b7cf9dd2 | 22-Jun-2022 |
slontis |
SHAKE documentation updates for default output length. Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated.
SHAKE documentation updates for default output length. Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated. Background: All digests algorithms (including XOF's) use the bitlen as the default output length. This results in a security strength of bitlen / 2. This means that SHAKE128 will by default have an output length of 16 bytes and a security strength of 64 bits. For SHAKE256 the default output length is 32 bytes and has a security strength of 128 bits. This behaviour was present in 1.1.1 and has been duplicated in the provider SHAKE algorithms for 3.0. The SHAKE XOF algorithms have a security strength of min(bitlen, output xof length in bits / 2). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18622)
show more ...
|
2f1112b2 | 30-Jun-2022 |
Rohan McLure |
Fix unrolled montgomery multiplication for POWER9 In the reference C implementation in bn_asm.c, tp[num + 1] contains the carry bit for accumulations into tp[num]. tp[num + 1] is only ev
Fix unrolled montgomery multiplication for POWER9 In the reference C implementation in bn_asm.c, tp[num + 1] contains the carry bit for accumulations into tp[num]. tp[num + 1] is only ever assigned, never itself incremented. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18883)
show more ...
|
eae70100 | 27-Jun-2022 |
Rohan McLure |
Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"" This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e. Reviewed-by: Hugo Landau <hlandau@
Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"" This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18883)
show more ...
|
f8684542 | 09-Aug-2022 |
Matt Caswell |
CRYPTO_mem_debug_push() and CRYPTO_mem_debug_pop() should return 0 Those 2 functions historically only ever returned 0 or 1. In OpenSSL 3.0 they were made no-ops and the documentation sa
CRYPTO_mem_debug_push() and CRYPTO_mem_debug_pop() should return 0 Those 2 functions historically only ever returned 0 or 1. In OpenSSL 3.0 they were made no-ops and the documentation says they always return 0. In fact they were returning -1. If any application was actually using these functions then it may appear that they were actually successful (e.g. -1 could be interpreted as "true"). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18967)
show more ...
|
2c35d617 | 09-Aug-2022 |
Matt Caswell |
Correct the documentation for OPENSSL_MALLOC_FD The documentation was misleading in that it suggests that this environment variable will record information about all allocations. While t
Correct the documentation for OPENSSL_MALLOC_FD The documentation was misleading in that it suggests that this environment variable will record information about all allocations. While this is true it doesn't record the most useful information that you might expect such as the requested size of the allocation! It is mainly for use in conjunction with OPENSSL_MALLOC_FAILURES, and reports information about what chance an allocation has of failing. We also clarify that the mem_debug functions are actually no-ops in 3.0. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18967)
show more ...
|
b2ccfd81 | 04-Jul-2022 |
Clemens Lang |
APPS: genrsa: Support setting properties The -provider and -propquery options did not work on genrsa. Fix this and add a test that checks that operations that would usually fail with
APPS: genrsa: Support setting properties The -provider and -propquery options did not work on genrsa. Fix this and add a test that checks that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
show more ...
|
653a7706 | 04-Jul-2022 |
Clemens Lang |
APPS: dgst: Support properties when signing The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and
APPS: dgst: Support properties when signing The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' Additionally, modify the behavior of dgst -list to also use the current library context and property query. This reduces the output below the headline "Supported digests" to a list of the digest algorithms that will actually work with the current configuration, which is closer to what users probably expect with this headline. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
show more ...
|
33b9bb45 | 01-Jul-2022 |
Clemens Lang |
TEST: Check property query support of apps/pkey Property query support works correctly for apps/pkey, but there does not seem to be a test for it yet, so add one. See also 30b2c
TEST: Check property query support of apps/pkey Property query support works correctly for apps/pkey, but there does not seem to be a test for it yet, so add one. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed a similar problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
show more ...
|
01855387 | 01-Jul-2022 |
Clemens Lang |
APPS: pkeyparam: Support setting properties The -provider and -propquery options did not work on pkeyparam. Fix this and add tests that check that operations that would usually fail with
APPS: pkeyparam: Support setting properties The -provider and -propquery options did not work on pkeyparam. Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
show more ...
|
2b8f687d | 01-Jul-2022 |
Clemens Lang |
APPS: ecparam: Support setting properties The -provider and -propquery options did not work on ecparam. Fix this and add tests that check that operations that would usually fail with
APPS: ecparam: Support setting properties The -provider and -propquery options did not work on ecparam. Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
show more ...
|
ae3c30ac | 01-Jul-2022 |
Clemens Lang |
APPS: dhparam: Support setting properties The -provider and -propquery options did not work on dhparam. Fix this and add tests that check that operations that would usually fail with
APPS: dhparam: Support setting properties The -provider and -propquery options did not work on dhparam. Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
show more ...
|
45479dce | 25-Jul-2022 |
Dr. David von Oheimb |
test/timing_load_creds.c: fix coding style and other (mostly minor) issues Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by:
test/timing_load_creds.c: fix coding style and other (mostly minor) issues Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18821)
show more ...
|
c02036e1 | 18-Jul-2022 |
Dr. David von Oheimb |
Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18821)
show more ...
|
6212fc68 | 29-Apr-2021 |
Rich Salz |
Add a stand-alone "timing" program Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@sieme
Add a stand-alone "timing" program Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18821)
show more ...
|
6136408e | 11-May-2022 |
Hongren (Zenithal) Zheng |
Add ROTATE inline RISC-V zbb/zbkb asm for DES Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openss
Add ROTATE inline RISC-V zbb/zbkb asm for DES Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18290)
show more ...
|
d272ef53 | 10-Aug-2022 |
Juergen Christ |
Fix asan finding in bio_tfo_test Running bio_tfo_test under asan yields ==172342==ERROR: LeakSanitizer: detected memory leaks Direct leak of 380 byte(s) in 5 object(s) allocated from
Fix asan finding in bio_tfo_test Running bio_tfo_test under asan yields ==172342==ERROR: LeakSanitizer: detected memory leaks Direct leak of 380 byte(s) in 5 object(s) allocated from: #0 0x3ff89bba251 in malloc (/lib64/libasan.so.8+0xba251) #1 0x3ff88cf9fd5 in gaih_inet.constprop.0 (/lib64/libc.so.6+0xf9fd5) #2 0x3ff88cfaf6f in getaddrinfo (/lib64/libc.so.6+0xfaf6f) #3 0x3ff89ba52a9 in __interceptor_getaddrinfo.part.0 (/lib64/libasan.so.8+0xa52a9) #4 0x1004909 in test_fd_tfo test/bio_tfo_test.c:241 [...] and fails the test. Fix this by freeing the return addrinfo on exit. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18979)
show more ...
|
278b0d8b | 10-Aug-2022 |
Juergen Christ |
Fix asan finding in bio_addr Running test_tfo_cli under asan yields ==166214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000d57c at pc 0x03ffa004ed86 bp 0x03ffe2977e
Fix asan finding in bio_addr Running test_tfo_cli under asan yields ==166214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000d57c at pc 0x03ffa004ed86 bp 0x03ffe2977e80 sp 0x03ffe2977668 READ of size 112 at 0x60700000d57c thread T0 #0 0x3ffa004ed85 in memcpy (/lib64/libasan.so.8+0x4ed85) #1 0x3ff9f3615b7 in BIO_ADDR_dup crypto/bio/bio_addr.c:77 [...] and fails the test. Fix this by copying the right structure of the union. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18979)
show more ...
|
d13c8b77 | 27-Jul-2022 |
Pauli |
Make OSSL_TIME a structure This prevents misuses creeping in. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https:
Make OSSL_TIME a structure This prevents misuses creeping in. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18882)
show more ...
|
2d46a44f | 24-Jul-2022 |
Daiyuu Nobori |
VC++ 2008 or earlier x86 compilers do not have an inline implementation of InterlockedOr64 for 32bit and will fail to run on Windows XP 32bit. See: https://docs.microsoft.com/en-us/cpp/intrinsics
VC++ 2008 or earlier x86 compilers do not have an inline implementation of InterlockedOr64 for 32bit and will fail to run on Windows XP 32bit. See: https://docs.microsoft.com/en-us/cpp/intrinsics/interlockedor-intrinsic-functions#requirements To work around this problem, we implement a manual locking mechanism for only VC++ 2008 or earlier x86 compilers. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18856)
show more ...
|
56d4ff6c | 29-Jul-2022 |
Pauli |
property: make cache flushing slight less deterministic If there is no timer available to seed the stochastic flushing, revert to a global seed that gets updated each flush. Rev
property: make cache flushing slight less deterministic If there is no timer available to seed the stochastic flushing, revert to a global seed that gets updated each flush. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18906)
show more ...
|
cd854f22 | 02-Aug-2022 |
Juergen Christ |
Fix GHASH-ASM implementation on s390x s390x GHASH assembler implementation assumed it was called from a gcm128_context structure where the Xi paramter to the ghash function was embed
Fix GHASH-ASM implementation on s390x s390x GHASH assembler implementation assumed it was called from a gcm128_context structure where the Xi paramter to the ghash function was embedded in that structure. Since the structure layout resembles the paramter block required for kimd-GHASH, the assembler code simply assumed the 128 bytes after Xi are the hash subkey. This assumption was broken with the introduction of AES-GCM-SIV which uses the GHASH implementation without a gcm128_context structure. Furthermore, the bytes following the Xi input parameter to the GHASH function do not contain the hash subkey. To fix this, we remove the assumption about the calling context and build the parameter block on the stack. This requires some copying of data to and from the stack. While this introduces a performance degradation, new systems anyway use kma for GHASH/AES-GCM. Finally fixes #18693 for s390x. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18939)
show more ...
|
fc5888cc | 01-Aug-2022 |
Sebastian Andrzej Siewior |
test/evp_test: Test if EVP_DigestSign() set signature's length. Increase the signature's length, that is passed to EVP_DigestSign(). The implementation should set this parameter back to
test/evp_test: Test if EVP_DigestSign() set signature's length. Increase the signature's length, that is passed to EVP_DigestSign(). The implementation should set this parameter back to the actual length, that has been written. This (oneshot_digestsign_test_run()) fails for the ed25519/ ed448 implementation of s390 prio the fix. The change in digestsign_test_run() follows the same pattern and is for collecting bonus points. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18928)
show more ...
|
bbedc052 | 01-Aug-2022 |
Sebastian Andrzej Siewior |
providers: Set the size of EC signature on s390. The s390x provides its custom implementation for the creation of the ed448 and ed25519 signatures. Unfortunately it does not set the size
providers: Set the size of EC signature on s390. The s390x provides its custom implementation for the creation of the ed448 and ed25519 signatures. Unfortunately it does not set the size. Users that rely of this return parameter end up with wrong values and will compare wrong sizes of signature. Set the proper size of the returned signature on success. Set an error if the signing operation fails. Fixes: #18912 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18928)
show more ...
|
2bd8190a | 02-Aug-2022 |
Kurt Roeckx |
Change name of parameter in documentation from sigret to sig The rest of the documentation talks about sig, not sigret Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by:
Change name of parameter in documentation from sigret to sig The rest of the documentation talks about sig, not sigret Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18943)
show more ...
|
65b41ab3 | 01-Aug-2022 |
Tomas Mraz |
Properly document deprecation of DH_new() and related functions Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hla
Properly document deprecation of DH_new() and related functions Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18925)
show more ...
|