#
e91384d5 |
| 27-Oct-2023 |
Bernd Edlinger |
Fix error handling in OBJ_add_object This fixes the possible memory leak in OBJ_add_object when a pre-existing object is replaced by a new one, with identical NID, OID, and/or short/
Fix error handling in OBJ_add_object This fixes the possible memory leak in OBJ_add_object when a pre-existing object is replaced by a new one, with identical NID, OID, and/or short/long name. We do not try to delete any orphans, but only mark them as type == -1, because the previously returned pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln may be cached by applications and can thus not be cleaned up before the application terminates. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22534)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
486ab0fb |
| 12-Jan-2024 |
Drokov Pavel |
Fix arithmetic expression overflow If the value of a->length is large (>= 2^12), then an integer overflow will occur for the signed type, which according to the C standard is UB.
Fix arithmetic expression overflow If the value of a->length is large (>= 2^12), then an integer overflow will occur for the signed type, which according to the C standard is UB. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23274)
show more ...
|
#
6b92a966 |
| 11-Jan-2024 |
Drokov Pavel |
Check ASN1_OBJECT_new result CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/op
Check ASN1_OBJECT_new result CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23270)
show more ...
|
#
cd920f8f |
| 11-Oct-2023 |
Neil Horman |
ensure that ossl_obj_nid_lock is allocated before use external calls to OBJ_new_nid will fail on an attempt to lock the ossl_obj_nid_lock as it won't have been initalized yet. B
ensure that ossl_obj_nid_lock is allocated before use external calls to OBJ_new_nid will fail on an attempt to lock the ossl_obj_nid_lock as it won't have been initalized yet. Bifurcate OBJ_new_nid into an external and internal variant, in which the former calls ossl_obj_write_lock (ensuring that the nid_lock is initalized), while OBJ_create (the sole internal caller) uses the latter to avoid having to drop and re-acquire the lock Fixes #22337 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22350)
show more ...
|
#
a47fc4ed |
| 14-Sep-2023 |
Pavel Stetsuk |
fix: LINEAR search doesn't work properly (if CHARSET_EBCDIC is defined) CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fix: LINEAR search doesn't work properly (if CHARSET_EBCDIC is defined) CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22108)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
cb8e6413 |
| 02-Aug-2023 |
Pauli |
no_autoload: make the no-autoload-config option work again. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://gith
no_autoload: make the no-autoload-config option work again. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/21621)
show more ...
|
#
d63b3e79 |
| 12-May-2023 |
Richard Levitte |
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identif
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. To mitigate this, a restriction on the size that OBJ_obj2txt() will translate to canonical numeric text form is added, based on RFC 2578 (STD 58), which says this: > 3.5. OBJECT IDENTIFIER values > > An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. > For the SMIv2, each number in the list is referred to as a sub-identifier, > there are at most 128 sub-identifiers in a value, and each sub-identifier > has a maximum value of 2^32-1 (4294967295 decimal). Fixes otc/security#96 Fixes CVE-2023-2650 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
show more ...
|
#
540c2d17 |
| 31-Mar-2023 |
Matt Caswell |
Don't call OPENSSL_init_crypto from inside a RUN_ONCE Calling OPENSSL_init_crypto from inside a RUN_ONCE seems like a bad idea. This is especially bad if OPENSSL_init_crypto can recursiv
Don't call OPENSSL_init_crypto from inside a RUN_ONCE Calling OPENSSL_init_crypto from inside a RUN_ONCE seems like a bad idea. This is especially bad if OPENSSL_init_crypto can recursively end up attempting to call the RUN_ONCE that we're already inside. The initialisation in OPENSSL_init_crypto is already "run once" protected. There is no need to protect it "twice". Fixes #20653 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20662) (cherry picked from commit a9745427cd5d44a76b31690b4a2c6bef2ee677c4)
show more ...
|
#
908ba3ed |
| 21-Mar-2023 |
Tomas Mraz |
OBJ_nid2obj(): Return UNDEF object instead of NULL for NID_undef Fixes a regression from 3.0 from the obj creation refactoring. Fixes #20555 Reviewed-by: Richard Levitte <l
OBJ_nid2obj(): Return UNDEF object instead of NULL for NID_undef Fixes a regression from 3.0 from the obj creation refactoring. Fixes #20555 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20556)
show more ...
|
#
b79da97c |
| 09-Dec-2022 |
Richard Levitte |
Allow OBJ_create() to create an OBJ and NID with a NULL OID We already permit this in crypto/objects/objects.txt, but not programatically, although being able to do so programatically wo
Allow OBJ_create() to create an OBJ and NID with a NULL OID We already permit this in crypto/objects/objects.txt, but not programatically, although being able to do so programatically would be beneficial. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19876)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
d040a1b9 |
| 11-May-2021 |
Dr. David von Oheimb |
Makefile: Generate crypto objects only as far as needed Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <
Makefile: Generate crypto objects only as far as needed Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15224)
show more ...
|
#
a0ff8e41 |
| 11-Jul-2022 |
xkernel |
add a check for the return of OBJ_new_nid() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pul
add a check for the return of OBJ_new_nid() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18773)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
e6b8f359 |
| 12-Jan-2022 |
Pauli |
object: use updated tsan lock detection capabilities Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/17479)
|
#
10481d33 |
| 05-Jan-2022 |
Peiwei Hu |
Fix: some patches related to error exiting Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Fix: some patches related to error exiting Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17417)
show more ...
|
#
67890a73 |
| 03-Dec-2021 |
Dr. David von Oheimb |
OBJ_obj2txt(): fix off-by-one documentation of the result Also remove the outdated BUGS section and fix the coding style of the function. Reviewed-by: Paul Dale <pauli@openssl.org>
OBJ_obj2txt(): fix off-by-one documentation of the result Also remove the outdated BUGS section and fix the coding style of the function. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17188)
show more ...
|
#
29c80c60 |
| 17-Jun-2021 |
Pauli |
obj: make new NIDs use tsan if possible Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15713)
|
#
397065c6 |
| 11-Jun-2021 |
Pauli |
obj: make the OBJ_ calls thread safe This is done using a single global lock. The premise for this is that new objects will most frequently be added at start up and never added subseque
obj: make the OBJ_ calls thread safe This is done using a single global lock. The premise for this is that new objects will most frequently be added at start up and never added subsequently. Thus, the locking will be for read most of the time. This does, however, introduce the overhead of taking an uncontested read lock when accessing the object database. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15713)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
3c2bdd7d |
| 08-Apr-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
f148f703 |
| 09-Mar-2021 |
Shane Lontis |
Add ossl_ conf symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
#
0f84cbc3 |
| 06-Aug-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12595)
|