Age | Commit message (Collapse) | Author |
|
The program name version info is supposed to be the major release
version number. This was forgotten when the versioning scheme was
changed for 3.0, so the minor release version number slipped in as
well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
|
|
bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45
The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899
but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899
so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.
Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45
correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899
wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899
Fortunately the bn_mul_comba4/8 code paths are not affected.
Also the mips64 target does in fact not handle the carry propagation
correctly.
Example:
a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000
022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001
correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17258)
(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)
|
|
Apparently using OPENSSL_cleanse() confuses the fuzzer so it
makes the buffer to appear uninitialized. And memset can be
safely used here and it is also potentially faster.
Fixes #17237
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17240)
(cherry picked from commit 858d5ac16d256db24f78b8c84e723b7d34c8b1ea)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit edc8566f475d63278d5f85cd25f324cf2fe9aaf9)
|
|
test_fromdata() turns out to be a bit inflexible, so we split it into
two functions, make_key_fromdata() and test_selection(), and adjust
test_EVP_PKEY_ffc_priv_pub() and test_EC_priv_pub() accordingly. This
allows us to check the resulting keys further, not only to check that
the bits we expect are there, but also that the bits that we expect
not to be there to actually not be there!
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit 5fbe15fd3b7c90a0cfb9f00be16225d8ed18b0dd)
|
|
This uncovers what has been a mere comment in an attempt to clarify
that the use of selector bits is very much at the discretion of the
provider implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit e67254e4c3d82b1b8f5102bc4a0e7914f0b87ef0)
|
|
The match function (called OSSL_FUNC_keymgmt_match() in our documentation)
in our KEYMGMT implementations were interpretting the selector bits a
bit too strictly, so they get a bit relaxed to make it reasonable to
match diverse key contents.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a)
|
|
EVP_PKEY_eq() assumed that an EVP_PKEY always has the public key
component if it has a private key component. However, this assumption
no longer strictly holds true, at least for provider backed keys.
EVP_PKEY_eq() therefore needs to be modified to specify that the
private key should be checked too (at the discretion of what's
reasonable for the implementation doing the actual comparison).
Fixes #16267
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit f3ba62653815b2f7991103cdbea1ac155c8c916a)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17123)
(cherry picked from commit 23effeb81fbcdc436b1e871e7fff34456d6bfbaf with
manual corrections)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17131)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17215)
(cherry picked from commit 7a2ad00f3ecffa6be350e9e72992d4ec003f54ae)
|
|
On non-Windows systems, there's no difference at all. On Windows systems,
__declspec(dllexport) is added, which ensures it gets exported no matter
what.
Fixes #17203
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17215)
(cherry picked from commit d977a26ed8ca5066d4d72a6d73f1669c8619f4a1)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17234)
(cherry picked from commit c37ebbd6f97d23b291c49c4ae2b94c27d732de30)
|
|
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17191)
(cherry picked from commit 44fde441937fc8db8ea6a7ac2e7c683ad9d5f8e0)
|
|
with no-sock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17226)
(cherry picked from commit 83b424c3f60a4401fa3e6e41ff7f08e85ee9df94)
|
|
This might result in a small memory leak.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17238)
(cherry picked from commit c50bf14450f3cd242f2211ca7e500191053d8050)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17190)
(cherry picked from commit f0d5a3b6ea1bbe4e5dac5b69d853c015db635621)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17222)
(cherry picked from commit 7ee0954a086ee3b4e0a8c6736600e3d6362485c0)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17225)
(cherry picked from commit d580c2790f9f304533a3eda2a9cf6b8eb22830c3)
|
|
MIN is a rather generic name and results in a name clash when trying to
port tianocore over to openssl 3.0. Use the usual ossl prefix and
rename the macro to ossl_min() to solve this.
CLA: trivial
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17219)
(cherry picked from commit f4f77c2d9756cee12875397276799a93f057d412)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17206)
(cherry picked from commit 684326d3bd3131debcdc410790e8dcf16f96103f)
|
|
Add link to CONTRIBUTING and fix (presumably broken?) link to Github issues
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17192)
(cherry picked from commit 3410f1045af1913c89f5dc06ad4998a60e57fd90)
|
|
The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)
(cherry picked from commit b0be101326f369f0dd547556d2f3eb3ef5ed0e33)
|
|
addresses from subject DN
Also slightly improve the style of the respective code in crypto/x509/v3_san.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
(cherry picked from commit 317acac5cc0a2cb31bc4b91353c2b752a3989d8a)
|
|
by hash of pubkey
This does not change the semantics of expected usage because only either one may be given.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
(cherry picked from commit 15ac84e603678140ba32832c288e5f1745a258f8)
|
|
We should not be freeing the caller's key in the event of error.
Fixes #17196
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17209)
(cherry picked from commit e819b5727312477f8c1f56bf928e611ad7e78315)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
(cherry picked from commit 119f8145c3bde29aae5d5b18c44d1663df975ef5)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
(cherry picked from commit 59b6b5a94f5a5f756aa323d1fb061697ca9eadf8)
|
|
documentation
For HTTP (not HTTPS) with proxy, server must be given, port is optional
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
(cherry picked from commit 266383b44c4ebce5ddf551547e73ab6eec47805b)
|
|
This backports the doc improvements of #17188.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17189)
|
|
Fixes #17109
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17119)
(cherry picked from commit d09f4501e47e0b969caec5a3059af52d227e961a)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit a44eb8421d0e84c069a5fa55ced796878e6b0966)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit c22b6592135bfba95a315e438ac7bfc6db461407)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit 28257d60577932e66934096d0ee8a5dfaca1191e)
|
|
The passphrase callback data was not properly initialized.
Fixes #17054
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit baa88d9d170b95fd6f177b3e5f8d8818e024a55d)
|
|
Windows 2016 environment is going to be discontinued.
Fixes #17177
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17183)
(cherry picked from commit c87a4dd7a728288da943cb4e2e51150df5dfd1b8)
|
|
There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.
https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html
We clarify the wording to make it clear that the warning applies to the
following functions.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)
(cherry picked from commit 3dbf82438004b31258627f324841476c4f586c19)
|
|
This way keep-alive is not (needlessly) cancelled on error.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)
(cherry picked from commit 38288f424faa0cf61bd705c497bb1a1657611da1)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)
(cherry picked from commit e2b7dc353b353efccd1d228f743baa7c2d2f9f49)
|
|
callback function
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)
(cherry picked from commit 2080134ee98a6b23f7456c17901e7b06e4a42ed5)
|
|
OSSL_HTTP_close()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)
(cherry picked from commit 4ee464cf8e0b8dc39970306bfbb49a6e06863e1c)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17086)
(cherry picked from commit 7a37fd09a8f3607ed8acf55e03479861595be069)
|
|
Check is done to prevent wrong memory access by EVP_PKEY_get0_asn1()
Also fix wrong coding style in the s_cb.c file.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17176)
(cherry picked from commit 5fae09f3d8da7c182c6cfb6a295dcfd15ae828ae)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17168)
(cherry picked from commit 9d1a27051dcd4e7a621df54a073587c6c4486476)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17165)
(cherry picked from commit d2217c88df6e65c756013417e5ee4f470dd12470)
|
|
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17133)
(cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51)
|
|
Related: #16868, #17081, #17107
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17115)
(cherry picked from commit 29a27cb2c5c1757831f42117871f8c59058343a9)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17150)
(cherry picked from commit d724da69389196cdb9ef8db036656882fbc5a6ab)
|
|
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17001)
(cherry picked from commit bc42cf51c8b2a22282bb3cdf6303e230dc7b7873)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16925)
(cherry picked from commit 6cb814de6f276106eea39dbb813b9134b1b72041)
|