mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
26,819 Commits 34 Branches 385 Tags 509 MiB
fa519461c9
Commit Graph

26819 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shane Lontis
fa519461c9 Fix coverity CID #1458644 - Negative return passed to function taking size_t in ecdh_cms_set_shared_info() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
51bba73e93 Fix coverity CID #1458645 - Dereference before NULL check in rsa_digest_verify_final() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
fdf6118b15 Fix coverity CID #1458647 - Use after free in clean_tbuf() which uses ctx->rsa 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
26c5ea8f61 Fix coverity CID #1458648 - Wrong sizeof() arg in rsa_freectx() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
75348bb298 Fix coverity CID #1465525 - NULL pointer dereference in OSSL_DECODER_CTX_new_by_EVP_PKEY() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
e499a64bef Fix coverity CID #1465531 - Negative return passed to a function param using size_t in asn1_item_digest_with_libctx() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
ab7f4a3d2b Fix coverity CID #1465790 - Dereference after NULL check in evp_test.c 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
61d61c5fd2 Fix coverity CID #1465794 - Uninitialized pointer read in x942_encode_otherinfo() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
f2bfc53b02 Fix coverity CID #1465795 - Incorrect free deallocator used in SSL_add1_host() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
90e0e0d802 Fix coverity CID #1465797 - Negative loop bound in collect_deserializer 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Shane Lontis
3c1ccfea85 Fix coverity CID #1465594 - Null dereference in EVP_PKEY_get0() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
 2020-08-24 11:19:28 +10:00
Dr. David von Oheimb
05ead00065 run_tests.pl: Add warning that HARNESS_JOBS > 1 overrides HARNESS_VERBOSE 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12682)
 2020-08-23 12:01:15 +02:00
Shane Lontis
1acb2e6f35 Fix CMS so that it still works with non fetchable algorithms. 
Fixes #12633

For CMS the Gost engine still requires calls to EVP_get_digestbyname() and EVP_get_cipherbyname() when
EVP_MD_fetch() and EVP_CIPHER_fetch() return NULL.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12689)
 2020-08-22 11:07:14 +03:00
Robert Jędrzejczyk
eed12622fa Windows get ENV value as UTF-8 encoded string instead of a raw string 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12657)
 2020-08-22 15:05:56 +10:00
Shane Lontis
c0f39ded68 Add Explicit EC parameter support to providers. 
This was added for backward compatability.
Added EC_GROUP_new_from_params() that supports explicit curve parameters.

This fixes the 15-test_genec.t TODO.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12604)
 2020-08-22 14:55:41 +10:00
Richard Levitte
a02c715c18 Clean away some declarations 
dsa_algorithmidentifier_encoding(), ecdsa_algorithmidentifier_encoding(),
rsa_algorithmidentifier_encoding() have been replaced with DER writer
functions, so they aren't useful any more.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12693)
 2020-08-21 15:18:20 +02:00
Richard Levitte
93ec4f8f09 Remove the OSSL_SERIALIZER / OSSL_DESERIALIZER renaming scripts 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
 2020-08-21 09:23:59 +02:00
Richard Levitte
ece9304c96 Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE 
Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
 2020-08-21 09:23:58 +02:00
Richard Levitte
f650993f1d Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE 
These are the scripts that do the deed.

Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
 2020-08-21 09:23:58 +02:00
Dr. David von Oheimb
5a7734cd02 Add libctx/provider support to cmp_msg_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
4561f15fdb Add libctx/provider support to cmp_protect_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
bdd6784fdd Add libctx/provider support to cmp_vfy_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
b0248cbc3e Add libctx/provider support to cmp_client_test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
6d1f50b520 Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
cac30a69bc cmp_msg.c: Copy libctx and propq of CMP_CTX to newly enrolled certificate 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
28e9f62b2d cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
1930b58642 cmp_hdr.c: Adapt ossl_cmp_hdr_init() to use OPENSSL_CTX for random number generation 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
2300083887 crypto/cmp: Prevent misleading errors in case x509v3_cache_extensions() fails 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Shane Lontis
ab28b59064 Add libctx/provider support to cmp_server_test 
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
97e00da902 Add OPENSSL_CTX parameter to OSSL_CRMF_pbmp_new() and improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new() 
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
7b1a3a5062 cmp_vfy.c: Fix bug: must verify msg signature also in 3GPP mode 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
cef3a008a6 Update CMP header file references in internal CMP documentation 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
ded346fad2 Add libctx and propq param to ASN.1 sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
4cdf44c46b x_x509.c: Simplify X509_new_with_libctx() using x509_set0_libctx() 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
09c2e26e64 Re-word null->empty property; improve iteration.count example in property.pod 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
1bb6f70da3 testutil: Add provider.c with test_get_libctx(), to use at least for SSL and CMP 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
06cee80a84 testutil: Make SETUP_TEST_FIXTURE return 0 on fixture == NULL 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:09 +02:00
Dr. David von Oheimb
1a7ceb6c74 Correct the #define's of EVP_PKEY_CTRL_SET1_ID and EVP_PKEY_CTRL_GET1_ID{,_LEN} 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:08 +02:00
Dr. David von Oheimb
bc03cfadc4 Add prerequisite #include directives to include/crypto/x509.h 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:08 +02:00
Dr. David von Oheimb
de3713d492 Make sure x509v3_cache_extensions() does not modify the error queue 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:08 +02:00
Shane Lontis
be63e58732 Fix incorrect selection flags for ec serializer. 
Fixes #12630

ec_import requires domain parameters to be part of the selection.
The public and private serialisers were not selecting the correct flags so the import was failing.
Added a test that uses the base provider so that a export/import happens for serialization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12681)
 2020-08-21 10:01:55 +10:00
Matt Caswell
8ca6c6669f Test mte with stitched ciphersuites in TLSv1.0 
The previous commit fixed a bug with mte, stitched ciphersuites and
TLSv1.0. We now add a test for that scenario.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12670)
 2020-08-20 17:02:34 +01:00
Matt Caswell
a361cb841d Fix stitched ciphersuites in TLS1.0 
TLS1.0 does not have an explicit IV in the record, and therefore we should
not attempt to remove it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12670)
 2020-08-20 17:02:34 +01:00
Dr. David von Oheimb
2a33470b4f Make better use of new load_cert_pass() variant of load_cert() in apps/ 
allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
 2020-08-20 14:55:52 +02:00
Dr. David von Oheimb
b3c5aadf4c apps: make use of OSSL_STORE for generalized certs and CRLs loading 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
 2020-08-20 14:55:34 +02:00
Dr. David von Oheimb
ed4faae00c Fix mem leaks on PKCS#12 read error in PKCS12_key_gen_{asc,utf8} 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12639)
 2020-08-20 14:28:24 +02:00
Richard Levitte
5f2b7db09b TEST: Use PEM_read_bio_PUBKEY_ex() and PEM_read_bio_PrivateKey_ex() 
test/evp_test.c and test/sslapitest.c are affected.  This allows them
to decode keys found in stanza files via provider decoder implementations
when a library context other than the default should be used.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12673)
 2020-08-20 12:37:35 +02:00
Richard Levitte
6e5ccd58c8 PEM: Add more library context aware PEM readers 
PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to
complete PEM_read_bio_PrivateKey_ex().  They are all refactored to be
wrappers around the same internal function.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12673)
 2020-08-20 12:37:35 +02:00
Richard Levitte
2274d22d39 STORE: Distinguish public keys from private keys 
While public keys and private keys use the same type (EVP_PKEY), just
with different contents, callers still need to distinguish between the
two to be able to know what functions to call with them (for example,
to be able to choose between EVP_PKEY_print_private() and
EVP_PKEY_print_public()).
The OSSL_STORE backend knows what it loaded, so it has the capacity to
inform.

Note that the same as usual still applies, that a private key EVP_PKEY
contains the public parts, but not necessarily the other way around.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12673)
 2020-08-20 12:37:35 +02:00