| 908cf7ce | 29-Oct-2020 |
jwalch |
Patch leak in EVP_PKEY2PKCS8() error path
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail
Patch leak in EVP_PKEY2PKCS8() error path
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13278)
show more ...
|
| 62a36143 | 23-Oct-2020 |
Matt Caswell |
Allow empty deprecation macros to be passed as macro arguments
The OSSL_DEPRECATEDIN_3_0 macro introduced in PR #13074 is intended to
be passed as a parameter to the various PEM declarat
Allow empty deprecation macros to be passed as macro arguments
The OSSL_DEPRECATEDIN_3_0 macro introduced in PR #13074 is intended to
be passed as a parameter to the various PEM declaration macros. However,
in some cases OSSL_DEPRECATEDIN_3_0 is defined to be empty, and it is
not allowed to pass empty macro arguments in C90. Therefore we ensure
these macros are always defined. In the case where they were empty
previously we use a no-op value instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13227)
show more ...
|
| e82f4598 | 29-Oct-2020 |
Matt Caswell |
Fix some missed usage of DEFINE_LHASH_OF()
PR#12860 fixed issues with the Lhash code. It replaced usage of
DEFINE_LHASH_OF() in the public headers. Unfortunately it missed a couple
o
Fix some missed usage of DEFINE_LHASH_OF()
PR#12860 fixed issues with the Lhash code. It replaced usage of
DEFINE_LHASH_OF() in the public headers. Unfortunately it missed a couple
of instances.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13274)
show more ...
|
| 140eee2b | 09-Oct-2020 |
Richard Levitte |
Add easy to digest selector macros for EVP_PKEYs
These are meant to be used with functions like
OSSL_ENCODER_CTX_new_by_EVP_PKEY()
The OSSL_ENCODER_CTX_new_by_EVP_PKEY() manual
Add easy to digest selector macros for EVP_PKEYs
These are meant to be used with functions like
OSSL_ENCODER_CTX_new_by_EVP_PKEY()
The OSSL_ENCODER_CTX_new_by_EVP_PKEY() manual is also expanded on the
topics of output types and selections.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13189)
show more ...
|
| f7928938 | 28-Oct-2020 |
Richard Levitte |
test/recipes/15-test_gendh.t: don't try DER params
There is no option to output DH params in DER form. -outform doesn't
apply to -genparam with 'openssl genpkey', and it shouldn't.
test/recipes/15-test_gendh.t: don't try DER params
There is no option to output DH params in DER form. -outform doesn't
apply to -genparam with 'openssl genpkey', and it shouldn't.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13266)
show more ...
|
| 231849bc | 27-Sep-2020 |
Benjamin Kaduk |
Unify ssl3_get_cipher_by_std_name() implementation
The handling for the SCSVs was the same as for regular ciphers;
just merge them into the same table-driven handler.
Reviewed-b
Unify ssl3_get_cipher_by_std_name() implementation
The handling for the SCSVs was the same as for regular ciphers;
just merge them into the same table-driven handler.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13010)
show more ...
|
| fcf6e9d0 | 27-Oct-2020 |
Ard Biesheuvel |
crypto/poly1305/asm: fix armv8 pointer authentication
PAC pointer authentication signs the return address against the value
of the stack pointer, to prevent stack overrun exploits from c
crypto/poly1305/asm: fix armv8 pointer authentication
PAC pointer authentication signs the return address against the value
of the stack pointer, to prevent stack overrun exploits from corrupting
the control flow. However, this requires that the AUTIASP is issued with
SP holding the same value as it held when the PAC value was generated.
The Poly1305 armv8 code got this wrong, resulting in crashes on PAC
capable hardware.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13256)
show more ...
|
| 728d03b5 | 28-Oct-2020 |
Pauli |
afalg: add a NULL pointer check
Fixes #13260
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13261) |
| 648cf924 | 24-Oct-2020 |
Randall S. Becker |
Rewrite the HPE NonStop Notes file in Markdown with more explanations.
CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.
Fixes #13237
Rewrite the HPE NonStop Notes file in Markdown with more explanations.
CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.
Fixes #13237
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13238)
show more ...
|
| 28e1d588 | 15-Oct-2020 |
Richard Levitte |
DH: stop setting the private key length arbitrarily
The private key length is supposed to be a user settable parameter.
We do check if it's set or not, and if not, we do apply defaults.
DH: stop setting the private key length arbitrarily
The private key length is supposed to be a user settable parameter.
We do check if it's set or not, and if not, we do apply defaults.
Fixes #12071
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13140)
show more ...
|
| 09803e9c | 23-Oct-2020 |
Richard Levitte |
configdata.pm.in, util/dofile.pl: Make a HERE document stricter.
Fixes #13221
Fixes #12743
Fixes #12078
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://gi
configdata.pm.in, util/dofile.pl: Make a HERE document stricter.
Fixes #13221
Fixes #12743
Fixes #12078
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13225)
show more ...
|
| 5723a8ec | 22-Oct-2020 |
Shane Lontis |
Fix sparc t4 build error 'undefined symbol: cipher_hw_generic_cbc'
cipher_hw_generic_##mode has been renamed to ossl_cipher_hw_generic_##mode.
There were a few missing renames for t4 in
Fix sparc t4 build error 'undefined symbol: cipher_hw_generic_cbc'
cipher_hw_generic_##mode has been renamed to ossl_cipher_hw_generic_##mode.
There were a few missing renames for t4 in .inc files.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13213)
show more ...
|
| 47b422c9 | 22-Oct-2020 |
Matt Caswell |
Ensure we raise SSLfatal on error
We were missing a call to SSLfatal. A comment claimed that we had already
called it - but that is incorrect.
Reviewed-by: Ben Kaduk <kaduk@mit.
Ensure we raise SSLfatal on error
We were missing a call to SSLfatal. A comment claimed that we had already
called it - but that is incorrect.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13229)
show more ...
|
| 22dddfb9 | 24-Oct-2020 |
Richard Levitte |
APPS: Remove the format argument where it's not used
Also, restore a behaviour change, where load_cert() would look at
stdin when the input file name is NULL, and make sure to call
l
APPS: Remove the format argument where it's not used
Also, restore a behaviour change, where load_cert() would look at
stdin when the input file name is NULL, and make sure to call
load_cert_pass() with a corresponding argument where load_cert() was
used in OpenSSL 1.1.1.
Fixes #13235
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13236)
show more ...
|
| b6120b5f | 20-Sep-2020 |
Kan |
Add parentheses to fix PCLINT Info:773
Fixes #7930
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Re
Add parentheses to fix PCLINT Info:773
Fixes #7930
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12927)
show more ...
|
| d1fb6b48 | 20-Oct-2020 |
Nicola Tuveri |
Constify OSSL_FUNC_keymgmt_validate()
The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from
Constify OSSL_FUNC_keymgmt_validate()
The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13201)
show more ...
|
| 85209c07 | 20-Oct-2020 |
Pauli |
Remove EVP_aes_(128|192|256)_siv functions
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13195) |
| fc1ccdff | 21-Oct-2020 |
Pauli |
enc: change the text to reference `-list` instead of the deprecated `-ciphers`
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/1320
enc: change the text to reference `-list` instead of the deprecated `-ciphers`
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13204)
show more ...
|
| a49d0a49 | 13-Oct-2020 |
Shane Lontis |
Rename EVP_KDF_reset() to EVP_KDF_CTX_reset().
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116) |
| 1ba21239 | 13-Oct-2020 |
Shane Lontis |
Rename EVP_KDF_size() to EVP_KDF_CTX_get_kdf_size().
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116) |
| 90a2576b | 13-Oct-2020 |
Shane Lontis |
Rename EVP_MAC_size() to EVP_MAC_CTX_get_mac_size().
Fixes #11320
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116) |
| 42445046 | 21-Oct-2020 |
Shane Lontis |
Remove ossl_prov_util_nid_to_name()
This removes a TODO.
This function is not needed since any place that needs to do the
conversion normally has a special case name2nid table.
Remove ossl_prov_util_nid_to_name()
This removes a TODO.
This function is not needed since any place that needs to do the
conversion normally has a special case name2nid table.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13202)
show more ...
|
| 3d914185 | 20-Oct-2020 |
Nicola Tuveri |
Constify OSSL_FUNC_keymgmt_has()
The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <
Constify OSSL_FUNC_keymgmt_has()
The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13200)
show more ...
|
| a135948d | 02-Oct-2020 |
Romain Geissler |
Fix aarch64 static linking into shared libraries (see issue #10842 and pull request #11464)
This tries to fix the following link errors on aarch64 when using OpenSSL
3.0.0 alpha 6, compi
Fix aarch64 static linking into shared libraries (see issue #10842 and pull request #11464)
This tries to fix the following link errors on aarch64 when using OpenSSL
3.0.0 alpha 6, compiling it with "no-shared" and -fPIC in CFLAGS, then
trying to use the resulting OpenSSL static libraries in the build of
elfutils, which embed libcrypto.a into libdebuginfo.so, which hides all
symbols (except the libdebuginfod ones) by default:
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha1-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha1-armv8.o): in function `sha1_block_data_order':
(.text+0x0): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-chacha-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-chacha-armv8.o): in function `ChaCha20_ctr32':
(.text+0x6c): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha256-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha256-armv8.o): in function `sha256_block_data_order':
(.text+0x0): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha512-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha512-armv8.o): in function `sha512_block_data_order':
(.text+0x0): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): in function `poly1305_init':
(.text+0x14): dangerous relocation: unsupported relocation
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): in function `poly1305_emit_neon':
(.text+0x8e4): relocation truncated to fit: R_AARCH64_CONDBR19 against symbol `poly1305_emit' defined in .text section in /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o)
In poly1305-armv8.pl, hide symbols the same way they are hidden in poly1305-x86_64.pl.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13056)
show more ...
|
| b78c777e | 20-Oct-2020 |
Richard Levitte |
APPS: Implement load_keyparams() to load key parameters
'openssl dsaparam' is affected as an obvious usage example.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from ht
APPS: Implement load_keyparams() to load key parameters
'openssl dsaparam' is affected as an obvious usage example.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)
show more ...
|
