Age | Commit message (Collapse) | Author |
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
Fixes #20084
In the 3.0 provider implementation the generic code that handles IV's
only allows a 12 byte IV. Older code intentionally added the ability for
the IV to be truncated.
As this truncation is unsafe, the documentation has been updated to
state that this in no longer allowed. The code has been updated to
produce an error when the iv length is set to any value other than 12.
NOTE: It appears that this additional padding may have originated from the code
which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes.
Note that legacy behaviour in e_chacha20_poly1305.c has not been
updated.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20151)
(cherry picked from commit a01152370676e7e11fb461cff8628eb50fa41b81)
|
|
In EC key generation, if allocation of struct ec_gen_ctx fails, values
provided by parameters are copied into the context at represented by a NULL
pointer. To fix this, prevent copy if allocation fails.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20055)
(cherry picked from commit 235ef96049dbe337a3c3c5d419dacbb5a81df1b3)
|
|
is used.
Fixes #19934
The existing code was looking for the digest size, and then returned
zero.
The example code in EVP_KDF-SS.pod has been corrected to not use a
digest.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19935)
(cherry picked from commit e8add4d379075a6daef2591edd830297d469b9f4)
|
|
Fixes #19909
I have enforced a maximum bound still but it is much higher.
Note also that TLS13 still uses the 2048 buffer size.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19923)
(cherry picked from commit e8115bd1654d5cd7718109679b2047ca573083a8)
|
|
If x and y are all NULL, then it is unnecessary to do subsequent operations.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19905)
(cherry picked from commit 467b0492c1e597857b30b91ed72605387aa9825b)
|
|
UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.
Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).
Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.
This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.
For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.
Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
change in behavior for our providers.
Fixes #16595
(cherry picked from commit 926db476bc669fdcc4c4d2f1cb547060bdbfa153)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19901)
|
|
This is necessary to pass new ACVP tests and to
fix the CI failure in FIPS provider compat CI
Partial cherry pick of 211c47ca1b1ac129dcee59d383cae44e36532bb9
Original-author: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19937)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19678)
(cherry picked from commit 3b6154ccaf3e64bcdfda4859f2b98ef21b08c5b2)
|
|
Fixes #19524
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19525)
(cherry picked from commit f5a10d5cc19215ab22be55b4a2ee1e41bd38fb14)
|
|
This is a development remnant, which should have been remove when finalized.
Fixes #19546
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19548)
(cherry picked from commit 57d2bccdb2112cc09de1bec585da878161b1364f)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
SYS$GETTIM_PREC is a very new function, only available on OpenVMS v8.4.
OpenSSL binaries built on OpenVMS v8.4 become unusable on older OpenVM
versions, but building for the older CRTL version will make the high
precision time functions unavailable.
Tests have shown that on Alpha and Itanium, the time update granularity
between SYS$GETTIM and SYS$GETTIM_PREC is marginal, so the former plus
a sequence number turns out to be better to guarantee a unique nonce.
Fixes #18727
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18731)
(cherry picked from commit 7056dc9c50baa4af5152c625c4735806d51c67cd)
|
|
Fixes #19488
Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)
(cherry picked from commit c7424fe68c65aa2187a8e4028d7dea742b95d81a)
(cherry picked from commit 4215d649e92bc4c42997ec4a1e65beba1055bbe1)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)
(cherry picked from commit 155a82d1fe1c50d859081ff67f26633b9d7dada8)
|
|
Including RIPEMD160 in both the default and legacy providers shouldn't break
anyone and makes the algorithm available more readily.
Fixes #17722
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)
(cherry picked from commit ecd831469919215b0a45693b00ec0fd7d42d5d61)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/19382)
|
|
Fixes #19290
update rsa_set_ctx_params() so that the digest function used in the
MGF1 construction is set correctly. Add a test for this to
evp_extra_test.c based on the code scaro-axway provided in #19290.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19342)
(cherry picked from commit e5a7536eaeaacd18d1aea59edeb295fb4eb2dfca)
|
|
The current code has issues when sizeof(long) <> sizeof(size_t). The two
types are assumed to be interchangeable and them being different will
cause crashes and endless loops.
This fix limits the maximum chunk size for many of the symmetric ciphers
to 2^30 bytes. This chunk size limits the amount of data that will
be encrypted/decrypted in one lump. The code internally handles block
of data later than the chunk limit, so this will present no difference
to the caller. Any loss of efficiency due to limiting the chunking to
1Gbyte rather than more should be insignificant.
Fixes Coverity issues:
1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533,
1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 &
1508571 - 1508582.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18997)
(cherry picked from commit 709d4be78f64a8ba0707fb5682b90039e848dad4)
|
|
If the public key is not set on the key, return error instead of crash.
Fixes #18495
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18902)
(cherry picked from commit b5db237def7e22ccea1a540ec777045b3ce4600e)
|
|
The s390x provides its custom implementation for the creation of the
ed448 and ed25519 signatures. Unfortunately it does not set the size.
Users that rely of this return parameter end up with wrong values and
will compare wrong sizes of signature.
Set the proper size of the returned signature on success. Set an error
if the signing operation fails.
Fixes: #18912
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18928)
(cherry picked from commit bbedc052973b1c2fab7d7fb891d02aea393ff579)
|
|
The fallback DEP works fine there. XLC should be unaffected.
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18892)
(cherry picked from commit df1e33bc8ae67573a3f3488eff82e02fc0310203)
|
|
It shouldn't be. This moves the reset to the init function instead and only
does the reset on a key change.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18860)
(cherry picked from commit 3ebcb2fff56bda788ab1f363eb0023715018a4e5)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18793)
|
|
Avoid this warning when compiled with llvm/gcc + mingw-w64 and
`USE_BCRYPTGENRANDOM` enabled:
```
../providers/implementations/rands/seeding/rand_win.c:31:11: warning: unknown pragma ignored [-Wunknown-pragmas]
^
1 warning generated.
```
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18709)
(cherry picked from commit 695cb63c744bab090144a86949b68324ee3094d6)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18671)
(cherry picked from commit 05e51bc79bac45e194dd6f0bf73c99ed5ca06272)
|
|
I have searched through all references of ERR_R_MALLOC_FAILURE for any
other instances..
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18638)
(cherry picked from commit 7260709e9ef155c8b3fccaa32e8ba496a3059905)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18615)
(cherry picked from commit 08f876d0dea184b071a5aded4c55317e5a63c80e)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18615)
(cherry picked from commit 59196250cb45ecd128d2f8bbc47de612167606d3)
|
|
Fixes openssl#18168.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18615)
(cherry picked from commit 48320997b49b07b5abadec89c7fbe5d5f3d41da4)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18630)
|
|
Otherwise the information that the EC group was imported from
explicit parameters is lost when the key is moved across providers.
Fixes #18600
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18629)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
SIZE_MAX is used in a recent fix of this file, but without including
internal/numbers.h, so that macro ends up not existing on some platforms,
resulting in build failures.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18605)
|
|
kdf_derive() calls EVP_KDF_derive(), but didn't do enough to adapt its input
buffer length arguments to fit the requirements to call EVP_KDF_derive().
Fixes #18517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18533)
|
|
We fix the dsa, dh, ec and rsa export routines so that they are
consistent with each other and do not report success if the allocation
of parameters failed.
This is essentially the same fix as applied in #18483 but applied to all
relevant key types.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18507)
(cherry picked from commit 46c1c2d7fa9153da4eb5e1aefd7b0139dc507c00)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
(cherry picked from commit 926c698c6f0a197e0322d4617db0ecd0d40f6e06)
|
|
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)
(cherry picked from commit cec1699f1f54ba8b87f055776dc77b48dd37d5fa)
|
|
If the call to OSSL_PARAM_BLD_to_param() failed then ec_export was
reporting success, even though it has never called the param_cb.
Found due to:
https://github.com/openssl/openssl/pull/18355#issuecomment-1145993650
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18483)
(cherry picked from commit 7d6aad832b4cebb181c53ab80a3f61dc8549be08)
|
|
Also check if we have d2i_public_key() function pointer.
Fixes https://github.com/openssl/openssl/pull/18355#issuecomment-1144893289
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18462)
(cherry picked from commit 4fa5ed5ce5c345eaeaec8b86eda265add467f941)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18416)
(cherry picked from commit 9510661400470d357c74c5c4d0ff01c7b813b974)
|
|
Fixes #18388
This just looks like an omission, as this is added to libcrypto and libssl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18416)
(cherry picked from commit 18f0870d39eb055c8c67af8025fd1b9e01ce6a43)
|