Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't attempt to set provider params on an ENGINE based cipher (3.1/3.0) #22865

Closed
wants to merge 2 commits into from
Closed

Don't attempt to set provider params on an ENGINE based cipher (3.1/3.0) #22865

wants to merge 2 commits into from

Conversation

mattcaswell
Copy link
Member

If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.

We also add a test for this.

This is the 3.1/3.0 backport of #22864

@mattcaswell
Add a test for late loading of an ENGINE in TLS
6766749 
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).

(cherry picked from commit a9c97da)
@mattcaswell
Don't attempt to set provider params on an ENGINE based cipher
c910226 
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.
@mattcaswell mattcaswell added approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member triaged: bug The issue/pr is/fixes a bug branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 tests: present The PR has suitable tests present labels Nov 29, 2023
@mattcaswell mattcaswell self-assigned this Nov 29, 2023
@mattcaswell mattcaswell mentioned this pull request Nov 29, 2023
Closed
@mattcaswell mattcaswell requested a review from t8m November 29, 2023 12:43
@t8m t8m removed the approval: otc review pending This pull request needs review by an OTC member label Nov 29, 2023
@tmshort tmshort added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Nov 29, 2023
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Nov 30, 2023
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@mattcaswell
Copy link
Member Author

Pushed to 3.1/3.0. Thanks.

openssl-machine pushed a commit that referenced this pull request Dec 12, 2023
@mattcaswell
Add a test for late loading of an ENGINE in TLS
dda9208 
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).

(cherry picked from commit a9c97da)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from #22865)
openssl-machine pushed a commit that referenced this pull request Dec 12, 2023
@mattcaswell
Don't attempt to set provider params on an ENGINE based cipher
ed5f9ce 
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from #22865)
openssl-machine pushed a commit that referenced this pull request Dec 12, 2023
@mattcaswell
Add a test for late loading of an ENGINE in TLS
9ffd4a3 
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).

(cherry picked from commit a9c97da)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from #22865)

(cherry picked from commit dda9208)
openssl-machine pushed a commit that referenced this pull request Dec 12, 2023
@mattcaswell
Don't attempt to set provider params on an ENGINE based cipher
4f41e1b 
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from #22865)

(cherry picked from commit ed5f9ce)
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Dec 15, 2023
@mattcaswell
Add a test for late loading of an ENGINE in TLS
206f2c7 
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).

(cherry picked from commit a9c97da4910648790387d035afb12963158778fb)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from openssl/openssl#22865)

(cherry picked from commit dda9208cef52670e6c832cbadaa3e08ad535ac30)
Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Dec 15, 2023
@mattcaswell
Don't attempt to set provider params on an ENGINE based cipher
cd44618 
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from openssl/openssl#22865)

(cherry picked from commit ed5f9ce63e98da2e7fddd55040c8e9e03f3af975)
Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Dec 15, 2023
@mattcaswell
Add a test for late loading of an ENGINE in TLS
7eff227 
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).

(cherry picked from commit a9c97da4910648790387d035afb12963158778fb)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from openssl/openssl#22865)

Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Dec 15, 2023
@mattcaswell
Don't attempt to set provider params on an ENGINE based cipher
57dd265 
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from openssl/openssl#22865)

Signed-off-by: fly2x <fly2x@hitls.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@tmshort tmshort tmshort approved these changes

Assignees

@mattcaswell mattcaswell

Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mattcaswell @openssl-machine @t8m @tmshort