#
b6a5e801 |
| 01-Dec-2023 |
Rajeev Ranjan |
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC onl
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC only to tls 1.3 - tls13_enc.c: extend function to add MAC only - ssl_local.h: add ssl_cipher_get_evp_md_mac() - s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS - ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it - tls13secretstest.c: add dummy test function - Configure: add integrity-only-ciphers option - document the new ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22903)
show more ...
|
#
deaa83af |
| 06-May-2024 |
Tomas Mraz |
Fix Coverity issues 1596850, 1596851 and 1596852 These are newly introduced memory leaks and UAF in evp_test.c Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul D
Fix Coverity issues 1596850, 1596851 and 1596852 These are newly introduced memory leaks and UAF in evp_test.c Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24339)
show more ...
|
#
fedbfff4 |
| 08-Aug-2023 |
Veronika Hanulíková |
Add processing by chunks to mac tests Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Add processing by chunks to mac tests Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)
show more ...
|
#
5f4983f9 |
| 02-Aug-2023 |
Veronika Hanulíková |
Add processing by chunks to encoding tests Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/opens
Add processing by chunks to encoding tests Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)
show more ...
|
#
1208d526 |
| 28-Jul-2023 |
Veronika Hanulíková |
Add processing by chunks to digest, sign, verify tests Input value is parsed into chunks, which are separately stored in the buffer stack. When chunk size is set, "Count" and "Copy"
Add processing by chunks to digest, sign, verify tests Input value is parsed into chunks, which are separately stored in the buffer stack. When chunk size is set, "Count" and "Copy" parameters are skipped. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)
show more ...
|
#
2c8dc43b |
| 27-Jul-2023 |
Veronika Hanulíková |
Add processing by chunks to cipher tests in evp_test When cipher does not support variable fragmentation, the test is skipped. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Add processing by chunks to cipher tests in evp_test When cipher does not support variable fragmentation, the test is skipped. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)
show more ...
|
#
0bfd744f |
| 27-Jul-2023 |
Veronika Hanulíková |
Add option for setting size of processed data chunks For tests in `evp_test`, which support processing in batches. When not set or set to 0, data are processed with default sizes (as
Add option for setting size of processed data chunks For tests in `evp_test`, which support processing in batches. When not set or set to 0, data are processed with default sizes (as before). Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
6ca1d3ee |
| 26-Jan-2024 |
Neil Horman |
fix missing null check in kdf_test_ctrl Coverity issue 1453632 noted a missing null check in kdf_test_ctrl recently. If a malformed value is passed in from the test file that does n
fix missing null check in kdf_test_ctrl Coverity issue 1453632 noted a missing null check in kdf_test_ctrl recently. If a malformed value is passed in from the test file that does not contain a ':' character, the p variable will be NULL, leading to a NULL derefence prepare_from_text Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23398)
show more ...
|
#
6f22bcd6 |
| 09-Dec-2023 |
Neil Horman |
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
show more ...
|
#
e4542332 |
| 11-Dec-2023 |
Tomas Mraz |
Fix provider compatibility check crash in evp_test EVP_MAC_CTX_get_mac_size() cannot be called on older unfixed versions before EVP_MAC_init(). Reviewed-by: Neil Horman <nhorman
Fix provider compatibility check crash in evp_test EVP_MAC_CTX_get_mac_size() cannot be called on older unfixed versions before EVP_MAC_init(). Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/23006)
show more ...
|
#
ff181969 |
| 29-Nov-2023 |
James Muir |
evp-cmac: do not seg-fault when getting mac-size before init Add null check to cmac_size(). This avoids a seg-fault encountered with cmac when EVP_MAC_CTX_get_mac_size() is called befor
evp-cmac: do not seg-fault when getting mac-size before init Add null check to cmac_size(). This avoids a seg-fault encountered with cmac when EVP_MAC_CTX_get_mac_size() is called before init. Extend mac testing in evp_test.c to check that the sizes returned by EVP_MAC_CTX_get_mac_size() before and after init make sense (this also ensures that we no longer seg-fault). Fixes #22842 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22858)
show more ...
|
#
497a7810 |
| 26-Oct-2023 |
Tomas Mraz |
evp_test.c: There are now 3 parameters possible for digests In digest_test_run() there are now 3 parameters possible plus the sentinel value. In reality we will never use all three a
evp_test.c: There are now 3 parameters possible for digests In digest_test_run() there are now 3 parameters possible plus the sentinel value. In reality we will never use all three at once but Coverity rightfully complains that it is possible to overflow the params array. Fixes Coverity 1548054 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22521)
show more ...
|
#
6a0ae393 |
| 24-Oct-2023 |
Tomas Mraz |
Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN BLAKE2 is not really an extensible output function unlike SHAKE as the digest size must be set during the context initia
Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN BLAKE2 is not really an extensible output function unlike SHAKE as the digest size must be set during the context initialization. Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN. We also need to adjust EVP_DigestFinal_ex() to query the OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size. Fixes #22488 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22491)
show more ...
|
#
1a185961 |
| 21-Sep-2023 |
Pauli |
evp_test: recondition cipher dupctx FIPS version check. Until the cipher dupctx is properly implemented in 3.1 and 3.0 the check is wrong. This should be reverted once the implemenation
evp_test: recondition cipher dupctx FIPS version check. Until the cipher dupctx is properly implemented in 3.1 and 3.0 the check is wrong. This should be reverted once the implemenation has been done. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)
show more ...
|
#
f34878d8 |
| 08-Sep-2023 |
Veronika Hanulíková |
Add command line option for setting propquery in evp_test Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://g
Add command line option for setting propquery in evp_test Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22151)
show more ...
|
#
1bebf4b0 |
| 12-Sep-2023 |
Veronika Hanulíková |
Add command line option for setting provider in evp_test Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://gi
Add command line option for setting provider in evp_test Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22151)
show more ...
|
#
19937db0 |
| 13-Sep-2023 |
Tomas Mraz |
Postponed further context duplication support for ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/open
Postponed further context duplication support for ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22094)
show more ...
|
#
bbb6d620 |
| 12-Sep-2023 |
Neil Horman |
Fix regression in evp_test for provider compat CI If we ignore the faliure to copy on an old fips provider, we need to use ctx_base, rather than ctx Fixes #22076 Review
Fix regression in evp_test for provider compat CI If we ignore the faliure to copy on an old fips provider, we need to use ctx_base, rather than ctx Fixes #22076 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22102)
show more ...
|
#
39d857bb |
| 29-Aug-2023 |
Neil Horman |
make inability to dup/clone ciphers an error There should be no reason that a cipher can't be duplicated Fixes #21887 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewe
make inability to dup/clone ciphers an error There should be no reason that a cipher can't be duplicated Fixes #21887 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21933)
show more ...
|
#
bbaeadb0 |
| 16-Jul-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
"foo * bar" should be "foo *bar" Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tom
"foo * bar" should be "foo *bar" Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21468)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
d57d0b81 |
| 13-Jul-2023 |
Veronika Hanulíková |
Add option for in-place cipher testing in evp_test The command line option enables setting in-place data processing for cipher testing in `evp_test`. The `both` option argument runs
Add option for in-place cipher testing in evp_test The command line option enables setting in-place data processing for cipher testing in `evp_test`. The `both` option argument runs both - in-place and non-in-place testing. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21546)
show more ...
|
#
8a2e74d0 |
| 08-Jun-2023 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
Cast the argument to unsigned char when calling isspace() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/ope
Cast the argument to unsigned char when calling isspace() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21151)
show more ...
|
#
6dfa998f |
| 27-Sep-2021 |
Čestmír Kalina |
providers: add Argon2 KDF https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Revie
providers: add Argon2 KDF https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12256)
show more ...
|