| 1bdd86fb | 24-May-2020 |
Pauli |
ossl_shim: add deprecation guards around the -use-ticket-callback option.
The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated
build.
[extended tests]
ossl_shim: add deprecation guards around the -use-ticket-callback option.
The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated
build.
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11944)
show more ...
|
| bbc3c22c | 24-May-2020 |
Pauli |
Coverity 1463830: Resource leaks (RESOURCE_LEAK)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/ope
Coverity 1463830: Resource leaks (RESOURCE_LEAK)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11941)
show more ...
|
| b394809c | 25-May-2020 |
Dmitry Belyavskiy |
Update the gost-engine submodule
Fixes #11949
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11951) |
| 3f5ea7dc | 22-May-2020 |
Richard Levitte |
Fix omissions in providers/common/der/build.info
Dependencies on generated files must be declared explicitly. When
refactoring the DER code in providers/common/der, a few of those
d
Fix omissions in providers/common/der/build.info
Dependencies on generated files must be declared explicitly. When
refactoring the DER code in providers/common/der, a few of those
dependency declaration were omitted, which may lead to build errors in
a parallel build.
Some cleanup and extensive used of build.info variables is done while
at it, to avoid unnecessary repetition.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11906)
show more ...
|
| 8069bf58 | 22-May-2020 |
Tomas Mraz |
Drop special case of time interval calculation for VMS
The existing special case code is broken and it is not needed
anymore as times() and _SC_CLK_TCK should be supported
on the sup
Drop special case of time interval calculation for VMS
The existing special case code is broken and it is not needed
anymore as times() and _SC_CLK_TCK should be supported
on the supported VMS versions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11905)
show more ...
|
| 2bd928a1 | 22-May-2020 |
Tomas Mraz |
Revert "Guard use of struct tms with #ifdef __TMS"
The __TMS might be necessary on VMS however there is no such
define on glibc even though the times() function is fully
supported.
Revert "Guard use of struct tms with #ifdef __TMS"
The __TMS might be necessary on VMS however there is no such
define on glibc even though the times() function is fully
supported.
Fixes #11903
This reverts commit db71d315479762eefbf2bcda8be3b44b1867133f.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11905)
show more ...
|
| e9191669 | 22-May-2020 |
Rich Salz |
Fix auto-gen names in .gitignore
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Mer
Fix auto-gen names in .gitignore
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11916)
show more ...
|
| f7201301 | 20-May-2020 |
Marc <34656315+MarcT512@users.noreply.github.com> |
s_client: Fix -proxy flag regression
s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2.
openssl s_client -connect <target> -proxy <proxy_host:prox
s_client: Fix -proxy flag regression
s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2.
openssl s_client -connect <target> -proxy <proxy_host:proxy_port>
Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target.
Fixes https://github.com/openssl/openssl/issues/11879
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11880)
show more ...
|
| 9c47a338 | 22-May-2020 |
Nicola Tuveri |
Fix coverity issues in EC after #11807
This should fix 2 issues detected by Coverity and introduced with
https://github.com/openssl/openssl/pull/11807
- CID 1463577: Memory - c
Fix coverity issues in EC after #11807
This should fix 2 issues detected by Coverity and introduced with
https://github.com/openssl/openssl/pull/11807
- CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
- CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
In practice the tests seem to show that they both aren't real issues,
yet I believe this small change should appease the scanner and at the
same time improve clarity for the reader.
Here is the original report:
```
** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118 if (group->meth->mul != NULL)
1119 ret = group->meth->mul(group, r, g_scalar, point != NULL
1120 && p_scalar != NULL, &point, &p_scalar, ctx);
1121 else
1122 /* use default */
CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124 && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126 #ifndef FIPS_MODULE
1127 BN_CTX_free(new_ctx);
1128 #endif
** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118 if (group->meth->mul != NULL)
1119 ret = group->meth->mul(group, r, g_scalar, point != NULL
1120 && p_scalar != NULL, &point, &p_scalar, ctx);
1121 else
1122 /* use default */
CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124 && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126 #ifndef FIPS_MODULE
1127 BN_CTX_free(new_ctx);
1128 #endif
```
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11919)
show more ...
|
| 6e15b81c | 22-May-2020 |
Dr. David von Oheimb |
Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h
fixes #11818
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmra
Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h
fixes #11818
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11911)
show more ...
|
| 5e5bc836 | 22-May-2020 |
Richard Levitte |
Re-introduce legacy EVP_PKEY types for provided keys
EVP_PKEYs with provider side internal keys got the key type
EVP_PKEY_NONE. This turned out to be too disruptive, so we try
inste
Re-introduce legacy EVP_PKEY types for provided keys
EVP_PKEYs with provider side internal keys got the key type
EVP_PKEY_NONE. This turned out to be too disruptive, so we try
instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever
EVP_PKEY type it uses.
To make internal coding easier, we introduce a few internal macros to
distinguish what can be expected from a EVP_PKEY:
- evp_pkey_is_blank(), to detect an unassigned EVP_PKEY.
- evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a
type, which may be an old style type number or a EVP_KEYMGMT method.
- evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned
an key value.
- evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a
legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an
EVP_PKEY_METHOD.
- evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is
a provider side one, i.e. will be handdled via an EVP_KEYMGMT and
other provider methods.
This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY
contains a provider side key for which there are no known
EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be
handled via EVP_KEYMGMT and other provider methods.
Fixes #11823
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11913)
show more ...
|
| aa2cb51d | 11-May-2020 |
Dmitry Belyavskiy |
GOST external tests
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openss
GOST external tests
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11792)
show more ...
|
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
| 712e8deb | 20-Mar-2017 |
Bernd Edlinger |
Fix the parameter types of the CRYPTO_EX_dup function type.
This fixes a strict aliasing issue in ui_dup_method_data.
The parameter type of CRYPTO_EX_dup's from_d parameter
is i
Fix the parameter types of the CRYPTO_EX_dup function type.
This fixes a strict aliasing issue in ui_dup_method_data.
The parameter type of CRYPTO_EX_dup's from_d parameter
is in fact void **, since it points to a pointer.
This function is rarely used, therefore fix the param type
although that may be considered an API breaking change.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2986)
show more ...
|
| 2de64666 | 19-May-2020 |
Nicola Tuveri |
Adjust length of some strncpy() calls
This fixes warnings detected by -Wstringop-truncation.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.
Adjust length of some strncpy() calls
This fixes warnings detected by -Wstringop-truncation.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11878)
show more ...
|
| e12813d0 | 21-May-2020 |
Tomas Mraz |
Prevent use after free of global_engine_lock
If buggy application calls engine functions after cleanup of engines
already happened the global_engine_lock will be used although
alread
Prevent use after free of global_engine_lock
If buggy application calls engine functions after cleanup of engines
already happened the global_engine_lock will be used although
already freed.
See for example:
https://bugzilla.redhat.com/show_bug.cgi?id=1831086
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11896)
show more ...
|
| 4d55122e | 21-May-2020 |
Pauli |
Coverity 1463571: Null pointer dereferences (FORWARD_NULL)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892) |
| 3f17066f | 21-May-2020 |
Pauli |
Coverity 1463574: Null pointer dereferences (REVERSE_INULL)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892) |
| e5cb3453 | 21-May-2020 |
Pauli |
Coverity 1463576: Error handling issues (CHECKED_RETURN)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892) |
| 084b7bec | 21-May-2020 |
Pauli |
Coverity 1463258: Incorrect expression (EVALUATION_ORDER)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892) |
| e1c6f762 | 19-May-2020 |
mettacrawler |
There is no -signreq option in CA.pl
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.
There is no -signreq option in CA.pl
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11876)
show more ...
|
| b84439b0 | 19-May-2020 |
Richard Levitte |
STORE: Make try_decode_PrivateKey() ENGINE aware
This function only considered the built-in and application
EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes
through al
STORE: Make try_decode_PrivateKey() ENGINE aware
This function only considered the built-in and application
EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes
through all loaded engines, using whatever table of methods they each
have.
Fixes #11861
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11872)
show more ...
|
| e637d47c | 19-May-2020 |
Richard Levitte |
rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
In the FIPS module, the code as written generate an unconditional
error.
Fixes #11865
Reviewed-by: Bern
rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
In the FIPS module, the code as written generate an unconditional
error.
Fixes #11865
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11869)
show more ...
|
| a30027b6 | 19-May-2020 |
Richard Levitte |
Refactor the provider side DER constants and writers
This splits up all the providers/common/der/*.c.in so the generated
portion is on its own and all related DER writing routines are in
Refactor the provider side DER constants and writers
This splits up all the providers/common/der/*.c.in so the generated
portion is on its own and all related DER writing routines are in
their own files. This also ensures that the DIGEST consstants aren't
reproduced in several files (resulting in symbol clashes).
Finally, the production of OID macros is moved to the generated header
files, allowing other similar macros, or DER constant arrays, to be
built on top of them.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11868)
show more ...
|
| c2f2db9b | 19-May-2020 |
Billy Brumley |
deprecate EC_POINT_make_affine and EC_POINTs_make_affine
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.
deprecate EC_POINT_make_affine and EC_POINTs_make_affine
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11874)
show more ...
|
| 7486c718 | 19-May-2020 |
Tomas Mraz |
t1_trce: Fix remaining places where the 24 bit shift overflow happens
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl
t1_trce: Fix remaining places where the 24 bit shift overflow happens
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)
show more ...
|
