| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
SIZE_MAX is used in a recent fix of this file, but without including
internal/numbers.h, so that macro ends up not existing on some platforms,
resulting in build failures.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18605)
|
|
kdf_derive() calls EVP_KDF_derive(), but didn't do enough to adapt its input
buffer length arguments to fit the requirements to call EVP_KDF_derive().
Fixes #18517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18533)
|
|
We fix the dsa, dh, ec and rsa export routines so that they are
consistent with each other and do not report success if the allocation
of parameters failed.
This is essentially the same fix as applied in #18483 but applied to all
relevant key types.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18507)
(cherry picked from commit 46c1c2d7fa9153da4eb5e1aefd7b0139dc507c00)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
(cherry picked from commit 926c698c6f0a197e0322d4617db0ecd0d40f6e06)
|
|
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)
(cherry picked from commit cec1699f1f54ba8b87f055776dc77b48dd37d5fa)
|
|
If the call to OSSL_PARAM_BLD_to_param() failed then ec_export was
reporting success, even though it has never called the param_cb.
Found due to:
https://github.com/openssl/openssl/pull/18355#issuecomment-1145993650
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18483)
(cherry picked from commit 7d6aad832b4cebb181c53ab80a3f61dc8549be08)
|
|
Also check if we have d2i_public_key() function pointer.
Fixes https://github.com/openssl/openssl/pull/18355#issuecomment-1144893289
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18462)
(cherry picked from commit 4fa5ed5ce5c345eaeaec8b86eda265add467f941)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18416)
(cherry picked from commit 9510661400470d357c74c5c4d0ff01c7b813b974)
|
|
Fixes #18388
This just looks like an omission, as this is added to libcrypto and libssl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18416)
(cherry picked from commit 18f0870d39eb055c8c67af8025fd1b9e01ce6a43)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18397)
(cherry picked from commit 8d9fec1781751d2106d899c6076eeb3da6930bfe)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18368)
(cherry picked from commit d649c51a5388912277dffb56d921eb720db54be1)
|
|
Fixes #18359
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18362)
(cherry picked from commit 7a9e93dda58118c0fb1bade8fe915306b845325b)
|
|
Rather than relying on the locale code working, instead implement these
functions directly.
Fixes #18322
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18344)
(cherry picked from commit fb4cdca053fb9d3f0e11eeaf31f4b4ff87f69a95)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18293)
|
|
It also allows for passing -DOPENSSL_NO_LOCALE as a workaround
to ./Configure command.
Fixes #18233
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18293)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.
CVE-2022-1434
Fixes #18112
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Also reset the updated flag when Poly1305_Init is called.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18143)
(cherry picked from commit bbe909d00e9a593bd5954dfca4d3020467977565)
|
|
If GNU toolchain is used, use the __attribute__((constructor))
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18147)
(cherry picked from commit 2dc3a4a4a57eca0d9bebd87234c7d682506188fc)
|
|
Also fully duplicate the context on dup
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18142)
(cherry picked from commit 905fec4f4d6bb8a978476cbce0f293ffc683b5fd)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18103)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18103)
|
|
When the context is reinitialized, i.e. the same key should be used
we must properly reinitialize the underlying implementation.
However in POLY1305 case it does not make sense as this special MAC
should not reuse keys. We fail with this provided implementation
when reinitialization happens.
Fixes #17811
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18100)
(cherry picked from commit c9ddc5af5199909d196ee80ccd7abcff2eb42a34)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17981)
(cherry picked from commit e20af37d063514c27567c64e975fa5b3208707a9)
|
|
Fixes #18022
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18052)
(cherry picked from commit 2904d0a2ae0ec6ce23d5cec66ce8c7bdb005d4e5)
|
|
Fixes #18009
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18011)
(cherry picked from commit 148176ca323e3dfce5d5cdb5578c113c8d2440bb)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Fixes #17834
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)
(cherry picked from commit 01b18775676115945956f4de0eb0cafedaf027ab)
|
|
Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17651)
(cherry picked from commit c920020f0bb13f0d2bf0fcad5c7ee63458b633b4)
|
|
Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17606)
(cherry picked from commit 9d987de3aabe54e65a55649a61953966f33b070b)
|
|
The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17200)
(cherry picked from commit 944f822aadc88b2e25f7695366810c73a53a00c8)
|
|
CLA: trivial
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17578)
(cherry picked from commit 4dd085c03a885580cc945f71187131ea7fb39b70)
|
|
Fixes #17587
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17591)
(cherry picked from commit d450eb84c802b2f78971f905b251a0fb89ebb7d1)
|
|
Fixes #17510
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17515)
(cherry picked from commit c1167f09d840b109ef1c1c1485e3de64be2fc625)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)
|
|
Most of the DRGB code is run under lock from the EVP layer. This is relied
on to make the majority of TSAN operations safe. However, it is still necessary
to enable locking for all DRBGs created.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
|
|
Circumvents a problem with ancient PA-RISC compilers on HP/UX.
Fixes #17477
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)
(cherry picked from commit 9c5d1451292566e546d5dd01c7f19950fa34391d)
|
|
There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)
(cherry picked from commit 22778abad905536fa6c93cdc6fffc8c736dfee79)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)
(cherry picked from commit da198adb9c5626f31c52613fe2ae59a7066c3366)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17155)
(cherry picked from commit 0da3b39af3d961486758262ca71d2135d7013048)
|
|
There are missing checks of its return value in 8 different spots.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17154)
(cherry picked from commit 352a0bcaab8eda18cce786d2871e8d4ec6f9cbfe)
|
|
ctx may be NULL at 178 line
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17293)
(cherry picked from commit 68b78dd7e40f57064b0f24728d8b544fe583599c)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The match function (called OSSL_FUNC_keymgmt_match() in our documentation)
in our KEYMGMT implementations were interpretting the selector bits a
bit too strictly, so they get a bit relaxed to make it reasonable to
match diverse key contents.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a)
|
|
MIN is a rather generic name and results in a name clash when trying to
port tianocore over to openssl 3.0. Use the usual ossl prefix and
rename the macro to ossl_min() to solve this.
CLA: trivial
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17219)
(cherry picked from commit f4f77c2d9756cee12875397276799a93f057d412)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit c22b6592135bfba95a315e438ac7bfc6db461407)
|
