Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
If the output of a blake2[b|s] digest isn't a multipl of 8, then a stack
buffer is used to compute the final output, which is left un-zeroed
prior to return, allowing the potential leak of key data. Ensure that,
if the stack variable is used, it gets cleared prior to return.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23173)
BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initialization.
Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.
We also need to adjust EVP_DigestFinal_ex() to query the
OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.
Fixes#22488
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22491)
The function `ossl_blake2b_param_init` should initialise only, and not
read the data it is initialising
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22282)
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)
Partial fix for #12964
This adds ossl_ names for the following symbols:
blake2b512_init,blake2b_final,blake2b_init,blake2b_init_key,
blake2b_param_init,blake2b_param_set_digest_length,blake2b_param_set_key_length,
blake2b_param_set_personal,blake2b_param_set_salt,blake2b_update,
blake2s256_init,blake2s_final,blake2s_init,blake2s_init_key,
blake2s_param_init,blake2s_param_set_digest_length,blake2s_param_set_key_length,
blake2s_param_set_personal,blake2s_param_set_salt,blake2s_update,
digest_default_get_params,digest_default_gettable_params
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
From providers/{common,default,legacy}/ to providers/implementations/
However, providers/common/digests/digest_common.c stays where it is,
because it's support code rather than an implementation.
To better support all kinds of implementations with common code, we
add the library providers/libcommon.a. Code that ends up in this
library must be FIPS agnostic.
While we're moving things around, though, we move digestscommon.h
from providers/common/include/internal to providers/common/include/prov,
thereby starting on a provider specific include structure, which
follows the line of thoughts of the recent header file reorganization.
We modify the affected '#include "internal/something.h"' to
'#include "prov/something.h"'.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Richard Levitte
Neil Horman
наб
Tomas Mraz
Matt Caswell
Čestmír Kalina
Shane Lontis