- Mar 18, 2019
-
-
Daniel Axtens authored
There are two copy-paste errors in handling CTR mode. When dealing with a 2 or 3 block tail, the code branches to the CBC decryption exit path, rather than to the CTR exit path. This can lead to data corruption: in the Linux kernel we have a copy of this file, and the bug leads to corruption of the IV, which leads to data corruption when we call the encryption function again later to encrypt subsequent blocks. Originally reported to the Linux kernel by Ondrej Mosnáček <omosnacek@gmail.com> CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8510)
-
Shane Lontis authored
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8508)
-
- Mar 17, 2019
-
-
Victor Stinner authored
Modify EVP_PBE_scrypt() to maintain OpenSSL 1.1.1 behavior: salt=NULL is now handled as salt="" (and saltlen=0). Commit 5a285add changed the behavior of EVP_PBE_scrypt(salt=NULL). Previously, salt=NULL was accepted, but the function now fails with KDF_R_MISSING_SALT. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8483)
-
Richard Levitte authored
size_t isn't always as large as a int64_t, so the compiler complains about possible data loss. In this case, we are in control, so a simple cast will do. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8497)
-
- Mar 16, 2019
-
-
Bernd Edlinger authored
[extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8411)
-
- Mar 15, 2019
-
-
Richard Levitte authored
Fixes #8467 #8478 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8468)
-
Matt Caswell authored
Fixes the no-ec build Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8481)
-
Dr. Matthias St. Pierre authored
This commit adds some missing symbols and other minor enhancements. In particular, it establishes the term 'channel' as a synonym for a BIO object attached to a trace category, and introduces the concept of a 'simple' channel versus a 'callback' channel. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8463)
-
Dr. Matthias St. Pierre authored
It is important that output to the trace channels occurs only inside a trace group. This precondtion is satisfied whenever the standard TRACE macros are used. It can be violated only by a bad programming mistake, like copying the 'trc_out' pointer and using it outside the trace group. This commit enforces correct pairing of the OSSL_TRACE_CTRL_BEGIN and OSSL_TRACE_CTRL_END callbacks, and checks that OSSL_TRACE_CTRL_WRITE callbacks only occur within such groups. While implementing it, it turned out that the group assertion failed apps/openssl.c:152: OpenSSL internal error: \ Assertion failed: trace_data->ingroup because the set_trace_data() function invokes some callbacks which generate trace output, but the correct channel type was set only after the set_trace_data() call. To fix the failed assertions, the correct channel type is now set inside the set_trace_data() call, instead of doing it afterwards. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8463)
-
Dr. Matthias St. Pierre authored
The openssl app registers trace callbacks which automatically set a line prefix in the OSSL_TRACE_CTRL_BEGIN callback. This prefix needs to be cleared in the OSSL_TRACE_CTRL_END callback, otherwise a memory leak is reported when openssl is built with crypto-mdebug enabled. This leak causes the tests to fail when tracing and memory debugging are enabled. The leak can be observed by any command that produces trace output, e.g. by OPENSSL_TRACE=ANY util/shlib_wrap.sh apps/openssl version ... [00:19:14] 4061 file=apps/bf_prefix.c, line=152, ... 26 bytes leaked in 1 chunks Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8463)
-
Dr. Matthias St. Pierre authored
Since the term 'channel' is already used as synonym for a BIO object attached to a trace category, having a 't_channel' channel type and a 't_callback' channel type somehow overburdens this term. For that reason the type enum constants are renamed to 'SIMPE_CHANNEL' and 'CALLBACK_CHANNEL'. (The conversion to capital letters was done to comply to the coding style.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8463)
-
Dr. Matthias St. Pierre authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8463)
-
Dr. Matthias St. Pierre authored
Fixes #8487 Amends #7230 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8488)
-
- Mar 14, 2019
-
-
Richard Levitte authored
Configure with -DOPENSSL_DEV_NO_ATOMICS and you get refcount without atomics. This is intended for internal development only, to check the refcounting is properly coded. It should never become a configuration option, hence the name of the macro. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8479)
-
Richard Levitte authored
Fixes #8476 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8477)
-
Matt Caswell authored
With the recent addition of the -rawin option it should be possible for pkeyutl to sign and verify with Ed448 and Ed2559. The main remaining stumbling block is that those algorirthms only support "oneshot" operation. This commit enables pkeyutl to handle that. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8431)
-
Dr. Matthias St. Pierre authored
Fixes #8472 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8474)
-
Richard Levitte authored
When tracing is disabled, don't generate errors, especially during init. Instead, just pretend the everything is fine. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8475)
-
- Mar 13, 2019
-
-
Nicola Tuveri authored
Fixes #8462 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8466)
-
Richard Levitte authored
TEST_ulong_eq was used previously because TEST_double_eq didn't exist at the time. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8469)
-
Richard Levitte authored
Again, compilers that don't like them being undeclared... Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8469)
-
Richard Levitte authored
With enough warning flags, compilers complain when a non-static function hasn't been properly declared... Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8469)
-
David von Oheimb authored
When the argument for '-pass' was badly formed, that argument got displayed in full. This turns out to not be such a good idea if the user simply forgot to start the argument with 'pass:', or spellt the prefix incorrectly. We therefore change the display to say that a colon is missing or only showing the incorrect prefix. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6218)
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8396)
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8396)
-
Richard Levitte authored
test/params_test.c is a program that tries to mimic how a provider and an application would or could handle OSSL_PARAM arrays. For the moment, this program tests a very raw way of handling OSSL_PARAM arrays. It is, however, written in a way that will hopefully make it possible to extend with other methods as APIs arise, and to set up test cases where a "provider" handles the array one way while the "application" handles it another way. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8396)
-
Matt Caswell authored
Don't try to load external provider modules in tests if we don't have DSO capability Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8459)
-
Matt Caswell authored
no-cmac, no-poly1305 and no-siphash all caused the new test_mac to fail. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8458)
-
Matt Caswell authored
Also make various changes to bring the file into line with current coding style. Fixes #8456 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/8457)
-
杨洋 authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8321)
-
- Mar 12, 2019
-
-
Richard Levitte authored
This queries the provider for its available functionality (unless a matching method structured is already cached, in which case that's used instead), and creates method structure with the help of a passed constructor. The result is cached if the provider allows it (or if caching is forced). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8340)
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8340)
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8340)
-
Richard Levitte authored
In unrelated code Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8451)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8451)
-
Pauli authored
Provide a number of functions to allow parameters to be set and retrieved in a type safe manner. Functions are provided for many integral types plus double, BIGNUM, UTF8 strings and OCTET strings. All of the integer functions will widen the parameter data as required. This permits a degree of malleability in the parameter definition. For example a type can be changed from a thirty two bit integer to a sixty four bit one without changing application code. Only four and eight byte integral sizes are supported here. A pair of real functions are available for doubles. A pair of functions is available for BIGNUMs. These accept any sized unsigned integer input and convert to/from a BIGNUM. For each OCTET and UTF8 strings, four functions are defined. This provide get and set functionality for string and for pointers to strings. The latter avoiding copies but have other inherent risks. Finally, some utility macros and functions are defined to allow OSSL_PARAM definition arr...
-
Richard Levitte authored
The OSSL_PARAM attribute names |buffer| and |buffer_size| may lead to confusion, as they may make some think that the memory pointed at is an intermediate memory are. This is not generally the case, so we rename |buffer| and |buffer_size| to |data| and |data_size| Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8451)
-
David von Oheimb authored
in INSTALL, Configure, crypto/build.info, include/openssl/crmferr.h, crypto/err/, include/openssl/err.h, and (to be updated:) util/libcrypto.num Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7646)
-
David von Oheimb authored
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712) CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI. Adds extensive man pages and tests. Integration into build scripts. Incremental pull request based on OpenSSL commit 1362190b of 2018-09-26 1st chunk: CRMF API (include/openssl/crmf.h) and its documentation (reviewed) Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7328)
-
Shane Lontis authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6652)
-