[openssl] master update
Matt Caswell
matt at openssl.org
Wed Jul 8 08:06:01 UTC 2020
The branch master has been updated
via 2f1d0b35c12f50e971ef626ff9bbf35a53f9a66d (commit)
via 146aebc6a082ac4343b79dcf18ef86e853b85d85 (commit)
via 90a74d8c4331c363d68ecd1168bc5344f7ba9be8 (commit)
via 08a1c9f2e6e28a81936e51019b89e842a1a90b31 (commit)
from 163b8016160f03558d8352b76fb594685cb39f7d (commit)
- Log -----------------------------------------------------------------
commit 2f1d0b35c12f50e971ef626ff9bbf35a53f9a66d
Author: Matt Caswell <matt at openssl.org>
Date: Wed Jul 1 12:20:49 2020 +0100
Ensure we excluse ec2m curves if ec2m is disabled
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
commit 146aebc6a082ac4343b79dcf18ef86e853b85d85
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jun 26 20:49:19 2020 +0100
Add a test to check having a provider loaded without a groups still works
As long as we have at least one provider loaded which offers some
groups, it doesn't matter if we have others loaded that don't.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
commit 90a74d8c4331c363d68ecd1168bc5344f7ba9be8
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jun 26 20:44:27 2020 +0100
Fix an incorrect error flow in add_provider_groups
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
commit 08a1c9f2e6e28a81936e51019b89e842a1a90b31
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jun 26 20:40:11 2020 +0100
Fix OSSL_PROVIDER_get_capabilities()
It is not a failure to call OSSL_PROVIDER_get_capabilities() with a
provider loaded that has no capabilities.
Fixes #12286
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
-----------------------------------------------------------------------
Summary of changes:
crypto/provider_core.c | 2 +-
providers/common/capabilities.c | 8 ++++++++
ssl/t1_lib.c | 2 +-
test/sslapitest.c | 5 ++++-
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index a2350bb88e..f68fd8f0f9 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -831,7 +831,7 @@ int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
void *arg)
{
return prov->get_capabilities == NULL
- ? 0 : prov->get_capabilities(prov->provctx, capability, cb, arg);
+ ? 1 : prov->get_capabilities(prov->provctx, capability, cb, arg);
}
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index a41d3990f0..a60620d8a2 100644
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -97,26 +97,34 @@ static const TLS_GROUP_CONSTANTS group_list[35] = {
static const OSSL_PARAM param_group_list[][10] = {
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_EC2M
TLS_GROUP_ENTRY("sect163k1", "sect163k1", "EC", 0),
+# endif
# ifndef FIPS_MODULE
TLS_GROUP_ENTRY("sect163r1", "sect163r1", "EC", 1),
# endif
+# ifndef OPENSSL_NO_EC2M
TLS_GROUP_ENTRY("sect163r2", "sect163r2", "EC", 2),
+# endif
# ifndef FIPS_MODULE
TLS_GROUP_ENTRY("sect193r1", "sect193r1", "EC", 3),
TLS_GROUP_ENTRY("sect193r2", "sect193r2", "EC", 4),
# endif
+# ifndef OPENSSL_NO_EC2M
TLS_GROUP_ENTRY("sect233k1", "sect233k1", "EC", 5),
TLS_GROUP_ENTRY("sect233r1", "sect233r1", "EC", 6),
+# endif
# ifndef FIPS_MODULE
TLS_GROUP_ENTRY("sect239k1", "sect239k1", "EC", 7),
# endif
+# ifndef OPENSSL_NO_EC2M
TLS_GROUP_ENTRY("sect283k1", "sect283k1", "EC", 8),
TLS_GROUP_ENTRY("sect283r1", "sect283r1", "EC", 9),
TLS_GROUP_ENTRY("sect409k1", "sect409k1", "EC", 10),
TLS_GROUP_ENTRY("sect409r1", "sect409r1", "EC", 11),
TLS_GROUP_ENTRY("sect571k1", "sect571k1", "EC", 12),
TLS_GROUP_ENTRY("sect571r1", "sect571r1", "EC", 13),
+# endif
# ifndef FIPS_MODULE
TLS_GROUP_ENTRY("secp160k1", "secp160k1", "EC", 14),
TLS_GROUP_ENTRY("secp160r1", "secp160r1", "EC", 15),
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c9097fcc44..41228d58e9 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -334,7 +334,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_TLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxtls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
- return 0;
+ goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS);
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 182984ecb1..afc4ea8d40 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8235,8 +8235,10 @@ static int test_pluggable_group(void)
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider");
+ /* Check that we are not impacted by a provider without any groups */
+ OSSL_PROVIDER *legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
- if (!TEST_ptr(tlsprov))
+ if (!TEST_ptr(tlsprov) || !TEST_ptr(legacyprov))
goto end;
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
@@ -8263,6 +8265,7 @@ static int test_pluggable_group(void)
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
OSSL_PROVIDER_unload(tlsprov);
+ OSSL_PROVIDER_unload(legacyprov);
return testresult;
}
More information about the openssl-commits
mailing list