Hubert Kario [Mon, 12 Dec 2022 15:25:21 +0000 (16:25 +0100)]
rsa: fix version of rsa implicit rejection introduction
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19889)
Richard Levitte [Fri, 9 Dec 2022 15:57:28 +0000 (16:57 +0100)]
Allow OBJ_create() to create an OBJ and NID with a NULL OID
We already permit this in crypto/objects/objects.txt, but not programatically,
although being able to do so programatically would be beneficial.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19876)
Tomas Mraz [Fri, 9 Dec 2022 12:27:02 +0000 (13:27 +0100)]
Make error reason for disallowed legacy sigalg more specific
The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.
Fixes #19867
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)
fangming.fang [Thu, 8 Dec 2022 10:46:27 +0000 (10:46 +0000)]
Fix SM4-CBC regression on Armv8
Fixes #19858
During decryption, the last ciphertext is not fed to next block
correctly when the number of input blocks is exactly 4. Fix this
and add the corresponding test cases.
Thanks xu-yi-zhou for reporting this issue and proposing the fix.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19872)
James Muir [Sun, 11 Dec 2022 21:35:48 +0000 (16:35 -0500)]
Fix-up to
f3090fc7
Define OSSL_SIGNATURE_PARAM_NONCE_TYPE as "nonce-type" (rather than
"nonce_type") so that it is consistent with the documentation.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19883)
Čestmír Kalina [Fri, 2 Dec 2022 15:53:57 +0000 (16:53 +0100)]
crypto/err: expand on error code generation
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19823)
Hubert Kario [Fri, 9 Dec 2022 19:43:22 +0000 (20:43 +0100)]
rsa: add implicit rejection CHANGES entry
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 22 Nov 2022 17:25:49 +0000 (18:25 +0100)]
smime/pkcs7: disable the Bleichenbacher workaround
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 22 Nov 2022 16:42:11 +0000 (17:42 +0100)]
rsa: add test for the option to disable implicit rejection
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Thu, 3 Nov 2022 16:45:58 +0000 (17:45 +0100)]
rsa: Skip the synthethic plaintext test with old FIPS provider
since the 3.0.0 FIPS provider doesn't implement the Bleichenbacher
workaround, the decryption fails instead of providing a synthetic
plaintext, so skip them then
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Thu, 27 Oct 2022 17:16:58 +0000 (19:16 +0200)]
rsa: Add option to disable implicit rejection
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 12 Jan 2021 13:58:04 +0000 (14:58 +0100)]
rsa: add test vectors for the implicit rejection in RSA PKCS#1 v1.5
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 15 Mar 2022 12:58:08 +0000 (13:58 +0100)]
rsa: add implicit rejection in PKCS#1 v1.5
The RSA decryption as implemented before required very careful handling
of both the exit code returned by OpenSSL and the potentially returned
ciphertext. Looking at the recent security vulnerabilities
(CVE-2020-25659 and CVE-2020-25657) it is unlikely that most users of
OpenSSL do it correctly.
Given that correct code requires side channel secure programming in
application code, we can classify the existing RSA decryption methods
as CWE-676, which in turn likely causes CWE-208 and CWE-385 in
application code.
To prevent that, we can use a technique called "implicit rejection".
For that we generate a random message to be returned in case the
padding check fails. We generate the message based on static secret
data (the private exponent) and the provided ciphertext (so that the
attacker cannot determine that the returned value is randomly generated
instead of result of decryption and de-padding). We return it in case
any part of padding check fails.
The upshot of this approach is that then not only is the length of the
returned message useless as the Bleichenbacher oracle, so are the
actual bytes of the returned message. So application code doesn't have
to perform any operations on the returned message in side-channel free
way to remain secure against Bleichenbacher attacks.
Note: this patch implements a specific algorithm, shared with Mozilla
NSS, so that the attacker cannot use one library as an oracle against the
other in heterogeneous environments.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Tomas Mraz [Fri, 9 Dec 2022 11:13:36 +0000 (12:13 +0100)]
Run-checker merge CI: Memleak test does not work without ubsan
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19874)
Tomas Mraz [Fri, 9 Dec 2022 11:12:35 +0000 (12:12 +0100)]
Revert "Run-checker merge CI: Replace no-shared with no-modules"
This reverts commit
d5696547e46e9ea85fcb7581b9d49c58b7c24eeb.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19874)
wangyuhang [Wed, 7 Dec 2022 08:48:16 +0000 (16:48 +0800)]
unbuffer stdin before get passwd from stdin
commond LD_LIBRARY_PATH= openssl rsa -aes256 -passout stdin <<< "xxxxxx” will get pass(fun app_get_pass()) from stdin first, and then load key(fun load_key()). but it unbuffer stdin before load key, this will cause the load key to fail.
now unbuffer stdin before get pass, this will solve https://github.com/openssl/openssl/issues/19835
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19851)
Tomas Mraz [Thu, 8 Dec 2022 13:24:40 +0000 (14:24 +0100)]
Run-checker merge CI: Replace no-shared with no-modules
ASAN otherwise fails to detect memleaks.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
Tomas Mraz [Thu, 8 Dec 2022 11:28:51 +0000 (12:28 +0100)]
Cross compiles CI: Disable stringop-overflow warning on s390x and m68k
These warnings trigger on false positives on these platforms
with recent compiler update.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
Tomas Mraz [Thu, 8 Dec 2022 10:33:30 +0000 (11:33 +0100)]
Fuzz checker CI: Use more generic include dir for fuzzer includes
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
dependabot[bot] [Thu, 8 Dec 2022 17:13:32 +0000 (17:13 +0000)]
Bump actions/setup-python from 4.3.0 to 4.3.1
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.0...v4.3.1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19866)
Todd Short [Mon, 5 Dec 2022 15:30:27 +0000 (10:30 -0500)]
Fix `no-ec enable-ktls` build
The KTLS test uses a TLSv1.2 cipher that uses ECDHE
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19841)
Pauli [Sun, 13 Nov 2022 23:31:23 +0000 (10:31 +1100)]
test: add test case for deadlock reported in #19643
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19652)
Pauli [Thu, 10 Nov 2022 22:40:19 +0000 (09:40 +1100)]
x509: fix double locking problem
This reverts commit
9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
redundant flag setting.
Fixes #19643
Fixes LOW CVE-2022-3996
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19652)
Clemens Lang [Fri, 18 Nov 2022 11:35:33 +0000 (12:35 +0100)]
signature: Clamp PSS salt len to MD len
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
the hash function output block (in bytes)."
Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the
default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will
not use more than the digest length when signing, so that FIPS 186-4 is
not violated. This value has two advantages when compared with
RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when
verifying signatures for maximum compatibility, where
RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will
work for combinations where the maximum salt length is smaller than the
digest size, which typically happens with large digest sizes (e.g.,
SHA-512) and small RSA keys.
J.-S. Coron shows in "Optimal Security Proofs for PSS and Other
Signature Schemes. Advances in Cryptology – Eurocrypt 2002, volume 2332
of Lecture Notes in Computer Science, pp. 272 – 287. Springer Verlag,
2002." that longer salts than the output size of modern hash functions
do not increase security: "For example,for an application in which at
most one billion signatures will be generated, k0 = 30 bits of random
salt are actually sufficient to guarantee the same level of security as
RSA, and taking a larger salt does not increase the security level."
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19724)
Clemens Lang [Mon, 21 Nov 2022 13:33:57 +0000 (14:33 +0100)]
Obtain PSS salt length from provider
Rather than computing the PSS salt length again in core using
ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
salt length, obtain it from the provider using the
OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
interpretation of the magic constants in the provider differs from that
of OpenSSL core.
Add tests that verify that the rsa_pss_saltlen:max,
rsa_pss_saltlen:<integer> and rsa_pss_saltlen:digest options work and
put the computed digest length into the CMS_ContentInfo struct when
using CMS. Do not add a test for the salt length generated by a provider
when no specific rsa_pss_saltlen option is defined, since that number
could change between providers and provider versions, and we want to
preserve compatibility with older providers.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19724)
Stephen Farrell [Wed, 7 Dec 2022 21:36:46 +0000 (21:36 +0000)]
prevent HPKE sender setting seq unwisely
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19840)
Dr. David von Oheimb [Tue, 22 Nov 2022 07:43:03 +0000 (08:43 +0100)]
OSSL_CMP_validate_msg(): make sure to reject protection type mismatch
Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-based if expected password-based and no trust anchors available.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19729)
Richard Levitte [Mon, 5 Dec 2022 15:59:06 +0000 (16:59 +0100)]
Replace some boldened types with a corresponding man page link
The types OSSL_DISPATCH, OSSL_ITEM, OSSL_ALGORITHM, OSSL_PARAM,
OSSL_CALLBACK, and OSSL_PASSPHRASE_CALLBACK are described in their own
manual page, so we change every mention of them to links to those pages.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
Richard Levitte [Mon, 5 Dec 2022 15:26:39 +0000 (16:26 +0100)]
Move the description of the core types into their own pages
This expands on some of the core type descriptions, and also makes it
easier to find the documentation for each type, at least on Unix, with
a simple call like "man OSSL_ALGORITHM".
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
Richard Levitte [Mon, 5 Dec 2022 15:22:27 +0000 (16:22 +0100)]
Better sorting of util/other.syms
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
Richard Levitte [Fri, 2 Dec 2022 05:59:58 +0000 (06:59 +0100)]
Fix treatment of BUILD_METADATA
According to documentation [^1], the BUILD_METADATA from VERSION.dat should
be prefixed with a plus sign when used. It is given this treatment in
Configure, but not in all other scripts that use VERSION.dat directly.
This change fixes that.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19815)
Dr. David von Oheimb [Tue, 6 Jul 2021 10:23:51 +0000 (12:23 +0200)]
Compensate for CMP-related TODOs removed by PR #15539
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16006)
Daniel Fiala [Wed, 30 Nov 2022 04:59:39 +0000 (05:59 +0100)]
Replace "a RSA" with "an RSA"
Fixes openssl#19771
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19787)
Patrick Mills [Wed, 23 Nov 2022 20:08:51 +0000 (15:08 -0500)]
Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19752)
Tomas Mraz [Fri, 2 Dec 2022 08:00:33 +0000 (09:00 +0100)]
timing_load_creds: Add timersub macro for platforms where it is missing
Fixes #19812
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19817)
Tom Cosgrove [Sat, 3 Dec 2022 12:58:43 +0000 (12:58 +0000)]
Fix the code used to detect aarch64 capabilities when we don't have getauxval()
In addition to a missing prototype there was also a missing closing brace '}'.
Fixes #19825.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19833)
Peiwei Hu [Fri, 2 Dec 2022 08:35:53 +0000 (16:35 +0800)]
Fix the check of BIO_set_write_buffer_size and BIO_set_read_buffer_size
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19819)
Peiwei Hu [Fri, 2 Dec 2022 08:33:02 +0000 (16:33 +0800)]
Fix the check of EVP_PKEY_decrypt_init
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19819)
Peiwei Hu [Fri, 2 Dec 2022 08:31:02 +0000 (16:31 +0800)]
Fix the checks in rsautl_main
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19819)
Matt Caswell [Fri, 2 Dec 2022 09:27:34 +0000 (09:27 +0000)]
Drop a spurious printf in evp_test.c
A spurious printf was added to evp_test.c - probably for debugging
purposes. This actually causes runtime errors in some cases because the
name being printed can be NULL.
Fixes #19814
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19820)
Tomas Mraz [Thu, 1 Dec 2022 15:47:08 +0000 (16:47 +0100)]
Sync CHANGES.md and NEWS.md with 3.1 release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19808)
Tomas Mraz [Tue, 29 Nov 2022 12:50:27 +0000 (13:50 +0100)]
hpke: fix tests with disabled chacha20 or poly1305
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19784)
Tomas Mraz [Tue, 29 Nov 2022 12:30:52 +0000 (13:30 +0100)]
Refactoring some operations to avoid repeated calls
Fetch the EVP_CIPHER for aead in OSSL_HPKE_CTX_new()
to avoid re-fetching on each aead operation.
Save kem/kdf/aead_info in OSSL_HPKE_CTX.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19784)
Tomas Mraz [Tue, 29 Nov 2022 11:23:21 +0000 (12:23 +0100)]
hpke_aead_enc/dec(): Refactor to pass in OSSL_HPKE_CTX *
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19784)
Tomas Mraz [Tue, 29 Nov 2022 11:22:24 +0000 (12:22 +0100)]
ossl_kdf_ctx_create(): Check for NULL KDF being fetched
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19784)
Tomas Mraz [Thu, 1 Dec 2022 18:24:47 +0000 (19:24 +0100)]
Fix build on NonStop
Fixes #19810
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19811)
Hugo Landau [Thu, 20 Oct 2022 06:37:01 +0000 (07:37 +0100)]
QUIC Connection State Machine Design Document
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19452)
Reinhard Urban [Wed, 30 Nov 2022 11:44:02 +0000 (12:44 +0100)]
doc: fix EVP_SignInit.pod
Fixes GH #19786
Also simplify the CSPRNG must be seeded argument.
Since version 1.1.1, the CSPRNG is seeded automatically on first use,
so it's not the responsibility of the programmer anymore. Still, he
needs to be aware that the seeding might fail.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19789)
Tomas Mraz [Wed, 30 Nov 2022 15:48:14 +0000 (16:48 +0100)]
Clarify the EVP_PKEY_decrypt manual page
Fixes #19790
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19792)
Matt Caswell [Mon, 28 Nov 2022 11:01:12 +0000 (11:01 +0000)]
Don't set cancel state/type
pthread_cancel() is never called by OpenSSL. Therefore this is no point in
setting the cancel state/type. The functions to set the cancel state/type
are not supported on Android and result in compilation failures. Therefore
we remove these calls completely.
Fixes #19559
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19779)
Dr. David von Oheimb [Wed, 23 Nov 2022 12:40:16 +0000 (13:40 +0100)]
cmp_client_test.c: add tests for OSSL_CMP_CTX_get_status
This is a follow-up of #19205, adding test cases as requested.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19760)
slontis [Tue, 19 Jul 2022 04:17:52 +0000 (14:17 +1000)]
[test/recipes] Add RFC6979 deterministic DSA KATs in evptest format
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18809)
Billy Brumley [Sat, 29 Jun 2019 04:19:07 +0000 (07:19 +0300)]
[test/recipes] RFC6979 deterministic ECDSA KATs in evptest format
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18809)
slontis [Tue, 19 Jul 2022 03:40:34 +0000 (13:40 +1000)]
Fix docs related to EVP_RAND_CTX_new() that were not passing the parent
parameter.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18809)
slontis [Fri, 15 Jul 2022 11:22:01 +0000 (21:22 +1000)]
Implement deterministic ECDSA sign (RFC6979)
This PR is based off the contributions in PR #9223 by Jemmy1228.
It has been modified and reworked to:
(1) Work with providers
(2) Support ECDSA and DSA
(3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG.
A nonce_type is passed around inside the Signing API's, in order to support any
future deterministic algorithms.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18809)
Pauli [Tue, 29 Nov 2022 21:16:57 +0000 (08:16 +1100)]
evp_test: fix rebase mistake with no_gost
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19785)
Rohan McLure [Fri, 25 Nov 2022 03:41:08 +0000 (14:41 +1100)]
Remove redundant assignment in felem_mul_ref in p521
ftmp4 is assigned immediately before receiving the reduced output of the
multiplication of ftmp and ftmp3, without being read inbetween these
assignments. Remove redundant assignment.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19766)
Pauli [Mon, 28 Nov 2022 04:15:50 +0000 (15:15 +1100)]
fips prov: remove 3DES from list of inclusions
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19777)
Pauli [Mon, 28 Nov 2022 01:24:02 +0000 (12:24 +1100)]
Update fips version check to be more robust
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19777)
Pauli [Mon, 28 Nov 2022 00:27:37 +0000 (11:27 +1100)]
aes: add AES-GCM-SIV modes to the FIPS provider
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19777)
Xu Yizhou [Fri, 25 Nov 2022 05:57:37 +0000 (13:57 +0800)]
doc: add note for sm4 xts
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)
Xu Yizhou [Fri, 25 Nov 2022 05:54:07 +0000 (13:54 +0800)]
test: add sm4 xts test cases
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)
Xu Yizhou [Fri, 25 Nov 2022 05:52:49 +0000 (13:52 +0800)]
providers: Add SM4 XTS implementation
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)
Xu Yizhou [Tue, 1 Nov 2022 09:06:45 +0000 (17:06 +0800)]
obj: Add SM4 XTS OID
Add the following OID:
SM4-XTS: 1.2.156.10197.1.104.10
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)
Nicola Tuveri [Sun, 27 Nov 2022 21:43:16 +0000 (23:43 +0200)]
Update pyca-cryptography submodule to 38.0.4
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19681)
(cherry picked from commit
d656efb9eb7692c0b1cba843d7787751e388cc8a)
Nicola Tuveri [Sat, 18 Sep 2021 15:17:39 +0000 (18:17 +0300)]
Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.
Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).
Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.
This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.
For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.
Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
3.1 change in behavior for our providers.
Fixes #16595
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19681)
(cherry picked from commit
926db476bc669fdcc4c4d2f1cb547060bdbfa153)
slontis [Sun, 27 Nov 2022 21:49:17 +0000 (07:49 +1000)]
Fix Coverity issues in HPKE
CID
1517043 and
1517038: (Forward NULL) - Removed redundant check that is already
done by the caller. It was complaining that it checked for ctlen == NULL
and then did a goto that used this *ctlen.
CID
1517042 and
1517041: (Forward NULL) - Similar to above for ptlen in
hpke_aead_dec()
CID
1517040: Remove unneeded logging. This gets rid of the warning
related to taking the sizeof(&)
CID
1517039: Check returned value of RAND_bytes_ex() in hpke_test
CID
1517038: Check return result of KEM_INFO_find() in
OSSL_HPKE_get_recomended_ikmelen. Even though this is a false positive,
it should not rely on the internals of other function calls.
Changed some goto's into returns to match OpenSSL coding guidelines.
Removed Raises from calls to _new which fail from malloc calls.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19774)
Tomas Mraz [Thu, 24 Nov 2022 17:48:10 +0000 (18:48 +0100)]
Fix occasional assertion failure when storing properties
Fixes #18631
The store lock does not prevent concurrent access to the
property cache, because there are multiple stores.
We drop the newly created entry and use the exisiting one
if there is one already.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19762)
Rohan McLure [Fri, 25 Nov 2022 03:42:12 +0000 (14:42 +1100)]
Fix accumulated index comments in felem_inv for p521
Comments in felem_inv refer to the logarithm with respect to in of the
element that has just been computed. The last two such annotations are
incorrect. By Fermat's last theorem, we hope to compute in^(p-2) in
GF(2^521-1), as such we expect the final index we reach to be 2^521-3.
CLA: Trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19765)
Tomas Mraz [Wed, 23 Nov 2022 08:09:24 +0000 (09:09 +0100)]
Drop incorrect skipping of some evp_test testcases with no-gost
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19739)
Tomas Mraz [Thu, 24 Nov 2022 15:46:38 +0000 (16:46 +0100)]
Add test for EVP_PKEY_Q_keygen
Test for #19736
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19761)
Stephen Farrell [Tue, 22 Nov 2022 02:42:04 +0000 (02:42 +0000)]
Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.
This supports all the modes, suites and export mechanisms defined
in RFC9180 and should be relatively easily extensible if/as new
suites are added. The APIs are based on the pseudo-code from the
RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External
APIs are defined in include/openssl/hpke.h and documented in
doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include
verifying a number of the test vectors from the RFC as well as
round-tripping for all the modes and suites. We have demonstrated
interoperability with other HPKE implementations via a fork [1]
that implements TLS Encrypted ClientHello (ECH) which uses HPKE.
@slontis provided huge help in getting this done and this makes
extensive use of the KEM handling code from his PR#19068.
[1] https://github.com/sftcd/openssl/tree/ECH-draft-13c
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17172)
Marco Abbadini [Thu, 24 Nov 2022 01:11:25 +0000 (02:11 +0100)]
Fix typos in doc/man3/EVP_EncryptInit.pod
Fixes #19728
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19753)
Tomas Mraz [Wed, 26 Oct 2022 09:29:49 +0000 (11:29 +0200)]
When using PEM_read_bio_PrivateKey_ex() the public key is optional
Fixes #19498
However the private key part is not optional which was
mishandled by the legacy routine.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19505)
J.W. Jagersma [Tue, 22 Nov 2022 18:20:53 +0000 (19:20 +0100)]
Disable atomic refcounts with no-threads
This is needed for building with '-march=i386 no-threads', on platforms
where libatomic is not available (djgpp, specifically). The
implementation now falls back to 'CRYPTO_atomic_add()', which performs
plain lock-free addition in a 'no-threads' build.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19751)
Dr. David von Oheimb [Mon, 19 Sep 2022 11:15:04 +0000 (13:15 +0200)]
add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
Dr. David von Oheimb [Wed, 14 Sep 2022 15:37:27 +0000 (17:37 +0200)]
OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
Dr. David von Oheimb [Sat, 17 Sep 2022 18:58:16 +0000 (20:58 +0200)]
CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
Dr. David von Oheimb [Tue, 18 Oct 2022 16:12:38 +0000 (18:12 +0200)]
CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)
Dr. David von Oheimb [Fri, 14 Oct 2022 10:56:54 +0000 (12:56 +0200)]
CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)
Dr. David von Oheimb [Thu, 15 Sep 2022 09:51:30 +0000 (11:51 +0200)]
CMS_decrypt*(): fix misconceptions and mem leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)
Jan [Wed, 23 Nov 2022 15:14:07 +0000 (16:14 +0100)]
Fix typo in openssl-x509.pod.in
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19746)
Jiaxun Yang [Tue, 22 Nov 2022 19:53:38 +0000 (19:53 +0000)]
Add SM2 support for EVP_PKEY_Q_keygen
There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19736)
Dr. David von Oheimb [Tue, 13 Sep 2022 20:22:48 +0000 (22:22 +0200)]
CMP: fix handling of unset or missing failInfo PKI status information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
Dr. David von Oheimb [Tue, 13 Sep 2022 13:43:59 +0000 (15:43 +0200)]
CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages
On this occasion, replace magic constants by mnemonic ones; update doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
Dr. David von Oheimb [Sat, 17 Sep 2022 19:54:07 +0000 (21:54 +0200)]
OSSL_CMP_ITAV_set0.pod: fix formatting nits, update example
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
Dr. David von Oheimb [Sat, 17 Sep 2022 19:51:48 +0000 (21:51 +0200)]
CMP+CRMF: fix formatting nits in crypto/, include/, and test/
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
Maxim Mikityanskiy [Wed, 9 Nov 2022 09:26:11 +0000 (11:26 +0200)]
Add support for KTLS zerocopy sendfile on Linux
TLS device offload allows to perform zerocopy sendfile transmissions.
FreeBSD provides this feature by default, and Linux 5.19 introduced it
as an opt-in. Zerocopy improves the TX rate significantly, but has a
side effect: if the underlying file is changed while being transmitted,
and a TCP retransmission happens, the receiver may get a TLS record
containing both new and old data, which leads to an authentication
failure and termination of connection. This effect is the reason Linux
makes a copy on sendfile by default.
This commit adds support for TLS zerocopy sendfile on Linux disabled by
default to avoid any unlikely backward compatibility issues on Linux,
although sacrificing consistency in OpenSSL's behavior on Linux and
FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable
the new zerocopy behavior on Linux. This option should be used when the
the application guarantees that the file is not modified during
transmission, or it doesn't care about breaking the connection.
The related documentation is also added in this commit. The unit test
added doesn't test the actual functionality (it would require specific
hardware and a non-local peer), but solely checks that it's possible to
set the new option flag.
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Boris Pismenny <borisp@nvidia.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18650)
Hugo Landau [Thu, 24 Nov 2022 08:54:01 +0000 (08:54 +0000)]
QUIC TXP: Fix missing OSSL_NELEM include
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19756)
Daniel Fiala [Mon, 19 Sep 2022 04:41:58 +0000 (06:41 +0200)]
Make parsing of piped data in `speed.c` more robust
Fixes openssl#19050
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19238)
Hugo Landau [Mon, 26 Sep 2022 16:06:59 +0000 (17:06 +0100)]
QUIC TX Packetiser and Streams Mapper
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19346)
slontis [Wed, 16 Nov 2022 21:30:14 +0000 (07:30 +1000)]
Add HISTORY section to EVP_KEM-EC document.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19699)
Everton Constantino [Thu, 27 Oct 2022 18:07:48 +0000 (15:07 -0300)]
Add two new build targets to enable the possibility of using clang-cl as
an assembler for Windows on Arm builds and also clang-cl as the compiler
as well. Make appropriate changes to armcap source and peralsm scripts.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19523)
FdaSilvaYY [Sat, 20 Feb 2021 22:39:30 +0000 (23:39 +0100)]
Cleanup : directly include of `internal/nelem.h` when required.
And so clean a few useless includes
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19721)
Dr. David von Oheimb [Wed, 21 Sep 2022 15:56:41 +0000 (17:56 +0200)]
CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19715)
slontis [Wed, 2 Nov 2022 03:20:55 +0000 (13:20 +1000)]
Improve FIPS RSA keygen performance.
Reduce the Miller Rabin counts to the values specified by FIPS 186-5.
The old code was using a fixed value of 64.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19579)
Tomas Mraz [Mon, 21 Nov 2022 11:11:02 +0000 (12:11 +0100)]
Fix version mistake in some HISTORY sections
Follow up of PR#19690
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19725)
Tomas Mraz [Tue, 1 Nov 2022 10:38:31 +0000 (11:38 +0100)]
Update CHANGES.md and NEWS.md from 3.0.7
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19565)
Daniel Fiala [Fri, 21 Oct 2022 04:28:12 +0000 (06:28 +0200)]
Add an EVP signature demo using DSA
Fixes openssl#14114
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19492)
Richard Levitte [Tue, 22 Nov 2022 14:05:45 +0000 (15:05 +0100)]
test/recipes/80-test_cms.t: Fix the "CAdES ko" test
This test had commands that assumes that runner_loop() is used to perform
the tests. These tests still run fine because Unix accepts braces in file
names, but other operating systems might not.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19731)
(cherry picked from commit
20d3731006c9d29cbe17c2aedeba5e2abccfcd57)