#
123c8586 |
| 01-Sep-2023 |
Neil Horman |
Add dupctx support to rc4_hmac_md5 algo Pretty straightforward, just clone the requested context, no pointers to fixup Fixes #21887 Reviewed-by: Paul Dale <pauli@openss
Add dupctx support to rc4_hmac_md5 algo Pretty straightforward, just clone the requested context, no pointers to fixup Fixes #21887 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21933)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
#
085e3cec |
| 03-Jun-2021 |
Tomas Mraz |
Move libssl related defines used by fips provider to prov_ssl.h This nicely reduces the number of files considered as fips provider sources. Reviewed-by: Matt Caswell <matt@open
Move libssl related defines used by fips provider to prov_ssl.h This nicely reduces the number of files considered as fips provider sources. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15609)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
12ddfa6b |
| 02-Mar-2021 |
Pauli |
support params argument to AES cipher init calls Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
644c5dd3 |
| 23-Feb-2021 |
Pauli |
prov: upport modified gettable/settable ctx calls for ciphers Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14240)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
#
2741128e |
| 05-Feb-2021 |
Tomas Mraz |
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14086)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
a054d15c |
| 17-Dec-2020 |
Shane Lontis |
Replace provider cipher flags with separate param fields Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13830)
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
0d83b7b9 |
| 14-Jan-2021 |
Tomas Mraz |
Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity To clarify the purpose of these two calls rename them to EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_up
Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity To clarify the purpose of these two calls rename them to EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv. Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV to better align with the function name. Fixes #13411 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13870)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
6db0d58d |
| 11-Nov-2020 |
Matt Caswell |
Fix RC4-MD5 based ciphersuites The RC4-MD5 ciphersuites were not removing the length of the MAC when calculating the length of decrypted TLS data. Since RC4 is a streamed cipher that
Fix RC4-MD5 based ciphersuites The RC4-MD5 ciphersuites were not removing the length of the MAC when calculating the length of decrypted TLS data. Since RC4 is a streamed cipher that doesn't use padding we separate out the concepts of fixed length TLS data to be removed, and TLS padding. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13378)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
592dcfd3 |
| 29-Sep-2020 |
Pauli |
prov: prefix all exposed 'cipher' symbols with ossl_ Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13030)
|
#
7d6766cb |
| 28-Sep-2020 |
Pauli |
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/open
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13014)
show more ...
|
#
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
f99d3eed |
| 08-Sep-2020 |
Pauli |
ciphers: add FIPS error state handling The functions that check for the provider being runnable are: new, init, final and dupctx. Reviewed-by: Matt Caswell <matt@openssl.org>
ciphers: add FIPS error state handling The functions that check for the provider being runnable are: new, init, final and dupctx. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
#
a361cb84 |
| 18-Aug-2020 |
Matt Caswell |
Fix stitched ciphersuites in TLS1.0 TLS1.0 does not have an explicit IV in the record, and therefore we should not attempt to remove it. Reviewed-by: Tomas Mraz <tmraz@fedorapro
Fix stitched ciphersuites in TLS1.0 TLS1.0 does not have an explicit IV in the record, and therefore we should not attempt to remove it. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12670)
show more ...
|
#
1017ab21 |
| 07-Aug-2020 |
Pauli |
provider: add the unused paramater tag to the gettable and settable functions Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12603)
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
84890268 |
| 19-Jun-2020 |
Benjamin Kaduk |
Support cipher provider "iv state" Some modes (e.g., CBC and OFB) update the effective IV with each block-cipher invocation, making the "IV" stored in the (historically) EVP_CIPHER_C
Support cipher provider "iv state" Some modes (e.g., CBC and OFB) update the effective IV with each block-cipher invocation, making the "IV" stored in the (historically) EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial IV passed in at cipher initialization time. The latter is stored in the "oiv" (original IV) field, and has historically been accessible via the EVP_CIPHER_CTX_original_iv() API. The "effective IV" has also historically been accessible, via both EVP_CIPHER_CTX_iv() and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for *write* access to the internal cipher state. This is particularly problematic given that provider-internal cipher state need not, in general, even be accessible from the same address space as libcrypto, so these APIs are not sustainable in the long term. However, it still remains necessary to provide access to the contents of the "IV state" (e.g., when serializing cipher state for in-kernel TLS); a subsequent reinitialization of a cipher context using the "IV state" as the input IV will be able to resume processing of data in a compatible manner. This problem was introduced in commit 089cb623be76b88a1eea6fcd135101037661bbc3, which effectively caused all IV queries to return the "original IV", removing access to the current IV state of the cipher. These functions for accessing the (even the "original") IV had remained undocumented for quite some time, presumably due to unease about exposing the internals of the cipher state in such a manner. Note that this also as a side effect "fixes" some "bugs" where things had been referring to the 'iv' field that should have been using the 'oiv' field. It also fixes the EVP_CTRL_GET_IV cipher control, which was clearly intended to expose the non-original IV, for use exporting the cipher state into the kernel for kTLS. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12233)
show more ...
|
#
af5e1e85 |
| 05-Aug-2020 |
Pauli |
gettables: provider changes to pass the provider context. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
|
#
63ee6ec1 |
| 23-Jun-2020 |
Matt Caswell |
Ensure any allocated MAC is freed in the provider code Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
|
#
363b1e5d |
| 20-Jun-2020 |
Dr. Matthias St. Pierre |
Make the naming scheme for dispatched functions more consistent The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core a
Make the naming scheme for dispatched functions more consistent The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core and providers. This change includes in particular all up- and downcalls, i.e., the dispatched functions passed from core to provider and vice versa. - OSSL_core_ -> OSSL_FUNC_core_ - OSSL_provider_ -> OSSL_FUNC_core_ For operations and their function dispatch tables, the following convention is used: Type | Name (evp_generic_fetch(3)) | ---------------------|-----------------------------------| operation | OSSL_OP_FOO | function id | OSSL_FUNC_FOO_FUNCTION_NAME | function "name" | OSSL_FUNC_foo_function_name | function typedef | OSSL_FUNC_foo_function_name_fn | function ptr getter | OSSL_FUNC_foo_function_name | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
show more ...
|
Revision tags: openssl-3.0.0-alpha3 |
|
#
320d96a3 |
| 01-Jun-2020 |
Benjamin Kaduk |
Set cipher IV as octet string and pointer from providers OSSL_CIPHER_PARAM_IV can be accessed both as an octet string and as an octet pointer (for routines like EVP_CIPHER_CTX_iv() that
Set cipher IV as octet string and pointer from providers OSSL_CIPHER_PARAM_IV can be accessed both as an octet string and as an octet pointer (for routines like EVP_CIPHER_CTX_iv() that are in a nebulous undocumented-and-might-go-away-eventually state), the latter for when there is need to modify the actual value in the provider. Make sure that we consistently try to set it as both the string and pointer forms (not just octet string) and only fail if neither version succeeds. The generic cipher get_ctx_params routine was already doing so, but the AES-variant-, GCM-, and CCM-specific ones were not. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12039)
show more ...
|
Revision tags: openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
d8d4e5fb |
| 03-Feb-2020 |
Matt Caswell |
Fix no-multiblock Minor fixes to resolve compilation errors with the no-multiblock Configure option. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://
Fix no-multiblock Minor fixes to resolve compilation errors with the no-multiblock Configure option. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11004)
show more ...
|
#
d5e66eab |
| 04-Feb-2020 |
Shane Lontis |
Fix coverity issues CID 1457745...1457752, 1457853, 1457854 CID 1457854 - keymgmt_lib.c : OVERRUN CID 1457853 - self_test_kats.c : UNINT CID 1457752 - fipsprov.c RESOURCE_LEAK (code
Fix coverity issues CID 1457745...1457752, 1457853, 1457854 CID 1457854 - keymgmt_lib.c : OVERRUN CID 1457853 - self_test_kats.c : UNINT CID 1457752 - fipsprov.c RESOURCE_LEAK (code change in another PR removed this) CID 1457751 - apps/pkcs12.c CHECKED_RETURN CID 1457750 - dsa_ossl.c RESOURCE_LEAK (marked as false positive since tmp can not be NULL) CID 1457749 - apps/nseq.c : CHECKED_RETURN CID 1457748 - cipher_aes_cbc_hmac_sha.c : SIZEOF_MISMATCH CID 1457747 - cipher_aes_cbc_hmac_sha.c : SIZEOF_MISMATCH CID 1457746 - same as 1457752 CID 1457745 - apps/ocsp : CHECKED_RETURN Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10934)
show more ...
|