#
d8170931 |
| 11-Sep-2024 |
Dmitry Belyavskiy |
EVP_get_default_properties - tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25434)
|
#
6dacee48 |
| 14-Aug-2024 |
sashan |
RSA decoder should check also sanity of p, q, e, d ... with respect to n This issue has been discovered by osss-fuzzer [1]. The test function decodes RSA key created by fuzzer and calls
RSA decoder should check also sanity of p, q, e, d ... with respect to n This issue has been discovered by osss-fuzzer [1]. The test function decodes RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long exceeding timeout (45secs). The idea is to fix OSSL_DECODER_from_data() code path so invalid RSA keys will be refused. [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134 Test case generated by the fuzzer is added. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25190)
show more ...
|
#
e91384d5 |
| 27-Oct-2023 |
Bernd Edlinger |
Fix error handling in OBJ_add_object This fixes the possible memory leak in OBJ_add_object when a pre-existing object is replaced by a new one, with identical NID, OID, and/or short/
Fix error handling in OBJ_add_object This fixes the possible memory leak in OBJ_add_object when a pre-existing object is replaced by a new one, with identical NID, OID, and/or short/long name. We do not try to delete any orphans, but only mark them as type == -1, because the previously returned pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln may be cached by applications and can thus not be cleaned up before the application terminates. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22534)
show more ...
|
#
962431d5 |
| 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
#
ad33d623 |
| 27-Jun-2024 |
sashan |
EVP_DigestUpdate(): Check if ctx->update is set The issue has been discovered by libFuzzer running on provider target. There are currently three distinct reports which are addressed by
EVP_DigestUpdate(): Check if ctx->update is set The issue has been discovered by libFuzzer running on provider target. There are currently three distinct reports which are addressed by code change here. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1 the issue has been introduced with openssl 3.0. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24753)
show more ...
|
#
299996fb |
| 15-Apr-2024 |
trinity-1686a |
Handle empty param in EVP_PKEY_CTX_add1_hkdf_info Fixes #24130 The regression was introduced in PR #23456. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz
Handle empty param in EVP_PKEY_CTX_add1_hkdf_info Fixes #24130 The regression was introduced in PR #23456. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24141)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
387b93e1 |
| 12-Jan-2024 |
Tomas Mraz |
Fix testcases to run on duplicated keys The existing loop pattern did not really run the expected tests on the duplicated keys. Fixes #23129 Reviewed-by: Neil Horman <n
Fix testcases to run on duplicated keys The existing loop pattern did not really run the expected tests on the duplicated keys. Fixes #23129 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23292)
show more ...
|
#
6f22bcd6 |
| 09-Dec-2023 |
Neil Horman |
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
show more ...
|
#
3cb1b51d |
| 04-Jan-2024 |
Holger Dengler |
Add tests for re-using cipher contexts Add test case for re-using a cipher context with the same key, iv and cipher. It detects, if the hardware-specific cipher context is reset corr
Add tests for re-using cipher contexts Add test case for re-using a cipher context with the same key, iv and cipher. It detects, if the hardware-specific cipher context is reset correctly, like reported in issue #23175. This test has encrypt and decrypt iterations for cfb128 and ofb128. All iteations use the same key, iv and plaintext. Signed-off-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23201)
show more ...
|
#
f3be5366 |
| 28-Aug-2023 |
Neil Horman |
Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values when not provided in the param list to EVP
Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values when not provided in the param list to EVP_PKEY_fromdata. Augment the provider in ossl_rsa_fromdata to preform this generation iff: a) At least p q n e and e are provided b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1 Fixes #21826 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21875)
show more ...
|
#
f529a2eb |
| 30-Nov-2023 |
Neil Horman |
Statically link legacy provider to evp_extra_test Like in #17345, evp_extra_test links libcrypto statically, but also has a dynamic/shared load via the legacy provider, which leads to am
Statically link legacy provider to evp_extra_test Like in #17345, evp_extra_test links libcrypto statically, but also has a dynamic/shared load via the legacy provider, which leads to ambiguous behavior in evp_extra_test on some platforms, usually a crash (SIGSEGV) on exit via the atexit handlers. Statically link the legacy provider to avoid this. Fixes #22819 Helped-by: Neil Horman <nhorman@openssl.org> Helped-by: Tomas Mraz <tomas@openssl.org> Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22905)
show more ...
|
#
1aa08644 |
| 01-Nov-2023 |
Tomas Mraz |
Add negative test for key length change Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2
Add negative test for key length change Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22590)
show more ...
|
#
82750a08 |
| 01-Nov-2023 |
Tomas Mraz |
Add negative test for iv length change Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22
Add negative test for iv length change Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22590)
show more ...
|
#
a2fe10ca |
| 05-Oct-2023 |
Pauli |
test: add unit test for CVE-2023-5363 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
21b98da9 |
| 16-Oct-2023 |
Daiki Ueno |
rsa: Accept NULL OAEP label for backward compatibility According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label() should accept NULL as the label argument, though the function
rsa: Accept NULL OAEP label for backward compatibility According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label() should accept NULL as the label argument, though the function currently rejects it while setting the corresponding octet string parameter with OSSL_PARAM_construct_octet_string, which expects non-NULL input. This adds a workaround to the caller for backward compatibility. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22397)
show more ...
|
#
860e36d0 |
| 23-Sep-2023 |
Matthias St. Pierre |
test: evp_extra: test signing with legacy app method based keys This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression test for the bug fix in commit 1acc3e8cc3c6 (pull requ
test: evp_extra: test signing with legacy app method based keys This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression test for the bug fix in commit 1acc3e8cc3c6 (pull request #22163). It is analogous to `test_EVP_PKEY_sign`, only with a fake app method based key. (The EC key test case was omitted, because there is no `EC_KEY_METHOD_dup` method.) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185)
show more ...
|
#
b49cafd8 |
| 23-Sep-2023 |
Matthias St. Pierre |
test: evp_extra: fix indentation error Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/221
test: evp_extra: fix indentation error Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
4032cd9a |
| 17-Apr-2023 |
Yi Li |
configure: introduce no-ecx to remove ECX related feature This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi
configure: introduce no-ecx to remove ECX related feature This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
show more ...
|
#
91070877 |
| 05-May-2023 |
Yi Li |
provider: return error if buf too small when getting ec pubkey param Fixes #20889 There was an incorrect value passed to EC_POINT_point2oct() for the buffer size of the param pa
provider: return error if buf too small when getting ec pubkey param Fixes #20889 There was an incorrect value passed to EC_POINT_point2oct() for the buffer size of the param passed-in. Added testcases. Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20890)
show more ...
|
#
1ffb6e19 |
| 20-Mar-2023 |
Jorge Ramirez-Ortiz |
test: evp_extra: EC, read affine coordinates Add a test to read the EC X,Y coordinates. Support legacy keys. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Rev
test: evp_extra: EC, read affine coordinates Add a test to read the EC X,Y coordinates. Support legacy keys. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20535)
show more ...
|
#
f3c0dd4f |
| 06-Mar-2023 |
Simo Sorce |
Add test for context duplication failure This checks that the first operation successfully completes even if context duplication fails. But follwing operations get errors as if the c
Add test for context duplication failure This checks that the first operation successfully completes even if context duplication fails. But follwing operations get errors as if the context was finlised. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/20375)
show more ...
|
#
8bb55680 |
| 06-Dec-2022 |
Tomas Mraz |
Workaround crash in atexit on NonStop platforms We cannot dynamically load the legacy provider into an application that is linked statically to libcrypto as this causes a double load
Workaround crash in atexit on NonStop platforms We cannot dynamically load the legacy provider into an application that is linked statically to libcrypto as this causes a double loading of libcrypto (one static and one dynamic) and on NonStop this leads to a segfault in atexit(). Fixes #17537 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19844)
show more ...
|
#
b794476d |
| 02-Dec-2022 |
Peiwei Hu |
Fix the check of EVP_PKEY_decrypt_init Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Fix the check of EVP_PKEY_decrypt_init Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19819)
show more ...
|