#
221d65ba |
| 02-May-2022 |
Benjamin Kaduk |
evp_md: assert digest is provided for algctx reuse When reusing an algctx (it was always freed on reinitialization, prior to #18105), assert that the associated digest is provided. W
evp_md: assert digest is provided for algctx reuse When reusing an algctx (it was always freed on reinitialization, prior to #18105), assert that the associated digest is provided. We implicitly rely on this for algctx reuse to be safe (since an implicit fetch could potentially change the digest object used, including provider, which accordingly could change the layout of the algctx object. From code inspection, this is currently always the case -- the only way to set an algctx requires the provider to be set, and the only ways to change or remove a provider without destroying the entier EVP_MD_CTX will also free the algctx. Adding an assertion will help ensure that this remains true as the code evolves. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18224)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fe5c5cb8 |
| 13-Apr-2022 |
Tomas Mraz |
evp_md_init_internal: Avoid reallocating algctx if digest unchanged Fixes #16947 Also refactor out algctx freeing into a separate function. Reviewed-by: Dmitry Belyavskiy <
evp_md_init_internal: Avoid reallocating algctx if digest unchanged Fixes #16947 Also refactor out algctx freeing into a separate function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18105)
show more ...
|
#
c0b7dac6 |
| 10-Mar-2022 |
Hugo Landau |
EVP_MD performance fix (refcount cache contention) Partial fix for #17064. Avoid excessive writes to the cache line containing the refcount for an EVP_MD object to avoid extreme cach
EVP_MD performance fix (refcount cache contention) Partial fix for #17064. Avoid excessive writes to the cache line containing the refcount for an EVP_MD object to avoid extreme cache contention when using a single EVP_MD at high frequency on multiple threads. This changes performance in 3.0 from being double that of 1.1 to only slightly higher than that of 1.1. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17857)
show more ...
|
#
4e62f1a3 |
| 07-Jan-2022 |
Pauli |
Add context dup functions for digests and ciphers Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17529)
|
#
8086b267 |
| 11-Jan-2022 |
Matt Caswell |
Clear md_data only when necessary PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes it
Clear md_data only when necessary PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes it. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17473)
show more ...
|
#
357bccc8 |
| 10-Dec-2021 |
Matt Caswell |
Fix a leak in EVP_DigestInit_ex() If an EVP_MD_CTX is reused then memory allocated and stored in md_data can be leaked unless the EVP_MD's cleanup function is called. Fixes #171
Fix a leak in EVP_DigestInit_ex() If an EVP_MD_CTX is reused then memory allocated and stored in md_data can be leaked unless the EVP_MD's cleanup function is called. Fixes #17149 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17255)
show more ...
|
#
d9ad5b16 |
| 10-Dec-2021 |
Matt Caswell |
Ensure that MDs created via EVP_MD_meth_new() go down the legacy route MDs created via EVP_MD_meth_new() are inherently legacy and therefore need to go down the legacy route when they ar
Ensure that MDs created via EVP_MD_meth_new() go down the legacy route MDs created via EVP_MD_meth_new() are inherently legacy and therefore need to go down the legacy route when they are used. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17255)
show more ...
|
#
ad2fcee1 |
| 13-Dec-2021 |
Pauli |
evp: address a use after free state when using HMAC and MD copy. Fixes #17261 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17
evp: address a use after free state when using HMAC and MD copy. Fixes #17261 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17263)
show more ...
|
#
9ece8323 |
| 23-Nov-2021 |
Tomas Mraz |
EVP_MD_CTX_copy_ex: Allow copying uninitialized digest contexts Fixes #17117 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged
EVP_MD_CTX_copy_ex: Allow copying uninitialized digest contexts Fixes #17117 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17118)
show more ...
|
#
bef9b48e |
| 12-Nov-2021 |
Tomas Mraz |
Add null digest implementation to the default provider This is necessary to keep compatibility with 1.1.1. Fixes #16660 Reviewed-by: Matt Caswell <matt@openssl.org> (Me
Add null digest implementation to the default provider This is necessary to keep compatibility with 1.1.1. Fixes #16660 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17016)
show more ...
|
#
10cf46c4 |
| 02-Nov-2021 |
Pauli |
Remove redundant tests Removed the three checks of type against NULL since type cannot be NULL for any of them. Moved a check of ->engine inside a CPP guard for engines.
Remove redundant tests Removed the three checks of type against NULL since type cannot be NULL for any of them. Moved a check of ->engine inside a CPP guard for engines. Didn't address the teardown and rebuild of the provider context. Partially fixes #16947 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16952)
show more ...
|
#
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
#
006de767 |
| 22-Jun-2021 |
Richard Levitte |
EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac() This makes them more consistent with other new interfaces. Fixes #15839 Reviewed-by: David von Oheimb <da
EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac() This makes them more consistent with other new interfaces. Fixes #15839 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15861)
show more ...
|
#
cd770738 |
| 09-Jun-2021 |
Richard Levitte |
Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all() Fixes #15538 Fixes #14837 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mra
Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all() Fixes #15538 Fixes #14837 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
7c14d0c1 |
| 14-May-2021 |
Shane Lontis |
Rename the field 'provctx and data' to 'algctx' inside some objects containing pointers to provider size algorithm contexts. Fixes #14284 The gettable_ctx_params methods were co
Rename the field 'provctx and data' to 'algctx' inside some objects containing pointers to provider size algorithm contexts. Fixes #14284 The gettable_ctx_params methods were confusingly passing a 'provctx' and a provider context which are completely different objects. Some objects such as EVP_KDF used 'data' while others such as EVP_MD used 'provctx'. For libcrypto this 'ctx' is an opaque ptr returned when a providers algorithm implementation creates an internal context using a new_ctx() method. Hence the new name 'algctx'. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15275)
show more ...
|
#
0df56c30 |
| 10-May-2021 |
Pauli |
evp: fix return code check. The return from evp_do_md_getparams() is 0 for failure and -1 for not being a provided algorithm. The code in evp_md_cache_constants() failed to check th
evp: fix return code check. The return from evp_do_md_getparams() is 0 for failure and -1 for not being a provided algorithm. The code in evp_md_cache_constants() failed to check the return code properly. In this case it was harmless but better to fix it. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15208)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
4d49b685 |
| 29-Mar-2021 |
Dr. David von Oheimb |
Crypto: Add deprecation compatibility declarations for SHA* message digest functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul
Crypto: Add deprecation compatibility declarations for SHA* message digest functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14741)
show more ...
|
#
6c9bc258 |
| 16-Apr-2021 |
Tomas Mraz |
Add type_name member to provided methods and use it Fixes #14701 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14898)
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
#
f6c95e46 |
| 16-Feb-2021 |
Rich Salz |
Add "origin" field to EVP_CIPHER, EVP_MD Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle
Add "origin" field to EVP_CIPHER, EVP_MD Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
show more ...
|
Revision tags: OpenSSL_1_1_1j |
|
#
543e740b |
| 15-Feb-2021 |
Rich Salz |
Standard style for all EVP_xxx_free routines Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/o
Standard style for all EVP_xxx_free routines Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
show more ...
|
#
309a78aa |
| 16-Mar-2021 |
Richard Levitte |
CORE: Add an algorithm_description field to OSSL_ALGORITHM This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well as the generic use of OBJ_nid2ln() as a one line descript
CORE: Add an algorithm_description field to OSSL_ALGORITHM This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well as the generic use of OBJ_nid2ln() as a one line description. We also add the base functionality to make use of this field. Fixes #14514 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14656)
show more ...
|
#
28c21fa0 |
| 17-Mar-2021 |
Pauli |
evp: fix coverity 1445872 - dereference after null check Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14589)
|
#
1f79baa5 |
| 16-Mar-2021 |
Pauli |
Remove TODOs from digest.c They aren't relevant: . Digest Sign isn't supported in the FIPS provider. . Remove legacy NID use. Fixes #14394 Fixes #14395 Reviewed
Remove TODOs from digest.c They aren't relevant: . Digest Sign isn't supported in the FIPS provider. . Remove legacy NID use. Fixes #14394 Fixes #14395 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14565)
show more ...
|