- 26 May, 2019 4 commits
-
-
Simo Sorce authored
In all legacy code ctx->cipher is dereferenced without checks, so it makes no sense to jump there is ctx->cipher is NULL as it will just lead to a crash. Catch it separately and return an error. This is simlar to the fix in d2c2e49e Signed-off-by:
Simo Sorce <simo@redhat.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9002)
-
Laszlo Ersek authored
CLA: trivial Fixes #8904 Commit 48feaceb ("Remove the possibility to disable the UI module entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c" unconditional, by deleting the preprocessing directive "#ifndef OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2 (OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ. Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from commit 984d6c60 , "Fix no-stdio build", 2015-09-29). Signed-off-by:
Laszlo Ersek <lersek@redhat.com> Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Daniël van Eeden authored
Example with patch: ``` $ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305' TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ``` Example without patch: ``` $ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305' TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ``` CLA: Trivial Reviewed-by:
-
Daniël van Eeden authored
* Cipher name: from 23 to 30 (example: ECDHE-ECDSA-AES128-GCM-SHA256) * Fixed length for TLS version (examples: TLSv1, TLSv1.3) * Au length from 4 to 5 (example: ECDSA) Example (without patch): ``` $ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ``` Example (with patch): ``` $ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ``` CLA: trivial Reviewed-by:
-
- 24 May, 2019 4 commits
-
-
agnosticdev authored
Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8995)
-
Sambit Kumar Dash authored
CLA: trivial Reviewed-by:
-
David Makepeace authored
Reviewed-by:
-
David Makepeace authored
Reviewed-by:
-
- 23 May, 2019 8 commits
-
-
Bernd Edlinger authored
e.g. openssl speed -evp id-aes256-wrap-pad was crashing because the return code from EVP_CipherInit_ex was ignored. Not going to allow that cipher mode because wrap ciphers produces more bytes output than the input length and EVP_Update_loop is not really prepared for that. Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by:
-
Matt Caswell authored
In addition this commit ensures that the "provctx" value is defaulted to the current library context when we are recurively initialising the FIPS provider when already inside the FIPS module. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and coverts them for use within evp_test. This commit also adds a script to convert the .rsp CAVS files into the evp_test format. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- 22 May, 2019 5 commits
-
-
voev authored
CLA: trivial Reviewed-by:
-
Patrick Steuer authored
Fixes #7323 Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Patrick Steuer authored
Fixes #8957 Signed-off-by:
-
Patrick Steuer authored
67c81ec3 forgot about s390x Signed-off-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Pauli authored
Add the possibility of a property query clause to be optional by preceding it with a question mark. Reviewed-by:
-
- 21 May, 2019 3 commits
-
-
Kurt Roeckx authored
Fixes: #8737 Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
Matt Caswell authored
This reverts commit dcb982d7 . This change is causing extended tests to fail. [extended tests] Reviewed-by:
-
Richard Levitte authored
When sanitize options are added as 'enable-msan' or similar, the -fsanitize C flags is set in $config{cflags} rather than $config{CFLAGS}, so we need to check both. Reviewed-by:
-
- 20 May, 2019 5 commits
-
-
Arne Schwabe authored
This function only returns a status and does not modify the parameter. Since similar function are already taking const parameters, also change this function to have a const parameter. Fixes #8934 CLA: trivial Signed-off-by:
Arne Schwabe <arne@rfc2549.org> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
Pauli authored
Add ranged checked OSSL_PARAM conversions between the native types. A conversion is legal only if the given value can be exactly represented by the target type. Includes a test case that reads a stanza test case file and verified that param conversions are processed properly. Reviewed-by:
-
Richard Levitte authored
In the development of the CRMF sub-system, there seems to have been some confusion as to what configuration option should be used. 'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP rather than OPENSSL_NO_CRMF... In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a silent "option" that get affected by 'cmp' by way of %disable_cascades. This allows options to be "aliases" for a set of other ones, silent or not. Reviewed-by:
-
Pauli authored
The 32 bit counter behaviour is necessary and was intentional. This reverts commit e9f148c9 . Reviewed-by:
-
Richard Levitte authored
We still use '.so' as a last resort... Fixes #8950 Reviewed-by:
-
- 17 May, 2019 1 commit
-
-
Daniel Axtens authored
The kernel self-tests picked up an issue with CTR mode. The issue was detected with a test vector with an IV of FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD: after 3 increments it should wrap around to 0. There are two paths that increment IVs: the bulk (8 at a time) path, and the individual path which is used when there are fewer than 8 AES blocks to process. In the bulk path, the IV is incremented with vadduqm: "Vector Add Unsigned Quadword Modulo", which does 128-bit addition. In the individual path, however, the IV is incremented with vadduwm: "Vector Add Unsigned Word Modulo", which instead does 4 32-bit additions. Thus the IV would instead become FFFFFFFFFFFFFFFFFFFFFFFF00000000, throwing off the result. Use vadduqm. This was probably a typo originally, what with q and w being adjacent. CLA: trivial Reviewed-by:
-
- 16 May, 2019 2 commits
-
-
Valentin Robert authored
CLA: trivial Reviewed-by:
-
Shane Lontis authored
X963 KDF is used for CMS ec keyagree Recipient Info. The X963 KDF that is used by CMS EC Key Agreement has been moved into a EVP_KDF object. This KDF is almost identical to the the SSKDF hash variant, so it has been implemented inside the SSKDF code with its own method table. Reviewed-by:
-
- 12 May, 2019 6 commits
-
-
Richard Levitte authored
Now that the legacy NID isn't used as a main index for fetched algorithms, the legacy NID was just transported around unnecessarily. This is removed, and the legacy NID is simply set by EVP_{API}_fetch() after the construction process is done. Reviewed-by: -
Richard Levitte authored
POD markup is only forbidden in the actual names, while permitted in the description. Reviewed-by:
-
Richard Levitte authored
We didn't deal very well with names that didn't have pre-defined NIDs, as the NID zero travelled through the full process and resulted in an inaccessible method. By consequence, we need to refactor the method construction callbacks to rely more on algorithm names. We must, however, still store the legacy NID with the method, for the sake of other code that depend on it (for example, CMS). Reviewed-by:
-
Richard Levitte authored
This avoids using the ASN1_OBJECT database, which is bloated for the purpose of a simple number <-> name database. Reviewed-by:
-
Richard Levitte authored
This can be used as a general name to identity map. Reviewed-by:
-
Dr. Matthias St. Pierre authored
Small correction to RAND_DRBG(7) (amends 3a50a8a9 ) Reviewed-by:
-
- 10 May, 2019 1 commit
-
-
Dr. Matthias St. Pierre authored
The functions RAND_add() and RAND_seed() provide a legacy API which enables the application to seed the CSPRNG. But NIST SP-800-90A clearly mandates that entropy *shall not* be provided by the consuming application, neither for instantiation, nor for reseeding. The provided random data will be mixed into the DRBG state as additional data only, and no entropy will accounted for it. Reviewed-by:
-
- 09 May, 2019 1 commit
-
-
Pauli authored
Provide C test cases with the option to skip tests and subtests. Reviewed-by:
-
