| 3d633153 | 20-Oct-2021 |
Tomas Mraz |
doc: Document the type of label EVP_PKEY_CTX_set0_rsa_oaep_label properly
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged fro
doc: Document the type of label EVP_PKEY_CTX_set0_rsa_oaep_label properly
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16869)
show more ...
|
| 7cce994d | 20-Oct-2021 |
Matt Caswell |
Update pyca-cryptography sub-module
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789) |
| 1b327433 | 11-Oct-2021 |
Matt Caswell |
Fix acvp_test sig_gen
Ensure we set the size of the signature buffer before we call
EVP_DigestSign()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.
Fix acvp_test sig_gen
Ensure we set the size of the signature buffer before we call
EVP_DigestSign()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| cff7d58e | 11-Oct-2021 |
Matt Caswell |
Fix test_CMAC_keygen
Make sure we correctly pass through the size of the buffer to
EVP_DigestSignFinal
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://githu
Fix test_CMAC_keygen
Make sure we correctly pass through the size of the buffer to
EVP_DigestSignFinal
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| 61adb6cf | 11-Oct-2021 |
Matt Caswell |
Fix a bug in signature self tests in the FIPS module
When calling EVP_PKEY_sign(), the size of the signature buffer must
be passed in *siglen.
Reviewed-by: Tomas Mraz <tomas@ope
Fix a bug in signature self tests in the FIPS module
When calling EVP_PKEY_sign(), the size of the signature buffer must
be passed in *siglen.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| dc3f057c | 08-Oct-2021 |
Matt Caswell |
Add an additional note to EVP_DigestSign() documentation
Clarify what happens if it fails. Make it clear that you can pass a NULL
"sig" buffer to get the "siglen".
Reviewed-by:
Add an additional note to EVP_DigestSign() documentation
Clarify what happens if it fails. Make it clear that you can pass a NULL
"sig" buffer to get the "siglen".
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| 15ff7d7c | 07-Oct-2021 |
Matt Caswell |
Test short buffers
Test that calling EVP_DigestSign(), EVP_DigestSignFinal(),
EVP_PKEY_sign(), EVP_PKEY_get_raw_private_key(), or
EVP_PKEY_get_raw_public_key() with a short output bu
Test short buffers
Test that calling EVP_DigestSign(), EVP_DigestSignFinal(),
EVP_PKEY_sign(), EVP_PKEY_get_raw_private_key(), or
EVP_PKEY_get_raw_public_key() with a short output buffer results in a
failure.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| 7be8ba54 | 07-Oct-2021 |
Matt Caswell |
Fix SSKDF to not claim a buffer size that is too small for the MAC
We also check that our buffer is sufficiently sized for the MAC output
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Fix SSKDF to not claim a buffer size that is too small for the MAC
We also check that our buffer is sufficiently sized for the MAC output
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| b97f4dd7 | 07-Oct-2021 |
Matt Caswell |
Enforce a size check in EVP_MAC_final()
Make sure that the outsize for the buffer is large enough for the
output from the MAC.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(M
Enforce a size check in EVP_MAC_final()
Make sure that the outsize for the buffer is large enough for the
output from the MAC.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| 43da9a14 | 07-Oct-2021 |
Matt Caswell |
Prevent an overflow if an application supplies a buffer that is too small
If an application bug means that a buffer smaller than is necessary is
passed to various functions then OpenSSL
Prevent an overflow if an application supplies a buffer that is too small
If an application bug means that a buffer smaller than is necessary is
passed to various functions then OpenSSL does not spot that the buffer
is too small and fills it anyway. This PR prevents that.
Since it requires an application bug to hit this problem, no CVE is
allocated.
Thanks to David Benjamin for reporting this issue.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| 251e9412 | 20-Oct-2021 |
Dr. David von Oheimb |
APPS/req.c: Make -reqexts option an alias of -extensions option
This simplifies code, doc, and use.
Fixes issue ignoring one or the other.
Reviewed-by: Tomas Mraz <tomas@openssl
APPS/req.c: Make -reqexts option an alias of -extensions option
This simplifies code, doc, and use.
Fixes issue ignoring one or the other.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16865)
show more ...
|
| d92c696d | 20-Oct-2021 |
Tomas Mraz |
Add missing define to enable AES-NI usage on x86 platform
Fixes #16858
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16866) |
| 10343fa5 | 18-Oct-2021 |
PW Hu |
Fix function signature error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/opens
Fix function signature error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/16852)
show more ...
|
| 0299094c | 15-Oct-2021 |
Matt Caswell |
Add tests for ENGINE problems
Add some tests which would have caught the issues fixed in the previous
3 commits related to engine handling.
Reviewed-by: Tomas Mraz <tomas@openss
Add tests for ENGINE problems
Add some tests which would have caught the issues fixed in the previous
3 commits related to engine handling.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
show more ...
|
| 86c15ba8 | 15-Oct-2021 |
Matt Caswell |
Update provider_util.c to correctly handle ENGINE references
provider_util.c failed to free ENGINE references when clearing a cipher
or a digest. Additionally ciphers and digests were no
Update provider_util.c to correctly handle ENGINE references
provider_util.c failed to free ENGINE references when clearing a cipher
or a digest. Additionally ciphers and digests were not copied correctly,
which would lead to double-frees if it were not for the previously
mentioned leaks.
Fixes #16845
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
show more ...
|
| f7d6868d | 15-Oct-2021 |
Matt Caswell |
Ensure pkey_set_type handles ENGINE references correctly
pkey_set_type should not consume the ENGINE references that may be
passed to it.
Fixes #16757
Reviewed-by: Toma
Ensure pkey_set_type handles ENGINE references correctly
pkey_set_type should not consume the ENGINE references that may be
passed to it.
Fixes #16757
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
show more ...
|
| a0cbc2d2 | 15-Oct-2021 |
Matt Caswell |
Make sure EVP_CIPHER_CTX_copy works with the dasync engine
Ciphers in the daysnc engine were failing to copy their context properly
in the event of EVP_CIPHER_CTX_copy() because they did
Make sure EVP_CIPHER_CTX_copy works with the dasync engine
Ciphers in the daysnc engine were failing to copy their context properly
in the event of EVP_CIPHER_CTX_copy() because they did not define the
flag EVP_CIPH_CUSTOM_FLAG
Fixes #16844
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
show more ...
|
| a98b2658 | 15-Oct-2021 |
jwalch |
Avoid NULL+X UB in bss_mem.c
Fixes #16816
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas
Avoid NULL+X UB in bss_mem.c
Fixes #16816
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16818)
show more ...
|
| 5fdc95e4 | 14-Oct-2021 |
Matt Caswell |
Fix the signature newctx documentation
The documentation omitted the propq parameter
Fixes #16755
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas
Fix the signature newctx documentation
The documentation omitted the propq parameter
Fixes #16755
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16836)
show more ...
|
| fb0f65ff | 16-Oct-2021 |
Richard Levitte |
Fix lock leak in evp_keymgmt_util_export_to_provider()
Fixes #16847
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16849) |
| d5d95dab | 14-Oct-2021 |
Tomas Mraz |
Raise error when invalid digest used with SM2
Otherwise commands like openssl req -newkey sm2 fail silently without
reporting any error unless -sm3 option is added.
Reviewed-by:
Raise error when invalid digest used with SM2
Otherwise commands like openssl req -newkey sm2 fail silently without
reporting any error unless -sm3 option is added.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16833)
show more ...
|
| 34563be5 | 12-Oct-2021 |
Peiwei Hu |
test/ssl_old_test.c: Fix potential leak
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/168
test/ssl_old_test.c: Fix potential leak
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16806)
show more ...
|
| 73970cb9 | 14-Oct-2021 |
Richard Levitte |
Fix test/recipes/01-test_symbol_presence.t to disregard version info
The output of 'nm -DPg' contains version info attached to the symbols,
which makes the test fail. Simply dropping th
Fix test/recipes/01-test_symbol_presence.t to disregard version info
The output of 'nm -DPg' contains version info attached to the symbols,
which makes the test fail. Simply dropping the version info makes the
test work again.
Fixes #16810 (followup)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16840)
show more ...
|
| 19b30f1c | 13-Oct-2021 |
Bernd Edlinger |
Fix another memory leak reported in CIFuzz
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_mal
Fix another memory leak reported in CIFuzz
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
#3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
#4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
#10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16813)
show more ...
|
| 74b48584 | 12-Oct-2021 |
Bernd Edlinger |
Fix a memory leak reported in CIFuzz
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_l
Fix a memory leak reported in CIFuzz
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
#3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
#4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
#5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
#6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
#10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
#12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16813)
show more ...
|
