- Apr 12, 2019
-
-
Matt Caswell authored
These undocumented functions were never integrated into the EVP layer and implement the AES Infinite Garble Extension (IGE) mode and AES Bi-directional IGE mode. These modes were never formally standardised and usage of these functions is believed to be very small. In particular AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one is ever used. The security implications are believed to be minimal, but this issue was never fixed for backwards compatibility reasons. Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8710)
-
Bernd Edlinger authored
usage: openssl speed -cmac aes128 Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8721)
-
Pauli authored
Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l" This requires the seed sources to be approved as entropy sources, after which they should be considered live sources as per section 5.3.2 "Live Entropy Source Availability." Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8647)
-
- Apr 11, 2019
-
-
Shane Lontis authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8564)
-
Shane Lontis authored
Reviewed-by:
-
Nicola Tuveri authored
This fixes the "verifying the alias" case. Actually, while working on it, I realized that conceptually we were testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at the same time, and actually not in the proper way. I think it's fair to assume that overwriting the curve name for an existing group with `NID_undef` could lead to the unexpected behaviour we were observing and working around. Thus I decided to separate the lookup test in a dedicated simpler test that does what the documentation of `EC_GROUP_check_named_curve()` suggests: the lookup functionality is meant to find a name for a group generated with explicit parameters. In case an alternative alias is returned by the lookup instead of the expected nid, to avoid doing comparisons between `EC_GROUP`s with different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS` of the "alias group" and create a new explicit parameters group to use in `EC_GROUP_cmp()`. Reviewed-by:
-
Nicola Tuveri authored
Setting arbitrary `p`, `a` or `b` with `EC_GROUP_set_curve()` might fail for some `EC_GROUP`s, depending on the internal `EC_METHOD` implementation, hence the block of tests verifying that `EC_GROUP_check_named_curve()` fails when any of the curve parameters is changed is modified to run only if the previous `EC_GROUP_set_curve()` call succeeds. `ERR_set_mark()` and `ERR_pop_to_mark()` are used to avoid littering the thread error stack with unrelated errors happened during `EC_GROUP_set_curve()`. Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
- Apr 10, 2019
-
-
Shane Lontis authored
Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Jakub Wilk authored
CLA: trivial Reviewed-by:
-
Richard Levitte authored
Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by:
-
- Apr 09, 2019
-
-
Paul Yang authored
This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
When the purpose is to pass parameters to a setter function, that setter function needs to know the size of the data passed. This remains true for the pointer data types as well. Reviewed-by:
-
Matt Caswell authored
If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
When we attempt to fetch a method with a given NID we will ask the providers for it if we don't already know about it. During that process we may be told about other methods with a different NID. We need to make sure we don't confuse the two. Reviewed-by:
-
Richard Levitte authored
The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do this. Fixes #8684 Reviewed-by:
-
Richard Levitte authored
OSSL_PARAM_END is a macro that can only be used to initialize an OSSL_PARAM array, not to assign an array element later on. For completion, we add an end constructor to facilitate that kind of assignment. Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
- Apr 08, 2019
-
-
Shane Lontis authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Pauli authored
Using a byte buffer causes problems for device that don't handle unaligned reads. Instead use the properly aligned variable that was already pointed at. Reviewed-by:
-
Dan Campbell authored
Fixes #8645 Reviewed-by:
-
Shane Lontis authored
Reviewed-by:
-
- Apr 07, 2019
-
-
Patrick Steuer authored
ISO C90 forbids specifying subobject to initialize Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Patrick Steuer authored
C++ style comments are not allowed in ISO C90 Signed-off-by:
-
- Apr 06, 2019
-
-
FdaSilvaYY authored
Found by Coverity. Reviewed-by:
-
Pauli authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8629)
-
Bernd Edlinger authored
Reviewed-by:
-
- Apr 05, 2019
-
-
Richard Levitte authored
The value of the 'default_properties' command is simply passed to EVP_set_default_properties(). Reviewed-by:
-
Richard Levitte authored
EVP_MD_fetch() can be given a property query string. However, there are cases when it won't, for example in implicit fetches. Therefore, we also need a way to set a global property query string to be used in all subsequent fetches. This also applies to all future algorithm fetching functions. Reviewed-by:
-
Richard Levitte authored
Additionally, merge ENGINE_CONF into CONF. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Other configuration modules may have use for tracing, and having one tracing category for each of them is a bit much. Instead, we make one category for them all. Reviewed-by:
-
Richard Levitte authored
It was assumed that the config functionality returned a boolean. However, it may return a negative number on error, so we need to take that into account. Reviewed-by:
-
Richard Levitte authored
The three macros EVP_F_AESNI_XTS_INIT_KEY, EVP_F_AES_T4_XTS_INIT_KEY and EVP_F_AES_XTS_INIT_KEY are affected. Reviewed-by:
-
Pauli authored
than the update call. The means an earlier error return at the cost of some duplicated code. Reviewed-by:
-
