#
ff1efe6e |
| 14-May-2022 |
Charles Milette |
Fix UWP builds by defining VirtualLock Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Fix UWP builds by defining VirtualLock Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18311)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
3c2bdd7d |
| 08-Apr-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
|
#
44e82b81 |
| 06-Apr-2021 |
Pauli |
Remove locking in CRYPTO_secure_allocated() The check for being in secure memory is against the arena. The arena is only ever modified by sh_init() and sh_done() and in both cases, it i
Remove locking in CRYPTO_secure_allocated() The check for being in secure memory is against the arena. The arena is only ever modified by sh_init() and sh_done() and in both cases, it is done without locking. Thus, it is safe for the CRYPTO_secure_allocated() to not lock. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14775)
show more ...
|
#
0bc27f72 |
| 06-Apr-2021 |
Pauli |
Make the lock in CRYPTO_secure_allocated() a read lock Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14775)
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
cd3f8c1b |
| 18-Feb-2021 |
Rich Salz |
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and added some code to ossl_namemap_stored() to handle the failure, and updated the tests to allow for failure. Fixes: #14230 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14238)
show more ...
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
8d4b5260 |
| 13-Nov-2020 |
David Carlier |
Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap call level. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Re
Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap call level. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13394)
show more ...
|
#
27db6118 |
| 13-Nov-2020 |
David Carlier |
CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Re
CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13394)
show more ...
|
Revision tags: openssl-3.0.0-alpha8 |
|
#
f31ac320 |
| 18-Oct-2020 |
Jeremiah Gowdy |
Implement OpenSSL secure memory for Windows Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl
Implement OpenSSL secure memory for Windows Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13172)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
1d78129d |
| 18-Jun-2020 |
Tristan Bauer <67098820+trisbauer@users.noreply.github.com> |
Fix wrong return value check of mmap function The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED. CLA: trivial Reviewed-by: Tomas Mra
Fix wrong return value check of mmap function The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED. CLA: trivial Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12187)
show more ...
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
a998ec0e |
| 22-Feb-2020 |
Pauli |
secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init(). If the user specifies a minimum allocation size that is smaller than the free list structure (or zero), calculate t
secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init(). If the user specifies a minimum allocation size that is smaller than the free list structure (or zero), calculate the minimum possible size rather than failing. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11149)
show more ...
|
#
d27fd991 |
| 26-Feb-2020 |
Davide Galassi |
Mem-sec small code adjustment Conditional code readability improvement. Remove unused macro Commit #11042 has introduced a new, unused, CRYPTO_EX_INDEX macro. Remove be
Mem-sec small code adjustment Conditional code readability improvement. Remove unused macro Commit #11042 has introduced a new, unused, CRYPTO_EX_INDEX macro. Remove before version release. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11103)
show more ...
|
#
6943335e |
| 05-Feb-2020 |
Rich Salz |
Make secure-memory be a config option Adding support for "no-secure-memory" was simple, a one-liner. Fixing all the "ifdef OPENSSL_SECURE_MEMORY" to be "ifndef NO_xxx" was a bit more
Make secure-memory be a config option Adding support for "no-secure-memory" was simple, a one-liner. Fixing all the "ifdef OPENSSL_SECURE_MEMORY" to be "ifndef NO_xxx" was a bit more work. My original goof, for not following the OpenSSL pattern "ifndef NO_" used everywhere else. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11023)
show more ...
|
#
34b16762 |
| 04-Feb-2020 |
Pauli |
Make minimum size for secure memory a size_t. The minimum size argument to CRYPTO_secure_malloc_init() was an int but ought to be a size_t since it is a size. From an API perspe
Make minimum size for secure memory a size_t. The minimum size argument to CRYPTO_secure_malloc_init() was an int but ought to be a size_t since it is a size. From an API perspective, this is a change. However, the minimum size is verified as being a positive power of two and it will typically be a small constant. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11003)
show more ...
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
61783db5 |
| 19-Feb-2019 |
Klotz, Tobias |
Use vxRandLib for VxWorks7 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/
Use vxRandLib for VxWorks7 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8023)
show more ...
|
#
0e9725bc |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7827)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
8529b156 |
| 04-Oct-2018 |
Dr. Matthias St. Pierre |
test/secmemtest: test secure memory only if it is implemented Fixes #7322 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
test/secmemtest: test secure memory only if it is implemented Fixes #7322 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7351)
show more ...
|
Revision tags: OpenSSL_1_1_1 |
|
#
3b8e97ab |
| 21-Aug-2018 |
Pauli |
Zero memory in CRYPTO_secure_malloc. This commit destroys the free list pointers which would otherwise be present in the returned memory blocks. This in turn helps prevent informati
Zero memory in CRYPTO_secure_malloc. This commit destroys the free list pointers which would otherwise be present in the returned memory blocks. This in turn helps prevent information leakage from the secure memory area. Note: CRYPTO_secure_malloc is not guaranteed to return zeroed memory: before the secure memory system is initialised or if it isn't implemented. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7011)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
#
3cb7c5cf |
| 09-May-2018 |
Kurt Roeckx |
Use void in all function definitions that do not take any arguments Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #6208
|
Revision tags: OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
f1c00b93 |
| 10-Mar-2018 |
Andy Polyakov |
mem_sec.c: portability fixup. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
014cc4b2 |
| 02-Mar-2018 |
Andy Polyakov |
mem_sec.c: portability fixup. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5493)
|
Revision tags: OpenSSL_1_1_1-pre2 |
|
#
5839185c |
| 25-Feb-2018 |
Andy Polyakov |
mem_sec.c: relax POSIX requirement. Even though mlock(2) was standardized in POSIX.1-2001, vendors did implement it prior that point. Reviewed-by: Rich Salz <rsalz@openssl.org>
mem_sec.c: relax POSIX requirement. Even though mlock(2) was standardized in POSIX.1-2001, vendors did implement it prior that point. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5460)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre1 |
|
#
63ab5ea1 |
| 16-Jan-2018 |
Benjamin Kaduk |
Revert the crypto "global lock" implementation Conceptually, this is a squashed version of: Revert "Address feedback" This reverts commit 75551e07bd2339dfea06ef1d31
Revert the crypto "global lock" implementation Conceptually, this is a squashed version of: Revert "Address feedback" This reverts commit 75551e07bd2339dfea06ef1d31d69929e13a4495. and Revert "Add CRYPTO_thread_glock_new" This reverts commit ed6b2c7938ec6f07b15745d4183afc276e74c6dd. But there were some intervening commits that made neither revert apply cleanly, so instead do it all as one shot. The crypto global locks were an attempt to cope with the awkward POSIX semantics for pthread_atfork(); its documentation (the "RATIONALE" section) indicates that the expected usage is to have the prefork handler lock all "global" locks, and the parent and child handlers release those locks, to ensure that forking happens with a consistent (lock) state. However, the set of functions available in the child process is limited to async-signal-safe functions, and pthread_mutex_unlock() is not on the list of async-signal-safe functions! The only synchronization primitives that are async-signal-safe are the semaphore primitives, which are not really appropriate for general-purpose usage. However, the state consistency problem that the global locks were attempting to solve is not actually a serious problem, particularly for OpenSSL. That is, we can consider four cases of forking application that might use OpenSSL: (1) Single-threaded, does not call into OpenSSL in the child (e.g., the child calls exec() immediately) For this class of process, no locking is needed at all, since there is only ever a single thread of execution and the only reentrancy is due to signal handlers (which are themselves limited to async-signal-safe operation and should not be doing much work at all). (2) Single-threaded, calls into OpenSSL after fork() The application must ensure that it does not fork() with an unexpected lock held (that is, one that would get unlocked in the parent but accidentally remain locked in the child and cause deadlock). Since OpenSSL does not expose any of its internal locks to the application and the application is single-threaded, the OpenSSL internal locks will be unlocked for the fork(), and the state will be consistent. (OpenSSL will need to reseed its PRNG in the child, but that is an orthogonal issue.) If the application makes use of locks from libcrypto, proper handling for those locks is the responsibility of the application, as for any other locking primitive that is available for application programming. (3) Multi-threaded, does not call into OpenSSL after fork() As for (1), the OpenSSL state is only relevant in the parent, so no particular fork()-related handling is needed. The internal locks are relevant, but there is no interaction with the child to consider. (4) Multi-threaded, calls into OpenSSL after fork() This is the case where the pthread_atfork() hooks to ensure that all global locks are in a known state across fork() would come into play, per the above discussion. However, these "calls into OpenSSL after fork()" are still subject to the restriction to async-signal-safe functions. Since OpenSSL uses all sorts of locking and libc functions that are not on the list of safe functions (e.g., malloc()), this case is not currently usable and is unlikely to ever be usable, independently of the locking situation. So, there is no need to go through contortions to attempt to support this case in the one small area of locking interaction with fork(). In light of the above analysis (thanks @davidben and @achernya), go back to the simpler implementation that does not need to distinguish "library-global" locks or to have complicated atfork handling for locks. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5089)
show more ...
|