- May 08, 2019
-
-
Tobias Nießen authored
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7243)
-
Guido Vranken authored
If ctx->cipher->cupdate/ctx->cipher->cfinal failed, 'soutl' is left uninitialized. This patch incorporates the same logic as present in EVP_DecryptUpdate and EVP_DecryptFinal_ex: only branch on 'soutl' if the preceding call succeeded. Bug found by OSS-Fuzz. Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8874)
-
- May 07, 2019
-
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
-
Matt Caswell authored
Fixes #8875 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8876)
-
Boris Pismenny authored
This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8727)
-
Boris Pismenny authored
This commit introduces support for Linux KTLS sendfile. Sendfile semantics require the use of a kernel TLS socket to construct the TLS record headers, encrypt and authenticate the data. KTLS sendfile improves performance by avoiding the copy of file data into user space, which is required today. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8727)
-
Dr. Matthias St. Pierre authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8893)
-
- May 03, 2019
-
-
Simo Sorce authored
Conform to other modules which were changed at the last minute and this discrepancy was not noticed. Retain "md" as an alias so not to break 3rd party backports/tests scripts. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8783)
-
Shane Lontis authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8808)
-
Shane Lontis authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8808)
-
Todd Short authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8867)
-
- May 02, 2019
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
Matt Caswell authored
We should be seeking to move the OPENSSL_init_crypto and OPENSSL_cleanup processing into OPENSSL_CTX instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
Matt Caswell authored
Various core and property related code files used global data. We should store all of that in an OPENSSL_CTX instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
-
Klotz, Tobias authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8023)
-
Dr. Matthias St. Pierre authored
If the `openssl cms` command is called without specifying an operation option, it replies with the following laconic error message: cms: Use -help for summary. This commit adds a helpful error message: No operation option (-encrypt|-decrypt|-sign|-verify|...) specified. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8861)
-
Dr. Matthias St. Pierre authored
Since commit 137096a7 it is possible to specify keywords instead of negative magic numbers for the salt length. This commit replaces the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes by `rsa_pss_saltlen:max`. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8860)
-
Wojciech Kaluza authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803)
-
Wojciech Kaluza authored
- Allow user-defined RCFLAGS - Pass RCFLAGS to RC Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803)
-
- May 01, 2019
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8850)
-
Richard Levitte authored
Fixes #8796 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8851)
-
Philip Prindeville authored
Other commands like 'req' support -verbose, so why not gendsa and dsaparam? Part of a larger and more ambitious effort to add -verbose to all apps that might be used in scripts and need to otherwise run silently (well, without belching out anything that isn't a warning or error... which ties into a later scrub of using STDOUT were appropriate for informative messages instead of STDERR)... so that scripts also have the option of doing >/dev/null without losing anything critical. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6908)
-
Philip Prindeville authored
Other commands like 'req' support -verbose, so why not genrsa? Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6897)
-
- Apr 30, 2019
-
-
Pauli authored
Introduce a macro that allows all structure alignment tricks to be rolled up into a single place. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8845)
-
Richard Levitte authored
OSSL_provider_init() gets another output parameter, holding a pointer to a provider side context. It's entirely up to the provider to define the context and what it's being used for. This pointer is passed back to other provider functions, typically the provider global get_params and set_params functions, and also the diverse algorithm context creators, and of course, the teardown function. With this, a provider can be instantiated more than once, or be re-loaded as the case may be, while maintaining instance state. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8848)
-
Richard Levitte authored
The OP_cipher_final function takes a return output size and an output buffer size argument. The oneshot OP_cipher_cipher function should do the same. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8849)
-
Dr. Matthias St. Pierre authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8843)
-