c00fd2de | 20-Jul-2022 |
Dr. David von Oheimb |
X509_STORE_CTX_purpose_inherit(): add missing details to its documentation Fixes #18801 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
X509_STORE_CTX_purpose_inherit(): add missing details to its documentation Fixes #18801 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18830)
show more ...
|
48b67766 | 19-Jul-2022 |
marcfedorow |
Emit rev8 on __riscv_zbkb as on __riscv_zbb Also add early clobber for two-insn bswap. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Emit rev8 on __riscv_zbkb as on __riscv_zbb Also add early clobber for two-insn bswap. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18827)
show more ...
|
b6fbef11 | 14-Dec-2021 |
Dr. David von Oheimb |
Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg() Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(), and add respective
Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg() Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(), and add respective tests as well as the -srvcertout CLI option using the new function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18656)
show more ...
|
fad0f80e | 14-Jul-2022 |
Dmitry Belyavskiy |
Fix verify_callback in the openssl s_client/s_server app We need to check that error cert is available before printing its data Reviewed-by: Tomas Mraz <tomas@openssl.org> Revie
Fix verify_callback in the openssl s_client/s_server app We need to check that error cert is available before printing its data Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18805)
show more ...
|
23757b61 | 12-Jul-2022 |
Dr. David von Oheimb |
check-format.pl: fix detection of missing/extra blank lines in local decls Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by:
check-format.pl: fix detection of missing/extra blank lines in local decls Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18789)
show more ...
|
4e9fa071 | 12-Jul-2022 |
Dr. David von Oheimb |
check-format.pl: fix false positive on 'for(;; stmt)' Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@
check-format.pl: fix false positive on 'for(;; stmt)' Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18789)
show more ...
|
63263147 | 12-Jul-2022 |
Dr. David von Oheimb |
check-format.pl: improve wording: 'no' -> 'missing'; further minor improvements Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed
check-format.pl: improve wording: 'no' -> 'missing'; further minor improvements Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18789)
show more ...
|
e1eafe8c | 14-Apr-2022 |
Richard Levitte |
"Reserve" the method store when constructing methods Introducing the concept of reserving the store where a number of provided operation methods are to be stored. This avoids ra
"Reserve" the method store when constructing methods Introducing the concept of reserving the store where a number of provided operation methods are to be stored. This avoids racing when constructing provided methods, which is especially pertinent when multiple threads are trying to fetch the same method, or even any implementation for the same given operation type. This introduces a |biglock| in OSSL_METHOD_STORE, which is separate from the |lock| which is used for more internal and finer grained locking. Fixes #18152 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18153)
show more ...
|
d768f853 | 19-Jul-2022 |
Pauli |
Coverity 1507372: explicit null dereference Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/ope
Coverity 1507372: explicit null dereference Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18822)
show more ...
|
f913c3cd | 19-Jul-2022 |
Pauli |
Coverity 1503321 & 1503327: dereference after null check The earlier fix being inadequate Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gma
Coverity 1503321 & 1503327: dereference after null check The earlier fix being inadequate Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18822)
show more ...
|
1efd8533 | 18-Jul-2022 |
Tom Cosgrove |
Fix aarch64 signed bit shift issue found by UBSAN Also fix conditional branch out of range when using sanitisers. Fixes #18813 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm
Fix aarch64 signed bit shift issue found by UBSAN Also fix conditional branch out of range when using sanitisers. Fixes #18813 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Change-Id: Ic543885091ed3ef2ddcbe21de0a4ac0bca1e2494 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18816)
show more ...
|
7a16f179 | 14-Jul-2022 |
Dr. David von Oheimb |
apps/x509: Improve doc fix for -CAserial anc -CAcreateserial This follows up on https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Revi
apps/x509: Improve doc fix for -CAserial anc -CAcreateserial This follows up on https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18804)
show more ...
|
30d398ad | 28-Jun-2022 |
Dr. David von Oheimb |
crypto/x509/v3_addr.c: fix style nits reported by check-format.pl Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David v
crypto/x509/v3_addr.c: fix style nits reported by check-format.pl Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18668)
show more ...
|
6097eb21 | 28-Jun-2022 |
Dr. David von Oheimb |
libcrypto and test: rename asn1_string_to_time_t to ossl_asn1_string_to_time_t Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewe
libcrypto and test: rename asn1_string_to_time_t to ossl_asn1_string_to_time_t Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18668)
show more ...
|
7c310e87 | 28-Jun-2022 |
Dr. David von Oheimb |
libcrypto refactoring: introduce and use ossl_asn1_string_set_bits_left() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by:
libcrypto refactoring: introduce and use ossl_asn1_string_set_bits_left() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18668)
show more ...
|
33847508 | 28-Jun-2022 |
Dr. David von Oheimb |
libcrypto refactoring: make more use of ASN1_STRING_set0() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Ohei
libcrypto refactoring: make more use of ASN1_STRING_set0() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18668)
show more ...
|
9df71587 | 27-Jun-2022 |
Dr. David von Oheimb |
Add X509_PUBKEY_set0_public_key(), extracted from X509_PUBKEY_set0_param() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by
Add X509_PUBKEY_set0_public_key(), extracted from X509_PUBKEY_set0_param() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18668)
show more ...
|
af801ec8 | 15-Jul-2022 |
Roberto Hueso Gomez |
Fix memleak in PKCS12_pbe_crypt_ex() Makes sure that the variable 'out' is free on every error path. Fixes #18689 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Rev
Fix memleak in PKCS12_pbe_crypt_ex() Makes sure that the variable 'out' is free on every error path. Fixes #18689 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18808)
show more ...
|
ad2f4cdc | 13-May-2022 |
Bernd Edlinger |
Remove duplicated BIO_get_ktls_send calls in do_ssl3_write This rather long function used to call BIO_get_ktls_send mutliple times, although that result cannot change during the exec
Remove duplicated BIO_get_ktls_send calls in do_ssl3_write This rather long function used to call BIO_get_ktls_send mutliple times, although that result cannot change during the execution of that function. There was a similar unnecessary call to BIO_get_ktls_recv in ssl3_get_record. And while I'm already there, rewrite ssl3_write_bytes to use BIO_get_ktls_send as a boolean (so using "!" instead of "== 0"). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18304)
show more ...
|
5f311b10 | 14-Jul-2022 |
Tomas Mraz |
ossl_ffc_params_copy: Copy the keylength too Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (
ossl_ffc_params_copy: Copy the keylength too Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480)
show more ...
|
2266d1ca | 13-Jul-2022 |
Tomas Mraz |
Test that we generate a short private key for known DH prime Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@op
Test that we generate a short private key for known DH prime Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480)
show more ...
|
2885b2ca | 12-Jul-2022 |
Tomas Mraz |
dhparam: Correct the documentation of -dsaparam Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
dhparam: Correct the documentation of -dsaparam Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480)
show more ...
|
2b11a8ec | 10-Jun-2022 |
Tomas Mraz |
dhparam_test: Test that we add private key length on generation and print it Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo La
dhparam_test: Test that we add private key length on generation and print it Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480)
show more ...
|
ff54094c | 10-Jun-2022 |
Tomas Mraz |
dh_to_text: Print the dh->length if set Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merge
dh_to_text: Print the dh->length if set Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480)
show more ...
|
ddb13b28 | 06-Jun-2022 |
Tomas Mraz |
Use as small dh key size as possible to support the security Longer private key sizes unnecessarily raise the cycles needed to compute the shared secret without any increase of the real
Use as small dh key size as possible to support the security Longer private key sizes unnecessarily raise the cycles needed to compute the shared secret without any increase of the real security. We use minimum key sizes as defined in RFC7919. For arbitrary parameters we cannot know whether they are safe primes (we could test but that would be too inefficient) we have to keep generating large keys. However we now set a small dh->length when we are generating safe prime parameters because we know it is safe to use small keys with them. That means users need to regenerate the parameters if they want to take the performance advantage of small private key. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480)
show more ...
|