Age | Commit message (Collapse) | Author |
|
UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.
Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).
Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.
This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.
For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.
Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
change in behavior for our providers.
Fixes #16595
(cherry picked from commit 926db476bc669fdcc4c4d2f1cb547060bdbfa153)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19901)
|
|
Fixes openssl#19771
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19787)
(cherry picked from commit a63fa5f711f1f97e623348656b42717d6904ee3e)
(cherry picked from commit f3e9308fe1b692c424feaa256fbecce958cef1f4)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Fixes #19488
Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)
(cherry picked from commit c7424fe68c65aa2187a8e4028d7dea742b95d81a)
(cherry picked from commit 4215d649e92bc4c42997ec4a1e65beba1055bbe1)
|
|
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19438)
(cherry picked from commit b6553796190ad7401b89c6cd0499bae77b39d1a6)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/19380)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18390)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18302)
(cherry picked from commit 8b97bfcccc4328c65156bff6886db8733df39fde)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
Fixes #17928. Supercedes #17931.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17935)
(cherry picked from commit 77d7b6eebb411fdb2c3d1390ac779300757aa9dc)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Provide a different mechanism to indicate that the application wants
to retry the verification. The negative result of the callback function
now indicates an error again.
Instead the SSL_set_retry_verify() can be called from the callback
to indicate that the handshake should be suspended.
Fixes #17568
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17825)
(cherry picked from commit dfb39f73132edf56daaad189e6791d1bdb57c4db)
|
|
Fixes #17743
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
(cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972)
|
|
After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.
The option to use the constant time code exists as it was in OpenSSL 1.1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)
|
|
When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.
Fixes: https://github.com/openssl/openssl/issues/17506
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
(cherry picked from commit 59ccb72cd5cec3b4e312853621e12a68dacdbc7e)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17304)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17270)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17264)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16567)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16533)
(cherry picked from commit 95a444c9adcad04035704ab3b5d749a185ef0960)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16528)
|
|
The text in CHANGES.md got fleshed out a bit more as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16522)
|
|
These algorithms were added to providers but have no const EVP_CIPHER*
mapping. Ciphers for SIV and CTS were previously only available via low level
function calls that are deprecated.
Reported by @reaperhulk.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16414)
|
|
Fixes #16394
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16424)
|
|
Also note that it is no longer interoperable with 1.1.1.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16343)
|
|
The news/changes files are being nitted causing CI failure. This addresses the
issues.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16413)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Fixes #16244
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16281)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16180)
|