#
0541fa78 |
| 04-Dec-2023 |
Tomas Mraz |
ossl_decoder_cache_flush(): Do not raise an error if there is no cache This function can be called during OPENSSL_cleanup() when the cache was already flushed and deallocated. F
ossl_decoder_cache_flush(): Do not raise an error if there is no cache This function can be called during OPENSSL_cleanup() when the cache was already flushed and deallocated. Fixes #22939 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22941)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
e16c0103 |
| 15-Aug-2023 |
Matt Caswell |
Fix a leak in an error path when duplicating an OSSL_DECODER_CTX. Make sure we free process_data_dest if it is not actually used. Found by the reproducible error patch in #21668
Fix a leak in an error path when duplicating an OSSL_DECODER_CTX. Make sure we free process_data_dest if it is not actually used. Found by the reproducible error patch in #21668 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21741)
show more ...
|
#
39ed7636 |
| 16-Jun-2023 |
slontis |
Fix decoders so that they use the passed in propq. Fixes #21198 decoder objects were setting propq as NULL. Added a set_ctx/settable_ctx to all decoders that should supply a
Fix decoders so that they use the passed in propq. Fixes #21198 decoder objects were setting propq as NULL. Added a set_ctx/settable_ctx to all decoders that should supply a property query parameter to internal functions. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21219)
show more ...
|
#
3d254b31 |
| 11-Aug-2023 |
Matt Caswell |
Fix a leak in an error path in OSSL_DECODER_CTX_new_for_pkey() Found via the reproducible error injection in #21668 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom
Fix a leak in an error path in OSSL_DECODER_CTX_new_for_pkey() Found via the reproducible error injection in #21668 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/21723)
show more ...
|
#
98d81174 |
| 14-Aug-2023 |
Richard Levitte |
Remove include/internal/decoder.h, as it's superfluous The routines declared in there are entirely libcrypto internal, so include/crypto/decoder.h is better suited for them. Rev
Remove include/internal/decoder.h, as it's superfluous The routines declared in there are entirely libcrypto internal, so include/crypto/decoder.h is better suited for them. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21733)
show more ...
|
#
2acb0d36 |
| 21-Jul-2023 |
Tomas Mraz |
When exporting/importing decoded keys do not use 0 as selection When decoding 0 as the selection means to decode anything you get. However when exporting and then importing the
When exporting/importing decoded keys do not use 0 as selection When decoding 0 as the selection means to decode anything you get. However when exporting and then importing the key data 0 as selection is not meaningful. So we set it to OSSL_KEYMGMT_SELECT_ALL to make the export/import function export/import everything that we have decoded. Fixes #21493 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21519)
show more ...
|
#
32d3c3ab |
| 10-Jul-2023 |
Matt Caswell |
Optimise PKEY decoders The most expensive part of using a PKEY decoder is the OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder chains, which is a complex and t
Optimise PKEY decoders The most expensive part of using a PKEY decoder is the OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder chains, which is a complex and time consuming operation. However, if no new providers have been loaded/unloaded since the last time it was called we can expect the same results for the same parameters. Note that this operation takes place *before* we event parse the data for decoding so it is not dependent on the parsed data at all. We introduce a cache for OSSL_DECODER_CTX objects. If we have been called with the same parameters then we just duplicate an existing OSSL_DECODER_CTX. This should be significantly faster than creating a new one every time. Partially addressed the issue in #15199 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21426)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
0bcae989 |
| 24-Mar-2022 |
Pauli |
Fix Coverity 1503218: negative loop bound OPENSSL_sk_num returns an integer which can theoretically be negative. Assigning this to a size_t and using it as a loop bound isn't ideal.
Fix Coverity 1503218: negative loop bound OPENSSL_sk_num returns an integer which can theoretically be negative. Assigning this to a size_t and using it as a loop bound isn't ideal. Rather than adding checked for NULL or negative returns, changing the loop index and end to int is simpler. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17954)
show more ...
|
#
24755445 |
| 17-Mar-2022 |
Hugo Landau |
Decoder resolution performance optimizations This refactors decoder functionality to reduce calls to OSSL_DECODER_is_a / EVP_KEYMGMT_is_a, which are substantial bottlenecks in the pe
Decoder resolution performance optimizations This refactors decoder functionality to reduce calls to OSSL_DECODER_is_a / EVP_KEYMGMT_is_a, which are substantial bottlenecks in the performance of repeated decode operations (see #15199). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17921)
show more ...
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
73dd5d67 |
| 30-Aug-2021 |
Richard Levitte |
DECODER: check the first decoded structure name against user given structure In a chain of decoders, the first that specifies an input structure gets it compared with the structure speci
DECODER: check the first decoded structure name against user given structure In a chain of decoders, the first that specifies an input structure gets it compared with the structure specified by the user, if there is one. If they aren't the same, that decoder is skipped. Because the first structure can appear anywhere along a chain of decoders, not just the decoders associated with the resulting OpenSSL type, the code that checked the structure name when building up the chain of decoders is removed. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16466)
show more ...
|
#
0a02c81f |
| 02-Jul-2021 |
Tomas Mraz |
Coverity #1486687: fix potential dereference of NULL keymgmt Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15986)
|
#
398f8fe1 |
| 28-Jun-2021 |
Richard Levitte |
DECODER & ENCODER: Make sure to pass around the original selection bits When decoding a key and asking the keymgmt to import the key data, it was told that the key data includes everythi
DECODER & ENCODER: Make sure to pass around the original selection bits When decoding a key and asking the keymgmt to import the key data, it was told that the key data includes everything. This may not be true, since the user may have specified a different selection, and some keymgmts may want to be informed. Our key decoders' export function, on the other hand, didn't care either, and simply export anything they could, regardless. In both cases, the selection that was specified by the user is now passed all the way. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15934)
show more ...
|
#
f616ad4b |
| 28-Jun-2021 |
Richard Levitte |
ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt If there are keymgmts and en/decoders from the same provider, try to combine them first. This avoids u
ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt If there are keymgmts and en/decoders from the same provider, try to combine them first. This avoids unnecessary export/import dances, and also tries to avoid issues where the keymgmt doesn't fully support exporting and importing, which we can assume will be the case for HSM protected keys. Fixes #15932 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15933)
show more ...
|
#
27fb7a0a |
| 09-Jun-2021 |
Richard Levitte |
DECODER & ENCODER: Add better tracing Now that we have functions to get the name and properties of the diverse implementations, we can as well display them for clarity. Reviewed
DECODER & ENCODER: Add better tracing Now that we have functions to get the name and properties of the diverse implementations, we can as well display them for clarity. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
show more ...
|
#
ef2194c4 |
| 27-May-2021 |
Richard Levitte |
DECODER & ENCODER: Add better tracing Now that we have functions to get the name and properties of the diverse implementations, we can as well display them for clarity. Reviewed
DECODER & ENCODER: Add better tracing Now that we have functions to get the name and properties of the diverse implementations, we can as well display them for clarity. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15498)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
#
3811e001 |
| 21-May-2021 |
Matt Caswell |
Special case SM2 when decoding SM2 abuses the EC oid by reusing it - but an EC key is different to an SM2 key. Therefore we have to special case SM2 during decoding. If we encounter
Special case SM2 when decoding SM2 abuses the EC oid by reusing it - but an EC key is different to an SM2 key. Therefore we have to special case SM2 during decoding. If we encounter the EC OID then we have to try both algorithms. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15522)
show more ...
|
#
669967fd |
| 21-May-2021 |
Matt Caswell |
Don't try the same decoder multiple times The function collect_decoder decides whether a given decoder should be tried or not. It loops through all the names for matching keymgmts to
Don't try the same decoder multiple times The function collect_decoder decides whether a given decoder should be tried or not. It loops through all the names for matching keymgmts to see if any are a match or not. If there is a match then the decoder gets added. However, each keymgmt may have multiple aliases and a decoder was being added for each one. For example DHX has 4 alias names, and therefore 4 instances of the DHX decoder were added and being tried. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15404)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
07aa88cc |
| 18-Mar-2021 |
Pauli |
decoder: fix Coverity 1473236 & 1473386: resource leaks Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14596)
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
e3a2ba75 |
| 02-Mar-2021 |
Tobias Nießen |
crypto: rename error flags in internal structures Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl
crypto: rename error flags in internal structures Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14405)
show more ...
|