#
ee8db8c5 |
| 14-Jul-2022 |
Pauli |
evp: make all _is_a functions accept and handle a NULL argument Makes life easier for callers. Fixes Coverity 1503326 Reviewed-by: Tomas Mraz <tomas@openssl.org> Review
evp: make all _is_a functions accept and handle a NULL argument Makes life easier for callers. Fixes Coverity 1503326 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18799)
show more ...
|
#
4e9a4997 |
| 07-Jul-2022 |
slontis |
Fix memory leak in EVP_PKEY_get1_encoded_public_key. Occurs if a failure happens after the malloc call in the second call to EVP_PKEY_get_octet_string_param(). Detected by PR #1
Fix memory leak in EVP_PKEY_get1_encoded_public_key. Occurs if a failure happens after the malloc call in the second call to EVP_PKEY_get_octet_string_param(). Detected by PR #18355 Some calling code assumes that nothing is allocated in the returned pointer if there was a failure. Other calling code always trys freeing. The third case is in ecdh_cms_encrypt() where it does not check the return value. I am assuming this change is ok since the legacy path in EVP_PKEY_get1_encoded_public_key() also does not return the pointer on failure. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18739)
show more ...
|
#
115eb945 |
| 08-Jun-2022 |
K1 |
Fix a mem leak in evp_pkey_export_to_provider If keymgmt is NULL, tmp_keymgmt is allocated and will not be freed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Y
Fix a mem leak in evp_pkey_export_to_provider If keymgmt is NULL, tmp_keymgmt is allocated and will not be freed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18499)
show more ...
|
#
d8732803 |
| 07-Jun-2022 |
Tomas Mraz |
Check return of BIO_new() and always free pkey from evp_pkey_copy_downgraded() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merge
Check return of BIO_new() and always free pkey from evp_pkey_copy_downgraded() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18494)
show more ...
|
#
ae4d9573 |
| 03-Jun-2022 |
Matt Caswell |
Fix a mem leak in evp_pkey_copy_downgraded() If we get a failure during evp_pkey_copy_downgraded() and on entry *dest was NULL then we leak the EVP_PKEY that was automatically allocated
Fix a mem leak in evp_pkey_copy_downgraded() If we get a failure during evp_pkey_copy_downgraded() and on entry *dest was NULL then we leak the EVP_PKEY that was automatically allocated and stored in *dest. Found due to this comment: https://github.com/openssl/openssl/pull/18355#issuecomment-1145028315 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18470)
show more ...
|
#
7e5e9117 |
| 21-May-2022 |
Peiwei Hu |
Fix the defective check of EVP_PKEY_get_params Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/
Fix the defective check of EVP_PKEY_get_params Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18367)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
f3ba6265 |
| 29-Sep-2021 |
Richard Levitte |
Fix EVP_PKEY_eq() to be possible to use with strictly private keys EVP_PKEY_eq() assumed that an EVP_PKEY always has the public key component if it has a private key component. However,
Fix EVP_PKEY_eq() to be possible to use with strictly private keys EVP_PKEY_eq() assumed that an EVP_PKEY always has the public key component if it has a private key component. However, this assumption no longer strictly holds true, at least for provider backed keys. EVP_PKEY_eq() therefore needs to be modified to specify that the private key should be checked too (at the discretion of what's reasonable for the implementation doing the actual comparison). Fixes #16267 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16765)
show more ...
|
#
9dddcd90 |
| 22-Oct-2021 |
x2018 |
add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new(). Otherwise may result in memory errors. Reviewed-
add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new(). Otherwise may result in memory errors. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16892)
show more ...
|
#
43da9a14 |
| 07-Oct-2021 |
Matt Caswell |
Prevent an overflow if an application supplies a buffer that is too small If an application bug means that a buffer smaller than is necessary is passed to various functions then OpenSSL
Prevent an overflow if an application supplies a buffer that is too small If an application bug means that a buffer smaller than is necessary is passed to various functions then OpenSSL does not spot that the buffer is too small and fills it anyway. This PR prevents that. Since it requires an application bug to hit this problem, no CVE is allocated. Thanks to David Benjamin for reporting this issue. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
#
f7d6868d |
| 15-Oct-2021 |
Matt Caswell |
Ensure pkey_set_type handles ENGINE references correctly pkey_set_type should not consume the ENGINE references that may be passed to it. Fixes #16757 Reviewed-by: Toma
Ensure pkey_set_type handles ENGINE references correctly pkey_set_type should not consume the ENGINE references that may be passed to it. Fixes #16757 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16846)
show more ...
|
#
d11cab47 |
| 08-Oct-2021 |
PW Hu |
Bugfix: unsafe return check of EVP_PKEY_fromdata Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openss
Bugfix: unsafe return check of EVP_PKEY_fromdata Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16783)
show more ...
|
#
5e199c35 |
| 08-Oct-2021 |
PW Hu |
Bugfix: unsafe return check of EVP_PKEY_fromdata_init Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@o
Bugfix: unsafe return check of EVP_PKEY_fromdata_init Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16783)
show more ...
|
#
4e92d5c7 |
| 17-Aug-2021 |
Richard Levitte |
EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated A check is added to fail this function if the string buffer isn't large enough to accomodate a terminating NUL byte.
EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated A check is added to fail this function if the string buffer isn't large enough to accomodate a terminating NUL byte. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16334)
show more ...
|
#
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
#
3c15d677 |
| 29-May-2021 |
Shane Lontis |
Fix error stack for some fetch calls. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Fix error stack for some fetch calls. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15532)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
bed7437b |
| 15-May-2021 |
Richard Levitte |
Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer We previously took an EVP_KEYMGMT pointer, but now found it necessary to use a different import function in some case
Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer We previously took an EVP_KEYMGMT pointer, but now found it necessary to use a different import function in some cases. Since that's the only thing we use from EVP_KEYMGMT, we might as well pass the import function directly, allowing for some flexibility in how export_to is used. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)
show more ...
|
#
d2f53212 |
| 17-May-2021 |
Richard Levitte |
Make sure to include "internal/numbers.h" to get SIZE_MAX Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)
|
#
e9fe0f7e |
| 07-May-2021 |
Tomas Mraz |
Replace EVP_PKEY_supports_digest_nid The EVP_PKEY_supports_digest_nid() is renamed to EVP_PKEY_digestsign_supports_digest() and implemented via EVP_DigestSignInit_ex(). Fixe
Replace EVP_PKEY_supports_digest_nid The EVP_PKEY_supports_digest_nid() is renamed to EVP_PKEY_digestsign_supports_digest() and implemented via EVP_DigestSignInit_ex(). Fixes #14343 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15198)
show more ...
|
#
3c39bd9b |
| 07-May-2021 |
Tomas Mraz |
Drop ASN1_PKEY_CTRL_SUPPORTS_MD_NID This is a legacy ASN1_PKEY_CTRL that was added after 1.1.1 and is not needed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from htt
Drop ASN1_PKEY_CTRL_SUPPORTS_MD_NID This is a legacy ASN1_PKEY_CTRL that was added after 1.1.1 and is not needed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15198)
show more ...
|
Revision tags: openssl-3.0.0-alpha16 |
|
#
c85c5e1a |
| 23-Apr-2021 |
Shane Lontis |
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: Richard Levitte <levitte
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14997)
show more ...
|
Revision tags: openssl-3.0.0-alpha15 |
|
#
f1ffaaee |
| 15-Apr-2021 |
Shane Lontis |
Fixes related to separation of DH and DHX types Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444
Fixes related to separation of DH and DHX types Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444 Updated documentation for app to indicate what options are available for DH and DHX keys. DH and DHX now have different keymanager gen_set_params() methods. Added CHANGES entry to indicate the breaking change. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14883)
show more ...
|