#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
8ef63b6f |
| 21-Aug-2023 |
Matt Caswell |
Fix a leak in ossl_encode_ctx_setup_for_pkey Make sure we free the stack of names we allocated in an error path. Found by the reproducible error patch in #21668 Reviewed-by
Fix a leak in ossl_encode_ctx_setup_for_pkey Make sure we free the stack of names we allocated in an error path. Found by the reproducible error patch in #21668 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21796)
show more ...
|
#
9ab57f29 |
| 14-Oct-2022 |
Pauli |
Coverity 1515953: negative loop bound Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Coverity 1515953: negative loop bound Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19413)
show more ...
|
#
c3b46409 |
| 04-Oct-2022 |
slontis |
Improve performance of the encoder collection Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
Improve performance of the encoder collection Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19344)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
5266af87 |
| 08-Mar-2022 |
xkernel |
check the return of OPENSSL_sk_new_null Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/op
check the return of OPENSSL_sk_new_null Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/17836)
show more ...
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
f616ad4b |
| 28-Jun-2021 |
Richard Levitte |
ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt If there are keymgmts and en/decoders from the same provider, try to combine them first. This avoids u
ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt If there are keymgmts and en/decoders from the same provider, try to combine them first. This avoids unnecessary export/import dances, and also tries to avoid issues where the keymgmt doesn't fully support exporting and importing, which we can assume will be the case for HSM protected keys. Fixes #15932 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15933)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
021521aa |
| 18-Apr-2021 |
Petr Gotthard |
Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT, so a check for NULL is needed. Reviewed-by
Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT, so a check for NULL is needed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14919)
show more ...
|
#
ddf0d149 |
| 14-Apr-2021 |
Tomas Mraz |
Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name We use type elsewhere and documenting the 'first' in the name of the call is a little bit superfluous making the name t
Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name We use type elsewhere and documenting the 'first' in the name of the call is a little bit superfluous making the name too mouthful. Also rename EVP_PKEY_typenames_do_all to EVP_PKEY_type_names_do_all to keep the words separated by underscore. Fixes #14701 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14868)
show more ...
|
Revision tags: openssl-3.0.0-alpha14 |
|
#
78043fe8 |
| 30-Mar-2021 |
Tomas Mraz |
Add "save-parameters" encoder parameter The parameter makes the dsa key encoder to skip saving the DSA key parameters similarly to what the legacy dsa key encoder did. Fixes #14
Add "save-parameters" encoder parameter The parameter makes the dsa key encoder to skip saving the DSA key parameters similarly to what the legacy dsa key encoder did. Fixes #14362 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14746)
show more ...
|
Revision tags: OpenSSL_1_1_1k |
|
#
3c4c8dd8 |
| 19-Mar-2021 |
Pauli |
encoder: fix coverity 1473235: null dereference Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14618)
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
e3a2ba75 |
| 02-Mar-2021 |
Tobias Nießen |
crypto: rename error flags in internal structures Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl
crypto: rename error flags in internal structures Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14405)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
fe75766c |
| 11-Feb-2021 |
Tomas Mraz |
Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY Additional renames done in encoder and decoder implementation to follow the style. Fixes #13622
Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY Additional renames done in encoder and decoder implementation to follow the style. Fixes #13622 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14155)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i |
|
#
cbcbac64 |
| 27-Nov-2020 |
Richard Levitte |
ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() The passed 'pkey' already contains a library context, and the encoder implementations should be found within the same con
ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() The passed 'pkey' already contains a library context, and the encoder implementations should be found within the same context, so passing an explicit library context seems unnecessary, and potentially dangerous. It should be noted that it's possible to pass an EVP_PKEY with a legacy internal key. The condition there is that it doesn't have a library context assigned to it, so the NULL library context is used automatically, thus requiring that appropriate encoders are available through that context. Fixes #13544 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13545)
show more ...
|
Revision tags: openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
0b9f90f5 |
| 28-Oct-2020 |
Richard Levitte |
ENCODER: Add tracing Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13167)
|
#
b9a2afdf |
| 17-Oct-2020 |
Richard Levitte |
ENCODER: Add output structure support for EVP_PKEY encoding OSSL_ENCODER_CTX_new_by_EVP_PKEY() takes one more argument to express the desired outermost structure for the output.
ENCODER: Add output structure support for EVP_PKEY encoding OSSL_ENCODER_CTX_new_by_EVP_PKEY() takes one more argument to express the desired outermost structure for the output. This also adds OSSL_ENCODER_CTX_prune_encoders(), which is used to reduce the stack of encoders found according to criteria formed from the combination of desired selection, output type and output structure. squash! ENCODER: Add output structure support for EVP_PKEY encoding Replace the paragraph talking about OSSL_ENCODER_CTX_prune_encoders() with: The encoding processor encoder_process() is enhanced with better analysis of the stack of encoder implementations. To avoid having to keep an on the side array of information, it uses recursion. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13167)
show more ...
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
b8975c68 |
| 14-Sep-2020 |
Richard Levitte |
ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER OSSL_ENCODER was developed before OSSL_DECODER, so the idea of chaining and the resulting API came later. This series
ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER OSSL_ENCODER was developed before OSSL_DECODER, so the idea of chaining and the resulting API came later. This series of changes brings the same sort of API and functionality back to OSSL_ENCODER, making the two APIs more consistent with each other. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
#
24c4ea95 |
| 03-Sep-2020 |
Matt Caswell |
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
8ae40cf5 |
| 07-Sep-2020 |
Richard Levitte |
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them ha
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
show more ...
|