#
9dddcd90 |
| 22-Oct-2021 |
x2018 |
add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new(). Otherwise may result in memory errors. Reviewed-
add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new(). Otherwise may result in memory errors. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16892)
show more ...
|
#
1ffac6ca |
| 01-Jul-2021 |
Pauli |
pvk: use PVK KDF Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15968)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
5e2d22d5 |
| 18-May-2021 |
Jon Spillett |
Pass library context and property query into private key decoders Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mr
Pass library context and property query into private key decoders Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14587)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
169eca60 |
| 15-Mar-2021 |
Jon Spillett |
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dal
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14587)
show more ...
|
#
3f700d4b |
| 15-Apr-2021 |
Pauli |
pem: remove references to EVP_sha1() Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14881)
|
#
711d7ca5 |
| 21-Mar-2021 |
Pauli |
pem: fix coverity 1474426: uninitialised scalar variable. Based on the value, it would with work properly or produce an error. Most likely seems to have been the former. Reviewed-b
pem: fix coverity 1474426: uninitialised scalar variable. Based on the value, it would with work properly or produce an error. Most likely seems to have been the former. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14638)
show more ...
|
#
f4e46b81 |
| 15-Mar-2021 |
Richard Levitte |
PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders To make this cleaner, decoder_ms2key.c is split into decoder_msblob2key.c and decoder_pvk2key.c. This re
PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders To make this cleaner, decoder_ms2key.c is split into decoder_msblob2key.c and decoder_pvk2key.c. This required a great deal of refactoring of crypto/pem/pvkfmt.c, to make cleaner internal functions that our decoder implementations can use. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
show more ...
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
#
7bc0fdd3 |
| 02-Mar-2021 |
Matt Caswell |
Make the EVP_PKEY_get0* functions have a const return type OTC have decided that the EVP_PKEY_get0* functions should have a const return type. This is a breaking change to emphasise that
Make the EVP_PKEY_get0* functions have a const return type OTC have decided that the EVP_PKEY_get0* functions should have a const return type. This is a breaking change to emphasise that these values should be considered as immutable. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14319)
show more ...
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
e77c13f8 |
| 10-Dec-2020 |
Richard Levitte |
MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key So far, the MSBLOB and PVK writers could only handle EVP_PKEYs with legacy internal keys. Specially
MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key So far, the MSBLOB and PVK writers could only handle EVP_PKEYs with legacy internal keys. Specially to be able to compile the loader_attic engine, we use the C macro OPENSSL_NO_PROVIDER_CODE to avoid building the provider specific things when we don't need them. The alternative is to suck half of crypto/evp/ into loader_attic, and that's just not feasible. Fixes #13503 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
show more ...
|
#
a158f8cf |
| 09-Dec-2020 |
Richard Levitte |
PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4' All these functions are usable with RSA keys, there's no reason why they should be unaccessible when DSA or RC4 are disabl
PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4' All these functions are usable with RSA keys, there's no reason why they should be unaccessible when DSA or RC4 are disabled. When DSA is disabled, it's not possible to use these functions for DSA EVP_PKEYs. That's fine, and supported. When RC4 is disabled, it's not possible to use these functions to write encrypted PVK output. That doesn't even depend on the definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible via EVP, something that isn't known when building libcrypto. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13648)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
#
0934cf48 |
| 20-Oct-2020 |
Richard Levitte |
Unexport internal MSBLOB and PVK functions The following internal functions are affected: ossl_do_blob_header ossl_do_PVK_header ossl_b2i ossl_b2i_bio
Unexport internal MSBLOB and PVK functions The following internal functions are affected: ossl_do_blob_header ossl_do_PVK_header ossl_b2i ossl_b2i_bio This is reflected by moving include/internal/pem.h to include/crypto/pem.h engines/e_loader_attic gets the source code added to it to have continued access to those functions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13195)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
#
dca51418 |
| 03-Aug-2020 |
Richard Levitte |
PEM: Fix i2b_PvK to use EVP_Encrypt calls consistently Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
|
#
413835f5 |
| 03-Aug-2020 |
Richard Levitte |
PEM: Make general MSBLOB reader functions exposed internally Fly-by fix is to move crypto/include/internal/pem_int.h to include/internal/pem.h. Reviewed-by: Shane Lontis <shane.
PEM: Make general MSBLOB reader functions exposed internally Fly-by fix is to move crypto/include/internal/pem_int.h to include/internal/pem.h. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
cbeb0bfa |
| 19-May-2020 |
Tomas Mraz |
Cast the unsigned char to unsigned int before shifting left This is needed to avoid automatic promotion to signed int. Fixes #11853 [extended tests] Reviewed-by: R
Cast the unsigned char to unsigned int before shifting left This is needed to avoid automatic promotion to signed int. Fixes #11853 [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857)
show more ...
|
Revision tags: openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
f55838f3 |
| 12-Oct-2018 |
Richard Levitte |
OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files This involves exposing two pvkfmt.c functions, but only internally. Reviewed-by: David von Oheimb <david.von.oh
OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files This involves exposing two pvkfmt.c functions, but only internally. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11756)
show more ...
|
#
80b94a5a |
| 22-Mar-2020 |
Christian Hohnstaedt |
i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success but in case of an error CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: B
i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success but in case of an error CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11380)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
f41ac0ee |
| 29-Jan-2020 |
Pauli |
Deprecate the low level DSA functions. Use of the low level DSA functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Matt Casw
Deprecate the low level DSA functions. Use of the low level DSA functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10977)
show more ...
|
#
de0799b0 |
| 15-Nov-2019 |
Richard Levitte |
PEM: constify PEM_write_ routines There's no reason why the object to be written, or the key string given by the caller should be non-const. This makes the IMPLEMENT_PEM_..._con
PEM: constify PEM_write_ routines There's no reason why the object to be written, or the key string given by the caller should be non-const. This makes the IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const macros superfluous, so we keep them around but mark them deprecated. In all places where IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const are used, they are replaced with the corresponding macros without '_const'. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10452)
show more ...
|
#
12a765a5 |
| 16-Sep-2019 |
Rich Salz |
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Review
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
show more ...
|
#
724339ff |
| 14-Aug-2019 |
Cesar Pereida Garcia |
Fix SCA vulnerability when using PVK and MSBLOB key formats This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The pu
Fix SCA vulnerability when using PVK and MSBLOB key formats This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9587)
show more ...
|
#
16742672 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/pem/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
Following the license change, modify the boilerplates in crypto/pem/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7806)
show more ...
|