]>
git.ipfire.org Git - thirdparty/openssl.git/log
Tomas Mraz [Tue, 2 Mar 2021 15:16:06 +0000 (16:16 +0100)]
Remove some of the TODO 3.0 in crypto/evp related to legacy support.
The legacy support stays in 3.0. The TODOs are dropped.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 16:48:19 +0000 (17:48 +0100)]
crypto/param_build_set.c: Remove irrelevant TODO 3.0
The OSSL_PARAM_set_BN() pads to data_size so there is no
need for OSSL_PARAM_set_BN_pad().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 16:24:55 +0000 (17:24 +0100)]
crypto/ppccap.c: Remove useless TODO 3.0
The chacha and poly1305 algorithms are not FIPS approved so
they should stay out of FIPS module.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 15:55:23 +0000 (16:55 +0100)]
include/crypto: Remove TODOs that are irrelevant for 3.0
The legacy support will not be removed in 3.0. Remove the
related TODO 3.0 marks.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 15:51:13 +0000 (16:51 +0100)]
include/internal: Remove TODOs that are irrelevant for 3.0
The sha3 and sm3 legacy support requires these headers.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Tue, 2 Mar 2021 17:55:35 +0000 (18:55 +0100)]
test/x509: Test for issuer being overwritten when printing.
The regression from commit
05458fd was fixed, but there is
no test for that regression. This adds it simply by having
a certificate that we compare for -text output having
a different subject and issuer.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14353)
Dr. David von Oheimb [Thu, 26 Nov 2020 07:35:26 +0000 (08:35 +0100)]
OSSL_STORE: restore diagnostics on decrypt error; provide password hints
Fixes #13493
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13525)
Tobias Nießen [Tue, 2 Mar 2021 17:15:32 +0000 (18:15 +0100)]
crypto: rename error flags in internal structures
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14405)
Richard Levitte [Fri, 26 Feb 2021 09:46:27 +0000 (10:46 +0100)]
Add a new test recipe to verify the generated test fipsmodule.cnf
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
Richard Levitte [Thu, 25 Feb 2021 18:40:50 +0000 (19:40 +0100)]
Fix the perl code to get FIPSMODULENAME
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
Richard Levitte [Tue, 29 Sep 2020 08:26:19 +0000 (10:26 +0200)]
TEST: Remove the build of fipsmodule.cnf from test recipes
The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's safe.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
Richard Levitte [Mon, 28 Sep 2020 19:29:56 +0000 (21:29 +0200)]
APPS: Modify 'fipsinstall' to output all notifications on stderr
The actual output of the 'fipsinstall' is the config file it outputs.
It should be possible to output that to standard output, and diverse
notification messages shouldn't be mixed in. Therefore, we output
them to standard error instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
Richard Levitte [Thu, 25 Feb 2021 16:46:36 +0000 (17:46 +0100)]
Make 'tests' depend on a generated 'providers/fipsmodule.cnf'
providers/fipsmodule.cnf is generated using 'openssl fipsinstall' with
the openssl program in the build directory.
Fixes #14315
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
Richard Levitte [Thu, 25 Feb 2021 16:43:57 +0000 (17:43 +0100)]
build.info: Make it possible to use compiled programs as generators
Our goal is to be able to produce fipsmodule.cnf with the help of
'openssl fipsinstall', using the openssl program that we build.
This refactors the generatesrc code in all the build file templates to
replace $generator and $generator_incs with $gen0, $gen_args and $gen_incs,
which makes it easier and more consistent to manipulate different bits
of the generator command, and also keeps the variable names consistent
while not overly long.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
Richard Levitte [Thu, 25 Feb 2021 15:55:39 +0000 (16:55 +0100)]
build.info: Add the possibility to add dependencies on raw targets
We need to add something for the 'tests' target to depend on, so a
special syntax for those is introduced:
DEPEND[|tests|]=fipsmodule.cnf
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
Richard Levitte [Mon, 1 Mar 2021 17:46:20 +0000 (18:46 +0100)]
DOCS: Fix provider-mac.pod and the docs of our implementations
The idea being that doc/man7/provider-mac.pod is for provider authors,
while provider users find the documentation for each implementation in
doc/man7/EVP_MAC-*.pod, the documentation of parameters wasn't quite
aligned. This change re-arranges the parameter documentation to be
more aligned with this idea.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14380)
Pauli [Tue, 2 Mar 2021 08:33:55 +0000 (18:33 +1000)]
doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type.
The type needs to be set before the DRBGs are created.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14386)
Tomas Mraz [Tue, 2 Mar 2021 10:33:48 +0000 (11:33 +0100)]
ossl_rsa_sp800_56b_check_public: Be more lenient with small keys
Fixes #13995
For small keys the MR test on the modulus can return
BN_PRIMETEST_COMPOSITE_WITH_FACTOR status although the modulus
is correct.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14389)
Pauli [Mon, 1 Mar 2021 21:38:00 +0000 (07:38 +1000)]
rand: remove FIPS mode conditional code.
The FIPS provider no longer has seeding sources inside the boundary, the
related conditional code can therefore be removed.
Fixes #14358
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14382)
Tomas Mraz [Fri, 26 Feb 2021 17:02:36 +0000 (18:02 +0100)]
EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with
EVP_DigestSign/VerifyInit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14338)
Shane Lontis [Wed, 24 Feb 2021 05:59:14 +0000 (15:59 +1000)]
Fix NULL access in ssl_build_cert_chain() when ctx is NULL.
Fixes #14294
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14295)
Tomas Mraz [Mon, 1 Mar 2021 15:14:30 +0000 (16:14 +0100)]
Remove todos in decode_der2key.c and decode_ms2key.c
Those TODOs do not really apply to 3.0 as the legacy internal
keys will stay.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Mon, 1 Mar 2021 15:07:15 +0000 (16:07 +0100)]
Improve error reporting in key exchange provider implementations
Added some error reporting in dh_exch.c and unified error reporting
with it in other key exchange methods.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Mon, 1 Mar 2021 14:52:34 +0000 (15:52 +0100)]
Remove unused MAX_TLS_MAC_SIZE define
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Mon, 1 Mar 2021 14:49:50 +0000 (15:49 +0100)]
Remove todos in providers/implementations/include/prov
Those TODOs are not relevant anymore as the headers
are now in providers.
Also make the header guard defines better reflect the
header placement.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Fri, 26 Feb 2021 17:28:48 +0000 (18:28 +0100)]
Resolve TODOs in signature implementations.
The DER writing errors can be ignored safely.
Document that the EVP_MAX_MD_SIZE is a hardcoded limit
for digest sizes.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Fri, 26 Feb 2021 14:31:23 +0000 (15:31 +0100)]
statem_lib.c: Remove TODOs that are unnecessary
If the EVP_MD_CTX_ctrl is deprecated the code will
generate deprecation warnings. So there is no point in marking
all EVP_MD_CTX_ctrl() calls with TODOs.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Fri, 26 Feb 2021 13:42:57 +0000 (14:42 +0100)]
test_ssl_new: X448, X25519, and EdDSA are supported with fips
Removed the related TODOs.
Also adjusted the DH parameters used for the DH test to be acceptable
for FIPS as that now allows only known safe prime parameters.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Fri, 26 Feb 2021 12:10:00 +0000 (13:10 +0100)]
evp_extra_test2: Remove TODO 3.0
The TODO marks optional cleanup that can be done any time in future.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Tomas Mraz [Fri, 26 Feb 2021 12:05:39 +0000 (13:05 +0100)]
evp_extra_test: Remove TODO comment as setting the curve is mandatory
Even with the SM2 algorithm the curve is needed for the paramgen.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Matt Caswell [Mon, 1 Mar 2021 10:48:59 +0000 (10:48 +0000)]
Fix a copy&paste error in evp_extra_test
test_EC_priv_pub fails to test the case where both a private and public
key have been supplied.
Fixes #14349
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14351)
Fangming.Fang [Thu, 25 Feb 2021 08:21:56 +0000 (08:21 +0000)]
Fix compiling error on arm
Fixes #14313
Change-Id: I0dc9dd475a1ed1331738355fbbec0c51fbcb37f1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14346)
Dr. David von Oheimb [Mon, 1 Mar 2021 09:23:41 +0000 (10:23 +0100)]
openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14018)
Dr. David von Oheimb [Sat, 23 Jan 2021 11:54:39 +0000 (12:54 +0100)]
CMP: On NULL-DN subject or issuer input omit field in cert template
Also improve diagnostics on inconsistent cert request input in apps/cmp.c,
add trace output for transactionIDs on new sessions,
and update the documentation in openssl-cmp.pod.in.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14018)
Pauli [Sat, 27 Feb 2021 02:18:15 +0000 (12:18 +1000)]
test: use the new set public and private together call
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14341)
Pauli [Sat, 27 Feb 2021 02:17:57 +0000 (12:17 +1000)]
test: add utility function to set the fake random callback on both the public and private instances
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14341)
Pauli [Sat, 27 Feb 2021 01:57:13 +0000 (11:57 +1000)]
test: update ECDSA and SM2 internal tests in line with the fake_random change
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14341)
Pauli [Sat, 27 Feb 2021 01:55:59 +0000 (11:55 +1000)]
test: update test_random to create real contexts instead of sharing one
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14341)
Richard Levitte [Mon, 1 Mar 2021 11:06:36 +0000 (12:06 +0100)]
make update
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14352)
UndefBehavior [Fri, 26 Feb 2021 10:36:08 +0000 (13:36 +0300)]
Fix build of /dev/crypto engine with no-dynamic-engine option
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14329)
Rich Salz [Mon, 22 Feb 2021 17:55:25 +0000 (12:55 -0500)]
Remove RSA SSLv23 padding mode
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14248)
Dr. David von Oheimb [Wed, 17 Feb 2021 16:24:19 +0000 (17:24 +0100)]
Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14009)
Dr. David von Oheimb [Thu, 28 Jan 2021 21:10:47 +0000 (22:10 +0100)]
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components
Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag]
by optionally providing any userinfo, query, and frag components.
All usages of this function, which are client-only,
silently ignore userinfo and frag components,
while the query component is taken as part of the path.
Update and extend the unit tests and all affected documentation.
Document and deprecat OCSP_parse_url().
Fixes an issue that came up when discussing FR #14001.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14009)
Dr. David von Oheimb [Fri, 26 Feb 2021 12:26:37 +0000 (13:26 +0100)]
apps/x509.c: Fix mem leaks in processing of -next_serial in print loop
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14340)
Dr. David von Oheimb [Fri, 26 Feb 2021 11:48:43 +0000 (12:48 +0100)]
apps/x509.c: Improve print_name() and coding style of large print loop in x509_main()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14340)
Dr. David von Oheimb [Fri, 26 Feb 2021 10:51:43 +0000 (11:51 +0100)]
apps/x509.c: Improve indentation of the large print loop in x509_main()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14340)
Dr. David von Oheimb [Fri, 26 Feb 2021 10:42:49 +0000 (11:42 +0100)]
apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14340)
Pauli [Fri, 26 Feb 2021 00:57:21 +0000 (10:57 +1000)]
rand: use params argument on instantiate call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:57:05 +0000 (10:57 +1000)]
core: add params argument to DRBG instantiate call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:56:46 +0000 (10:56 +1000)]
doc: update documenation with params argument on DRBG instantiate calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:56:17 +0000 (10:56 +1000)]
test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:55:40 +0000 (10:55 +1000)]
prov: update rand implementations to have a params argument for the instantiate call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:55:02 +0000 (10:55 +1000)]
fips: update DRBG KATs for the extra instantiate argument
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:52:13 +0000 (10:52 +1000)]
evp: add params argument to EVP_RAND_instantiate()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:09:49 +0000 (10:09 +1000)]
doc: document additional argument to KDF derive calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:09:27 +0000 (10:09 +1000)]
prov: add additional argument to KDF derive call in key exchange
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:09:07 +0000 (10:09 +1000)]
fips: add additional argument to KDF derive call in self test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:08:45 +0000 (10:08 +1000)]
crypto: add additional argument to KDF derive calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:08:23 +0000 (10:08 +1000)]
apps: add addition argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:07:23 +0000 (10:07 +1000)]
prov: add extra params argument to KDF implementations
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:06:52 +0000 (10:06 +1000)]
tls: adjust for extra argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:06:31 +0000 (10:06 +1000)]
test: adjust tests to include extra argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:06:11 +0000 (10:06 +1000)]
evp: add param argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Fri, 26 Feb 2021 00:05:46 +0000 (10:05 +1000)]
core: add param argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:30:57 +0000 (14:30 +1000)]
doc: update provider-mac documentation to account for the additional init() arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:27:29 +0000 (14:27 +1000)]
doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:12:56 +0000 (14:12 +1000)]
apps: update speed to use the additional arguments to MAC_init
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 04:03:09 +0000 (14:03 +1000)]
doc: note the additional parameters to EVP_MAC_init()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:55 +0000 (13:54 +1000)]
update poly1305 to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:35 +0000 (13:54 +1000)]
update BLAKE2 to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:13 +0000 (13:54 +1000)]
prov: update kmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:13 +0000 (13:54 +1000)]
prov: update hmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:13 +0000 (13:54 +1000)]
prov: update gmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:54:12 +0000 (13:54 +1000)]
prov: update cmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:52:25 +0000 (13:52 +1000)]
prov: use new MAC_init arguments in HMAC-DRBG
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:52:06 +0000 (13:52 +1000)]
prov: use new MAC_init arguments in signature legacy code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:51:28 +0000 (13:51 +1000)]
prov: update provider util to be less agressive about changing things unnecessarily
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:51:03 +0000 (13:51 +1000)]
fips: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:50:45 +0000 (13:50 +1000)]
core: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:50:01 +0000 (13:50 +1000)]
test: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:49:37 +0000 (13:49 +1000)]
evp_test: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:49:10 +0000 (13:49 +1000)]
tls: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:48:48 +0000 (13:48 +1000)]
evp: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:48:27 +0000 (13:48 +1000)]
crmf: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:48:00 +0000 (13:48 +1000)]
apps: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:47:36 +0000 (13:47 +1000)]
apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 03:47:01 +0000 (13:47 +1000)]
apps: update fipsinstall to work with additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 00:27:22 +0000 (10:27 +1000)]
prov kdf: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Thu, 25 Feb 2021 00:22:01 +0000 (10:22 +1000)]
prov: update SipHash to new init function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Pauli [Wed, 24 Feb 2021 23:52:26 +0000 (09:52 +1000)]
siphash: Add the C and D round parameters for SipHash.
This represents a gap in functionality from the low level APIs.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Richard Levitte [Tue, 23 Feb 2021 21:42:18 +0000 (22:42 +0100)]
crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length
Fixes #14258
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14291)
Richard Levitte [Tue, 23 Feb 2021 21:41:04 +0000 (22:41 +0100)]
PROV: Implement an EC key -> blob encoder, to get the public key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14291)
Richard Levitte [Tue, 23 Feb 2021 21:39:39 +0000 (22:39 +0100)]
Modify i2d_PublicKey() so it can get an EC public key as a blob
This introduces the encoder output type "blob", to be used for
anything that outputs an unstructured blob of data.
Fixes #14258
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14291)
Benjamin Kaduk [Fri, 19 Feb 2021 21:20:00 +0000 (13:20 -0800)]
test_ecpub: test that we can decode the DER we encoded
We should be able to round-trip through the encoded DER form of the
EC public key and get back something that compares as equal to the
original key.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
Benjamin Kaduk [Fri, 19 Feb 2021 21:46:49 +0000 (13:46 -0800)]
test_ecpub: verify returned length after encoding
Save the length we got from querying how much space was needed, and
check that the actual encoding call returned the same length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
Benjamin Kaduk [Mon, 25 Jan 2021 20:19:16 +0000 (12:19 -0800)]
Add test for EC pubkey export/import
There seems to be an issue with i2d_provided() in i2d_evp.c that causes
us to fail to construct a valid chain of encoders for the "type-specific"
output when it's an EC pubkey. This test is designed to exercise that
codepath for a variety of curves.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
Dr. David von Oheimb [Fri, 26 Feb 2021 07:24:07 +0000 (08:24 +0100)]
Code cleanup mostly in crypto/x509/v3_purp.c
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14328)
Benjamin Kaduk [Wed, 24 Feb 2021 21:38:25 +0000 (13:38 -0800)]
Check ASN1_item_ndef_i2d() return value.
Return an error instead of trying to malloc a negative number.
The other usage in this file already had a similar check, and the caller
should have put an entry on the error stack already.
Note that we only check the initial calls to obtain the encoded length,
and assume that the follow-up call to actually encode to the allocated
storage will succeed if the first one did.
Fixes: #14177
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14308)
Tomas Mraz [Thu, 25 Feb 2021 14:08:16 +0000 (15:08 +0100)]
evp_pkey_provided_test: Improve diagnostic output
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14316)
Tomas Mraz [Thu, 25 Feb 2021 13:43:21 +0000 (14:43 +0100)]
tests: Always print errors before test verdict
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14316)