[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Mar 17 00:34:50 UTC 2021
The branch master has been updated
via 1f79baa55ee00c64372397292ab9c88b5c373d93 (commit)
via 7128458b8ae264af012bf5f3c504ba73045f8567 (commit)
via 8f391c7d1b1ce4c2edac4fe7a626fc8d337a61a1 (commit)
via 95856e34bbf961351986382b6b7137020c70eb60 (commit)
via cc32fbdca1bb55150646ecd265dc4069c2509d2e (commit)
from d1f790de0ce239e981c6f33dd98a45b8a3c3ff31 (commit)
- Log -----------------------------------------------------------------
commit 1f79baa55ee00c64372397292ab9c88b5c373d93
Author: Pauli <ppzgs1 at gmail.com>
Date: Tue Mar 16 10:06:29 2021 +1000
Remove TODOs from digest.c
They aren't relevant:
. Digest Sign isn't supported in the FIPS provider.
. Remove legacy NID use.
Fixes #14394
Fixes #14395
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14565)
commit 7128458b8ae264af012bf5f3c504ba73045f8567
Author: Pauli <ppzgs1 at gmail.com>
Date: Tue Mar 16 10:00:25 2021 +1000
params: clean up TODO
The TODO being reworked to just be a comment.
Fixes #14374
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14565)
commit 8f391c7d1b1ce4c2edac4fe7a626fc8d337a61a1
Author: Pauli <ppzgs1 at gmail.com>
Date: Tue Mar 16 09:58:22 2021 +1000
doc: remove TODOs about redesigning the AEAD API
The changes would be significant and the benefits not likely to be too great.
Fixes #14368
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14565)
commit 95856e34bbf961351986382b6b7137020c70eb60
Author: Pauli <ppzgs1 at gmail.com>
Date: Tue Mar 16 09:56:31 2021 +1000
prov: remove todos in rsa_keymgmt.c
The TODOs are about OAEP and aren't relevant.
Fixes #14361
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14565)
commit cc32fbdca1bb55150646ecd265dc4069c2509d2e
Author: Pauli <ppzgs1 at gmail.com>
Date: Tue Mar 16 09:54:54 2021 +1000
prov: remove TODO in der_rsa_key.c
Fixes #14365
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14565)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/digest.c | 10 ----------
crypto/params_from_text.c | 4 ++--
doc/man7/provider-cipher.pod | 6 ------
providers/common/der/der_rsa_key.c | 3 ++-
providers/implementations/keymgmt/rsa_kmgmt.c | 4 ----
5 files changed, 4 insertions(+), 23 deletions(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index dbbc44f046..d256cbe140 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -65,7 +65,6 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
return 1;
#ifndef FIPS_MODULE
- /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
/*
* pctx should be freed by the user of EVP_MD_CTX
* if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
@@ -322,10 +321,6 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
skip_to_init:
#endif
#ifndef FIPS_MODULE
- /*
- * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module
- * or when using providers.
- */
if (ctx->pctx != NULL
&& (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
|| ctx->pctx->op.sig.signature == NULL)) {
@@ -541,7 +536,6 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
/* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
#ifndef FIPS_MODULE
- /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
if (in->pctx != NULL) {
out->pctx = EVP_PKEY_CTX_dup(in->pctx);
if (out->pctx == NULL) {
@@ -598,7 +592,6 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
out->update = in->update;
#ifndef FIPS_MODULE
- /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
if (in->pctx) {
out->pctx = EVP_PKEY_CTX_dup(in->pctx);
if (!out->pctx) {
@@ -758,7 +751,6 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
return NULL;
}
-/* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */
int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
{
int ret = EVP_CTRL_RET_UNSUPPORTED;
@@ -834,7 +826,6 @@ EVP_MD *evp_md_new(void)
* NIDs or any functionality that use them.
*/
#ifndef FIPS_MODULE
-/* TODO(3.x) get rid of the need for legacy NIDs */
static void set_legacy_nid(const char *name, void *vlegacy_nid)
{
int nid;
@@ -901,7 +892,6 @@ static void *evp_md_from_dispatch(int name_id,
}
#ifndef FIPS_MODULE
- /* TODO(3.x) get rid of the need for legacy NIDs */
md->type = NID_undef;
if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type)
|| md->type == -1) {
diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c
index 3ff94c7475..bf3ca61641 100644
--- a/crypto/params_from_text.c
+++ b/crypto/params_from_text.c
@@ -75,8 +75,8 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key,
*buf_n = (buf_bits + 7) / 8;
/*
- * TODO(v3.0) is this the right way to do this? This code expects
- * a zero data size to simply mean "arbitrary size".
+ * A zero data size means "arbitrary size", so only do the
+ * range checking if a size is specified.
*/
if (p->data_size > 0) {
if (buf_bits > p->data_size * 8
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index de5be060a1..e1d2182fa5 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -292,10 +292,6 @@ The length of the "taglen" parameter should not exceed that of a B<size_t>.
=item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>
-=for comment TODO(3.0): Consider changing this interface so that all ciphers
-use the standard AEAD interface - rather than having this special purpose
-interface for TLS
-
Sets TLSv1.2 AAD information for the associated cipher ctx.
TLSv1.2 AAD information is always 13 bytes in length and is as defined for the
"additional_data" field described in section 6.2.3.3 of RFC5246.
@@ -308,8 +304,6 @@ The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>.
=item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string>
-=for comment TODO(3.0): This interface needs completely redesigning!
-
Sets the fixed portion of an IV for an AEAD cipher used in a TLS record
encryption/ decryption for the associated cipher ctx.
TLS record encryption/decryption always occurs "in place" so that the input and
diff --git a/providers/common/der/der_rsa_key.c b/providers/common/der/der_rsa_key.c
index fd9c58b456..81ab0346cf 100644
--- a/providers/common/der/der_rsa_key.c
+++ b/providers/common/der/der_rsa_key.c
@@ -18,7 +18,8 @@
#include "prov/der_rsa.h"
#include "prov/der_digests.h"
-/* More complex pre-compiled sequences. TODO(3.0) refactor? */
+/* More complex pre-compiled sequences. */
+
/*-
* From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
*
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index 425b6c80f2..7869b2dddc 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -164,8 +164,6 @@ static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[])
rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK);
- /* TODO(3.0) OAEP should bring on parameters as well */
-
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa),
&pss_defaults_set,
@@ -189,8 +187,6 @@ static int rsa_export(void *keydata, int selection,
if (!ossl_prov_is_running() || rsa == NULL)
return 0;
- /* TODO(3.0) OAEP should bring on parameters */
-
tmpl = OSSL_PARAM_BLD_new();
if (tmpl == NULL)
return 0;
More information about the openssl-commits
mailing list