#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
1fa2bf9b |
| 08-Feb-2024 |
Bernd Edlinger |
Fix handling of NULL sig parameter in ECDSA_sign and similar The problem is, that it almost works to pass sig=NULL to the ECDSA_sign, ECDSA_sign_ex and DSA_sign, to compute the necessary
Fix handling of NULL sig parameter in ECDSA_sign and similar The problem is, that it almost works to pass sig=NULL to the ECDSA_sign, ECDSA_sign_ex and DSA_sign, to compute the necessary space for the resulting signature. But since the ECDSA signature is non-deterministic (except when ECDSA_sign_setup/ECDSA_sign_ex are used) the resulting length may be different when the API is called again. This can easily cause random memory corruption. Several internal APIs had the same issue, but since they are never called with sig=NULL, it is better to make them return an error in that case, instead of making the code more complex. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23529)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
4befe81a |
| 21-Mar-2023 |
slontis |
Fix mem leak in ECDSA_sign(). Similiar to the issue found in PR #20553 for DSA_sign(). ECDSA_sign() leaked memory if the signature was NULL when i2d_ECDSA_SIG was called. No
Fix mem leak in ECDSA_sign(). Similiar to the issue found in PR #20553 for DSA_sign(). ECDSA_sign() leaked memory if the signature was NULL when i2d_ECDSA_SIG was called. Note that this does not affect the higher level EVP functions as they correctly handle NULL. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20554)
show more ...
|
#
c2f7614f |
| 28-May-2022 |
Peiwei Hu |
Fix the checks of RAND_bytes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https
Fix the checks of RAND_bytes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18424)
show more ...
|
#
098f2627 |
| 01-Nov-2021 |
PW Hu |
Fix incorrect return check of BN_bn2binpad Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Fix incorrect return check of BN_bn2binpad Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16942)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
28fd8953 |
| 08-Apr-2021 |
Matt Caswell |
Remove the function EVP_PKEY_set_alias_type OTC recently voted that EVP_PKEY types will be immutable in 3.0. This means that EVP_PKEY_set_alias_type can no longer work and should be
Remove the function EVP_PKEY_set_alias_type OTC recently voted that EVP_PKEY types will be immutable in 3.0. This means that EVP_PKEY_set_alias_type can no longer work and should be removed entirely (applications will need to be rewritten not to use it). It was primarily used for SM2 which no longer needs this call. Applications should generate SM2 keys directly (without going via an EC key first), or otherwise when loading keys they should automatically be detected as SM2 keys. Fixes #14379 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14803)
show more ...
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
2145ba5e |
| 19-Mar-2021 |
Tomas Mraz |
Implement EVP_PKEY_dup() function Fixes #14501 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14624)
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
#
fccdb61a |
| 27-Feb-2021 |
Pauli |
test: update ECDSA and SM2 internal tests in line with the fake_random change Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged
test: update ECDSA and SM2 internal tests in line with the fake_random change Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14341)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
332a245c |
| 17-Feb-2021 |
Pauli |
test: update tests to use the fake random number generator Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652)
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
#
7ee511d0 |
| 26-Jul-2020 |
Paul Yang |
Add SM2 key management Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12536)
|
#
4bb73d54 |
| 10-Sep-2020 |
jwalch |
Add a NULL check to EVP_PKEY_assign Fixes #12619 Update p_lib.c Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Mer
Add a NULL check to EVP_PKEY_assign Fixes #12619 Update p_lib.c Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12863)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
fda127be |
| 10-Mar-2020 |
Richard Levitte |
TEST: Adapt all applicable tests to the new distinguishing ID Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11
TEST: Adapt all applicable tests to the new distinguishing ID Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
show more ...
|
#
9afaa8d6 |
| 04-Feb-2020 |
Matt Caswell |
Fix no-sm2 Fix ecdsatest to not run the SM2 test if SM2 has been disabled. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Fix no-sm2 Fix ecdsatest to not run the SM2 test if SM2 has been disabled. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11015)
show more ...
|
#
579422c8 |
| 28-Jan-2020 |
Pauli |
Deprecate the ECDSA and EV_KEY_METHOD functions. Use of the low level ECDSA and EC_KEY_METHOD functions has been informally discouraged for a long time. We now formally deprecate them.
Deprecate the ECDSA and EV_KEY_METHOD functions. Use of the low level ECDSA and EC_KEY_METHOD functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10960)
show more ...
|
#
3995de2c |
| 24-Jan-2020 |
Richard Levitte |
Adapt tests for SM2 changes. With test/ecdsatest.c, we test all the curves once for each EC key type we have, i.e. one round trip with EVP_PKEY_EC and one with EVP_PKEY_SM2. This sh
Adapt tests for SM2 changes. With test/ecdsatest.c, we test all the curves once for each EC key type we have, i.e. one round trip with EVP_PKEY_EC and one with EVP_PKEY_SM2. This shows that we can use "normal" EC computations on keys with the SM2 curve (which have the type EVP_PKEY_SM2 by default) and SM2 computations with any other curve (which have the type EVP_PKEY_EC by default) test/evp_test.c, on the other hand, doesn't need to explicitly set the EVP_PKEY_SM2 alias type, as that now happens automatically. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10942)
show more ...
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
10c25644 |
| 04-Jun-2019 |
Shane Lontis |
EC only uses approved curves in FIPS mode. Once there are buildable fips tests, some tests that are data driven from files will need to be modified to exclude non approved curves in
EC only uses approved curves in FIPS mode. Once there are buildable fips tests, some tests that are data driven from files will need to be modified to exclude non approved curves in fips mode. These changes were tested by temporarily adding #define FIPS_MODE 1 to all the modified source files. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9081)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
68ad17e8 |
| 04-Mar-2019 |
Pauli |
Check for negative return for signature size.Addresses Coverity 1442933 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8392)
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
1a31d801 |
| 23-Feb-2019 |
Billy Brumley |
[test] modernize ecdsatest and extend ECDSA sign KATs Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/open
[test] modernize ecdsatest and extend ECDSA sign KATs Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8314)
show more ...
|
#
9fc8f18f |
| 14-Feb-2019 |
Matt Caswell |
Use order not degree to calculate a buffer size in ecdsatest Otherwise this can result in an incorrect calculation of the maximum encoded integer length, meaning an insufficient buffer s
Use order not degree to calculate a buffer size in ecdsatest Otherwise this can result in an incorrect calculation of the maximum encoded integer length, meaning an insufficient buffer size is allocated. Thanks to Billy Brumley for helping to track this down. Fixes #8209 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8237)
show more ...
|
#
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
|