#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
37b85073 |
| 12-Jan-2022 |
manison |
EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails Fixes #17482 CLA: trivial Reviewed-by: Matt Caswell <matt@op
EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails Fixes #17482 CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17487)
show more ...
|
#
5246183e |
| 01-Oct-2021 |
Richard Levitte |
EVP: Reverse the fetch logic in all pkey using functionality In all initializing functions for functionality that use an EVP_PKEY, the coded logic was to find an KEYMGMT implementation f
EVP: Reverse the fetch logic in all pkey using functionality In all initializing functions for functionality that use an EVP_PKEY, the coded logic was to find an KEYMGMT implementation first, and then try to find the operation method (for example, SIGNATURE implementation) in the same provider. This implies that in providers where there is a KEYMGMT implementation, there must also be a SIGNATURE implementation, along with a KEYEXCH, ASYM_CIPHER, etc implementation. The intended design was, however, the opposite implication, i.e. that where there is a SIGNATURE implementation, there must also be KEYMGMT. This change reverses the logic of the code to be closer to the intended design. There is a consequence; we now use the query_operation_name function from the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by the application). Previously, we used the query_operation_name function from the KEYMGMT found alongside the SIGNATURE implementation. Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX is now always a reference to the KEYMGMT of the |pkey| field if that one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt| isn't NULL). Fixes #16614 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
show more ...
|
#
fb0f65ff |
| 16-Oct-2021 |
Richard Levitte |
Fix lock leak in evp_keymgmt_util_export_to_provider() Fixes #16847 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16849)
|
#
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
#
1af9b646 |
| 08-Jun-2021 |
Pauli |
keymgmt: better detect when a key manager can be reused Fixes #14159 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15652)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
6c9bc258 |
| 16-Apr-2021 |
Tomas Mraz |
Add type_name member to provided methods and use it Fixes #14701 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14898)
|
#
e36a4dc4 |
| 23-Apr-2021 |
Richard Levitte |
EVP: evp_keymgmt_util_try_import() should clean up on failed import If evp_keymgmt_util_try_import() allocated keydata, and the import itself fails, it should deallocate keydata.
EVP: evp_keymgmt_util_try_import() should clean up on failed import If evp_keymgmt_util_try_import() allocated keydata, and the import itself fails, it should deallocate keydata. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15008)
show more ...
|
#
145a4c87 |
| 15-Apr-2021 |
Matt Caswell |
Remove a TODO(3.0) from keymgmt_lib.c The TODO suggest a possible refactoring. The refactoring doesn't seem necessary at this stage. If it is required later it can be done without af
Remove a TODO(3.0) from keymgmt_lib.c The TODO suggest a possible refactoring. The refactoring doesn't seem necessary at this stage. If it is required later it can be done without affecting external APIs - so just remove the TODO. Fixes #14397 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14888)
show more ...
|
Revision tags: openssl-3.0.0-alpha14 |
|
#
a732a4c3 |
| 08-Apr-2021 |
Shane Lontis |
Add EVP_PKEY_todata() and EVP_PKEY_export() functions. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openss
Add EVP_PKEY_todata() and EVP_PKEY_export() functions. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14800)
show more ...
|
#
85fcc3fb |
| 08-Apr-2021 |
Tomas Mraz |
Remove keymgmt_copy function from the provider API It is superceded by the keymgmt_dup. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/opens
Remove keymgmt_copy function from the provider API It is superceded by the keymgmt_dup. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
show more ...
|
#
b4f447c0 |
| 08-Apr-2021 |
Tomas Mraz |
Add selection support to the provider keymgmt_dup function Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
|
#
4a9fe33c |
| 07-Apr-2021 |
Tomas Mraz |
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements.
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements. Use it when copying everything to an empty EVP_PKEY which is the case with EVP_PKEY_dup(). Fixes #14658 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
show more ...
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
e08993ea |
| 11-Mar-2021 |
Tomas Mraz |
evp_keymgmt_util_copy: Fix possible leak on copy failure Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14511)
|
#
cd3f8c1b |
| 18-Feb-2021 |
Rich Salz |
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and added some code to ossl_namemap_stored() to handle the failure, and updated the tests to allow for failure. Fixes: #14230 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14238)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
64954e2f |
| 04-Feb-2021 |
Pauli |
Fix race condition & allow operation cache to grow. This fixes a race condition where the index to the cache location was found under a read lock and a later write lock set the cache ent
Fix race condition & allow operation cache to grow. This fixes a race condition where the index to the cache location was found under a read lock and a later write lock set the cache entry. The issue being that two threads could get the same location index and then fight each other over writing the cache entry. The most likely outcome is a memory leak, however it would be possible to set up an invalid cache entry. The operation cache was a fixed sized array, once full an assertion failed. The other fix here is to convert this to a stack. The code is simplified and it avoids a cache overflow condition. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14062)
show more ...
|
#
f4a3799c |
| 03-Feb-2021 |
Richard Levitte |
EVP: Make EVP_PKEY_set_params() increment the dirty count When the internal key is changed, we must count it as muted, so that next time the affected key is considered for an operation,
EVP: Make EVP_PKEY_set_params() increment the dirty count When the internal key is changed, we must count it as muted, so that next time the affected key is considered for an operation, it gets re-exported to the signing provider. In other words, this will clear the EVP_PKEY export cache when the next export attempt occurs. This also updates evp_keymgmt_util_export_to_provider() to actually look at the dirty count for provider native origin keys, and act appropriately. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14056)
show more ...
|
Revision tags: openssl-3.0.0-alpha11 |
|
#
0b07db6f |
| 27-Jan-2021 |
Matt Caswell |
Ensure the EVP_PKEY operation_cache is appropriately locked The EVP_PKEY operation_cache caches references to provider side key objects that have previously been exported for this EVP_PK
Ensure the EVP_PKEY operation_cache is appropriately locked The EVP_PKEY operation_cache caches references to provider side key objects that have previously been exported for this EVP_PKEY, and their associated key managers. The cache may be updated from time to time as the EVP_PKEY is exported to more providers. Since an EVP_PKEY may be shared by multiple threads simultaneously we must be careful to ensure the cache updates are locked. Fixes #13818 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
show more ...
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
655f73ce |
| 11-Sep-2020 |
Richard Levitte |
EVP: Add the internal convenience function evp_keymgmt_util_export() This is purely to allow exporting without having to repeatedly specify the keymgmt and keydata from the EVP_PKEY.
EVP: Add the internal convenience function evp_keymgmt_util_export() This is purely to allow exporting without having to repeatedly specify the keymgmt and keydata from the EVP_PKEY. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12853)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
af836c22 |
| 08-Jul-2020 |
Richard Levitte |
EVP KEYMGMT utils: Make a few more utility functions available This makes the following functions available for libcrypto code: evp_keymgmt_util_try_import() - callback function
EVP KEYMGMT utils: Make a few more utility functions available This makes the following functions available for libcrypto code: evp_keymgmt_util_try_import() - callback function evp_keymgmt_util_assign_pkey() - assigns keymgmt and keydata to an EVP_PKEY evp_keymgmt_util_make_pkey() - creates an EVP_PKEY from keymgmt and keydata Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
11391da2 |
| 21-May-2020 |
Matt Caswell |
Always create a key when importing Even if there is no data to import we should still create an empty key. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https
Always create a key when importing Even if there is no data to import we should still create an empty key. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11898)
show more ...
|
#
c74aaa39 |
| 25-May-2020 |
Dr. David von Oheimb |
Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl
Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11953)
show more ...
|
Revision tags: openssl-3.0.0-alpha2 |
|
#
036ee370 |
| 28-Apr-2020 |
Richard Levitte |
EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL evp_keymgmt_util_copy() didn't treat the case to->keymgmt correctly. The proper change is to use from->keymgmt when to->keymgmt i
EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL evp_keymgmt_util_copy() didn't treat the case to->keymgmt correctly. The proper change is to use from->keymgmt when to->keymgmt is NULL. Fixes coverity #1462553 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11668)
show more ...
|