Revision tags: openssl-3.0.0-alpha17 |
|
#
7c14d0c1 |
| 14-May-2021 |
Shane Lontis |
Rename the field 'provctx and data' to 'algctx' inside some objects containing pointers to provider size algorithm contexts. Fixes #14284 The gettable_ctx_params methods were co
Rename the field 'provctx and data' to 'algctx' inside some objects containing pointers to provider size algorithm contexts. Fixes #14284 The gettable_ctx_params methods were confusingly passing a 'provctx' and a provider context which are completely different objects. Some objects such as EVP_KDF used 'data' while others such as EVP_MD used 'provctx'. For libcrypto this 'ctx' is an opaque ptr returned when a providers algorithm implementation creates an internal context using a new_ctx() method. Hence the new name 'algctx'. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15275)
show more ...
|
#
d2f53212 |
| 17-May-2021 |
Richard Levitte |
Make sure to include "internal/numbers.h" to get SIZE_MAX Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
#
f6c95e46 |
| 16-Feb-2021 |
Rich Salz |
Add "origin" field to EVP_CIPHER, EVP_MD Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle
Add "origin" field to EVP_CIPHER, EVP_MD Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
show more ...
|
#
4b58d9b4 |
| 02-Mar-2021 |
Pauli |
evp: add params arguments to init functions Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
22cd0414 |
| 02-Mar-2021 |
Tomas Mraz |
do_sigver_init: Remove fallback for missing provider implementations. We now have everything implemented in providers. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from ht
do_sigver_init: Remove fallback for missing provider implementations. We now have everything implemented in providers. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14404)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
5b888e93 |
| 15-Feb-2021 |
Petr Gotthard |
Fix propquery handling in EVP_DigestSignInit_ex Fixes #14183. Fix the condition to detect legacy engines, so the `props` are considered even when libctx == NULL. Reviewed-by: To
Fix propquery handling in EVP_DigestSignInit_ex Fixes #14183. Fix the condition to detect legacy engines, so the `props` are considered even when libctx == NULL. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14188)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
f21c9c64 |
| 30-Sep-2020 |
Richard Levitte |
EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use We've had explicit checks for when to fall back to legacy code for operations that use an EVP_PKEY. Unfortunately, t
EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use We've had explicit checks for when to fall back to legacy code for operations that use an EVP_PKEY. Unfortunately, the checks were radically different in different spots, so we refactor that into a macro that gets used everywhere. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13043)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
f80d0d2f |
| 14-Sep-2020 |
Dmitry Belyavskiy |
HMAC should work with non-provided digests Fixes #12839 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from htt
HMAC should work with non-provided digests Fixes #12839 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12874)
show more ...
|
#
3101ab60 |
| 03-Sep-2020 |
Matt Caswell |
Fix an EVP_MD_CTX leak If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same EVP_MD_CTX with a provided MD then we end up leaking the md_data. We need to ensu
Fix an EVP_MD_CTX leak If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same EVP_MD_CTX with a provided MD then we end up leaking the md_data. We need to ensure we free the md_data if we change to a provided MD. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12779)
show more ...
|
#
86df26b3 |
| 02-Sep-2020 |
Richard Levitte |
EVP: Add support for delayed EVP_PKEY operation parameters They get called "delayed parameters" because they may make it to the implementation at a later time than when they're given.
EVP: Add support for delayed EVP_PKEY operation parameters They get called "delayed parameters" because they may make it to the implementation at a later time than when they're given. This currently only covers the distinguished ID, as that's the only EVP_PKEY operation parameter so far that has been possible to give before the operation has been initialized. This includes a re-implementation of EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id(), and EVP_PKEY_CTX_get1_id_len(). Also, the more rigorous controls of keytype and optype are restored. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12789)
show more ...
|
#
8014b2a9 |
| 11-Aug-2020 |
Matt Caswell |
Don't require a default digest from signature algorithms Some signature algorithms don't need a default digest, so don't fail if we don't have one. Reviewed-by: Paul Dale <paul.
Don't require a default digest from signature algorithms Some signature algorithms don't need a default digest, so don't fail if we don't have one. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
ada0670b |
| 10-Aug-2020 |
Matt Caswell |
Fix some EVP_MD_CTX_* functions Fixes some issues with EVP_MD_CTX_* functions when doing EVP_DigestSign* and EVP_DigestVerify* functions. Reviewed-by: Paul Dale <paul.dale@oracl
Fix some EVP_MD_CTX_* functions Fixes some issues with EVP_MD_CTX_* functions when doing EVP_DigestSign* and EVP_DigestVerify* functions. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
0ab18e79 |
| 26-Jul-2020 |
Shane Lontis |
Add EVP signature with libctx methods. -Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx() -Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to
Add EVP signature with libctx methods. -Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx() -Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
show more ...
|
#
b8ea8d39 |
| 28-Jul-2020 |
Matt Caswell |
Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily The only reason we should fallback to legacy codepaths in DigestSignInit/ DigestVerifyInit, is if we have an engine
Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily The only reason we should fallback to legacy codepaths in DigestSignInit/ DigestVerifyInit, is if we have an engine, or we have a legacy algorithm that does not (yet) have a provider based equivalent (e.g. SM2, HMAC, etc). Currently we were falling back even if we have a suitable key manager but the export of the key fails. This might be for legitimate reasons (e.g. we only have the FIPS provider, but we're trying to export a brainpool key). In those circumstances we don't want to fallback to the legacy code. Therefore we tighten then checks for falling back to legacy. Eventually this particular fallback can be removed entirely (once all legacy algorithms have provider based key managers). Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12550)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
2c6094ba |
| 06-May-2020 |
Richard Levitte |
EVP: For SIGNATURE operations, pass the propquery early Instead of passing it with signature->digest_verify_init() and signature->digest_sign_init(), we pass it with signature->newctx().
EVP: For SIGNATURE operations, pass the propquery early Instead of passing it with signature->digest_verify_init() and signature->digest_sign_init(), we pass it with signature->newctx(). This allows the digests that are indicated by RSA PSS parameters to have a useful propquery. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710)
show more ...
|
#
089c2928 |
| 26-Apr-2020 |
Pauli |
coverity 1462546 Dereference after null check Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
|
#
72133070 |
| 26-Apr-2020 |
Pauli |
coverity 1462565: Null pointer dereferences Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
4c627d86 |
| 20-Apr-2020 |
Richard Levitte |
EVP: Fix EVP_Digest{Sign,Verify}Init() to handle no default digest EVP_DigestSignInit() and EVP_DigestVerifyInit() would detect if there is no default digest when using legacy (EVP_PKEY_
EVP: Fix EVP_Digest{Sign,Verify}Init() to handle no default digest EVP_DigestSignInit() and EVP_DigestVerifyInit() would detect if there is no default digest when using legacy (EVP_PKEY_ASN1_METHOD) implementations. However, it doesn't do that when provider side keys are used. Furthermore, because EVP_PKEY_get_default_digest_name() was used in the portion of the code that uses the provider implementation, the EVP_PKEY_ASN1_METHOD would be used if the key has one attached. This is now changed to use evp_keymgmt_util_get_deflt_digest_name() instead. Finally, we make sure to detect if the provider implementation supports the digest name parameters (default or mandatory), and returns with error if not. This is what the legacy portion of the code does. Fixes #11571 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11576)
show more ...
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
55ca8125 |
| 16-Mar-2020 |
Matt Caswell |
Handle mdname in legacy EVP_DigestSignInit_ex codepaths Even though an application callS the new EVP_DigestSignInit_ex() function to pass an mdname by string rather than EVP_MD, we may s
Handle mdname in legacy EVP_DigestSignInit_ex codepaths Even though an application callS the new EVP_DigestSignInit_ex() function to pass an mdname by string rather than EVP_MD, we may still end up in legacy codepaths, and therefore we need to handle either mdname or EVP_MD, in both legacy and non-legacy codepaths. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11353)
show more ...
|