| 65ef000e | 28-Jan-2021 |
Richard Levitte |
PROV: Refactor DER->key decoder
The decoding of DER into keys with keytype specific routines depended
entirely on the absence of the generic algo specific C type from
EVP_PKEYs. Tha
PROV: Refactor DER->key decoder
The decoding of DER into keys with keytype specific routines depended
entirely on the absence of the generic algo specific C type from
EVP_PKEYs. That is not necessary, and may even prove to be a bit of a
disadvantage, depending on what libcrypto has to offer in terms of
type specific d2i functionality for different kinds of input
structures.
To remedy, we try with all available type specific functions first,
and only turn to the general d2i functions (those that return an
EVP_PKEY) as a last resort.
Furthermore, there are cases where the decoder might not get the key
type it expected. This may happen when certain key types that share
the same OpenSSL structure may be mixed up somehow. The known cases
are EC vs SM2 and RSA vs RSA-PSS.
To remedy, we add the possibility to specify a checking function that
can check if the key that was decoded meets decoder expectations.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)
show more ...
|
| 2d101b0f | 18-Mar-2021 |
Richard Levitte |
Configure: check all DEPEND values against GENERATE, not just .h files
All files that are given to DEPEND statements in build.info files are
being checked against GENERATE statements, to
Configure: check all DEPEND values against GENERATE, not just .h files
All files that are given to DEPEND statements in build.info files are
being checked against GENERATE statements, to see if it's reasonable
to look for them in the source tree or not. This was only done for .h
files, for reasons that are lost in history. We now change that check
to look at all files instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14598)
show more ...
|
| 6084b5c2 | 18-Mar-2021 |
Tomas Mraz |
EVP_PKEY_get_*_param should work with legacy
Also do not shortcut the pkey == NULL case
to allow EVP_PKEY_get_params() to raise an error.
Reviewed-by: Paul Dale <pauli@openssl.o
EVP_PKEY_get_*_param should work with legacy
Also do not shortcut the pkey == NULL case
to allow EVP_PKEY_get_params() to raise an error.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14606)
show more ...
|
| 03cd9d2f | 18-Mar-2021 |
Tomas Mraz |
ASYNC_start_job: Reset libctx when async_fibre_swapcontext fails
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14605) |
| 0e2f87c0 | 16-Mar-2021 |
Tomas Mraz |
Added functions for printing EVP_PKEYs to FILE *
Fixes #14172
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14577) |
| 39f6bf33 | 18-Mar-2021 |
Pauli |
test: fix Coverity 1454818: use after free
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14597) |
| ebdb5ccc | 18-Mar-2021 |
Shane Lontis |
Fix windows build compiler issue.
Another case of snprintf() being used.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14600) |
| 2154a7a7 | 16-Mar-2021 |
Matt Caswell |
Update README-FIPS.md
The README-FIPS.md file was still the one used from 1.1.1. We update it
with 3.0 specific information.
Fixes #14237
Reviewed-by: Tomas Mraz <tomas
Update README-FIPS.md
The README-FIPS.md file was still the one used from 1.1.1. We update it
with 3.0 specific information.
Fixes #14237
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14575)
show more ...
|
| 9fe4f5bc | 18-Mar-2021 |
Richard Levitte |
Fix a missing rand -> ossl_rand rename
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/146
Fix a missing rand -> ossl_rand rename
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14609)
show more ...
|
| ee067bc0 | 16-Mar-2021 |
Matt Caswell |
Ensure we deregister thread handlers even after a failed init
If we attempt to init a provider but that init fails, then we should
still deregister any thread handlers. The provider may
Ensure we deregister thread handlers even after a failed init
If we attempt to init a provider but that init fails, then we should
still deregister any thread handlers. The provider may have failed after
these were registered.
Fixes #13338
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14576)
show more ...
|
| 7e7e034a | 17-Mar-2021 |
Pauli |
apps: fix coverity 966560: division by zero
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/ope
apps: fix coverity 966560: division by zero
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14586)
show more ...
|
| 3de7f014 | 17-Mar-2021 |
Pauli |
ssl: fix coverity 1451515: out of bounds memory access
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14585) |
| 145f12d1 | 17-Mar-2021 |
Pauli |
modes: fix coverity 1449860: overlapping memory copy
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14584) |
| b875e0e8 | 17-Mar-2021 |
Pauli |
modes: fix coverity 1449851: overlapping memory copy
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14584) |
| cf3306dc | 17-Mar-2021 |
Jon Spillett |
Remove TODO comment. Resolves #14396
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1458
Remove TODO comment. Resolves #14396
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14588)
show more ...
|
| 628d2d3a | 17-Mar-2021 |
Kevin Cadieux |
Fixing stack buffer overflow error caused by incorrectly sized array.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Re
Fixing stack buffer overflow error caused by incorrectly sized array.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14582)
show more ...
|
| c8830891 | 09-Mar-2021 |
Shane Lontis |
Add ossl_provider symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473) |
| 3022b7f4 | 09-Mar-2021 |
Shane Lontis |
Rename CMS_si_check_attributes to ossl_cms_si_check_attributes
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/
Rename CMS_si_check_attributes to ossl_cms_si_check_attributes
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
show more ...
|
| 78715dcc | 09-Mar-2021 |
Shane Lontis |
rename err_get_state_int() to ossl_err_get_state_int()
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/144
rename err_get_state_int() to ossl_err_get_state_int()
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
show more ...
|
| 6d777689 | 09-Mar-2021 |
Shane Lontis |
Add ossl_is_partially_overlapping symbol
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473) |
| 4e17fb00 | 09-Mar-2021 |
Shane Lontis |
Add ossl_pkcs5_pbkdf2_hmac_ex symbol
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473) |
| b78c0166 | 09-Mar-2021 |
Shane Lontis |
Add ossl_pem_check_suffix symbol
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473) |
| 4669015d | 09-Mar-2021 |
Shane Lontis |
Add ossl_ x509 symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473) |
| 6dd4b77a | 09-Mar-2021 |
Shane Lontis |
Add ossl_gost symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473) |
| 285aa80e | 09-Mar-2021 |
Shane Lontis |
Add ossl_lhash symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473) |
