History log of /openssl/ (Results 8526 – 8550 of 36077)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
8dc34b1f11-Nov-2020 Daniel Bevenius

EVP: don't touch the lock for evp_pkey_downgrade

This commit tries to address a locking issue in evp_pkey_reset_unlocked
which can occur when it is called from evp_pkey_downgrade.

EVP: don't touch the lock for evp_pkey_downgrade

This commit tries to address a locking issue in evp_pkey_reset_unlocked
which can occur when it is called from evp_pkey_downgrade.

evp_pkey_downgrade will acquire a lock for pk->lock and if successful
then call evp_pkey_reset_unlocked. evp_pkey_reset_unlocked will call
memset on pk, and then create a new lock and set pk->lock to point to
that new lock. I believe there are two problems with this.

The first is that after the call to memset, another thread would try to
acquire a lock for NULL as that is what the value of pk->lock would be
at that point.

The second issue is that after the new lock has been assigned to
pk->lock, that lock is different from the one currently locked so
another thread trying to acquire the lock will succeed which can lead to
strange behaviour. More details and a reproducer can be found in the
Refs link below.

This changes the evp_pkey_reset_unlocked to not touch the lock
and the creation of a new lock is done in EVP_PKEY_new.

Refs:
https://github.com/danbev/learning-libcrypto/blob/master/notes/issues.md#openssl-investigationtroubleshooting
https://github.com/nodejs/node/issues/29817

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13374)

show more ...


crypto/evp/p_lib.c
2b407d0518-Nov-2020 Tomas Mraz

Documentation improvements for EVP_DigestInit_ex and related functions

Documenting when EVP_MD_CTX_reset() is implicitly called and when
type can be set to NULL.

Reviewed-by: Dm

Documentation improvements for EVP_DigestInit_ex and related functions

Documenting when EVP_MD_CTX_reset() is implicitly called and when
type can be set to NULL.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13402)

show more ...


doc/man3/EVP_DigestInit.pod
5de9863b13-Nov-2020 Tomas Mraz

Fix regression in EVP_DigestInit_ex: crash when called with NULL type

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged f

Fix regression in EVP_DigestInit_ex: crash when called with NULL type

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13402)

show more ...


crypto/evp/digest.c
8d8dd09b13-Nov-2020 Tomas Mraz

Add test for no reset after DigestFinal_ex and DigestFinalXOF

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from http

Add test for no reset after DigestFinal_ex and DigestFinalXOF

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13402)

show more ...


test/evp_extra_test.c
39fde64a13-Nov-2020 Tomas Mraz

EVP_DigestFinalXOF must not reset the EVP_MD_CTX

It does not do it in legacy path and 1.1.1 so that must not change.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-

EVP_DigestFinalXOF must not reset the EVP_MD_CTX

It does not do it in legacy path and 1.1.1 so that must not change.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13402)

show more ...


crypto/evp/digest.c
e109aaa924-Nov-2020 Matt Caswell

Fix no-posix-io

The "multi" variable should only be used within HTTP_DAEMON guards.
However there were a few spots where this was not the case, which
causes no-posix-io builds to fai

Fix no-posix-io

The "multi" variable should only be used within HTTP_DAEMON guards.
However there were a few spots where this was not the case, which
causes no-posix-io builds to fail.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13498)

show more ...


apps/lib/http_server.c
467f441b25-Nov-2020 Richard Levitte

APPS: Modify apps/cmp.c to use set_base_ui_method() for its -batch option

Fixes #13511

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/

APPS: Modify apps/cmp.c to use set_base_ui_method() for its -batch option

Fixes #13511

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13512)

show more ...


apps/cmp.c
a6a5dec625-Nov-2020 Richard Levitte

APPS: Make it possible for apps to set the base (fallback) UI_METHOD

The apps UI method acts as a proxy that bases its activity on a base
(was called fallback) UI_METHOD, which defaults

APPS: Make it possible for apps to set the base (fallback) UI_METHOD

The apps UI method acts as a proxy that bases its activity on a base
(was called fallback) UI_METHOD, which defaults to UI_OpenSSL() under
normal circumstances.

However, some apps might want to have it based on another UI_METHOD,
such as UI_null() to avoid prompting (typical for a -batch run). The
new function set_base_ui_method() allows them to do precisely this.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13512)

show more ...


apps/include/apps_ui.h
apps/lib/apps_ui.c
e3197e5a26-Nov-2020 Matt Caswell

Prepare for 3.0 alpha 10

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>


CHANGES.md
NEWS.md
VERSION.dat
68ec3d4726-Nov-2020 Matt Caswell

Prepare for release of 3.0 alpha 9

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>


CHANGES.md
NEWS.md
VERSION.dat
605856d726-Nov-2020 Matt Caswell

Update copyright year

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13533)


crypto/asn1/a_bitstr.c
crypto/asn1/a_dup.c
crypto/asn1/a_i2d_fp.c
crypto/asn1/a_int.c
crypto/asn1/a_mbstr.c
crypto/asn1/a_object.c
crypto/asn1/a_strex.c
crypto/asn1/asn1_item_list.c
crypto/asn1/asn_pack.c
crypto/asn1/bio_asn1.c
crypto/asn1/bio_ndef.c
crypto/asn1/f_int.c
crypto/asn1/f_string.c
crypto/asn1/p5_pbe.c
crypto/asn1/p5_pbev2.c
crypto/asn1/p5_scrypt.c
crypto/asn1/tasn_enc.c
crypto/asn1/tasn_prn.c
crypto/asn1/tasn_scn.c
crypto/asn1/tasn_utl.c
crypto/asn1/x_info.c
crypto/asn1/x_int64.c
crypto/asn1/x_pkey.c
crypto/async/async_wait.c
crypto/bio/bio_meth.c
crypto/bio/bss_bio.c
crypto/bio/bss_dgram.c
crypto/bio/bss_log.c
crypto/bn/bn_add.c
crypto/bn/bn_blind.c
crypto/bn/bn_div.c
crypto/bn/bn_exp.c
crypto/bn/bn_exp2.c
crypto/bn/bn_gf2m.c
crypto/bn/bn_intern.c
crypto/bn/bn_mod.c
crypto/bn/bn_recp.c
crypto/bn/bn_shift.c
crypto/bn/bn_sqrt.c
crypto/buffer/buffer.c
crypto/cms/cms_att.c
crypto/comp/c_zlib.c
crypto/comp/comp_lib.c
crypto/dso/dso_dl.c
crypto/dso/dso_vms.c
crypto/engine/eng_table.c
crypto/evp/evp_utils.c
crypto/lhash/lhash.c
crypto/md5/md5_local.h
crypto/modes/ocb128.c
crypto/o_fopen.c
crypto/objects/o_names.c
crypto/objects/obj_lib.c
crypto/objects/obj_xref.c
crypto/pem/pem_oth.c
crypto/pem/pem_sign.c
crypto/pkcs12/p12_add.c
crypto/pkcs12/p12_crpt.c
crypto/pkcs12/p12_init.c
crypto/pkcs12/p12_p8e.c
crypto/pkcs12/p12_utl.c
crypto/rsa/rsa_mp.c
crypto/sha/sha3.c
crypto/stack/stack.c
crypto/ts/ts_asn1.c
crypto/x509/v3_skey.c
crypto/x509/x509_meth.c
crypto/x509/x509spki.c
include/crypto/asn1err.h
include/crypto/asyncerr.h
include/crypto/bioerr.h
include/crypto/bnerr.h
include/crypto/buffererr.h
include/crypto/cmperr.h
include/crypto/cmserr.h
include/crypto/comperr.h
include/crypto/conferr.h
include/crypto/crmferr.h
include/crypto/cryptoerr.h
include/crypto/cterr.h
include/crypto/decodererr.h
include/crypto/dherr.h
include/crypto/dsaerr.h
include/crypto/ecerr.h
include/crypto/encodererr.h
include/crypto/engineerr.h
include/crypto/err.h
include/crypto/esserr.h
include/crypto/evperr.h
include/crypto/httperr.h
include/crypto/objectserr.h
include/crypto/ocsperr.h
include/crypto/pemerr.h
include/crypto/pkcs12err.h
include/crypto/pkcs7err.h
include/crypto/randerr.h
include/crypto/rsaerr.h
include/crypto/sha.h
include/crypto/sm2err.h
include/crypto/storeerr.h
include/crypto/tserr.h
include/crypto/uierr.h
include/crypto/x509err.h
include/crypto/x509v3err.h
include/internal/dso.h
include/internal/dsoerr.h
include/internal/propertyerr.h
include/internal/sha3.h
providers/common/include/prov/providercommonerr.h
providers/implementations/include/prov/md5_sha1.h
ssl/d1_lib.c
ssl/d1_msg.c
ssl/pqueue.c
ssl/s3_msg.c
ssl/ssl_asn1.c
ssl/sslerr.h
ssl/statem/extensions_cust.c
ssl/statem/statem.c
ssl/statem/statem.h
test/recipes/04-test_pem_read_depr.t
c589c14923-Nov-2020 Richard Levitte

DOC: Add note on how to terminate an OSSL_PARAM array

The examples are also updated to have correct terminators.

doc/man3/OSSL_PARAM.pod is deliberately written with no help from th

DOC: Add note on how to terminate an OSSL_PARAM array

The examples are also updated to have correct terminators.

doc/man3/OSSL_PARAM.pod is deliberately written with no help from the
constructor macros described in OSSL_PARAM_int.pod. Therefore, use of
OSSL_PARAM_END isn't shown directly here, only leaving a link to its
man-page to indicate that there is that option.

Fixes #11280

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13478)

show more ...


doc/man3/OSSL_PARAM.pod
2d84089324-Nov-2020 Matt Caswell

Fix no-rc2

Skip a test that relies on RC2 being present in a no-rc2 build.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(M

Fix no-rc2

Skip a test that relies on RC2 being present in a no-rc2 build.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13496)

show more ...


test/recipes/80-test_pkcs12.t
0f386f2e02-Nov-2020 Matt Caswell

Remove deprecation warning suppression from genpkey

genpkey was supressing deprecation warnings in order to support ENGINE
functionality. We move all of that into a separate file so that

Remove deprecation warning suppression from genpkey

genpkey was supressing deprecation warnings in order to support ENGINE
functionality. We move all of that into a separate file so that we don't
need to suppress the warnings anymore.

Fixes #13118

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13454)

show more ...


apps/genpkey.c
apps/include/apps.h
apps/lib/engine.c
931d5b4b24-Nov-2020 Dr. David von Oheimb

apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE

Also make clear we cannot use get_ui_method() at this point.

Fixes #13494

Reviewed-by: Matt Caswell <matt@

apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE

Also make clear we cannot use get_ui_method() at this point.

Fixes #13494

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)

show more ...


apps/cmp.c
apps/include/apps_ui.h
apps/lib/apps_ui.c
68f9d92225-Nov-2020 Dr. David von Oheimb

apps/cmp.c: Improve description of key loaded due to -newkew option

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)


apps/cmp.c
e50b81c924-Nov-2020 Dr. David von Oheimb

re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC (avoiding DES)

Fixes #13494

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl

re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC (avoiding DES)

Fixes #13494

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)

show more ...


test/recipes/81-test_cmp_cli_data/Mock/signer.p12
6955e3f710-Nov-2020 Matt Caswell

Re-enable testing of ciphersuites

Commit be9d82bb3 inadvertently disabled ciphersuite testing. This masked
some issues. Therefore we fix this testing.

Reviewed-by: Tomas Mraz <t

Re-enable testing of ciphersuites

Commit be9d82bb3 inadvertently disabled ciphersuite testing. This masked
some issues. Therefore we fix this testing.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13378)

show more ...


test/recipes/80-test_ssl_old.t
test/recipes/80-test_ssl_old_data/dsa2048.pem
test/ssltest_old.c
6db0d58d11-Nov-2020 Matt Caswell

Fix RC4-MD5 based ciphersuites

The RC4-MD5 ciphersuites were not removing the length of the MAC when
calculating the length of decrypted TLS data. Since RC4 is a streamed
cipher that

Fix RC4-MD5 based ciphersuites

The RC4-MD5 ciphersuites were not removing the length of the MAC when
calculating the length of decrypted TLS data. Since RC4 is a streamed
cipher that doesn't use padding we separate out the concepts of fixed
length TLS data to be removed, and TLS padding.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13378)

show more ...


providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
providers/implementations/ciphers/ciphercommon.c
providers/implementations/include/prov/ciphercommon.h
01c6551c10-Nov-2020 Matt Caswell

Ensure Stream ciphers know how to remove a TLS MAC

We previously updated the block ciphers to know how to remove a TLS
MAC when using Encrypt-then-MAC. We also need to do the same for st

Ensure Stream ciphers know how to remove a TLS MAC

We previously updated the block ciphers to know how to remove a TLS
MAC when using Encrypt-then-MAC. We also need to do the same for stream
ciphers.

Fixes #13363

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13378)

show more ...


providers/implementations/ciphers/ciphercommon.c
1950e0e318-Nov-2020 Matt Caswell

Test that OSSL_STORE can load various types of params

There have been instances where OSSL_STORE got confused between DSA and
DH params (e.g. see issue #13046) due the DER encoding of DH

Test that OSSL_STORE can load various types of params

There have been instances where OSSL_STORE got confused between DSA and
DH params (e.g. see issue #13046) due the DER encoding of DH and DSA params
looking identical. Therefore we test that we get the types that we expect.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13329)

show more ...


test/ossl_store_test.c
test/recipes/66-test_ossl_store.t
test/recipes/66-test_ossl_store_data/DH-params.pem
test/recipes/66-test_ossl_store_data/DHX-params.pem
test/recipes/66-test_ossl_store_data/DSA-params.pem
cdbd27ba17-Nov-2020 Matt Caswell

Test various deprecated PEM_read_bio_* APIs

Add tests for various deprecated PEM_read_bio_*() functions to ensure
they can still read the various files.

Reviewed-by: Richard Lev

Test various deprecated PEM_read_bio_* APIs

Add tests for various deprecated PEM_read_bio_*() functions to ensure
they can still read the various files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13329)

show more ...


test/build.info
test/pem_read_depr_test.c
test/recipes/04-test_pem_read_depr.t
test/recipes/04-test_pem_read_depr_data/dhparams.pem
test/recipes/04-test_pem_read_depr_data/dsaparams.pem
test/recipes/04-test_pem_read_depr_data/dsaprivatekey.pem
test/recipes/04-test_pem_read_depr_data/dsapublickey.pem
test/recipes/04-test_pem_read_depr_data/rsaprivatekey.pem
test/recipes/04-test_pem_read_depr_data/rsapublickey.pem
test/recipes/04-test_pem_read_depr_data/x942params.pem
337ade3d05-Nov-2020 Matt Caswell

Don't forget the datatype when decoding a PEM file

The OSSL_STORE code was forgetting the datatype that we read from the
PEM header when decoding the DER.

Fixes #13046

Don't forget the datatype when decoding a PEM file

The OSSL_STORE code was forgetting the datatype that we read from the
PEM header when decoding the DER.

Fixes #13046

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13329)

show more ...


crypto/store/store_result.c
403ef8ce23-Nov-2020 Richard Levitte

APPS: Guard use of IPv6 functions and constants with a check of AF_INET6

Fixes #13482

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openss

APPS: Guard use of IPv6 functions and constants with a check of AF_INET6

Fixes #13482

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13484)

show more ...


apps/lib/s_socket.c
ee82528423-Nov-2020 Matt Caswell

Undeprecate the -dsaparam option in the dhparam app

The -dsaparam option was deprecated because it was previously using
deprecated functions in order to operate. This is no longer the ca

Undeprecate the -dsaparam option in the dhparam app

The -dsaparam option was deprecated because it was previously using
deprecated functions in order to operate. This is no longer the case
and therefore does not need to be deprecated.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13485)

show more ...


apps/dhparam.c
doc/man1/openssl-dhparam.pod.in

1...<<341342343344345346347348349350>>...1444