| 71c17c36 | 10-May-2022 |
Tomas Mraz |
Move OPENSSL_strcasecmp() and related to o_str.c
Otherwise the implementation is unnecessarily duplicated in legacy.so.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Review
Move OPENSSL_strcasecmp() and related to o_str.c
Otherwise the implementation is unnecessarily duplicated in legacy.so.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
show more ...
|
| cf91a2b3 | 05-May-2022 |
Tomas Mraz |
Include the e_os.h before string.h
Fixes #18244
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com
Include the e_os.h before string.h
Fixes #18244
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
show more ...
|
| b98f989e | 04-May-2022 |
Tomas Mraz |
Fix build on OPENSSL_SYS_TANDEM and older POSIXes
It also allows for passing -DOPENSSL_NO_LOCALE as a workaround
to ./Configure command.
Fixes #18233
Reviewed-by: Dmitr
Fix build on OPENSSL_SYS_TANDEM and older POSIXes
It also allows for passing -DOPENSSL_NO_LOCALE as a workaround
to ./Configure command.
Fixes #18233
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
show more ...
|
| 615525bd | 10-May-2022 |
Tomas Mraz |
int_ctx_new(): Revert extra OPENSSL_init_crypto() call
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/o
int_ctx_new(): Revert extra OPENSSL_init_crypto() call
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
show more ...
|
| 4b1b6297 | 09-May-2022 |
Tomas Mraz |
Always try to construct methods as new provider might be added
Otherwise optional properties can be incorrectly ignored.
Fixes #18262
Reviewed-by: Matt Caswell <matt@openss
Always try to construct methods as new provider might be added
Otherwise optional properties can be incorrectly ignored.
Fixes #18262
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18269)
show more ...
|
| 70dc0b6d | 09-May-2022 |
Tomas Mraz |
Add test for query invalidation after new provider added
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli
Add test for query invalidation after new provider added
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18269)
show more ...
|
| 3b85d9de | 13-Apr-2022 |
Keith W. Campbell |
Add quotes around perl scripts
Otherwise, it seems nmake doesn't invoke perl properly.
Signed-off-by: Keith W. Campbell <keithc@ca.ibm.com>
Reviewed-by: Matt Caswell <matt@
Add quotes around perl scripts
Otherwise, it seems nmake doesn't invoke perl properly.
Signed-off-by: Keith W. Campbell <keithc@ca.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18215)
show more ...
|
| 2787a709 | 09-May-2022 |
Hongren (Zenithal) Zheng |
Make IV/buf in prov_cipher_ctx_st aligned
Make IV/buf aligned will drastically improve performance
as some architecture performs badly on misaligned memory
access.
Ref to
Make IV/buf in prov_cipher_ctx_st aligned
Make IV/buf aligned will drastically improve performance
as some architecture performs badly on misaligned memory
access.
Ref to
https://gist.github.com/ZenithalHourlyRate/7b5175734f87acb73d0bbc53391d7140#file-2-openssl-long-md
Ref to
openssl#18197
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18267)
show more ...
|
| cb2764f2 | 28-Jan-2022 |
Henry Brausen |
Add riscv64 asm_arch to linux64-riscv64 target
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas M
Add riscv64 asm_arch to linux64-riscv64 target
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18275)
show more ...
|
| 8712db5e | 06-May-2022 |
Pauli |
bn_nist: fix strict aliasing problem
As of clang-14 the strict aliasing is causing code to magically disappear.
By explicitly inlining the code, the aliasing problem evaporates.
bn_nist: fix strict aliasing problem
As of clang-14 the strict aliasing is causing code to magically disappear.
By explicitly inlining the code, the aliasing problem evaporates.
Fixes #18225
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18258)
show more ...
|
| 1c8787d5 | 29-Mar-2022 |
Dr. Matthias St. Pierre |
err: get rid of err_free_strings_int()
Even though the function is not part of the public api, it is not
entirely removed, in order to minimize the chance of breakage,
because it is
err: get rid of err_free_strings_int()
Even though the function is not part of the public api, it is not
entirely removed, in order to minimize the chance of breakage,
because it is exported from libcrypto. Instead, we keep a dummy
implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17974)
show more ...
|
| 11e85b89 | 28-Mar-2022 |
Dr. Matthias St. Pierre |
err: fix crash in ERR_load_strings() when configured with no-err
This commit removes the entire initialization and cleanup of the
error string hash table (`int_error_hash`) if `no-err` i
err: fix crash in ERR_load_strings() when configured with no-err
This commit removes the entire initialization and cleanup of the
error string hash table (`int_error_hash`) if `no-err` is configured.
The only operative function remaining is `ERR_get_next_error_library()`.
That is the reason why the `err_string_lock` and hence the
`do_err_strings_init()` function can't be removed entirely.
Fixes #17971
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17974)
show more ...
|
| 3b836385 | 03-Apr-2022 |
basavesh |
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL)
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18033)
show more ...
|
| a6680123 | 06-May-2022 |
Max Bachmann |
remove legacy VxWorks workaround
The same workaround was already removed in sockets.h
in 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308
Reviewed-by: Paul Dale <pauli@openssl.org>
remove legacy VxWorks workaround
The same workaround was already removed in sockets.h
in 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18260)
show more ...
|
| 221d65ba | 02-May-2022 |
Benjamin Kaduk |
evp_md: assert digest is provided for algctx reuse
When reusing an algctx (it was always freed on reinitialization,
prior to #18105), assert that the associated digest is provided.
W
evp_md: assert digest is provided for algctx reuse
When reusing an algctx (it was always freed on reinitialization,
prior to #18105), assert that the associated digest is provided.
We implicitly rely on this for algctx reuse to be safe (since
an implicit fetch could potentially change the digest object used,
including provider, which accordingly could change the layout of the
algctx object.
From code inspection, this is currently always the case -- the only
way to set an algctx requires the provider to be set, and the only
ways to change or remove a provider without destroying the entier
EVP_MD_CTX will also free the algctx. Adding an assertion will help
ensure that this remains true as the code evolves.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18224)
show more ...
|
| b807c2fb | 05-May-2022 |
Tomas Mraz |
EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init strcasecmp
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://gi
EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init strcasecmp
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18247)
show more ...
|
| ecb1ed1b | 05-May-2022 |
Dimitry Andric |
Correct padding mode flag name for EVP_PKEY_decrypt/encrypt() examples
The example code in EVP_PKEY_decrypt(3) and EVP_PKEY_encrypt(3) and uses
a nonexistent padding mode `RSA_OAEP_PADDI
Correct padding mode flag name for EVP_PKEY_decrypt/encrypt() examples
The example code in EVP_PKEY_decrypt(3) and EVP_PKEY_encrypt(3) and uses
a nonexistent padding mode `RSA_OAEP_PADDING`, which should be
`RSA_PKCS1_OAEP_PADDING` instead.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18255)
show more ...
|
| be92036b | 05-May-2022 |
Ahmed JELIJLI |
doc: Fix RSA public key parameters
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openss
doc: Fix RSA public key parameters
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18253)
show more ...
|
| 4b4d0ded | 05-May-2022 |
Tomas Mraz |
Add a testcase for OSSL_PROVIDER_unload() being fully effective
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale
Add a testcase for OSSL_PROVIDER_unload() being fully effective
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18254)
show more ...
|
| 0b3d2594 | 04-May-2022 |
slontis |
Add documentation for key validation that indicates the difference between the
EVP_PKEY_XXX_check() calls for the default and fips providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Add documentation for key validation that indicates the difference between the
EVP_PKEY_XXX_check() calls for the default and fips providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18235)
show more ...
|
| 836bb089 | 05-May-2022 |
Max Bachmann |
Exclude IPv6 code using OPENSSL_USE_IPV6 instead of AF_INET6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard
Exclude IPv6 code using OPENSSL_USE_IPV6 instead of AF_INET6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18250)
show more ...
|
| eab9dbbd | 25-Apr-2022 |
Nathan Sidwell |
Header file cleanup for C++20 header-units
C++20 adds 'header units' as a stepping-stone to modules. Header
units are regular header-files that have a 'self-contained' property
-- t
Header file cleanup for C++20 header-units
C++20 adds 'header units' as a stepping-stone to modules. Header
units are regular header-files that have a 'self-contained' property
-- they do not require previously-included headers to provide typedefs
and what not.
This addresses 2 problems discovered when using clang modules (as a
proxy for C++20 header-units).
a) Some headers that pay attention to OPENSSL_NO_STDIO to determine
whether to declare certain FILE*-taking functions do not #include
<stdio.h> themselves, relying on their includer already having done
that. That breaks the above mentioned encapuslation requirement.
Fixed by conditionally including stdio.h in those headers. I chose to
always include stdio.h in such headers, even when they included
another such header that transitively included stdio. That way they
do not rely on an artifact of that intermediate header's behaviour.
b) Some headers have #includes inside 'extern "C" { ... }' regions.
That has a bad code-smell, but GCC and clang have extensions to permit
it with implementation-defined effects. Clang needs annotation on the
included files to know that they themselves are entirely inside a
similar region. GCC behavesq as-if there's an extern "C++" region
wrapping the included header (which must therefore wrap its contents
in extern "C", if that is what it wants. In effect the includer's
extern "C" region is just misleading. I didn't audit all the headers
for this, only those I noticed when addressing #a.
\#a is necessary to build the headers as a set of clang-modules. #b
is not necessary, but as I mentioned, avoids potentially
implementation-defined behaviour.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18221)
show more ...
|
| 4e720f12 | 16-Mar-2022 |
Pauli |
Fix Coverity 1201740 & 1201712: uninitialised values
These are both false positives since the `d` array is initialised by
the `DES_cfb_encrypt()` call via the `l2cn` macro. Rather than
Fix Coverity 1201740 & 1201712: uninitialised values
These are both false positives since the `d` array is initialised by
the `DES_cfb_encrypt()` call via the `l2cn` macro. Rather than ignoring them
and having them crop up later, it's easier to just add an initialiser.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17894)
show more ...
|
| 6d4f6346 | 06-May-2022 |
Pauli |
Update GOST engine
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236) |
| 54b0c534 | 06-May-2022 |
Pauli |
doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged
doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
show more ...
|
