| #
f5981c96 |
| 20-Sep-2024 |
slontis |
Add utility function ossl_param_is_empty()
Changed all provider implementations that have a set_ctx_params()
to call this function instead of just testing (params == NULL).This
detec
Add utility function ossl_param_is_empty()
Changed all provider implementations that have a set_ctx_params()
to call this function instead of just testing (params == NULL).This
detects the case wherean OSSL_PARAM array contains just a terminator
entry.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25499)
show more ...
|
| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
976dd358 |
| 26-Aug-2024 |
slontis |
Update code to use EVP_MD_xof()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
|
| #
f6a296c3 |
| 12-Aug-2024 |
slontis |
Cleanups for FIPS options..
The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.
Some FIPS related he
Cleanups for FIPS options..
The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.
Some FIPS related headers have moved to providers/fips/include so that
they can use fips_indicator_params.inc.
securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes
fipscommon.h.
fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than
using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used.
fips_names.h just uses aliases now for existing public names.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25162)
show more ...
|
| #
81bb8848 |
| 30-Jul-2024 |
pohsingwu |
Call key_check_passed in set_ctx_params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/
Call key_check_passed in set_ctx_params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)
show more ...
|
| #
1b838621 |
| 02-Jun-2024 |
pohsingwu |
Restrict the length of key-derivation key used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/o
Restrict the length of key-derivation key used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)
show more ...
|
| #
14e46600 |
| 17-Jul-2024 |
pohsingwu |
Restrict digest in set_ctx_params
In this commit, we also return different error if the digest is XOF.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale
Restrict digest in set_ctx_params
In this commit, we also return different error if the digest is XOF.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
show more ...
|
| #
6d47e819 |
| 02-Jun-2024 |
pohsingwu |
Restrict digest algorithm used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/
Restrict digest algorithm used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays
Fixes #20710
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays
Fixes #20710
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
| #
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.
There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.
Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
148176ca |
| 31-Mar-2022 |
Pauli |
kdf: avoid NULL dereference on malloc failure in sshkdf
Fixes #18009
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged
kdf: avoid NULL dereference on malloc failure in sshkdf
Fixes #18009
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18011)
show more ...
|
| #
59558f9d |
| 24-Jan-2022 |
Pauli |
ssh kdf: implement ctx dup operation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)
|
| #
d2217c88 |
| 30-Nov-2021 |
Tomas Mraz |
various kdfs: Always reset buflen after clearing the buffer
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17165)
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
c983a0e5 |
| 10-Mar-2021 |
Pauli |
prov: add extra params argument to KDF implementations
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
|
| #
3469b388 |
| 26-Feb-2021 |
Pauli |
prov: add extra params argument to KDF implementations
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
|
| #
1e8e5c60 |
| 23-Feb-2021 |
Pauli |
prov: support modified gettable/settable ctx calls for KDFs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
| #
a8eb71ad |
| 01-Feb-2021 |
Richard Levitte |
Allow the sshkdf type to be passed as a single character
This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.
This also slightly modifies the way diverse paramete
Allow the sshkdf type to be passed as a single character
This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.
This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.
Fixes #14027
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
show more ...
|
| #
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
|
| #
2741128e |
| 05-Feb-2021 |
Tomas Mraz |
Move the PROV_R reason codes to a public header
The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications
Move the PROV_R reason codes to a public header
The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications
or third party providers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
| #
270a5ce1 |
| 14-Dec-2020 |
Juergen Christ |
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
res
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
| #
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term libctx was used by far most often.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
| #
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
| #
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_
This stops them leaking into other namespaces in a static build.
They remain internal.
Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_
This stops them leaking into other namespaces in a static build.
They remain internal.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
