mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
28,674 Commits 34 Branches 385 Tags 513 MiB
53eecb5de5
Commit Graph

28674 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shane Lontis
ebdb5cccde Fix windows build compiler issue. 
Another case of snprintf() being used.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14600)
 2021-03-19 17:08:33 +10:00
Matt Caswell
2154a7a754 Update README-FIPS.md 
The README-FIPS.md file was still the one used from 1.1.1. We update it
with 3.0 specific information.

Fixes #14237

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14575)
 2021-03-19 13:44:32 +10:00
Richard Levitte
9fe4f5bc82 Fix a missing rand -> ossl_rand rename 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14609)
 2021-03-18 16:52:38 +01:00
Matt Caswell
ee067bc066 Ensure we deregister thread handlers even after a failed init 
If we attempt to init a provider but that init fails, then we should
still deregister any thread handlers. The provider may have failed after
these were registered.

Fixes #13338

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14576)
 2021-03-18 12:00:42 +00:00
Pauli
7e7e034a10 apps: fix coverity 966560: division by zero 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14586)
 2021-03-18 21:24:25 +10:00
Pauli
3de7f014a9 ssl: fix coverity 1451515: out of bounds memory access 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14585)
 2021-03-18 21:19:15 +10:00
Pauli
145f12d12d modes: fix coverity 1449860: overlapping memory copy 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14584)
 2021-03-18 21:14:56 +10:00
Pauli
b875e0e820 modes: fix coverity 1449851: overlapping memory copy 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14584)
 2021-03-18 21:14:56 +10:00
Jon Spillett
cf3306dc6b Remove TODO comment. Resolves #14396 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14588)
 2021-03-18 20:07:09 +10:00
Kevin Cadieux
628d2d3a7f Fixing stack buffer overflow error caused by incorrectly sized array. 
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14582)
 2021-03-18 10:56:28 +01:00
Shane Lontis
c8830891e6 Add ossl_provider symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
3022b7f404 Rename CMS_si_check_attributes to ossl_cms_si_check_attributes 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
78715dcc31 rename err_get_state_int() to ossl_err_get_state_int() 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
6d7776892f Add ossl_is_partially_overlapping symbol 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
4e17fb0061 Add ossl_pkcs5_pbkdf2_hmac_ex symbol 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
b78c016649 Add ossl_pem_check_suffix symbol 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
4669015d7b Add ossl_ x509 symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
6dd4b77a85 Add ossl_gost symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
285aa80ef1 Add ossl_lhash symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:38 +10:00
Shane Lontis
b54cab31d2 Add ossl_ symbol to x509 policy 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
fc27fca84a Add ossl_bn_group symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
ff0266eddc Add ossl_sa symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
8a6e912520 Add ossl_ symbols for sm3 and sm4 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
7bbadfc15a Add ossl_siv symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
78f32a3165 Add ossl_aria symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
f148f7034c Add ossl_ conf symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
054d43ff97 Add ossl_ ecx symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
47864aeafd Add ossl_v3 symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
4158b0dc1d Add ossl_rsa symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
2858156e03 Add ossl_encode symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
adf7e6d1d6 Add ossl_asn1 symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
1335ca4b07 Add ossl_rand symbols 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
9500c8234d Fix misc external ossl_ symbols. 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:52:37 +10:00
Shane Lontis
e4bec86910 Fix external symbols for crypto_* 
Partial fix for #12964

This adds ossl_ names for symbols related to crypto_*

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
 2021-03-18 17:35:10 +10:00
Dr. David von Oheimb
63b64f19c1 TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func 
Also constify related CMS/PKCS7 functions and improve error codes thrown.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)
 2021-03-18 07:03:53 +01:00
Dr. David von Oheimb
bef876f97e ts_check_signing_certs(): Make sure both ESSCertID and ESSCertIDv2 are checked 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)
 2021-03-18 07:03:53 +01:00
Dr. David von Oheimb
6b937ae3a7 TS ESS: Invert the search logic of ts_check_signing_certs() to correctly cover cert ID list 
Fixes #14190

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)
 2021-03-18 07:03:52 +01:00
Dr. David von Oheimb
49f07be43d apps.c: Fix missing newline in warn_cert_msg() output 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)
 2021-03-18 07:03:52 +01:00
Beat Bolli
d07d805799 Add tests for the limited Unicode code point range 
Signed-off-by: Beat Bolli <dev@drbeat.li>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14185)
 2021-03-18 14:12:48 +10:00
Beat Bolli
eb27d75788 ASN1: check the Unicode code point range in ASN1_mbstring_copy() 
Signed-off-by: Beat Bolli <dev@drbeat.li>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14185)
 2021-03-18 14:12:48 +10:00
Beat Bolli
ba64e5a92a ASN1: limit the Unicode code point range in UTF8_getc() and UTF8_putc() 
Since the Unicode 4.0.0 standard, the valid code point range is U+0000
to U+10FFFF. Make code points outside this range invalid when converting
from/to UTF-8.

Signed-off-by: Beat Bolli <dev@drbeat.li>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14185)
 2021-03-18 14:12:48 +10:00
Beat Bolli
90165623a5 ASN1: add an internal header to validate Unicode ranges 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14185)
 2021-03-18 14:12:48 +10:00
Pauli
11c7874d0c ci: add a no-legacy build 
Fixes #12091

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14563)
 2021-03-18 09:03:06 +10:00
Tomas Mraz
9a48544058 Make EVP_PKEY_missing_parameters work properly on provided RSA keys 
This requires changing semantics of the keymgmt_has()
function a little in the sense that it now returns 1
if the selection has no meaning for the key type. It
was already doing so for ECX keys for example.

The keymgmt_validate function semantics is changed
similarly to allow passing validation on the same
selection that the key returns 1 for.

Fixes #14509

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14511)
 2021-03-17 14:57:47 +01:00
Tomas Mraz
e08993eab6 evp_keymgmt_util_copy: Fix possible leak on copy failure 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14511)
 2021-03-17 14:39:16 +01:00
Tomas Mraz
48fad58f7b apps/crl: Print just the hash value if printing just hash 
This partially reverts the output format change for
openssl crl -hash output.

Fixes #14546

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14553)
 2021-03-17 12:49:10 +01:00
Matt Caswell
50864bd2f7 Convert some TODO(3.0) comments in init.c to normal comments 
There is no need to make the suggested changes in the 3.0 timescale.
These are just suggested improvements for the future.

Fixes #14375

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14556)
 2021-03-17 10:10:45 +00:00
Matt Caswell
19ad1e9d37 Remove a TODO(3.0) from EVP_PKEY_derive_set_peer() 
The TODO described a case where a legacy derive operation is called, but
the peer key is provider based. In practice this will almost never be a
problem. We should never end up in our own legacy EVP_PKEY_METHOD
implementations if no ENGINE has been configured. If an ENGINE has been
configured then we we will be using a third party EVP_PKEY_METHOD
implementation and public APIs will be used to obtain the key data from the
peer key so there will be no "reaching inside" the pkey.

There is a theoretical case where a third party ENGINE wraps our own
internal EVP_PKEY_METHODs using EVP_PKEY_meth_find() or
EVP_PKEY_meth_get0(). For these cases we just ensure all our
EVP_PKEY_METHODs never reach "inside" the implementation of a peer key. We
can never assume that it is a legacy key.

Fixes #14399

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14555)
 2021-03-17 09:56:33 +00:00
Jon Spillett
d11f644ba5 Fix up issues found when running evp_extra_test with a non-default library context 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14478)
 2021-03-17 17:51:16 +10:00
Jon Spillett
062490dbd0 Add testing for non-default library context into evp_extra_test 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14478)
 2021-03-17 17:51:16 +10:00