| #
a57c6f84 |
| 16-Sep-2024 |
Matt Caswell |
Don't restrict what EVP_PKEY_Q_keygen can be used for
The EVP_PKEY_Q_keygen function contains a list of algorithm type names
and fails if the requested name is not in the list. This prev
Don't restrict what EVP_PKEY_Q_keygen can be used for
The EVP_PKEY_Q_keygen function contains a list of algorithm type names
and fails if the requested name is not in the list. This prevents the use
of this function for externally supplied key type names.
We should just assume that any unrecognised key type name does not require
a parameter.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25468)
show more ...
|
| #
bbe4571f |
| 28-Aug-2024 |
Alexandr Nedvedicky |
EVP_CIPHER_CTX_get_algor_params() may attempt to access params array
at position -1 (prams[=1]).
The issue has been reported by coverity check.
Reviewed-by: Richard Levitte <lev
EVP_CIPHER_CTX_get_algor_params() may attempt to access params array
at position -1 (prams[=1]).
The issue has been reported by coverity check.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25303)
show more ...
|
| #
c48e5687 |
| 25-Aug-2024 |
slontis |
XOF / EVP_MD_size() changes.
Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and
does a ctx get rather than just returning EVP_MD_size().
SHAKE did not have a get_ct
XOF / EVP_MD_size() changes.
Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and
does a ctx get rather than just returning EVP_MD_size().
SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen.
Added a helper function EVP_MD_xof()
EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to
keep it the same I added an extra function.
EVP_MD_size() always returns 0 for SHAKE now, since it caches the value
of md_size at the time of an EVP_MD_fetch(). This is probably better
than returning the incorrect initial value it was before e.g (16 for
SHAKE128) and returning tht always instead of the set xoflen.
Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
show more ...
|
| #
033dcce2 |
| 25-Jul-2024 |
Richard Levitte |
feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor()
This should be sufficient to cover the intent with the following legacy ctrls:
- EVP_PKEY_CTRL_PKC
feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor()
This should be sufficient to cover the intent with the following legacy ctrls:
- EVP_PKEY_CTRL_PKCS7_ENCRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_PKCS7_DECRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_PKCS7_SIGN (through EVP_SIGNATURE implementations)
- EVP_PKEY_CTRL_CMS_ENCRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_CMS_DECRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_CMS_SIGN (through EVP_SIGNATURE implementations)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
show more ...
|
| #
258aaa97 |
| 25-Jul-2024 |
Richard Levitte |
feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor()
EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can
be used instead of EVP_
feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor()
EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can
be used instead of EVP_CIPHER_asn1_to_param() and EVP_CIPHER_param_to_asn1().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
show more ...
|
| #
46f55238 |
| 07-May-2024 |
Max Ammann |
EVP_CIPHER_CTX_get_key_length(): Add null check of ctx->cipher
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github
EVP_CIPHER_CTX_get_key_length(): Add null check of ctx->cipher
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22964)
show more ...
|
| #
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
6f22bcd6 |
| 09-Dec-2023 |
Neil Horman |
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.
Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
6be83ac1 |
| 21-Jun-2023 |
Pauli |
evp: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2
evp: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
show more ...
|
| #
114d99b4 |
| 23-Jan-2023 |
Niels Dossche |
Fix incomplete checks for EVP_CIPHER_asn1_to_param
EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only
Fix incomplete checks for EVP_CIPHER_asn1_to_param
EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.
Fixes: #20116
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)
show more ...
|
| #
dd1f2842 |
| 02-Dec-2022 |
Peiwei Hu |
Refine the documents of several APIs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/198
Refine the documents of several APIs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19816)
show more ...
|
| #
3f32d29a |
| 22-Nov-2022 |
Jiaxun Yang |
Add SM2 support for EVP_PKEY_Q_keygen
There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.
CLA: trivial
Reviewed-by:
Add SM2 support for EVP_PKEY_Q_keygen
There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19736)
show more ...
|
| #
e0e338c8 |
| 26-Jul-2022 |
Pauli |
Fix bug in EVP_CIPHER_CTX_get_iv_length()
Out of range values could possibly be returned due to a lack of range checking.
Very unlikely to be exploitable for our provider because sensibl
Fix bug in EVP_CIPHER_CTX_get_iv_length()
Out of range values could possibly be returned due to a lack of range checking.
Very unlikely to be exploitable for our provider because sensible values are
returned for all ciphers.
Also fixed the defaulting code so that the cipher's IV length is returned if
the cipher ctx doesn't support getting.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18875)
show more ...
|
| #
ee8db8c5 |
| 14-Jul-2022 |
Pauli |
evp: make all _is_a functions accept and handle a NULL argument
Makes life easier for callers.
Fixes Coverity 1503326
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Review
evp: make all _is_a functions accept and handle a NULL argument
Makes life easier for callers.
Fixes Coverity 1503326
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18799)
show more ...
|
| #
f505be99 |
| 10-May-2022 |
Tomas Mraz |
Always try locale initialization from OPENSSL_strcasecmp
Fixes #18172
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged f
Always try locale initialization from OPENSSL_strcasecmp
Fixes #18172
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
show more ...
|
| #
b807c2fb |
| 05-May-2022 |
Tomas Mraz |
EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init strcasecmp
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://gi
EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init strcasecmp
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18247)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
|
| #
70f39a48 |
| 27-Jan-2022 |
Pauli |
evp enc: cache cipher key length
Instead of doing a heavy params based query every time a context is
asked for its key length, this value is cached in the context and only
queried if
evp enc: cache cipher key length
Instead of doing a heavy params based query every time a context is
asked for its key length, this value is cached in the context and only
queried if it could have been modified.
Fixes #17064
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)
show more ...
|
| #
b30b45b7 |
| 26-Jan-2022 |
Pauli |
evp enc: cache cipher IV length
Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it co
evp enc: cache cipher IV length
Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it could
have been modified.
Fixes #17064
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)
show more ...
|
| #
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to b
Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
| #
ab547fc0 |
| 03-Nov-2021 |
Pauli |
avoid a NULL dereference when getting digest
Fixes #16961
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/16
avoid a NULL dereference when getting digest
Fixes #16961
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/16969)
show more ...
|
| #
bb98a112 |
| 26-Jul-2021 |
Matt Caswell |
Fix EVP_MD_meth_dup and EVP_CIPHER_meth_dup
Make sure the origin is set correctly when duping an EVP_MD or EVP_CIPHER.
Fixes #16157
Reviewed-by: Dmitry Belyavskiy <beldmit@
Fix EVP_MD_meth_dup and EVP_CIPHER_meth_dup
Make sure the origin is set correctly when duping an EVP_MD or EVP_CIPHER.
Fixes #16157
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16159)
show more ...
|
| #
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
