#
b304b3e8 |
| 26-Jul-2022 |
Roberto Hueso Gomez |
Fix EC_KEY_set_private_key() priv_key regression This allows to set EC_KEY's private key to NULL and fixes regression issue following OTC guideline in https://github.com/openssl/open
Fix EC_KEY_set_private_key() priv_key regression This allows to set EC_KEY's private key to NULL and fixes regression issue following OTC guideline in https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 Fixes #18744. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18942)
show more ...
|
#
22a96c6b |
| 20-May-2022 |
Bernd Edlinger |
Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course
Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18366)
show more ...
|
#
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
#
5cbd2ea3 |
| 28-May-2021 |
Pauli |
add zero strenght arguments to BN and RAND RNG calls Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
b4c4a2c6 |
| 27-Apr-2021 |
Tomas Mraz |
Implement pem_read_key directly through OSSL_DECODER Using OSSL_STORE is too heavy and breaks things. There were also needed various fixes mainly for missing proper handling of
Implement pem_read_key directly through OSSL_DECODER Using OSSL_STORE is too heavy and breaks things. There were also needed various fixes mainly for missing proper handling of the SM2 keys in the OSSL_DECODER. Fixes #14788 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15045)
show more ...
|
Revision tags: openssl-3.0.0-alpha15 |
|
#
b4f447c0 |
| 08-Apr-2021 |
Tomas Mraz |
Add selection support to the provider keymgmt_dup function Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
#
32ab57cb |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
show more ...
|
#
4718326a |
| 17-Feb-2021 |
Shane Lontis |
Add EVP_PKEY_public_check_quick. Adding the EVP_PKEY_param_check_quick() reminded me that there are also partial checks for public keys as part of SP800-56A for FFC (DH named safe pr
Add EVP_PKEY_public_check_quick. Adding the EVP_PKEY_param_check_quick() reminded me that there are also partial checks for public keys as part of SP800-56A for FFC (DH named safe prime groups) and ECC. The code was mainly already there and just needed to be plumbed into the validate methods. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14206)
show more ...
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
5b5eea4b |
| 15-Oct-2020 |
Shane Lontis |
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@open
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
show more ...
|
#
6963979f |
| 11-Dec-2020 |
Richard Levitte |
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Sinc
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
show more ...
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
#
7ee511d0 |
| 26-Jul-2020 |
Paul Yang |
Add SM2 key management Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12536)
|
#
7889e7ae |
| 15-Sep-2020 |
Shane Lontis |
Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). This was written before the ec key contained a library context, now that it contains a libctx it can
Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). This was written before the ec key contained a library context, now that it contains a libctx it can be passed correctly to the callback. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12877)
show more ...
|
#
fe2f8aec |
| 21-Aug-2020 |
Tomas Mraz |
EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David
EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12683)
show more ...
|
#
35e6ea3b |
| 10-Sep-2020 |
Shane Lontis |
keygen: add FIPS error state management to conditional self tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://gith
keygen: add FIPS error state management to conditional self tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
febe6bb7 |
| 15-Jun-2020 |
Matt Caswell |
Ensure creating an EC public key uses the libctx Creating an EC public key from the private key uses random numbers internally, which require use of the proper libtx. Therefore we make
Ensure creating an EC public key uses the libctx Creating an EC public key from the private key uses random numbers internally, which require use of the proper libtx. Therefore we make sure the libctx is used during this operation. Fixes #12150 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12159)
show more ...
|
#
2da8d4eb |
| 15-Jun-2020 |
Matt Caswell |
Add more complete support for libctx/propq in the EC code Renames some "new_ex" functions to "new_with_libctx" and ensures that we pass around the libctx AND the propq everywhere.
Add more complete support for libctx/propq in the EC code Renames some "new_ex" functions to "new_with_libctx" and ensures that we pass around the libctx AND the propq everywhere. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12159)
show more ...
|
Revision tags: openssl-3.0.0-alpha3 |
|
#
23ccae80 |
| 27-May-2020 |
Billy Brumley |
Move EC_METHOD to internal-only Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/
Move EC_METHOD to internal-only Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11928)
show more ...
|
#
6b4eb933 |
| 17-May-2020 |
Billy Brumley |
deprecate EC precomputation functionality Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/op
deprecate EC precomputation functionality Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11851)
show more ...
|
Revision tags: openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
#
4692e98b |
| 21-Apr-2020 |
Nicola Tuveri |
Fix typo from #10631 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11595)
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
1c725f46 |
| 20-Feb-2020 |
Shane Lontis |
Add ECDH to fips provider Note: This PR has not attempted to move the curves into the provider dispatch table. Mappings between the curve name / nid have been added to the inbuilt curve
Add ECDH to fips provider Note: This PR has not attempted to move the curves into the provider dispatch table. Mappings between the curve name / nid have been added to the inbuilt curve table. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11133)
show more ...
|