCH number for it nor any way it's ever used. It did exist once,
CORE & PROV: clean away OSSL_FUNC_mac_size() There was a remaining function signature declaration, but no OSSL_DISPATCH number for it nor any way it's ever used. It did exist once, but was replaced with an OSSL_PARAM item to retrieve. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14048)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
00108705 |
| 08-Sep-2020 |
Jon Spillett |
Allow zero-length secret for EVP_KDF API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fr
Allow zero-length secret for EVP_KDF API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12826)
show more ...
|
#
5b104a81 |
| 07-Sep-2020 |
Pauli |
mac: add FIPS error state handling Check for provider being runnable in new, dup, init and final calls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.
mac: add FIPS error state handling Check for provider being runnable in new, dup, init and final calls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
#
e08f86dd |
| 20-Aug-2020 |
Matt Caswell |
Make ssl3_cbc_digest_record() use the real data_size Previously we passed it the data plus mac size. Now we just pass it the data size. We already know the mac size. Reviewed-by
Make ssl3_cbc_digest_record() use the real data_size Previously we passed it the data plus mac size. Now we just pass it the data size. We already know the mac size. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12732)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
2e2084da |
| 30-Jul-2020 |
Matt Caswell |
Start using the provider side TLS HMAC implementation This commit just moves the TLS1 and above implementation to use the TLS HMAC implementation in the providers. Reviewed-by:
Start using the provider side TLS HMAC implementation This commit just moves the TLS1 and above implementation to use the TLS HMAC implementation in the providers. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12732)
show more ...
|
#
3fddbb26 |
| 30-Jul-2020 |
Matt Caswell |
Add an HMAC implementation that is TLS aware The TLS HMAC implementation should take care to calculate the MAC in constant time in the case of MAC-Then-Encrypt where we have a variable
Add an HMAC implementation that is TLS aware The TLS HMAC implementation should take care to calculate the MAC in constant time in the case of MAC-Then-Encrypt where we have a variable amount of padding. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12732)
show more ...
|
#
1017ab21 |
| 07-Aug-2020 |
Pauli |
provider: add the unused paramater tag to the gettable and settable functions Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12603)
|