#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
be54ad88 |
| 17-Jun-2022 |
Pauli |
Coverity: fix 1506298: negative returns Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openss
Coverity: fix 1506298: negative returns Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18587)
show more ...
|
#
16249341 |
| 12-Jun-2022 |
Kan |
Add sensitive memory clean in priv encode Fixed #18540 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/open
Add sensitive memory clean in priv encode Fixed #18540 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18541)
show more ...
|
#
b9a86d5d |
| 25-Mar-2022 |
Zhou Qingyang |
Fix possible null pointer dereference of evp_pkey_get_legacy() evp_pkey_get_legacy() will return NULL on failure, however several uses of it or its wrappers does not check the return val
Fix possible null pointer dereference of evp_pkey_get_legacy() evp_pkey_get_legacy() will return NULL on failure, however several uses of it or its wrappers does not check the return value of evp_pkey_get_legacy(), which could lead to NULL pointer dereference. Fix those possible bugs by adding NULL checking. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17967)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
944f822a |
| 05-Dec-2021 |
slontis |
Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY. The private key for rsa, dsa, dh and ecx was being included when the selector was just the public key. (ec wa
Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY. The private key for rsa, dsa, dh and ecx was being included when the selector was just the public key. (ec was working correctly). This matches the documented behaviour. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17200)
show more ...
|
#
cf1a231d |
| 09-Sep-2021 |
Tomas Mraz |
dh_ameth: Fix dh_cmp_parameters to really compare the params This is legacy DH PKEY only code. Fixes #16562 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from http
dh_ameth: Fix dh_cmp_parameters to really compare the params This is legacy DH PKEY only code. Fixes #16562 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16568)
show more ...
|
#
d101700d |
| 06-Jul-2021 |
Richard Levitte |
CRYPTO: Remove the check for built-in methods in the export_to function That check was seen as necessary at the time, but other changes have been made since, so we now have better contro
CRYPTO: Remove the check for built-in methods in the export_to function That check was seen as necessary at the time, but other changes have been made since, so we now have better control on when we're handling legacy structures and methods, making it safe to run the export_to function on keys with foreign methods. The basic message is that foreign methods must set key structure values according to our standards no matter what, or not set them at all. This has really always been the case, but was harder to see at the time because of interaction with other bugs. Fixes #15927 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15996)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
bed7437b |
| 15-May-2021 |
Richard Levitte |
Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer We previously took an EVP_KEYMGMT pointer, but now found it necessary to use a different import function in some case
Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer We previously took an EVP_KEYMGMT pointer, but now found it necessary to use a different import function in some cases. Since that's the only thing we use from EVP_KEYMGMT, we might as well pass the import function directly, allowing for some flexibility in how export_to is used. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
b4f447c0 |
| 08-Apr-2021 |
Tomas Mraz |
Add selection support to the provider keymgmt_dup function Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
|
Revision tags: openssl-3.0.0-alpha14 |
|
#
4a9fe33c |
| 07-Apr-2021 |
Tomas Mraz |
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements.
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements. Use it when copying everything to an empty EVP_PKEY which is the case with EVP_PKEY_dup(). Fixes #14658 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
show more ...
|
#
3f883c7c |
| 07-Apr-2021 |
Shane Lontis |
Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free(). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14785)
|
Revision tags: OpenSSL_1_1_1k |
|
#
2145ba5e |
| 19-Mar-2021 |
Tomas Mraz |
Implement EVP_PKEY_dup() function Fixes #14501 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14624)
|
#
cf333799 |
| 18-Mar-2021 |
Richard Levitte |
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared ba
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
show more ...
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
adf7e6d1 |
| 08-Mar-2021 |
Shane Lontis |
Add ossl_asn1 symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
#
7bc0fdd3 |
| 02-Mar-2021 |
Matt Caswell |
Make the EVP_PKEY_get0* functions have a const return type OTC have decided that the EVP_PKEY_get0* functions should have a const return type. This is a breaking change to emphasise that
Make the EVP_PKEY_get0* functions have a const return type OTC have decided that the EVP_PKEY_get0* functions should have a const return type. This is a breaking change to emphasise that these values should be considered as immutable. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14319)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
19dbb742 |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols related to dh keys Partial fix for #12964 This adds ossl_ names for the following symbols: dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_
Fix external symbols related to dh keys Partial fix for #12964 This adds ossl_ names for the following symbols: dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key, dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id, dh_cache_named_group, dh_get0_params, dh_get0_nid, dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata, dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise, dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1, dh_pkey_method, dhx_pkey_method Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
show more ...
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
#
eb2f1b81 |
| 26-Oct-2020 |
Richard Levitte |
DH: Move the code to set the DH sub-type It's been moved so the type is set by d2i_DHparams() and d2i_DHxparams() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged fro
DH: Move the code to set the DH sub-type It's been moved so the type is set by d2i_DHparams() and d2i_DHxparams() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
show more ...
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
0ba71d6a |
| 15-Oct-2020 |
Richard Levitte |
DH: make the private key length importable / exportable The DH private key length, which is an optional parameter, wasn't properly imported / exported between legacy and provider side
DH: make the private key length importable / exportable The DH private key length, which is an optional parameter, wasn't properly imported / exported between legacy and provider side implementations. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13166)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
7022d9b9 |
| 07-Oct-2020 |
Matt Caswell |
Remove CMS recipient info information out of the algorithm implementations Low level algorithm implementations have no business knowing about details of the higher level CMS concept. Thi
Remove CMS recipient info information out of the algorithm implementations Low level algorithm implementations have no business knowing about details of the higher level CMS concept. This knowledge is therefore moved into the CMS layer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
show more ...
|
#
0b3a4ef2 |
| 06-Oct-2020 |
Matt Caswell |
Move CMS enveloping code out of the algorithms and into CMS There is quite a large amount of algorithm specific CMS code sitting in the algorithm directories. However, this seems to brea
Move CMS enveloping code out of the algorithms and into CMS There is quite a large amount of algorithm specific CMS code sitting in the algorithm directories. However, this seems to break layering. Algorithms really have no business knowing anything about CMS. Really it should be the other way around. Where there is algorithm specific CMS code it is the CMS layer that should know how to handle different algorithms. Therefore we move this code into the CMS layer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
show more ...
|
#
5357c106 |
| 30-Sep-2020 |
Pauli |
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify, ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate, ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate, ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp, ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name, ffc_params_flags_to_name, ffc_params_fromdata, ffc_params_get0_pqg, ffc_params_get_validate_params, ffc_params_init, ffc_params_print, ffc_params_set0_j, ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex, ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed, ffc_params_set_validate_params, ffc_params_simple_validate, ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest, ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key and ffc_validate_public_key_partial. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13041)
show more ...
|