#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
bd73e1e6 |
| 28-Feb-2024 |
afshinpir |
Adding missing NULL pointer check CLA: trivial In the provider store API, it is not necessary to provide both open and attach method at the same time and providing at least one of th
Adding missing NULL pointer check CLA: trivial In the provider store API, it is not necessary to provide both open and attach method at the same time and providing at least one of them is enough. Adding some null pointer checks to prevent exceptions in case of not providing both methods at the same time. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23703)
show more ...
|
#
99fe4c10 |
| 25-Mar-2024 |
Jiasheng Jiang |
Add OPENSSL_free to avoid mem leak Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
Add OPENSSL_free to avoid mem leak Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23955)
show more ...
|
#
18a30b56 |
| 22-Mar-2024 |
Jiasheng Jiang |
store/store_lib.c: Add the checks for the EVP_MD_CTX_get_size() Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overfl
store/store_lib.c: Add the checks for the EVP_MD_CTX_get_size() Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow. Fixes: fac8673b8a ("STORE: Add the possibility to search for specific information") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23955)
show more ...
|
#
556009c5 |
| 28-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
96e67808 |
| 23-Jan-2023 |
Simo Sorce |
Allow to pass a passprase callback at store open Some PKCS11 modules require authentication early on to be able to preload objects, which we want to do to avoid costly roundtrips when th
Allow to pass a passprase callback at store open Some PKCS11 modules require authentication early on to be able to preload objects, which we want to do to avoid costly roundtrips when the HSM is actually reached over a network (Cloud HSM). Unfortunately at open time we can't interact with the user becaue the callbacks are only passed at object load time. later on. This patch corrects this issue by providing a more feature rich open call for providers. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20131)
show more ...
|
#
0a8807b4 |
| 28-Aug-2023 |
Dmitry Belyavskiy |
Store: API for deletion Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21901)
|
#
ad31628c |
| 16-Jul-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Remove repeated words Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.
Remove repeated words Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21468)
show more ...
|
#
17dd9a2c |
| 06-Sep-2023 |
Richard Levitte |
OSSL_STORE: Fix error flag clearing and setting (provider path only) When the provider's load function returned with an error, the libcrypto error flag was only set if EOF hadn't been re
OSSL_STORE: Fix error flag clearing and setting (provider path only) When the provider's load function returned with an error, the libcrypto error flag was only set if EOF hadn't been reached. This is troublesome, as an error can very well occur during the last load before EOF is reached! Also, the error flag was never reset, even though documentation specifies that it should indicate an error in the last load (i.e. not the one before that). Fixes #21968 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21976)
show more ...
|
#
c7340583 |
| 23-Aug-2022 |
FdaSilvaYY |
crypto/*: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname
crypto/*: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
66cb4fcd |
| 01-Apr-2022 |
Pauli |
Fix Coverity 1503329 use after free Another false positive tagged as such Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Me
Fix Coverity 1503329 use after free Another false positive tagged as such Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18014)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
7c64ca71 |
| 27-Aug-2021 |
Dr. David von Oheimb |
OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16452)
|
#
2ff286c2 |
| 21-Jun-2021 |
Dr. David von Oheimb |
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
6870c1e7 |
| 23-Jun-2021 |
Randall S. Becker |
Defined out MUTEX attributes not available on NonStop SPT Threads. Standard Posix Threads (SPT) Threads are an older separate branch of pthreads that do not support some of the capabilit
Defined out MUTEX attributes not available on NonStop SPT Threads. Standard Posix Threads (SPT) Threads are an older separate branch of pthreads that do not support some of the capabilities in the current Posix User Threads (PUT). The change also includes a rename of the close field of OSSL_STORE_LOADER which was causing preprocessor conflicts. Fixes #15885 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15886)
show more ...
|
#
19c0b46b |
| 28-Jun-2021 |
Richard Levitte |
OSSL_STORE: Fix crash when tracing STORE Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openss
OSSL_STORE: Fix crash when tracing STORE Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15931)
show more ...
|
#
ecd699b6 |
| 18-Jun-2021 |
Richard Levitte |
STORE: Fix OSSL_STORE_open_ex() error reporting OSSL_STORE_open_ex() could result in reports like this: 80722AA3927F0000:error:80000002:system library:file_open_ex:No such file
STORE: Fix OSSL_STORE_open_ex() error reporting OSSL_STORE_open_ex() could result in reports like this: 80722AA3927F0000:error:80000002:system library:file_open_ex:No such file or directory:engines/e_loader_attic.c:1016:calling stat(file:test/blahdibleh.der) 80722AA3927F0000:error:41800069:lib(131)::path must be absolute:engines/e_loader_attic.c:1010:test/blahdibleh.der 80722AA3927F0000:error:1600007B:STORE routines:OSSL_STORE_open_ex:no loaders found:crypto/store/store_lib.c:148:No store loaders were found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? The last one turns out to be a bit too generically reported. It should only be reported when no loader were loaded at all, not when loader_ctx happens to be NULL (which may happen for other reasons). We also move the helpful message to the OSSL_STORE_LOADER fetcher. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15820)
show more ...
|
#
6309b799 |
| 10-Jun-2021 |
Richard Levitte |
STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions The argument order was different on this one. Fixes #15688 Reviewed-by: Matt Caswell <matt@o
STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions The argument order was different on this one. Fixes #15688 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15689)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
40692ed7 |
| 15-May-2021 |
Matt Caswell |
Better error messages if there are no encoders/decoders/store loaders If you don't have the base or default providers loaded and therefore there are no encoders/decoders or store loaders
Better error messages if there are no encoders/decoders/store loaders If you don't have the base or default providers loaded and therefore there are no encoders/decoders or store loaders then the error messages can be cryptic. We provide better hints about how to fix the problem. Fixes #13798 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15306)
show more ...
|
Revision tags: openssl-3.0.0-alpha16 |
|
#
d382e796 |
| 30-Apr-2021 |
Tomas Mraz |
Make the -inform option to be respected if possible Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. Th
Make the -inform option to be respected if possible Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
show more ...
|