#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
927d0566 |
| 14-Mar-2022 |
Hugo Landau |
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted objects to be managed by OSSL_LIB_CTX are hardcoded and are in
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized eagerly rather than lazily, which avoids the need for locking on access in most cases. Fixes #17116. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17881)
show more ...
|
#
09dca557 |
| 15-Feb-2022 |
Jiasheng Jiang |
rand: Add missing check for rand_get_global As the potential failure of the rand_get_global(), for example fail to get lock, 'dgbl' could be NULL pointer and be dereferenced later.
rand: Add missing check for rand_get_global As the potential failure of the rand_get_global(), for example fail to get lock, 'dgbl' could be NULL pointer and be dereferenced later. Therefore, it should be better to check it and return error if fails, like RAND_get0_primary() and other callers. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17690)
show more ...
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
505d44c6 |
| 26-Jul-2021 |
Pauli |
rand: avoid using the derivation function for the public and private DRBGs There is no point using it becuase they are getting full quality entropy from the primary DRBG (which remains u
rand: avoid using the derivation function for the public and private DRBGs There is no point using it becuase they are getting full quality entropy from the primary DRBG (which remains using the d.f.). Also cleaned up the parameter passing to the DRBGs to not pass parameters that are unknown. Fixes #16117 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16156)
show more ...
|
#
005505fb |
| 17-Jun-2021 |
Matt Caswell |
Ensure we remove libctx DRBG state before removing the provider store Otherwise a heap use-after-free can result. Fixes #15766 Reviewed-by: Tomas Mraz <tomas@openssl.org>
Ensure we remove libctx DRBG state before removing the provider store Otherwise a heap use-after-free can result. Fixes #15766 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15810)
show more ...
|
#
dce7272d |
| 04-Jun-2021 |
Tomas Mraz |
Elimination of some sources not needed in the FIPS_MODULE Unfortunately in terms of fips.sources this does not mean much given the way how the .h files are added via the dependency i
Elimination of some sources not needed in the FIPS_MODULE Unfortunately in terms of fips.sources this does not mean much given the way how the .h files are added via the dependency information from the compiler. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15622)
show more ...
|
#
6b750b89 |
| 25-May-2021 |
Rich Salz |
Add NCONF_get0_libctx() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15466)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
#
528685fe |
| 31-May-2021 |
Pauli |
rand: use size_t for size argument to RAND_bytes_ex() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/
rand: use size_t for size argument to RAND_bytes_ex() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15540)
show more ...
|
#
508258ca |
| 28-May-2021 |
Pauli |
rand: add a strength argument to the BN and RAND RNG calls Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
a16d2174 |
| 26-Apr-2021 |
Matt Caswell |
Add the ability for ex_data to have a priority Where an object has multiple ex_data associated with it, then we free that ex_data in order of priority (high priority first). Rev
Add the ability for ex_data to have a priority Where an object has multiple ex_data associated with it, then we free that ex_data in order of priority (high priority first). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
8f4cddbc |
| 23-Mar-2021 |
Pauli |
rand: fix coverity 1473636: data race condition Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14651)
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
1335ca4b |
| 08-Mar-2021 |
Shane Lontis |
Add ossl_rand symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
#
cd3f8c1b |
| 18-Feb-2021 |
Rich Salz |
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and added some code to ossl_namemap_stored() to handle the failure, and updated the tests to allow for failure. Fixes: #14230 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14238)
show more ...
|
#
12b4e582 |
| 11-Mar-2021 |
Tomas Mraz |
Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto Calling OPENSSL_init_crypto(0, NULL) is a no-op and will not properly initialize thread local handling. Only t
Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto Calling OPENSSL_init_crypto(0, NULL) is a no-op and will not properly initialize thread local handling. Only the calls that are needed to initialize thread locals are kept, the rest of the no-op calls are removed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14497)
show more ...
|
#
d5a936c5 |
| 26-Feb-2021 |
Pauli |
rand: use params argument on instantiate call Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
786b13fa |
| 10-Dec-2020 |
Pauli |
RAND_METHOD deprecation: code changes Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652)
|
#
cd4e6a35 |
| 26-Jan-2021 |
Matt Caswell |
Refactor RAND_get0_primary() locking Make sure we never read or write to dgbl->primary outside of a lock. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.
Refactor RAND_get0_primary() locking Make sure we never read or write to dgbl->primary outside of a lock. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
f5a50c2a |
| 08-Jan-2021 |
Matt Caswell |
Enable locking on the primary DRBG when we create it The primary DRBG may be shared across multiple threads and therefore we must use locking to access it. Previously we were enabling th
Enable locking on the primary DRBG when we create it The primary DRBG may be shared across multiple threads and therefore we must use locking to access it. Previously we were enabling that locking lazily when we attempted to obtain one of the child DRBGs. Part of the process of enabling the lock, is to create the lock. But if we create the lock lazily then it is too late - we may race with other threads where each thread is independently attempting to enable the locking. This results in multiple locks being created - only one of which "sticks" and the rest are leaked. Instead we enable locking on the primary when we first create it. This is already locked and therefore we cannot race. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13660)
show more ...
|
#
1d180bbe |
| 09-Dec-2020 |
Pauli |
rand: allow seed-src to be missing Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openss
rand: allow seed-src to be missing Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13640)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
81aef6ba |
| 19-Nov-2020 |
Pauli |
rand: add a provider side seed source. This allows the operating system sources that OpenSSL supports to be used directly as RNGs. It also allows DRBG seeding to be explicitly speci
rand: add a provider side seed source. This allows the operating system sources that OpenSSL supports to be used directly as RNGs. It also allows DRBG seeding to be explicitly specified rather than being left to a fall back case. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13455)
show more ...
|
Revision tags: openssl-3.0.0-alpha8 |
|
#
03bede0c |
| 30-Oct-2020 |
Pauli |
rand: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https
rand: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|