Pauli [Fri, 26 Feb 2021 00:07:23 +0000 (10:07 +1000)]
prov: add extra params argument to KDF implementations
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:06:52 +0000 (10:06 +1000)]
tls: adjust for extra argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:06:31 +0000 (10:06 +1000)]
test: adjust tests to include extra argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:06:11 +0000 (10:06 +1000)]
evp: add param argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:05:46 +0000 (10:05 +1000)]
core: add param argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:30:57 +0000 (14:30 +1000)]
doc: update provider-mac documentation to account for the additional init() arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:27:29 +0000 (14:27 +1000)]
doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:12:56 +0000 (14:12 +1000)]
apps: update speed to use the additional arguments to MAC_init
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:03:09 +0000 (14:03 +1000)]
doc: note the additional parameters to EVP_MAC_init()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:55 +0000 (13:54 +1000)]
update poly1305 to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:35 +0000 (13:54 +1000)]
update BLAKE2 to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:13 +0000 (13:54 +1000)]
prov: update kmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:13 +0000 (13:54 +1000)]
prov: update hmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:13 +0000 (13:54 +1000)]
prov: update gmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:12 +0000 (13:54 +1000)]
prov: update cmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:52:25 +0000 (13:52 +1000)]
prov: use new MAC_init arguments in HMAC-DRBG
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:52:06 +0000 (13:52 +1000)]
prov: use new MAC_init arguments in signature legacy code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:51:28 +0000 (13:51 +1000)]
prov: update provider util to be less agressive about changing things unnecessarily
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:51:03 +0000 (13:51 +1000)]
fips: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:50:45 +0000 (13:50 +1000)]
core: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:50:01 +0000 (13:50 +1000)]
test: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:49:37 +0000 (13:49 +1000)]
evp_test: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:49:10 +0000 (13:49 +1000)]
tls: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:48:48 +0000 (13:48 +1000)]
evp: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:48:27 +0000 (13:48 +1000)]
crmf: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:48:00 +0000 (13:48 +1000)]
apps: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:47:36 +0000 (13:47 +1000)]
apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:47:01 +0000 (13:47 +1000)]
apps: update fipsinstall to work with additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 00:27:22 +0000 (10:27 +1000)]
prov kdf: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 00:22:01 +0000 (10:22 +1000)]
prov: update SipHash to new init function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Wed, 24 Feb 2021 23:52:26 +0000 (09:52 +1000)]
siphash: Add the C and D round parameters for SipHash.
This represents a gap in functionality from the low level APIs.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Richard Levitte [Tue, 23 Feb 2021 21:42:18 +0000 (22:42 +0100)]
crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length
Fixes #14258
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14291)
Richard Levitte [Tue, 23 Feb 2021 21:41:04 +0000 (22:41 +0100)]
PROV: Implement an EC key -> blob encoder, to get the public key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14291)
Richard Levitte [Tue, 23 Feb 2021 21:39:39 +0000 (22:39 +0100)]
Modify i2d_PublicKey() so it can get an EC public key as a blob
This introduces the encoder output type "blob", to be used for
anything that outputs an unstructured blob of data.
Fixes #14258
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14291)
Benjamin Kaduk [Fri, 19 Feb 2021 21:20:00 +0000 (13:20 -0800)]
test_ecpub: test that we can decode the DER we encoded
We should be able to round-trip through the encoded DER form of the
EC public key and get back something that compares as equal to the
original key.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
Benjamin Kaduk [Fri, 19 Feb 2021 21:46:49 +0000 (13:46 -0800)]
test_ecpub: verify returned length after encoding
Save the length we got from querying how much space was needed, and
check that the actual encoding call returned the same length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
Benjamin Kaduk [Mon, 25 Jan 2021 20:19:16 +0000 (12:19 -0800)]
Add test for EC pubkey export/import
There seems to be an issue with i2d_provided() in i2d_evp.c that causes
us to fail to construct a valid chain of encoders for the "type-specific"
output when it's an EC pubkey. This test is designed to exercise that
codepath for a variety of curves.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
Dr. David von Oheimb [Fri, 26 Feb 2021 07:24:07 +0000 (08:24 +0100)]
Code cleanup mostly in crypto/x509/v3_purp.c
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14328)
Benjamin Kaduk [Wed, 24 Feb 2021 21:38:25 +0000 (13:38 -0800)]
Check ASN1_item_ndef_i2d() return value.
Return an error instead of trying to malloc a negative number.
The other usage in this file already had a similar check, and the caller
should have put an entry on the error stack already.
Note that we only check the initial calls to obtain the encoded length,
and assume that the follow-up call to actually encode to the allocated
storage will succeed if the first one did.
Fixes: #14177
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14308)
Tomas Mraz [Thu, 25 Feb 2021 14:08:16 +0000 (15:08 +0100)]
evp_pkey_provided_test: Improve diagnostic output
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14316)
Tomas Mraz [Thu, 25 Feb 2021 13:43:21 +0000 (14:43 +0100)]
tests: Always print errors before test verdict
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14316)
Pauli [Tue, 23 Feb 2021 23:24:29 +0000 (09:24 +1000)]
fuzzer: add ctx gettable/settable to the fuzzer RNG
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 23:24:26 +0000 (09:24 +1000)]
test: add ctx gettable/settable to the generic fake random number generator
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:49:55 +0000 (11:49 +1000)]
core: support modified gettable/settable ctx calls for ciphers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:49:20 +0000 (11:49 +1000)]
changes to match the updated context gettable/settable calls for ciphers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:48:57 +0000 (11:48 +1000)]
evp: upport modified gettable/settable ctx calls for ciphers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:48:35 +0000 (11:48 +1000)]
prov: upport modified gettable/settable ctx calls for ciphers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:03:49 +0000 (11:03 +1000)]
evp: support modified gettable/settable ctx calls for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:03:31 +0000 (11:03 +1000)]
doc: changes to match the updated context gettable/settable calls for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:03:08 +0000 (11:03 +1000)]
core: core: support modified gettable/settable ctx calls for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 01:02:49 +0000 (11:02 +1000)]
prov: support modified gettable/settable ctx calls for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 00:47:18 +0000 (10:47 +1000)]
prov: support modified gettable/settable ctx calls for KDFs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 00:46:58 +0000 (10:46 +1000)]
core: support modified gettable/settable ctx calls for KDFs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 00:46:08 +0000 (10:46 +1000)]
evp: support modified gettable/settable ctx calls for KDFs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Tue, 23 Feb 2021 00:45:39 +0000 (10:45 +1000)]
doc: changes to match the updated context gettable/settable calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 23:52:15 +0000 (09:52 +1000)]
evp: support modified gettable/settable ctx calls for RNGs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 23:51:48 +0000 (09:51 +1000)]
core: update RNG gettable/settable ctx param calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 23:51:10 +0000 (09:51 +1000)]
prov: update RNGs to support modified gettable/settable CTX params
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 23:50:17 +0000 (09:50 +1000)]
doc: note changes to rand gettable/settable provider call
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 02:07:15 +0000 (12:07 +1000)]
doc: note changes to digest gettable/settable provider calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 02:06:48 +0000 (12:06 +1000)]
modify EVP to support digest gettable/settable calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 02:06:30 +0000 (12:06 +1000)]
core: update digest gettable/settable ctx params calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Pauli [Mon, 22 Feb 2021 02:06:04 +0000 (12:06 +1000)]
prov: update digests to support modified ctx params
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
Richard Levitte [Wed, 24 Feb 2021 23:06:46 +0000 (00:06 +0100)]
Makefile: Only update doc/build.info when there's an actual change
Fixes #14307
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14309)
Shane Lontis [Thu, 18 Feb 2021 10:27:26 +0000 (20:27 +1000)]
Fix external symbols related to ec & sm2 keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
Shane Lontis [Thu, 18 Feb 2021 06:30:37 +0000 (16:30 +1000)]
Fix external symbols related to dsa keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, dsa_check_pub_key, dsa_check_pub_key_partial,
dsa_do_sign_int, dsa_ffc_params_fromdata,
dsa_generate_ffc_parameters, dsa_generate_public_key,
dsa_get0_params, dsa_key_fromdata, dsa_new_with_ctx, dsa_pkey_method, dsa_sign_int
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
Shane Lontis [Thu, 18 Feb 2021 05:56:53 +0000 (15:56 +1000)]
Fix external symbols related to dh keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
Shane Lontis [Fri, 19 Feb 2021 09:15:41 +0000 (19:15 +1000)]
Fix external symbols for bn
Partial fix for #12964
This adds ossl_ names for symbols related to bn_*
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14296)
Mark [Wed, 24 Feb 2021 13:14:08 +0000 (14:14 +0100)]
Fix filename escaping in c_rehash
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14301)
Tomas Mraz [Wed, 24 Feb 2021 16:45:55 +0000 (17:45 +0100)]
evp_extra_test: Do not manipulate providers in default context
Otherwise the with OPENSSL_TEST_RAND_ORDER following tests will
be broken. There is also no real need to do that.
Fixes #14070
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14305)
Tomas Mraz [Wed, 24 Feb 2021 15:44:41 +0000 (16:44 +0100)]
fake_random: Do not overwrite the callback on instatiation
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14299)
Tomas Mraz [Wed, 24 Feb 2021 11:32:40 +0000 (12:32 +0100)]
Ensure that the fake rand is initialized
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14299)
jwalch [Fri, 19 Feb 2021 18:02:27 +0000 (13:02 -0500)]
Fix an integer overflow in o_time.c
If input offset_sec is sufficiently large (> INT32_MAX * SECS_PER_DAY, which is possible for a long on 64-bit platforms), then the first assignment contains an overflow.
I think leaving offset_hms as an int is still safe.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14252)
Matt Caswell [Fri, 19 Feb 2021 17:47:21 +0000 (17:47 +0000)]
Add a test for a names_do_all function
Make sure that if we change the namemap part way through calling a
names_do_all function it still works.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)
Matt Caswell [Fri, 19 Feb 2021 17:03:43 +0000 (17:03 +0000)]
Don't hold a lock when calling a callback in ossl_namemap_doall_names
We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk of a deadlock is high.
Instead we collect all the names first inside the read lock, and then
subsequently call the user callback outside the read lock.
Fixes #14225
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)
Richard Levitte [Tue, 23 Feb 2021 17:19:38 +0000 (18:19 +0100)]
Fix string termination and length setting in OSSL_PARAM_BLD_push_utf8_string()
OSSL_PARAM_BLD_push_utf8_string() was still setting the length in
bytes of the UTF8 string to include the terminating NUL byte, while
recent changes excludes that byte from the length. It's still made to
add a NUL byte at the end of the string no matter what.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
Richard Levitte [Tue, 23 Feb 2021 07:10:02 +0000 (08:10 +0100)]
Fix OSSL_PARAM_allocate_from_text() for OSSL_PARAM_UTF8_STRING
OSSL_PARAM_allocate_from_text() was still setting the length in bytes
of the UTF8 string to include the terminating NUL byte, while recent
changes excludes that byte from the length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
Richard Levitte [Mon, 1 Feb 2021 07:58:58 +0000 (08:58 +0100)]
Allow the sshkdf type to be passed as a single character
This partially reverts commit
270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.
This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.
Fixes #14027
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
Tomas Mraz [Tue, 23 Feb 2021 15:52:49 +0000 (16:52 +0100)]
Cleanup of some of the EVP_PKEY_CTX_ctrl related TODOs
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)
Tomas Mraz [Tue, 23 Feb 2021 15:52:21 +0000 (16:52 +0100)]
Fix missing EOL at the end of the rsa/build.info
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)
Tomas Mraz [Tue, 23 Feb 2021 15:51:43 +0000 (16:51 +0100)]
Remove inclusion of unnecessary header files
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)
Tomas Mraz [Tue, 23 Feb 2021 15:50:21 +0000 (16:50 +0100)]
Use strcasecmp when comparing kdf_type
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)
Tomas Mraz [Mon, 22 Feb 2021 12:20:28 +0000 (13:20 +0100)]
speed: Drop deprecated <ALG>_options() calls
Also correction of some code format issues.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)
Tomas Mraz [Thu, 18 Feb 2021 09:48:18 +0000 (10:48 +0100)]
speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa
Fixes #13909
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)
Tomas Mraz [Mon, 15 Feb 2021 18:45:01 +0000 (19:45 +0100)]
speed: Adapt digests and hmac to always use non-deprecated APIs
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)
Tomas Mraz [Mon, 15 Feb 2021 16:24:44 +0000 (17:24 +0100)]
speed: Drop code to handle platforms without SIGALRM
(except for Windows where a separate thread stops the looping)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)
Daniel Bevenius [Tue, 23 Feb 2021 12:30:13 +0000 (13:30 +0100)]
Fix typo in comment in DH_set0_pqg function
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14288)
Matt Caswell [Tue, 16 Feb 2021 10:10:26 +0000 (10:10 +0000)]
Test errors from a provider can still be accessed after unload
Providers can create errors that may refer to const strings within the
provider module itself. If the provider gets unloaded we need to be sure
that we can still access the errors in the error stack.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14213)
Matt Caswell [Mon, 15 Feb 2021 16:59:43 +0000 (16:59 +0000)]
Duplicate the file and func error strings
Errors raised from a provider that is subsequently unloaded from memory
may have references to strings representing the file and function that
are no longer present because the provider is no longer in memory. This
can cause crashes. To avoid this we duplicate the file and func strings.
Fixes #13623
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14213)
Pauli [Fri, 25 Sep 2020 00:19:19 +0000 (10:19 +1000)]
provider: add an unquery function to allow providers to clean up.
Without this, a provider has no way to know that an application
has finished with the array it returned earlier. A non-caching provider
requires this information.
Fixes #12974
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12974)
Pauli [Thu, 18 Feb 2021 01:55:04 +0000 (11:55 +1000)]
rand: note that locking needs to be explicitly enabled.
Fixes #13912
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14224)
Tomas Mraz [Mon, 22 Feb 2021 16:28:17 +0000 (17:28 +0100)]
Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
The functions are not needed and require returning octet ptr parameters
from providers that would like to support them which complicates provider
implementations.
Fixes #12985
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14279)
Richard Levitte [Thu, 28 Jan 2021 08:00:58 +0000 (09:00 +0100)]
X509: Refactor X509_PUBKEY processing to include provider side keys
When a SubjectPublicKeyInfo (SPKI) is decoded into an X509_PUBKEY
structure, the corresponding EVP_PKEY is automatically added as well.
This used to only support our built-in keytypes, and only in legacy
form.
This is now refactored by making The ASN1 implementation of the
X509_PUBKEY an EXTERN_ASN1, resulting in a more manual implementation
of the basic support routines. Specifically, the d2i routine will do
what was done in the callback before, and try to interpret the input
as an EVP_PKEY, first in legacy form, and then using OSSL_DECODER.
Fixes #13893
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14281)
Benjamin Kaduk [Wed, 27 May 2020 18:17:07 +0000 (11:17 -0700)]
Remove disabled TLS 1.3 ciphers from the SSL(_CTX)
In ssl_create_cipher_list() we make a pass through the ciphers to
remove those which are disabled in the current libctx. We are
careful to not include such disabled TLS 1.3 ciphers in the final
consolidated cipher list that we produce, but the disabled ciphers
are still kept in the separate stack of TLS 1.3 ciphers associated
with the SSL or SSL_CTX in question. This leads to confusing
results where a cipher is present in the tls13_cipherlist but absent
from the actual cipher list in use. Keep the books in order and
remove the disabled ciphers from the 1.3 cipherlist at the same time
we skip adding them to the active cipher list.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12037)
Richard Levitte [Tue, 23 Feb 2021 22:07:15 +0000 (23:07 +0100)]
make update
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14292)
Richard Levitte [Thu, 26 Nov 2020 20:21:02 +0000 (21:21 +0100)]
appveyor.yml: clarify conditions for building the plain configuration
The "plain" configuration is only meant to be built for an '[extended tests]'
commit, or on the master branch. This isn't at all clear from the
scripts, and furthermore, we "skip" the plain configuration by running
the OpenSSL configuration script... and then nothing more.
Instead, we use AppVeyor configuration issues to specify when and when
not to build the "plain" configuration, and leave it to the scripts to
do the right thing using only $env:EXTENDED_TESTS.
Fixes #7958
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13537)
Richard Levitte [Mon, 22 Feb 2021 05:52:41 +0000 (06:52 +0100)]
make update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14269)
Richard Levitte [Mon, 22 Feb 2021 05:49:24 +0000 (06:49 +0100)]
Generate doc/build.info with 'make update' rather than on the fly
doc/build.info was essentially generated on the fly while running
Configure, something that takes a huge amount of time on slower file
systems (such as Windows).
Instead, we generate it with 'make update', saving the user from
having to wait for too long, at the small price for developers to have
to run 'make update' whenever they write a new manual file.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14269)
Pauli [Sat, 20 Feb 2021 02:48:33 +0000 (12:48 +1000)]
changes: note the deprecation of RAND_METHOD APIs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)
Pauli [Wed, 17 Feb 2021 23:16:26 +0000 (09:16 +1000)]
provider: add option to load a provider without disabling the fallbacks.
Add an argument to PROVIDER_try_load() that permits a provider to be
loaded without changing the fallback status. This is useful when an
additional provider needs to be loaded without perturbing any other setup.
E.g. adding mock providers as part of unit testing.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)