mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
26,873 Commits 33 Branches 385 Tags 507 MiB
2106b04719
Commit Graph

26873 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shane Lontis
1f9ad4f953 Fix coverity CID #1452775 & #1452772- Dereference before NULL check in evp_lib.c 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
825ccf5155 Fix coverity CID #1454638 - Dereference after NULL check in EVP_MD_CTX_gettable_params() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
10ead93897 Fix coverity CID #1455335 - Dereference after NULL check in fromdata_init() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
db1319b706 Fix coverity CID #1458641 - Dereference before NULL check when setting ctx->flag_allow_md in rsa.c 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
fa519461c9 Fix coverity CID #1458644 - Negative return passed to function taking size_t in ecdh_cms_set_shared_info() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
51bba73e93 Fix coverity CID #1458645 - Dereference before NULL check in rsa_digest_verify_final() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
fdf6118b15 Fix coverity CID #1458647 - Use after free in clean_tbuf() which uses ctx->rsa 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
26c5ea8f61 Fix coverity CID #1458648 - Wrong sizeof() arg in rsa_freectx() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
75348bb298 Fix coverity CID #1465525 - NULL pointer dereference in OSSL_DECODER_CTX_new_by_EVP_PKEY() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
e499a64bef Fix coverity CID #1465531 - Negative return passed to a function param using size_t in asn1_item_digest_with_libctx() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
ab7f4a3d2b Fix coverity CID #1465790 - Dereference after NULL check in evp_test.c 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
61d61c5fd2 Fix coverity CID #1465794 - Uninitialized pointer read in x942_encode_otherinfo() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
f2bfc53b02 Fix coverity CID #1465795 - Incorrect free deallocator used in SSL_add1_host() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
90e0e0d802 Fix coverity CID #1465797 - Negative loop bound in collect_deserializer 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
3c1ccfea85 Fix coverity CID #1465594 - Null dereference in EVP_PKEY_get0() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Dr. David von Oheimb
05ead00065 run_tests.pl: Add warning that HARNESS_JOBS > 1 overrides HARNESS_VERBOSE 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12682)
 2020-08-23 12:01:15 +02:00
Shane Lontis
1acb2e6f35 Fix CMS so that it still works with non fetchable algorithms. 
Fixes #12633

For CMS the Gost engine still requires calls to EVP_get_digestbyname() and EVP_get_cipherbyname() when
EVP_MD_fetch() and EVP_CIPHER_fetch() return NULL.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12689)
 2020-08-22 11:07:14 +03:00
Robert Jędrzejczyk
eed12622fa Windows get ENV value as UTF-8 encoded string instead of a raw string 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12657)
 2020-08-22 15:05:56 +10:00
Shane Lontis
c0f39ded68 Add Explicit EC parameter support to providers. 
This was added for backward compatability.
Added EC_GROUP_new_from_params() that supports explicit curve parameters.

This fixes the 15-test_genec.t TODO.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12604)
 2020-08-22 14:55:41 +10:00
Richard Levitte
a02c715c18 Clean away some declarations 
dsa_algorithmidentifier_encoding(), ecdsa_algorithmidentifier_encoding(),
rsa_algorithmidentifier_encoding() have been replaced with DER writer
functions, so they aren't useful any more.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12693)
 2020-08-21 15:18:20 +02:00
Richard Levitte
93ec4f8f09 Remove the OSSL_SERIALIZER / OSSL_DESERIALIZER renaming scripts 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
 2020-08-21 09:23:59 +02:00
Richard Levitte
ece9304c96 Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE 
Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
 2020-08-21 09:23:58 +02:00
Richard Levitte
f650993f1d Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE 
These are the scripts that do the deed.

Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
 2020-08-21 09:23:58 +02:00
Dr. David von Oheimb
5a7734cd02 Add libctx/provider support to cmp_msg_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
4561f15fdb Add libctx/provider support to cmp_protect_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
bdd6784fdd Add libctx/provider support to cmp_vfy_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
b0248cbc3e Add libctx/provider support to cmp_client_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
6d1f50b520 Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
cac30a69bc cmp_msg.c: Copy libctx and propq of CMP_CTX to newly enrolled certificate 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
28e9f62b2d cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
1930b58642 cmp_hdr.c: Adapt ossl_cmp_hdr_init() to use OPENSSL_CTX for random number generation 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
2300083887 crypto/cmp: Prevent misleading errors in case x509v3_cache_extensions() fails 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Shane Lontis
ab28b59064 Add libctx/provider support to cmp_server_test 
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
97e00da902 Add OPENSSL_CTX parameter to OSSL_CRMF_pbmp_new() and improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new() 
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
7b1a3a5062 cmp_vfy.c: Fix bug: must verify msg signature also in 3GPP mode 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
cef3a008a6 Update CMP header file references in internal CMP documentation 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
ded346fad2 Add libctx and propq param to ASN.1 sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
4cdf44c46b x_x509.c: Simplify X509_new_with_libctx() using x509_set0_libctx() 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
09c2e26e64 Re-word null->empty property; improve iteration.count example in property.pod 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
1bb6f70da3 testutil: Add provider.c with test_get_libctx(), to use at least for SSL and CMP 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
06cee80a84 testutil: Make SETUP_TEST_FIXTURE return 0 on fixture == NULL 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
1a7ceb6c74 Correct the #define's of EVP_PKEY_CTRL_SET1_ID and EVP_PKEY_CTRL_GET1_ID{,_LEN} 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:08 +02:00
Dr. David von Oheimb
bc03cfadc4 Add prerequisite #include directives to include/crypto/x509.h 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:08 +02:00
Dr. David von Oheimb
de3713d492 Make sure x509v3_cache_extensions() does not modify the error queue 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:08 +02:00
Shane Lontis
be63e58732 Fix incorrect selection flags for ec serializer. 
Fixes #12630

ec_import requires domain parameters to be part of the selection.
The public and private serialisers were not selecting the correct flags so the import was failing.
Added a test that uses the base provider so that a export/import happens for serialization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12681)
 2020-08-21 10:01:55 +10:00
Matt Caswell
8ca6c6669f Test mte with stitched ciphersuites in TLSv1.0 
The previous commit fixed a bug with mte, stitched ciphersuites and
TLSv1.0. We now add a test for that scenario.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12670)
 2020-08-20 17:02:34 +01:00
Matt Caswell
a361cb841d Fix stitched ciphersuites in TLS1.0 
TLS1.0 does not have an explicit IV in the record, and therefore we should
not attempt to remove it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12670)
 2020-08-20 17:02:34 +01:00
Dr. David von Oheimb
2a33470b4f Make better use of new load_cert_pass() variant of load_cert() in apps/ 
allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
 2020-08-20 14:55:52 +02:00
Dr. David von Oheimb
b3c5aadf4c apps: make use of OSSL_STORE for generalized certs and CRLs loading 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
 2020-08-20 14:55:34 +02:00