| ad7e0fd5 | 30-May-2022 |
slontis |
RSA keygen fixes
Fixes #18321
Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20.
This matches the algorithm upda
RSA keygen fixes
Fixes #18321
Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20.
This matches the algorithm update made in FIPS 186-5.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)
show more ...
|
| a644cb7c | 09-Jun-2022 |
Billy Brumley |
[crypto/bn] BN_consttime_swap: remove superfluous early exit
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@op
[crypto/bn] BN_consttime_swap: remove superfluous early exit
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18518)
show more ...
|
| 926c698c | 08-Jun-2022 |
Tomas Mraz |
sm2_dupctx: Avoid potential use after free of the md
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/
sm2_dupctx: Avoid potential use after free of the md
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
show more ...
|
| d8732803 | 07-Jun-2022 |
Tomas Mraz |
Check return of BIO_new() and always free pkey from evp_pkey_copy_downgraded()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merge
Check return of BIO_new() and always free pkey from evp_pkey_copy_downgraded()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
show more ...
|
| a7863f99 | 07-Jun-2022 |
Tomas Mraz |
add_provider_groups: Clean up algorithm pointer on failure
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://githu
add_provider_groups: Clean up algorithm pointer on failure
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
show more ...
|
| f91568eb | 07-Jun-2022 |
Tomas Mraz |
parse_unquoted: Check returned value from ossl_property_value()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://
parse_unquoted: Check returned value from ossl_property_value()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
show more ...
|
| cec1699f | 08-Jun-2022 |
Bernd Edlinger |
Fix a use after free in error handling of hmac_dup
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed
Fix a use after free in error handling of hmac_dup
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)
show more ...
|
| ee11118d | 30-Apr-2022 |
Hongren (Zenithal) Zheng |
providers: cipher: aes: add riscv64 zkn support
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Tested-by: Jiatai He <jiatai2021@iscas.ac.cn>
Reviewed-by: Paul Dale <pau
providers: cipher: aes: add riscv64 zkn support
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Tested-by: Jiatai He <jiatai2021@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
show more ...
|
| 77d29ff0 | 29-Apr-2022 |
Hongren (Zenithal) Zheng |
aes_platform: add riscv64 zkn asm support
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@opens
aes_platform: add riscv64 zkn asm support
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
show more ...
|
| d5dd6083 | 29-Apr-2022 |
Hongren (Zenithal) Zheng |
Add riscv scalar crypto extension capability
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@op
Add riscv scalar crypto extension capability
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
show more ...
|
| 9912c38e | 30-Apr-2022 |
Hongren (Zenithal) Zheng |
add build support for riscv64 aes zkn
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o
add build support for riscv64 aes zkn
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
show more ...
|
| 608cadfb | 27-Apr-2022 |
Hongren (Zenithal) Zheng |
Add AES implementation in riscv64 zkn asm
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@opens
Add AES implementation in riscv64 zkn asm
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
show more ...
|
| 5f4b3db6 | 06-Jun-2022 |
Matt Caswell |
Assert that a property definition cache entry is the first
When adding a property definition cache entry for a given property query
string we add an assert that we are not replacing an e
Assert that a property definition cache entry is the first
When adding a property definition cache entry for a given property query
string we add an assert that we are not replacing an existing entry. If we
are then that indicates a bug in the caller.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18458)
show more ...
|
| fed8dbea | 02-Jun-2022 |
Matt Caswell |
Fix a memory leak in ossl_method_store_add()
If the call to ossl_prop_defn_set() fails then the OSSL_PROPERTY_LIST
we just created will leak.
Found as a result of:
https://g
Fix a memory leak in ossl_method_store_add()
If the call to ossl_prop_defn_set() fails then the OSSL_PROPERTY_LIST
we just created will leak.
Found as a result of:
https://github.com/openssl/openssl/pull/18355#issuecomment-1139499881
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18458)
show more ...
|
| 9cef2a70 | 06-Jun-2022 |
Todd Short |
Update SIV mode documentation
Fixes #18440
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@open
Update SIV mode documentation
Fixes #18440
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18485)
show more ...
|
| 7d6aad83 | 06-Jun-2022 |
Matt Caswell |
Don't report success from ec_export if OSSL_PARAM_BLD_to_param failed
If the call to OSSL_PARAM_BLD_to_param() failed then ec_export was
reporting success, even though it has never calle
Don't report success from ec_export if OSSL_PARAM_BLD_to_param failed
If the call to OSSL_PARAM_BLD_to_param() failed then ec_export was
reporting success, even though it has never called the param_cb.
Found due to:
https://github.com/openssl/openssl/pull/18355#issuecomment-1145993650
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18483)
show more ...
|
| ae4d9573 | 03-Jun-2022 |
Matt Caswell |
Fix a mem leak in evp_pkey_copy_downgraded()
If we get a failure during evp_pkey_copy_downgraded() and on entry *dest
was NULL then we leak the EVP_PKEY that was automatically allocated
Fix a mem leak in evp_pkey_copy_downgraded()
If we get a failure during evp_pkey_copy_downgraded() and on entry *dest
was NULL then we leak the EVP_PKEY that was automatically allocated and
stored in *dest.
Found due to this comment:
https://github.com/openssl/openssl/pull/18355#issuecomment-1145028315
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18470)
show more ...
|
| 4c149cf9 | 24-May-2022 |
Tomas Mraz |
High level overview of QUIC Implementation
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/opens
High level overview of QUIC Implementation
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18406)
show more ...
|
| 4fa5ed5c | 02-Jun-2022 |
Tomas Mraz |
Check return value of ossl_parse_property()
Also check if we have d2i_public_key() function pointer.
Fixes https://github.com/openssl/openssl/pull/18355#issuecomment-1144893289
Check return value of ossl_parse_property()
Also check if we have d2i_public_key() function pointer.
Fixes https://github.com/openssl/openssl/pull/18355#issuecomment-1144893289
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18462)
show more ...
|
| 697d0b5b | 02-Jun-2022 |
Matt Caswell |
CONF_modules_unload should fail if CONF_modules_finish fails
The module_list_lock is used by CONF_modules_unload(). That function relies
on the RUN_ONCE in CONF_modules_finish() to initi
CONF_modules_unload should fail if CONF_modules_finish fails
The module_list_lock is used by CONF_modules_unload(). That function relies
on the RUN_ONCE in CONF_modules_finish() to initialise that lock. However
if the RUN_ONCE fails that failure is not propagated to
CONF_modules_unload() and so it erroneously tries to use the lock anyway.
Found due to:
https://github.com/openssl/openssl/pull/18355#issuecomment-1144734604
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18460)
show more ...
|
| 1a01e5c2 | 03-Jun-2022 |
Clemens Lang |
Fix inadvertent NULL assignments in ternary ops
As identified by both clang with a warning and
$> git grep -P '(?<![!=])= NULL \?'
Signed-off-by: Clemens Lang <cllang@redhat.com
Fix inadvertent NULL assignments in ternary ops
As identified by both clang with a warning and
$> git grep -P '(?<![!=])= NULL \?'
Signed-off-by: Clemens Lang <cllang@redhat.com>
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18469)
show more ...
|
| 5d219937 | 02-Jun-2022 |
Tomas Mraz |
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms and the
SM2 certificates will expire soon and affect tests.
Fixes #15179
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms and the
SM2 certificates will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18467)
show more ...
|
| 479b9adb | 01-Jun-2022 |
Bernd Edlinger |
Change the SCT issuer key to RSA 2048
This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.c
Change the SCT issuer key to RSA 2048
This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18450)
show more ...
|
| 89dd8543 | 29-Mar-2022 |
Tomas Mraz |
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
show more ...
|
| 336d92eb | 25-Mar-2022 |
Tomas Mraz |
Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl
Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17989)
show more ...
|
