| fb9b3a7b | 04-May-2021 |
Matt Caswell |
Add additional testing of child libctx/providers
Add a case where a provider explicitly loads a provider into a child
libctx where it does not already exist.
Reviewed-by: Paul D
Add additional testing of child libctx/providers
Add a case where a provider explicitly loads a provider into a child
libctx where it does not already exist.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| abaa2dd2 | 04-May-2021 |
Matt Caswell |
Don't convert pre-existing providers into children
If a provider explicitly loads another provider into a child libctx where
it wasn't previously loaded then we don't start treating it l
Don't convert pre-existing providers into children
If a provider explicitly loads another provider into a child libctx where
it wasn't previously loaded then we don't start treating it like a child
if the parent libctx subsequently loads the same provider.
Fixes #14925
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| 8c627075 | 29-Apr-2021 |
Matt Caswell |
Add support for child provider to up_ref/free their parent
If the ref counts on a child provider change, then this needs to be
reflected in the parent so we add callbacks to do this.
Add support for child provider to up_ref/free their parent
If the ref counts on a child provider change, then this needs to be
reflected in the parent so we add callbacks to do this.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| 3b85bcfa | 26-Apr-2021 |
Matt Caswell |
Add a test to check that child provider callbacks are working
Write a test to confirm that if a provider is unloaded/loaded into a
libctx then it is similarly unloaded/loaded from any ch
Add a test to check that child provider callbacks are working
Write a test to confirm that if a provider is unloaded/loaded into a
libctx then it is similarly unloaded/loaded from any child libctxs.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| 7b88c184 | 23-Apr-2021 |
Matt Caswell |
Register callbacks with core for child provider creation/deletion
By adding callbacks to the core this will enable (in future commits) the
ability to add/remove child providers as the pr
Register callbacks with core for child provider creation/deletion
By adding callbacks to the core this will enable (in future commits) the
ability to add/remove child providers as the providers are added/removed
from the parent libctx.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| 5442611d | 22-Apr-2021 |
Matt Caswell |
Add a test for OSSL_LIB_CTX_new_child()
Check that we can create such a libctx and usable providers are loaded
into it.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fr
Add a test for OSSL_LIB_CTX_new_child()
Check that we can create such a libctx and usable providers are loaded
into it.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| d0efad48 | 22-Apr-2021 |
Matt Caswell |
Modify the legacy provider to use OSSL_LIB_CTX_new_child()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991) |
| f12a5690 | 21-Apr-2021 |
Matt Caswell |
Add the concept of a child OSSL_LIB_CTX
Add a child OSSL_LIB_CTX that will mirror the providers loaded into the
parent libctx. This is useful for providers that want to use algorithms
Add the concept of a child OSSL_LIB_CTX
Add a child OSSL_LIB_CTX that will mirror the providers loaded into the
parent libctx. This is useful for providers that want to use algorithms
from other providers and just need to inherit the providers used by the
application.
Fixes #14925
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| a16d2174 | 26-Apr-2021 |
Matt Caswell |
Add the ability for ex_data to have a priority
Where an object has multiple ex_data associated with it, then we free that
ex_data in order of priority (high priority first).
Rev
Add the ability for ex_data to have a priority
Where an object has multiple ex_data associated with it, then we free that
ex_data in order of priority (high priority first).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| d07af736 | 22-Apr-2021 |
Matt Caswell |
Only load the config file into the default libctx if necessary
There is no need to load providers from the config file into the default
libctx, if the current libctx that we are using is
Only load the config file into the default libctx if necessary
There is no need to load providers from the config file into the default
libctx, if the current libctx that we are using isn't the default libctx.
This avoids some deadlock situations.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
| 56784203 | 14-Apr-2021 |
Dr. David von Oheimb |
Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14
Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
show more ...
|
| f9253152 | 20-Mar-2021 |
Dr. David von Oheimb |
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
show more ...
|
| 6dbb2776 | 04-May-2021 |
Dmitry Belyavskiy |
Tests for creating req from PKCS8 keys with extra attrs
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15142) |
| f60e35d0 | 14-Apr-2021 |
Michael Richardson |
reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14877)
show more ...
|
| a7a7e6e3 | 08-May-2021 |
Pauli |
Reduce the runtime/output from the gmdiff test
Reduce from 1e6 iterations to 1e3. Add additional cases to cover the same
range although most intermediate values will be skipped.
Reduce the runtime/output from the gmdiff test
Reduce from 1e6 iterations to 1e3. Add additional cases to cover the same
range although most intermediate values will be skipped.
Fixes #15185
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15202)
show more ...
|
| f1a45f68 | 19-Apr-2021 |
David CARLIER |
armcap: fix Mac M1 SHA512 support.
The SIGILL catch/trap works however disabled purposely for Darwin,
thus relying on native api instead.
Reviewed-by: Paul Dale <pauli@openssl.
armcap: fix Mac M1 SHA512 support.
The SIGILL catch/trap works however disabled purposely for Darwin,
thus relying on native api instead.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14935)
show more ...
|
| d29d7a7f | 05-May-2021 |
Shane Lontis |
Fix i2d_PKCS8PrivateKey_nid_bio() regression.
This method ignores the nid and could end up saving out the private key unencrypted
In earlier alpha releases OSSL_num_encoders() retur
Fix i2d_PKCS8PrivateKey_nid_bio() regression.
This method ignores the nid and could end up saving out the private key unencrypted
In earlier alpha releases OSSL_num_encoders() returned 0 for this test
case, which then meant that the legacy path was run, and the key was
then correctly encrypted.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15152)
show more ...
|
| 333b31e3 | 10-May-2021 |
Pauli |
checksum fix
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15209) |
| 8be513ae | 28-Apr-2021 |
Daniel Bevenius |
Mark pop/clear error stack in der2key_decode_p8
This commit sets the error mark before calling d2i_X509_SIG
and clear it if that function call is successful.
The motivation for
Mark pop/clear error stack in der2key_decode_p8
This commit sets the error mark before calling d2i_X509_SIG
and clear it if that function call is successful.
The motivation for this is that if d2i_X509_SIG returns NULL then the
else clause will be entered and d2i_PKCS8_PRIV_KEY_INFO will be
called. If d2i_X509_SIG raised any errors those error will be on the
error stack when d2i_PKCS8_PRIV_KEY_INFO gets called, and even if it
returns successfully those errors will still be on the error stack.
We ran into this issue when upgrading Node.js to 3.0.0-alpha15.
More details can be found in the ref links below.
Refs: https://github.com/nodejs/node/issues/38373
Refs: https://github.com/danbev/learning-libcrypto/blob/master/notes/wrong-tag-issue2.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15067)
show more ...
|
| f7f0632b | 24-Apr-2021 |
David Carlier |
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15015)
show more ...
|
| 10646160 | 19-Mar-2021 |
fangming.fang |
Optimize RSA on armv8
Add Neon path for RSA on armv8, this optimisation targets to A72
and N1 that are ones of important cores of infrastructure. Other
platforms are not impacted.
Optimize RSA on armv8
Add Neon path for RSA on armv8, this optimisation targets to A72
and N1 that are ones of important cores of infrastructure. Other
platforms are not impacted.
A72
old new improved
rsa 512 sign 9828.6 9738.7 -1%
rsa 512 verify 121497.2 122367.7 1%
rsa 1024 sign 1818 1816.9 0%
rsa 1024 verify 37175.6 37161.3 0%
rsa 2048 sign 267.3 267.4 0%
rsa 2048 verify 10127.6 10119.6 0%
rsa 3072 sign 86.8 87 0%
rsa 3072 verify 4604.2 4956.2 8%
rsa 4096 sign 38.3 38.5 1%
rsa 4096 verify 2619.8 2972.1 13%
rsa 7680 sign 5 7 40%
rsa 7680 verify 756 929.4 23%
rsa 15360 sign 0.8 1 25%
rsa 15360 verify 190.4 246 29%
N1
old new improved
rsa 512 sign 12599.2 12596.7 0%
rsa 512 verify 148636.1 148656.2 0%
rsa 1024 sign 2150.6 2148.9 0%
rsa 1024 verify 42353.5 42265.2 0%
rsa 2048 sign 305.5 305.3 0%
rsa 2048 verify 11209.7 11205.2 0%
rsa 3072 sign 97.8 98.2 0%
rsa 3072 verify 5061.3 5990.7 18%
rsa 4096 sign 42.8 43 0%
rsa 4096 verify 2867.6 3509.8 22%
rsa 7680 sign 5.5 8.4 53%
rsa 7680 verify 823.5 1058.3 29%
rsa 15360 sign 0.9 1.1 22%
rsa 15360 verify 207 273.9 32%
CustomizedGitHooks: yes
Change-Id: I01c732cc429d793c4eb5ffd27ccd30ff9cebf8af
Jira: SECLIB-540
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14761)
show more ...
|
| f0f4a46c | 09-May-2021 |
Nicola Tuveri |
FIPS checksums update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15108) |
| e70abb8b | 01-May-2021 |
Theo Buehler |
Test oct2point for hybrid point encoding of (0, y)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/
Test oct2point for hybrid point encoding of (0, y)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15108)
show more ...
|
| 56f02379 | 01-May-2021 |
Theo Buehler |
Avoid division by zero in hybrid point encoding
In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x. For a point on a b
Avoid division by zero in hybrid point encoding
In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x. For a point on a binary
curve, this bit is zero if x is zero, otherwise it must match the
rightmost bit of of the field element y / x. The existing code only
considers the second possibility. It could thus incorrecly fail with a
division by zero error as found by Guido Vranken's cryptofuzz.
This commit adds a few explanatory comments to oct2point. The only
actual code change is in the last hunk which adds a BN_is_zero(x)
check to avoid the division by zero.
Fixes #15021
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15108)
show more ...
|
| 32b1da71 | 04-May-2021 |
Benjamin Kaduk |
tasn_dec: use do/while around statement macros
Use the do {} while (0) construct around macros whose bodies are complete
statements (including one that has internal control flow!). This
tasn_dec: use do/while around statement macros
Use the do {} while (0) construct around macros whose bodies are complete
statements (including one that has internal control flow!). This is
safer and avoids any risk of misinterpretation if the macro is used in
an unexpected context.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15143)
show more ...
|
