| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
fb7a7f09 |
| 27-Apr-2023 |
Pauli |
pbe: sort stack before using find
There is no lock for the sort. This is no worse than the
existing code which sorted silently without a lock.
Reviewed-by: Tomas Mraz <tomas@op
pbe: sort stack before using find
There is no lock for the sort. This is no worse than the
existing code which sorted silently without a lock.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
show more ...
|
| #
c09c202e |
| 07-Mar-2023 |
ndossche |
Add missing assignment to EVP_get_digestbynid()
The assignment of the result of EVP_get_digestbynid() did not happen
which made the fallback not actually perform the fallback.
C
Add missing assignment to EVP_get_digestbynid()
The assignment of the result of EVP_get_digestbynid() did not happen
which made the fallback not actually perform the fallback.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20447)
show more ...
|
| #
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.
There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.
Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
| #
48963ff6 |
| 13-Sep-2022 |
K1 |
Add support for PBE using hmacWithSM3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1920
Add support for PBE using hmacWithSM3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19204)
show more ...
|
| #
3211266a |
| 27-Jun-2022 |
Daniel Fiala |
Allocate EVP_PBE_CTL with OPENSSL_zalloc.
Fixes openssl#18598.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mra
Allocate EVP_PBE_CTL with OPENSSL_zalloc.
Fixes openssl#18598.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18666)
show more ...
|
| #
c73ba818 |
| 05-Aug-2021 |
Hubert Kario |
add support for SHA-3 based PRF to PBES2
As there are no limitations for HMACs used in PBKDF2 inside PBES2,
as more specifically the SHA-3 hashes are drop-in replacements for
SHA-2 h
add support for SHA-3 based PRF to PBES2
As there are no limitations for HMACs used in PBKDF2 inside PBES2,
as more specifically the SHA-3 hashes are drop-in replacements for
SHA-2 hashes, we can easily add support for SHA-3 here.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16237)
show more ...
|
| #
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
| #
3c15d677 |
| 29-May-2021 |
Shane Lontis |
Fix error stack for some fetch calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pu
Fix error stack for some fetch calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15532)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
| #
8bb6fdfc |
| 06-May-2021 |
Jon Spillett |
Added PKCS5_PBE_keyivgen_ex() to allow PBKDF1 algorithms to be fetched for a specific library context
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@op
Added PKCS5_PBE_keyivgen_ex() to allow PBKDF1 algorithms to be fetched for a specific library context
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14326)
show more ...
|
| #
aff636a4 |
| 06-May-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15181)
|
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
| #
b536880c |
| 17-Feb-2021 |
Jon Spillett |
Add library context and property query support into the PKCS12 API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.
Add library context and property query support into the PKCS12 API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14434)
show more ...
|
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
| #
a150f8e1 |
| 04-Nov-2020 |
Richard Levitte |
CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()
This is not done absolutely everywhere, as there are places where
the use of ERR_add_error_data() is quite complex,
CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()
This is not done absolutely everywhere, as there are places where
the use of ERR_add_error_data() is quite complex, but at least the
simple cases are done.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
| #
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.
This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.
This was done using util/err-to-raise
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha7 |
|
| #
eec0ad10 |
| 15-Oct-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13144)
|
|
Revision tags: OpenSSL_1_1_1h |
|
| #
29844ea5 |
| 16-Sep-2020 |
Dr. David von Oheimb |
Prune low-level ASN.1 parse errors from error queue in decoder_process()
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@ope
Prune low-level ASN.1 parse errors from error queue in decoder_process()
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
| #
12a765a5 |
| 16-Sep-2019 |
Rich Salz |
Explicitly test against NULL; do not use !p or similar
Also added blanks lines after declarations in a couple of places.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Review
Explicitly test against NULL; do not use !p or similar
Also added blanks lines after declarations in a couple of places.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9916)
show more ...
|
| #
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc
Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like
'*_lcl.h', '*_local.h', or '*_int.h'
This commit changes the different suffixes to '*_local.h' uniformly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
| #
25f2138b |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize private crypto header files
Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:
W
Reorganize private crypto header files
Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:
While header files in 'include/internal' are intended to be shared
between libcrypto and libssl, the files in 'crypto/include/internal'
are intended to be shared inside libcrypto only.
To make things complicated, the include search path is set up in such
a way that the directive #include "internal/file.h" could refer to
a file in either of these two directoroes. This makes it necessary
in some cases to add a '_int.h' suffix to some files to resolve this
ambiguity:
#include "internal/file.h" # located in 'include/internal'
#include "internal/file_int.h" # located in 'crypto/include/internal'
This commit moves the private crypto headers from
'crypto/include/internal' to 'include/crypto'
As a result, the include directives become unambiguous
#include "internal/file.h" # located in 'include/internal'
#include "crypto/file.h" # located in 'include/crypto'
hence the superfluous '_int.h' suffixes can be stripped.
The files 'store_int.h' and 'store.h' need to be treated specially;
they are joined into a single file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
| #
5a285add |
| 21-Jun-2018 |
David Makepeace |
Added new EVP/KDF API.
Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.
Added new EVP/KDF API.
Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6674)
show more ...
|
| #
4a8b0c55 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/evp/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/
Following the license change, modify the boilerplates in crypto/evp/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7794)
show more ...
|
| #
1212818e |
| 11-Sep-2018 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
|
| #
5b37fef0 |
| 05-Aug-2018 |
Andy Polyakov |
Harmonize use of sk_TYPE_find's return value.
In some cases it's about redundant check for return value, in some
cases it's about replacing check for -1 with comparison to 0.
Otherwi
Harmonize use of sk_TYPE_find's return value.
In some cases it's about redundant check for return value, in some
cases it's about replacing check for -1 with comparison to 0.
Otherwise compiler might generate redundant check for <-1. [Even
formatting and readability fixes.]
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6860)
show more ...
|
| #
f52292be |
| 01-Aug-2018 |
Pauli |
Add OIDs for HMAC SHA512/224 and HMAC SHA512/256.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6830)
|
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
418d49c2 |
| 30-May-2017 |
Martin Peylo |
Adding NID_hmac_sha1 and _md5 to builtin_pbe[]
The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly
referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential f
Adding NID_hmac_sha1 and _md5 to builtin_pbe[]
The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly
referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential for the
common implementations of CMP (Certificate Managing Protocol, RFC4210).
HMAC-MD5's OID {1 3 6 1 5 5 8 1 1} (NID_hmac_md5) is in the same branch and
it seems to generally exist (-> Internet search), but it is unclear where it is
actually defined as it appears not to be referenced by RFCs and practically
rather unused.
Those OIDs are both duplicates to OIDs from an RSA OID branch, which are already
included in builtin_pbe[]:
HMAC-SHA1 also has another OID defined in PKCS#5/RFC2898 (NID_hmacWithSHA1).
It is also unclear where the other OID for HMAC-MD5 (NID_hmacWithMD5) from the
RSA branch is officially specified, as only HMAC-SHA1 from PKCS#5 was found to be
defined. Anyway, HMAC-MD5 likely only plays a neglectable role in the future.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3811)
show more ...
|
