| 194fcc9a | 25-Aug-2021 |
Matt Caswell |
Add a test for running the config twice
Make sure there are no leaks from running the config file twice.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul
Add a test for running the config twice
Make sure there are no leaks from running the config file twice.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16425)
show more ...
|
| f38af125 | 24-Aug-2021 |
Matt Caswell |
Add locking for the provider_conf.c
Avoid races where 2 threads attempt to configure activation of providers
at the same time. E.g. via an explicit and an implict load of the config
Add locking for the provider_conf.c
Avoid races where 2 threads attempt to configure activation of providers
at the same time. E.g. via an explicit and an implict load of the config
file at the same time.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16425)
show more ...
|
| 6f25d3c4 | 17-Aug-2021 |
Matt Caswell |
When activating providers via config check we've not already activated them
We skip the activation if we already configured them.
Fixes #16250
Reviewed-by: Tomas Mraz <toma
When activating providers via config check we've not already activated them
We skip the activation if we already configured them.
Fixes #16250
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16425)
show more ...
|
| 4fdb0d25 | 25-Aug-2021 |
Dr. David von Oheimb |
APPS/req: Fix AKID generation in case -CA option is used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16420) |
| f2b6edcf | 25-Aug-2021 |
Dr. David von Oheimb |
APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1642
APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16420)
show more ...
|
| b4fec69b | 25-Aug-2021 |
Dr. David von Oheimb |
APPS/x509: fix -extfile option, which was ignored with -x509toreq
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16417) |
| 78539b25 | 25-Aug-2021 |
Tomas Mraz |
EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls
The legacy implementation duplicates the pctx before creating/verifying
the signature unless EVP_MD_CTX_FLAG_FINALI
EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls
The legacy implementation duplicates the pctx before creating/verifying
the signature unless EVP_MD_CTX_FLAG_FINALISE is set. We have to do the
same with provided implementations.
Fixes #16321
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16422)
show more ...
|
| 62bae84d | 18-Aug-2021 |
zhaozg |
ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/
ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16347)
show more ...
|
| a291cfdf | 25-Aug-2021 |
Pauli |
doc: document the rsa_oaep_md: pkeyopt
This was missing but essential for using non-SHA1 digests with OAEP.
Fixes #15998
Reviewed-by: Tim Hudson <tjh@openssl.org>
Revie
doc: document the rsa_oaep_md: pkeyopt
This was missing but essential for using non-SHA1 digests with OAEP.
Fixes #15998
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16410)
show more ...
|
| 9698a56e | 23-Aug-2021 |
Pauli |
aes-wrap: improve error handling
The AES wrap cipher was return -1 on error from the provider rather than 0.
This is fixed.
There was a problem with the error handling in AES wr
aes-wrap: improve error handling
The AES wrap cipher was return -1 on error from the provider rather than 0.
This is fixed.
There was a problem with the error handling in AES wrap which fell back to a
default "final error". This adds a fix for the error and more specific errors
for the different failure possibilities.
Fixes #16387
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16391)
show more ...
|
| 31656f27 | 23-Aug-2021 |
Pauli |
Add invalid input length error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16391) |
| 69b920bb | 24-Aug-2021 |
Dr. David von Oheimb |
CMS app: Fix new -wrap option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/1639
CMS app: Fix new -wrap option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16396)
show more ...
|
| e5f8935c | 24-Aug-2021 |
Pauli |
changes: add note about 3DES key wrap matching the standard
Also note that it is no longer interoperable with 1.1.1.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from htt
changes: add note about 3DES key wrap matching the standard
Also note that it is no longer interoperable with 1.1.1.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16343)
show more ...
|
| 3d491c05 | 18-Aug-2021 |
Pauli |
test: add unit tests for TDES key wrap
This functionality was completely untested.
Doesn't fix #16002 since that's a bug against 1.1.1.
Reviewed-by: Tomas Mraz <tomas@opens
test: add unit tests for TDES key wrap
This functionality was completely untested.
Doesn't fix #16002 since that's a bug against 1.1.1.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16343)
show more ...
|
| 06447b58 | 23-Aug-2021 |
Bernd Edlinger |
Avoid using undefined value in generate_stateless_cookie_callback
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.c
Avoid using undefined value in generate_stateless_cookie_callback
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16384)
show more ...
|
| 0760d132 | 29-Nov-2019 |
Paul Dreik |
Avoid invoking memcpy if size is zero or the supplied buffer is NULL
This allows for passing a NULL pointer with zero max_len.
Invoking memcpy on NULL is undefined behaviour, even i
Avoid invoking memcpy if size is zero or the supplied buffer is NULL
This allows for passing a NULL pointer with zero max_len.
Invoking memcpy on NULL is undefined behaviour, even if the size is zero.
https://en.cppreference.com/w/c/string/byte/memcpy
The function can now be queried for the necessary buffer length.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10541)
show more ...
|
| 562d4cd3 | 23-Aug-2021 |
Bernd Edlinger |
Fix the array size of dtlsseq in tls1_enc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16385) |
| 1501de33 | 24-Aug-2021 |
Richard Levitte |
Add multilib to the NonStop configuration definitions.
Fixes: #16373
Co-authored-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Add multilib to the NonStop configuration definitions.
Fixes: #16373
Co-authored-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16398)
show more ...
|
| 33a62d44 | 23-Aug-2021 |
Richard Levitte |
VMS: Correct faulty source directory specification
$(SRCDIR)/doc doesn't work right on VMS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
VMS: Correct faulty source directory specification
$(SRCDIR)/doc doesn't work right on VMS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16395)
show more ...
|
| 8b4e9c52 | 23-Aug-2021 |
Tianjia Zhang |
apps/ciphers: Fix wrong return value when using -convert parameter
Command 'openssl ciphers -convert <name>' always returns failure,
this patch set the correct return value.
Sig
apps/ciphers: Fix wrong return value when using -convert parameter
Command 'openssl ciphers -convert <name>' always returns failure,
this patch set the correct return value.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16383)
show more ...
|
| 32f7be2a | 17-Aug-2021 |
Dr. David von Oheimb |
APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fro
APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16344)
show more ...
|
| fdd43643 | 25-Aug-2021 |
Pauli |
news/changes: fix formatting nits
The news/changes files are being nitted causing CI failure. This addresses the
issues.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged f
news/changes: fix formatting nits
The news/changes files are being nitted causing CI failure. This addresses the
issues.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16413)
show more ...
|
| e1c29138 | 25-Aug-2021 |
Pauli |
cpp: fix included files to avoid failure in no-deprecated builds
A header file was missing but only in no-deprecated builds.
Also add some ending comments for #if preprocessor statements
cpp: fix included files to avoid failure in no-deprecated builds
A header file was missing but only in no-deprecated builds.
Also add some ending comments for #if preprocessor statements.
Move function declaration inside #ifdef guard for header.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16412)
show more ...
|
| 2576b70d | 25-Aug-2021 |
Pauli |
sm2: fix error raise to not fail make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16411) |
| 94736c3a | 11-Aug-2021 |
Tomas Mraz |
rsa: Try legacy encoding functions for pubkey
If there are no suitable encoders it might mean the key is in
an engine and thus it is a legacy key. Try legacy encoding
routines to enc
rsa: Try legacy encoding functions for pubkey
If there are no suitable encoders it might mean the key is in
an engine and thus it is a legacy key. Try legacy encoding
routines to encode the public key. We do not attempt encoding
a private key as it would be in most cases impossible anyway.
Fixes #16256
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16289)
show more ...
|
