mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
c477fa5a22
openssl/providers
History
slontis 2f362e99a1 Fix bugs in ECDH cofactor FIPS indicator. 
The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FIPS indicator error being triggered.

Added a test for all possible combinations of a EVP_PKEY setting
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE.

This only affects the B & K curves (which have a cofactor that is not 1).

Bug reported by @abkarcher

Testing this properly, also detected a memory leak of privk when the
FIPS indicator error was triggered (in the case where mode = 0 and
use_cofactor was 1).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25548)
2024-09-30 20:07:09 +02:00
..
common fips: Prohibit SHA1 in DH & ECDH exchange 2024-09-27 09:13:05 +02:00
fips kdfs: implement key length check in X9.42 2024-09-30 20:03:49 +02:00
implementations Fix bugs in ECDH cofactor FIPS indicator. 2024-09-30 20:07:09 +02:00
baseprov.c Copyright year updates 2024-09-05 09:35:49 +02:00
build.info Cleanups for FIPS options.. 2024-08-28 14:46:16 +02:00
decoders.inc
defltprov.c Copyright year updates 2024-09-05 09:35:49 +02:00
encoders.inc
fips-sources.checksums make update 2024-09-05 09:37:42 +02:00
fips.checksum make update 2024-09-05 09:37:42 +02:00
fips.module.sources make update 2024-09-05 09:37:42 +02:00
legacyprov.c
nullprov.c
prov_running.c
stores.inc