| 261b399f | 26-Jan-2022 |
Philip Prindeville |
Use progress_cb in genrsa
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o
Use progress_cb in genrsa
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)
show more ...
|
| 4dd085c0 | 24-Jan-2022 |
Zhou Qingyang |
Add the missing check of BN_bn2hex return value
CLA: trivial
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Mat
Add the missing check of BN_bn2hex return value
CLA: trivial
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17578)
show more ...
|
| 7f1cb465 | 25-Jan-2022 |
Jiasheng Jiang |
BIO_new_from_core_bio: Check for NULL pointer after calling get_globals
The get_globals could return NULL, for example,
CRYPTO_THREAD_read_lock() failed.
Therefore, just checking the
BIO_new_from_core_bio: Check for NULL pointer after calling get_globals
The get_globals could return NULL, for example,
CRYPTO_THREAD_read_lock() failed.
Therefore, just checking the member of 'bcgbl' is not enough.
We need to check 'bcgbl' itself too in order to avoid the dereference of
the NULL pointer.
And the caller of ossl_bio_init_core(), OSSL_LIB_CTX_new_from_dispatch()
in `crypto/context.c`, has already checked return value and dealed with
the situation if it returns 0.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17581)
show more ...
|
| 4ed38173 | 26-Jan-2022 |
Matt Caswell |
Ensure ciphers command honours -propquery
Any propquery passed via the -propquery option to the ciphers command was
being ignored.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Ensure ciphers command honours -propquery
Any propquery passed via the -propquery option to the ciphers command was
being ignored.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17595)
show more ...
|
| 7b75b973 | 13-Jan-2022 |
Matt Caswell |
Document purpose and trust setting functions
In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();
Reviewed-by: Ben K
Document purpose and trust setting functions
In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17382)
show more ...
|
| 8447f2e3 | 30-Dec-2021 |
Matt Caswell |
Add a test for X509_STORE_CTX_set_purpose()
This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.
Reviewed-by: Ben Ka
Add a test for X509_STORE_CTX_set_purpose()
This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17382)
show more ...
|
| 4aa82850 | 30-Dec-2021 |
Matt Caswell |
Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose
The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X50
Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose
The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.
Fixes #17367
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17382)
show more ...
|
| 2ce0a3d1 | 25-Jan-2022 |
Tomas Mraz |
lhash: Avoid 32 bit right shift of a 32 bit value
Fixes #17583
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://g
lhash: Avoid 32 bit right shift of a 32 bit value
Fixes #17583
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17589)
show more ...
|
| d450eb84 | 25-Jan-2022 |
Tomas Mraz |
Fix IV length of DES EDE ECB implementations
Fixes #17587
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17591) |
| 748a2967 | 28-Nov-2021 |
Richard Levitte |
TEST: Add addition OSSL_PARAM tests for signed BIGNUMs
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17162) |
| 17898ec6 | 25-Nov-2021 |
Richard Levitte |
Add support for signed BIGNUMs in the OSSL_PARAM_BLD API
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17162) |
| f1719858 | 25-Nov-2021 |
Richard Levitte |
Add support for signed BIGNUMs in the OSSL_PARAM API
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17162) |
| 3f6a12a0 | 25-Jan-2022 |
Jiasheng Jiang |
UI: Check for NULL pointer after calling OPENSSL_memdup
The OPENSSL_memdup() is not always success, as the potential failure of
the allocation.
Then the '*pptr'could be NULL pointer
UI: Check for NULL pointer after calling OPENSSL_memdup
The OPENSSL_memdup() is not always success, as the potential failure of
the allocation.
Then the '*pptr'could be NULL pointer but the ui_dup_method_data() will
still return 1.
In CRYPTO_dup_ex_data(), the 'storage[i]->dup_func' will not fail and
'ptr' will be used in CRYPTO_set_ex_data().
Also, if '*pptr' is NULL, I think it should also return 0 to tell the
caller that the duplication fails in order to prevernt using the NULL
pointer.
Therefore, it should be better to add the check and return 1 only if the
duplication succeed.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17582)
show more ...
|
| 1d28ada1 | 22-Jan-2022 |
Darshan Sen |
Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-b
Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
show more ...
|
| 59ccb72c | 14-Jan-2022 |
Darshan Sen |
Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()
When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting us
Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()
When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.
Fixes: https://github.com/openssl/openssl/issues/17506
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
show more ...
|
| 814999cb | 24-Jan-2022 |
Jiasheng Jiang |
x509: add the check for X509_STORE_lock
Since we may fail to get the lock, for example there is no lock, the
X509_STORE_lock() will return 0.
Therefore, we should check it in order t
x509: add the check for X509_STORE_lock
Since we may fail to get the lock, for example there is no lock, the
X509_STORE_lock() will return 0.
Therefore, we should check it in order to prevent the dirty data.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17575)
show more ...
|
| 7625d70a | 24-Jan-2022 |
Jiasheng Jiang |
test/ct_test.c: Add the missing check after calling sk_SCT_new_null
As the potential failure of the allocation, the sk_SCT_new_null() could
return NULL pointer if fails.
And then sk_
test/ct_test.c: Add the missing check after calling sk_SCT_new_null
As the potential failure of the allocation, the sk_SCT_new_null() could
return NULL pointer if fails.
And then sk_SCT_push() uses the 'fixture->sct_list' and returns -1 if
fails.
But the return value of the sk_SCT_push() is not checked.
I think it is better to check it just after the allocation.
CLA: trivial
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)
show more ...
|
| 2208ba56 | 24-Jan-2022 |
Jiasheng Jiang |
evp_test: Add the missing check after calling OPENSSL_malloc
The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() de
evp_test: Add the missing check after calling OPENSSL_malloc
The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() deals
with.
CLA: trivial
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)
show more ...
|
| 954f45ba | 09-Jun-2021 |
XiaokangQian |
Optimize AES-GCM for uarchs with unroll and new instructions
Increase the block numbers to 8 for every iteration. Increase the hash
table capacity. Make use of EOR3 instruction to impr
Optimize AES-GCM for uarchs with unroll and new instructions
Increase the block numbers to 8 for every iteration. Increase the hash
table capacity. Make use of EOR3 instruction to improve the performance.
This can improve performance 25-40% on out-of-order microarchitectures
with a large number of fast execution units, such as Neoverse V1. We also
see 20-30% performance improvements on other architectures such as the M1.
Assembly code reviewd by Tom Cosgrove (ARM).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15916)
show more ...
|
| 44a563dd | 18-Oct-2021 |
Danny Tsen |
AES-GCM performance optimzation with stitched method for p9+ ppc64le
Assembly code reviewed by Shricharan Srivatsan <ssrivat@us.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
AES-GCM performance optimzation with stitched method for p9+ ppc64le
Assembly code reviewed by Shricharan Srivatsan <ssrivat@us.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16854)
show more ...
|
| d94c2f1b | 20-Jan-2022 |
Todd Short |
`make clean` should clean up fips provider shared object.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul
`make clean` should clean up fips provider shared object.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17556)
(cherry picked from commit 45036df45048c6498efa49d3572869830d05df45)
show more ...
|
| 1bfd20f0 | 21-Jan-2022 |
Pauli |
self_test.h: fix the C++ wrapping
Fixes #17557
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17562) |
| e1cd94f2 | 22-Dec-2021 |
Philip Prindeville |
Standardize progress callback for dhparam, dsaparam, etc.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed
Standardize progress callback for dhparam, dsaparam, etc.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17359)
show more ...
|
| 8c2e588b | 11-Jan-2022 |
Richard Levitte |
LEGACY PROV: Reimplement the ERR building blocks in upcall terms
This involves the following functions:
ERR_new(), ERR_set_debug(), ERR_set_error(), ERR_vset_error(),
ERR_set_ma
LEGACY PROV: Reimplement the ERR building blocks in upcall terms
This involves the following functions:
ERR_new(), ERR_set_debug(), ERR_set_error(), ERR_vset_error(),
ERR_set_mark(), ERR_clear_last_mark(), ERR_pop_to_mark(void)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17474)
show more ...
|
| fbe88706 | 11-Jan-2022 |
Richard Levitte |
ERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()
Move them to their own source file, so they end up in a separate
object file. This allows providers to override the
ERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()
Move them to their own source file, so they end up in a separate
object file. This allows providers to override their implementation
to use the corresponding OSSL_FUNC upcalls without having to
reimplement everything from crypto/err/err.c.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17474)
show more ...
|
