| 75e35c9a | 19-Jun-2020 |
FdaSilvaYY |
Fix `no-ts` builds.
`ess_lib.c` is called from `cms` and `ts` modules.
Fixes #12155
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openss
Fix `no-ts` builds.
`ess_lib.c` is called from `cms` and `ts` modules.
Fixes #12155
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12209)
show more ...
|
| c720fc35 | 18-Jun-2020 |
Pauli |
namemap: change ossl_namemap_empty() to do what the documentation says.
The function is documented as returning 1 when passed a NULL argument.
Instead it core dumps. Added a unit test f
namemap: change ossl_namemap_empty() to do what the documentation says.
The function is documented as returning 1 when passed a NULL argument.
Instead it core dumps. Added a unit test for this.
Additionally, a performance improvement is incorporated. The namemap
max_number field is only ever compared against zero and incremented.
The zero comparison grabs a lock specifically for this check. This change
uses TSAN operations instead if they are available.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12181)
show more ...
|
| 7cc5e0d2 | 01-Jun-2020 |
Benjamin Kaduk |
Allow oversized buffers for provider cipher IV fetch
When we're fetching an IV, there's no need to enforce that the
provided buffer is exactly the same size as the IV we want to
writ
Allow oversized buffers for provider cipher IV fetch
When we're fetching an IV, there's no need to enforce that the
provided buffer is exactly the same size as the IV we want to
write into it. This might happen, for example, when
EVP_CIPHER_CTX_iv_noconst() passes sizeof(ctx->iv) (that is,
EVP_MAX_IV_LENGTH) for an AES-GCM cipher that uses a shorter IV.
AES-OCB and CCM were also affected.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12039)
show more ...
|
| 320d96a3 | 01-Jun-2020 |
Benjamin Kaduk |
Set cipher IV as octet string and pointer from providers
OSSL_CIPHER_PARAM_IV can be accessed both as an octet string and as
an octet pointer (for routines like EVP_CIPHER_CTX_iv() that
Set cipher IV as octet string and pointer from providers
OSSL_CIPHER_PARAM_IV can be accessed both as an octet string and as
an octet pointer (for routines like EVP_CIPHER_CTX_iv() that are
in a nebulous undocumented-and-might-go-away-eventually state),
the latter for when there is need to modify the actual value in
the provider.
Make sure that we consistently try to set it as both the string and pointer
forms (not just octet string) and only fail if neither version succeeds. The
generic cipher get_ctx_params routine was already doing so, but the
AES-variant-, GCM-, and CCM-specific ones were not.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12039)
show more ...
|
| 5797e309 | 19-Jun-2020 |
Richard Levitte |
Build: Remove faulty DES assembler spec
crypto/des/build.info had a faulty spec that ghash-ia64 should be
compiled for DES. Removed.
Fixes #12197
Reviewed-by: Paul Dal
Build: Remove faulty DES assembler spec
crypto/des/build.info had a faulty spec that ghash-ia64 should be
compiled for DES. Removed.
Fixes #12197
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12203)
show more ...
|
| 760aaf1b | 19-Jun-2020 |
Pauli |
doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12200) |
| f36c3885 | 17-Jun-2020 |
Matt Caswell |
Return the cookie_len value from generate_cookie_callback
The generate_cookie_callback was failing to pass back the generated
cookie length to the caller. This results in DTLS connection
Return the cookie_len value from generate_cookie_callback
The generate_cookie_callback was failing to pass back the generated
cookie length to the caller. This results in DTLS connection failures
from s_server.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12179)
show more ...
|
| cfbe41ea | 17-Jun-2020 |
Matt Caswell |
Fix the DTLS1_COOKIE_LENGTH value
The DTLS1_COOKIE_LENGTH value was incorrect in the header files. We
couldn't change it before due to ABI concerns. However 3.0 is not ABI
compatible
Fix the DTLS1_COOKIE_LENGTH value
The DTLS1_COOKIE_LENGTH value was incorrect in the header files. We
couldn't change it before due to ABI concerns. However 3.0 is not ABI
compatible so we can now fix it.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12179)
show more ...
|
| 989a8577 | 16-Jun-2020 |
Matt Caswell |
Add evp_extra_test2 to .gitignore
This is a test executable which should not be added to the repository
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://
Add evp_extra_test2 to .gitignore
This is a test executable which should not be added to the repository
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
show more ...
|
| 9ee77767 | 15-Jun-2020 |
Matt Caswell |
Add a test for d2i_AutoPrivateKey_ex with a non-default libctx
Really this test should go in evp_extra_test. However that doesn't
currently support a non-default libctx (with the "null"
Add a test for d2i_AutoPrivateKey_ex with a non-default libctx
Really this test should go in evp_extra_test. However that doesn't
currently support a non-default libctx (with the "null" provider in the
default libctx). So (for now) we create evp_extra_test2.c
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
show more ...
|
| febe6bb7 | 15-Jun-2020 |
Matt Caswell |
Ensure creating an EC public key uses the libctx
Creating an EC public key from the private key uses random numbers
internally, which require use of the proper libtx. Therefore we make
Ensure creating an EC public key uses the libctx
Creating an EC public key from the private key uses random numbers
internally, which require use of the proper libtx. Therefore we make
sure the libctx is used during this operation.
Fixes #12150
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
show more ...
|
| 2da8d4eb | 15-Jun-2020 |
Matt Caswell |
Add more complete support for libctx/propq in the EC code
Renames some "new_ex" functions to "new_with_libctx" and ensures that we
pass around the libctx AND the propq everywhere.
Add more complete support for libctx/propq in the EC code
Renames some "new_ex" functions to "new_with_libctx" and ensures that we
pass around the libctx AND the propq everywhere.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
show more ...
|
| 48e971dd | 16-Jun-2020 |
Matt Caswell |
Create defines for TLS Group Ids
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914) |
| e09f8d25 | 11-Jun-2020 |
Matt Caswell |
Don't send supported groups if no-ec and we're doing DTLS
The supported_groups extension only supported EC groups in DTLS.
Therefore we shouldn't send it in a no-ec build.
Revie
Don't send supported groups if no-ec and we're doing DTLS
The supported_groups extension only supported EC groups in DTLS.
Therefore we shouldn't send it in a no-ec build.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| db9592c1 | 22-May-2020 |
Matt Caswell |
Provider a better error message if we fail to copy parameters
If EVP_PKEY_copy_parameters() failed in libssl we did not provide a very
helpful error message. We provide a better one.
Provider a better error message if we fail to copy parameters
If EVP_PKEY_copy_parameters() failed in libssl we did not provide a very
helpful error message. We provide a better one.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 6136ecaa | 22-May-2020 |
Matt Caswell |
Make sure we save the copy function when registering a new Keymgmt
If a provider had a "copy" function in the its keymgmt definition we
were ignoring it.
Reviewed-by: Shane Lont
Make sure we save the copy function when registering a new Keymgmt
If a provider had a "copy" function in the its keymgmt definition we
were ignoring it.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 0c13cdf8 | 21-May-2020 |
Matt Caswell |
Write a test provider to test the TLS-GROUPS capability
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914) |
| 260009d8 | 21-May-2020 |
Matt Caswell |
Update the various SSL group getting and setting functions
A number of these functions returned a NID or an array of NIDs for the
groups. Now that groups can come from the providers we d
Update the various SSL group getting and setting functions
A number of these functions returned a NID or an array of NIDs for the
groups. Now that groups can come from the providers we do not necessarily
know the NID. Therefore we need to handle this in a clean way.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 90929138 | 21-May-2020 |
Matt Caswell |
Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914) |
| 3c49e4ff | 21-May-2020 |
Matt Caswell |
Add documentation about Capabilities
Document the OSSL_PROVIDER_get_capabilities() function as well as the
provider side support for capabilities.
Reviewed-by: Shane Lontis <sha
Add documentation about Capabilities
Document the OSSL_PROVIDER_get_capabilities() function as well as the
provider side support for capabilities.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 381f3f3b | 20-May-2020 |
Matt Caswell |
Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too
The previous commits made EVP_PKEY_CTX_[get|set]_group_name work for
EC and DH keys. We now extend this to ECX. Even though that k
Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too
The previous commits made EVP_PKEY_CTX_[get|set]_group_name work for
EC and DH keys. We now extend this to ECX. Even though that keys with
these key types only have one group we still allow it to be explicitly
set so that we have only one codepath for all keys. Setting the group
name for these types of keys is optional, but if you do so it must have
the correct name.
Additionally we enable parameter generation for these keys. Parameters
aren't actually needed for this key type, but for the same reasons as
above (to ensure a single codepath for users of these algorithms) we
enable it anyway.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 023b188c | 20-May-2020 |
Matt Caswell |
Make EVP_PKEY_CTX_[get|set]_group_name work for DH too
The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work f
Make EVP_PKEY_CTX_[get|set]_group_name work for DH too
The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work for
DH.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 11a1b341 | 19-May-2020 |
Matt Caswell |
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic
We rename these function to EVP_PKEY_CTX_get_group_name and
EVP_PKEY_CTX_set_group_name so that they can be used for other
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic
We rename these function to EVP_PKEY_CTX_get_group_name and
EVP_PKEY_CTX_set_group_name so that they can be used for other algorithms
other than EC.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 9d2d857f | 18-May-2020 |
Matt Caswell |
Modify libssl to discover supported groups based on available providers
Now that we have added the TLS-GROUP capability to the default provider
we can use that to discover the supported
Modify libssl to discover supported groups based on available providers
Now that we have added the TLS-GROUP capability to the default provider
we can use that to discover the supported group list based on the loaded
providers.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| 82ec09ec | 18-May-2020 |
Matt Caswell |
Add the OSSL_PROVIDER_get_capabilities() API function
Provide a function to applications to query the capabilities that a
provider can perform.
Reviewed-by: Shane Lontis <shane.
Add the OSSL_PROVIDER_get_capabilities() API function
Provide a function to applications to query the capabilities that a
provider can perform.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
