059a4ad0 | 28-Jun-2022 |
Dr. David von Oheimb |
OSSL_HTTP_REQ_CTX_nbio(): fix copy&paste glitch calling BIO_should_retry(rctx-rbio) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by
OSSL_HTTP_REQ_CTX_nbio(): fix copy&paste glitch calling BIO_should_retry(rctx-rbio) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18674)
show more ...
|
35750cb9 | 28-Jun-2022 |
Dr. David von Oheimb |
OSSL_HTTP_open(): improve use of use_ssl and its documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlanda
OSSL_HTTP_open(): improve use of use_ssl and its documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18674)
show more ...
|
96e13a16 | 28-Jun-2022 |
Dr. David von Oheimb |
app_http_tls_cb(): fix crash on inconsistency w.r.t. use of TLS This happens if use_ssl is not set but an SSL_CTX is provided. Reviewed-by: Tomas Mraz <tomas@openssl.org> Review
app_http_tls_cb(): fix crash on inconsistency w.r.t. use of TLS This happens if use_ssl is not set but an SSL_CTX is provided. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18674)
show more ...
|
33478aed | 24-Jun-2022 |
Dr. David von Oheimb |
openssl-cmds.pod.in: add missing entry for cmp Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/open
openssl-cmds.pod.in: add missing entry for cmp Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18653)
show more ...
|
a9793195 | 11-Apr-2022 |
EasySec |
Fix typos in SSL_CTX_use_certificate.pod file Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
Fix typos in SSL_CTX_use_certificate.pod file Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18087)
show more ...
|
f9e578e7 | 05-Jul-2022 |
Gregor Jasny |
Add missing header for memcmp CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@
Add missing header for memcmp CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18719)
show more ...
|
2e3e9b48 | 16-Mar-2022 |
Pauli |
Fix Coverity 1498605 & 1498606: uninitialised value Both of these are false positives but better to be rid of the issue permanently than for it to repeatedly return to haunt us.
Fix Coverity 1498605 & 1498606: uninitialised value Both of these are false positives but better to be rid of the issue permanently than for it to repeatedly return to haunt us. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17896)
show more ...
|
a39a4c81 | 11-May-2022 |
Pauli |
doc: document the event queue internal API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pu
doc: document the event queue internal API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18345)
show more ...
|
0eb27659 | 27-Jun-2022 |
Pauli |
Add unit test for event queue Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18345) |
e6be47e4 | 10-May-2022 |
Pauli |
ssl: implement an event queue Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18345) |
16612c19 | 24-May-2022 |
Pauli |
ssl: add a zero time macro Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18345) |
5067c189 | 17-May-2022 |
Pauli |
Add sparse array to libssl Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18345) |
924c814a | 27-Jun-2022 |
Pauli |
Add additional include Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18345) |
2f19ab18 | 16-Jun-2022 |
Alex Chernyakhovsky |
AES OCB test vectors Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin
AES OCB test vectors Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
show more ...
|
6ebf6d51 | 16-Jun-2022 |
Alex Chernyakhovsky |
Fix AES OCB encrypt/decrypt for x86 AES-NI aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path that performs operations on 6 16-byte blocks concurrently (the "grand
Fix AES OCB encrypt/decrypt for x86 AES-NI aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path that performs operations on 6 16-byte blocks concurrently (the "grandloop") and then proceeds to handle the "short" tail (which can be anywhere from 0 to 5 blocks) that remain. As part of initialization, the assembly initializes $len to the true length, less 96 bytes and converts it to a pointer so that the $inp can be compared to it. Each iteration of "grandloop" checks to see if there's a full 96-byte chunk to process, and if so, continues. Once this has been exhausted, it falls through to "short", which handles the remaining zero to five blocks. Unfortunately, the jump at the end of "grandloop" had a fencepost error, doing a `jb` ("jump below") rather than `jbe` (jump below or equal). This should be `jbe`, as $inp is pointing to the *end* of the chunk currently being handled. If $inp == $len, that means that there's a whole 96-byte chunk waiting to be handled. If $inp > $len, then there's 5 or fewer 16-byte blocks left to be handled, and the fall-through is intended. The net effect of `jb` instead of `jbe` is that the last 16-byte block of the last 96-byte chunk was completely omitted. The contents of `out` in this position were never written to. Additionally, since those bytes were never processed, the authentication tag generated is also incorrect. The same fencepost error, and identical logic, exists in both aesni_ocb_encrypt and aesni_ocb_decrypt. This addresses CVE-2022-2097. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
show more ...
|
7fe7cc57 | 01-Jul-2022 |
slontis |
Fix bn_gcd code to check return value when calling BN_one() BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return
Fix bn_gcd code to check return value when calling BN_one() BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18697)
show more ...
|
9ef1f848 | 20-Jun-2022 |
xkernel |
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/18608)
show more ...
|
c267588f | 20-Jun-2022 |
Tomas Mraz |
Increase test coverage by enabling more build options Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@
Increase test coverage by enabling more build options Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18606)
show more ...
|
d840f07b | 28-Jun-2022 |
Tomas Mraz |
Avoid crashing if CONF_modules_unload() is called after OPENSSL_cleanup() Although this is basically an incorrect API call it was not crashing before and it might happen inadvertently if
Avoid crashing if CONF_modules_unload() is called after OPENSSL_cleanup() Although this is basically an incorrect API call it was not crashing before and it might happen inadvertently if CONF_modules_unload() is called from a destructor for example. Fixes #18669 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18673)
show more ...
|
30b2c359 | 15-Jun-2022 |
Clemens Lang |
APPS: dsaparam, gendsa: Support setting properties The -provider and -propquery options did not work on dsaparam and gendsa. Fix this and add tests that check that operations that are no
APPS: dsaparam, gendsa: Support setting properties The -provider and -propquery options did not work on dsaparam and gendsa. Fix this and add tests that check that operations that are not supported by the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also https://bugzilla.redhat.com/show_bug.cgi?id=2094956, where this was initially reported. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18576)
show more ...
|
d9650648 | 03-Dec-2021 |
Dr. David von Oheimb |
apps/cmp.c: improve print_itavs() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged fr
apps/cmp.c: improve print_itavs() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18657)
show more ...
|
bbaabd16 | 03-Dec-2021 |
Dr. David von Oheimb |
apps/cmp.c: Fix glitch in -newkeypass warning and extend warnings for genm Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo La
apps/cmp.c: Fix glitch in -newkeypass warning and extend warnings for genm Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18657)
show more ...
|
74107c44 | 06-Aug-2021 |
Dr. David von Oheimb |
CMP: implement optional hashAlg field of certConf CMPv3 message Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hland
CMP: implement optional hashAlg field of certConf CMPv3 message Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18294)
show more ...
|
c4ad4e5b | 04-May-2022 |
Dr. David von Oheimb |
CMP: introduce version 3, while version 2 stays the default Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@o
CMP: introduce version 3, while version 2 stays the default Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18294)
show more ...
|
3ee26116 | 17-Jun-2022 |
Pauli |
Coverity: fix 1506297: negative returns Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openss
Coverity: fix 1506297: negative returns Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18587)
show more ...
|