| 661f884 | Tomas Mraz | 11 September 2024, 15:41:30 UTC | Fixup conflicting SSL_R_ECH_REQUIRED Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25435) | 11 September 2024, 15:41:30 UTC |
| f303c9a | Stephen Farrell | 15 August 2024, 00:27:24 UTC | ECH build artefacts and a bit of code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25193) | 11 September 2024, 15:15:54 UTC |
| 8e0f1ed | Stephen Farrell | 06 August 2024, 22:16:58 UTC | Documents initial agreed APIs for Encrypted Client Hello (ECH) and includes a minimal demo for some of those APIs. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24738) | 11 September 2024, 15:13:17 UTC |
| c2e937e | Stephen Farrell | 26 June 2024, 11:55:17 UTC | add ech-api.md Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24738) | 11 September 2024, 15:13:17 UTC |
| e8498dc | Michael Baentsch | 15 July 2024, 04:54:48 UTC | document provider dependency handling Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24884) | 11 September 2024, 07:33:27 UTC |
| 2478d3b | Frederik Wedel-Heinen | 14 June 2024, 12:01:40 UTC | Cleanup of unused functions and macros in ssl_local.h Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24648) | 10 September 2024, 18:43:16 UTC |
| 7a4f0c6 | Jonathan M. Wilbur | 07 September 2024, 09:50:34 UTC | feat: print <none> in issuer serials in ac targeting extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25244) | 10 September 2024, 17:17:34 UTC |
| f6b2ab0 | Jonathan M. Wilbur | 21 August 2024, 02:25:03 UTC | test: authorityAttributeIdentifier X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25244) | 10 September 2024, 17:17:34 UTC |
| 221e8fa | Jonathan M. Wilbur | 21 August 2024, 02:24:49 UTC | doc: authorityAttributeIdentifier-related ASN.1 symbols Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25244) | 10 September 2024, 17:17:34 UTC |
| a6e0d6d | Jonathan M. Wilbur | 21 August 2024, 02:24:15 UTC | feat: support the authorityAttributeIdentifier X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25244) | 10 September 2024, 17:17:34 UTC |
| ad1d0cc | Randall S. Becker | 17 April 2024, 21:11:42 UTC | Add NonStop KLT Configuration for new platform kernel treading model. This fix supports the new NonStop KLT threading model, including configurations and documentation for using this model. Fixes: fix-24175 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25016) | 10 September 2024, 17:16:04 UTC |
| d677482 | Neil Horman | 09 September 2024, 12:02:13 UTC | Use Jq to add openssl to interop test harness Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25256) | 10 September 2024, 15:38:15 UTC |
| d2157bb | Neil Horman | 29 August 2024, 20:54:19 UTC | Collapse errors down by using || in run_endpoint.sh Makes for smaller more consistent coding Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25256) | 10 September 2024, 15:38:09 UTC |
| e7e48e7 | Neil Horman | 21 August 2024, 16:32:28 UTC | Add interop status badge Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25256) | 10 September 2024, 15:38:09 UTC |
| f984323 | Neil Horman | 19 August 2024, 19:39:16 UTC | Need to remove our bash settings as we need to interrogate failures Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25256) | 10 September 2024, 15:38:09 UTC |
| 36d5b38 | Neil Horman | 16 August 2024, 19:42:50 UTC | Add local nightly interop running Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25256) | 10 September 2024, 15:38:09 UTC |
| a4954ea | Tomas Mraz | 04 September 2024, 09:34:12 UTC | Reduce footprint of Windows CI Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25378) | 10 September 2024, 14:36:39 UTC |
| ecab977 | Tomas Mraz | 04 September 2024, 07:27:52 UTC | Add Windows build with enable-fips no-thread-pool no-quic Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25378) | 10 September 2024, 14:36:39 UTC |
| f0fd24d | Tomas Mraz | 04 September 2024, 07:27:28 UTC | Fix no-thread-pool build on Windows thread/arch/thread_win.c must be included into libcrypto as rcu depends on ossl_crypto_mutex implementation on Windows. Fixes #25337 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25378) | 10 September 2024, 14:36:39 UTC |
| c9e36a8 | Matt Caswell | 08 August 2024, 15:12:11 UTC | Add a test for the nonce-type sigopt Check that using the nonce-type sigopt via the dgst app works correctly Based on the reproducer from #25012 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25057) | 09 September 2024, 07:51:50 UTC |
| d244abb | Matt Caswell | 31 July 2024, 13:24:12 UTC | Don't restrict the ECDSA settable ctx params unnecessarily We just allow all possible settables all the time. Some things like the digest name can't actually be changed in some circumstances - but we already have checks for those things. It's still possible to pass a digest of the same name to one that's already been set for example. Fixes #25012 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25057) | 09 September 2024, 07:51:50 UTC |
| 8cc0a97 | Matt Caswell | 31 July 2024, 13:08:40 UTC | Complain about a missing digest when doing deterministic ECDSA We need a digest for the none when doing deterministic ECDSA. Give a better error message if one hasn't been supplied. See openssl/openssl#25012 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25057) | 09 September 2024, 07:51:50 UTC |
| 5d63227 | icy17 | 07 August 2024, 08:54:14 UTC | Add missing security rules about NULL check to various manpages Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25083) | 09 September 2024, 07:40:28 UTC |
| 85eb4f3 | ha1215 | 23 April 2024, 01:54:36 UTC | Minor WINDOWS.md cleanups The possessive form of "Windows" has been updated from "Windows's" to "Windows'". The function call "a poll(2) call" has been specified as "a poll(2) system call" for clarity. The phrase "and supposed" has been corrected to "and was supposed" to improve sentence structure. The phrase "However Microsoft has" now includes a comma, revised to "However, Microsoft has" to enhance readability. The statement "Supporting these is a pain" has been adjusted to "Supporting these can be a pain" to better convey potential variability in user experience. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24242) | 09 September 2024, 07:23:38 UTC |
| a5cd06f | XZ-X | 22 July 2024, 05:38:00 UTC | rehash.c: handle possible null pointer returned by OPENSSL_strdup Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24980) | 09 September 2024, 07:20:08 UTC |
| 26521fd | erbsland-dev | 28 August 2024, 19:54:12 UTC | Add note for non-interactive use of `s_client` Fixes #8018 Documented the potential issue of premature connection closure in non-interactive environments, such as cron jobs, when using `s_client`. Added guidance on using the `-ign_eof` option and input redirection to ensure proper handling of `stdin` and completion of TLS session data exchange. Highlight potential issues with the `-ign_eof` flag and provide solutions for graceful disconnection in SMTP and HTTP/1.1 scenarios to avoid indefinite hangs. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25311) | 09 September 2024, 07:14:21 UTC |
| d52e92f | erbsland-dev | 01 September 2024, 20:55:12 UTC | Refactor Password Variables to Use `const char[]` Arrays - Converted password declaration from `char*` to `const char[]`. - Updated `memcpy` and `return` statements accordingly to use `sizeof` instead of predefined lengths. - Renamed `key_password` into `weak_password` to match test name. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25330) | 09 September 2024, 06:58:03 UTC |
| 9808ccc | erbsland-dev | 30 August 2024, 14:35:38 UTC | Refactor Callback Tests for Improved Memory Management Refactor the callback test code to replace global variables with local structures, enhancing memory management and reducing reliance on redundant cleanup logic. Using a local struct containing a magic number and result flag to ensure the correct handling of user data and to verify that the callback function is invoked at least once during the test. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25330) | 09 September 2024, 06:58:03 UTC |
| 5387b71 | erbsland-dev | 30 August 2024, 08:56:58 UTC | Fix Edge Cases in Password Callback Handling Fixes #8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end. Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25330) | 09 September 2024, 06:58:03 UTC |
| fa6ae88 | erbsland-dev | 29 August 2024, 21:08:46 UTC | Add test for BIO password callback functionality Related to #8441 This commit introduces a test suite for the password callback mechanism used when reading or writing encrypted and PEM or DER encoded keys via a BIO in OpenSSL. The test is designed to cover various edge cases, particularly focusing on scenarios where the password callback might return unexpected or malformed data from user code. By simulating different callback behaviors, including negative returns, zero-length passwords, passwords that exactly fill the buffer and wrongly reported lengths. Also testing for the correct behaviour of binary passwords that contain a null byte in the middle. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25330) | 09 September 2024, 06:58:03 UTC |
| 7845ff7 | slontis | 16 February 2024, 04:21:11 UTC | Add fips indicator requirements doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23609) | 08 September 2024, 03:54:39 UTC |
| 5c82588 | Tomas Mraz | 05 September 2024, 12:57:09 UTC | CHANGES.md, NEWS.md: Add 3.5 sections Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25393) | 06 September 2024, 14:14:52 UTC |
| 3e3a2bf | Tomas Mraz | 05 September 2024, 12:56:10 UTC | libcrypto/libssl.num: Set the numbers for 3_4_0 symbols Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25393) | 06 September 2024, 14:14:52 UTC |
| 314c327 | Tomas Mraz | 05 September 2024, 12:53:04 UTC | NEWS.md: Add missing link to 3.4 section Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25393) | 06 September 2024, 14:14:52 UTC |
| dc5afb7 | Ingo Franzki | 04 September 2024, 11:42:09 UTC | s390x: Fix s390x_shake_squeeze() when MSA 12 is available On the first squeeze call, when finishing the absorb process, also set the NIP flag, if we are still in XOF_STATE_INIT state. When MSA 12 is available, the state buffer A has not been zeroed during initialization, thus we must also pass the NIP flag here. This situation can happen when a squeeze is performed without a preceding absorb (i.e. a SHAKE of the empty message). Add a test that performs a squeeze without a preceding absorb and check if the result is correct. Fixes: https://github.com/openssl/openssl/commit/25f5d7b85f6657cd2f9f1ab7ae87f319d9bafe54 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25388) | 06 September 2024, 09:26:06 UTC |
| 979dc53 | Ingo Franzki | 05 September 2024, 06:45:29 UTC | s390x: Fix s390x_sha3_absorb() when no data is processed by KIMD If the data to absorb is less than a block, then the KIMD instruction is called with zero bytes. This is superfluous, and causes incorrect hash output later on if this is the very first absorb call, i.e. when the xof_state is still XOF_STATE_INIT and MSA 12 is available. In this case the NIP flag is set in the function code for KIMD, but KIMD ignores the NIP flag when it is called with zero bytes to process. Skip any KIMD calls for zero length data. Also do not set the xof_state to XOF_STATE_ABSORB until the first call to KIMD with data. That way, the next KIMD (with non-zero length data) or KLMD call will get the NIP flag set and will then honor it to produce correct output. Fixes: https://github.com/openssl/openssl/commit/25f5d7b85f6657cd2f9f1ab7ae87f319d9bafe54 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25388) | 06 September 2024, 09:26:05 UTC |
| 8af4c02 | dependabot[bot] | 29 August 2024, 17:50:32 UTC | Dependabot update CLA: trivial (deps): Bump actions/setup-python Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.1 to 5.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.1.1...v5.2.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25328) | 05 September 2024, 16:12:48 UTC |
| 65e32c6 | dependabot[bot] | 04 September 2024, 17:07:36 UTC | Dependabot update CLA: trivial (deps): bump actions/download-artifact Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.7 to 4.1.8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4.1.7...v4.1.8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25385) | 05 September 2024, 16:08:11 UTC |
| 60725f8 | PIums | 04 September 2024, 02:37:11 UTC | argon2: Fixed an thread availability error string Correctly display the number of requested threads and the number of available threads. CLA: trivial Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25375) | 05 September 2024, 15:32:01 UTC |
| f60b3c5 | Jiasheng Jiang | 03 September 2024, 19:18:47 UTC | crypto/pkcs12/p12_mutl.c: Add check and EVP_MD_free() for EVP_MD_fetch() Add check and EVP_MD_free() for EVP_MD_fetch() to avoid NULL pointer dereference and memory leak, like "md_fetch". Fixes: fe79159be0 ("Implementation of the RFC 9579, PBMAC1 in PKCS#12") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25370) | 05 September 2024, 15:30:28 UTC |
| 8439337 | Viktor Dukhovni | 31 August 2024, 02:27:33 UTC | Drop redundant non-negative checks on unsigned values Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25341) | 05 September 2024, 15:28:47 UTC |
| 6fd9bc6 | Pablo Rodríguez | 30 August 2024, 14:56:03 UTC | blank line required to display code in `openssl-ts.pod.in` CLA:trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25338) | 05 September 2024, 15:26:58 UTC |
| f2b7a00 | Alessandro Chitarrini | 29 August 2024, 10:59:54 UTC | Fix inaccurate comment about default nonce length in demos/cipher/aesccm.c Fixes #25270 CLA: trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25318) | 05 September 2024, 15:24:32 UTC |
| 9183306 | Jonathan M. Wilbur | 28 August 2024, 23:38:38 UTC | feat: add TCG / platform certificate OIDs Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25312) | 05 September 2024, 15:22:40 UTC |
| 36840ab | Zhihao Yuan | 27 August 2024, 01:48:36 UTC | Recycle the TLS key that holds thread_event_handler Fixes #25278 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25300) | 05 September 2024, 15:19:53 UTC |
| 09ae1c9 | Jiasheng Jiang | 30 August 2024, 19:36:51 UTC | Add error return value information for EVP_MD_get_size() Add error return value information for EVP_MD_get_size() and EVP_MD_CTX_get_size() to better guide their usages and avoid the integer overflow, such as 4a50882 ("ssl_cipher_get_overhead(): Replace size_t with int and add the checks") and ef9ac2f ("test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size()"). Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25282) | 05 September 2024, 15:16:45 UTC |
| d15077d | erbsland-dev | 22 July 2024, 08:26:17 UTC | Clarify EVP_CipherUpdate() authenticated bytes behavior Fixes #8310: Document that the number of authenticated bytes returned by EVP_CipherUpdate() varies with the cipher used. Mention that stream ciphers like ChaCha20 can handle 1 byte at a time, while OCB mode requires processing data one block at a time. Ensure it's clear that passing unpadded data in one call is safe. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24961) | 05 September 2024, 15:14:18 UTC |
| 71ae466 | Georgi Valkov | 19 July 2024, 21:37:21 UTC | threads_win: fix improper cast to long * instead of LONG * InterlockedExchangeAdd expects arguments of type LONG *, LONG but the int arguments were improperly cast to long *, long Note: - LONG is always 32 bit - long is 32 bit on Win32 VC x86/x64 and MingW-W64 - long is 64 bit on cygwin64 Signed-off-by: Georgi Valkov <gvalkov@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24941) | 05 September 2024, 15:09:50 UTC |
| 9f4d8c6 | Georgi Valkov | 19 July 2024, 08:57:24 UTC | threads: follow formatting rules Adjust long lines and correct padding in preprocessor lines to match the formatting rules Signed-off-by: Georgi Valkov <gvalkov@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24941) | 05 September 2024, 15:09:50 UTC |
| 5efc57c | Daniel Gustafsson | 12 July 2024, 18:49:16 UTC | Fix memleak in rsa_cms_sign error path If the call to X509_ALGOR_set0 fails then the allocated ASN1_STRING variable passed as parameter leaks. Fix by explicitly freeing like how all other codepaths with X509_ALGOR_set0 do. Fixes #22680 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24868) | 05 September 2024, 15:04:59 UTC |
| 2bb8382 | FdaSilvaYY | 20 February 2021, 23:04:07 UTC | ssl: rework "e_os.h" inclusions - Remove e_os.h include from "ssl_local.h" - Added e_os.h into the files that need it now. - Move e_os.h to be the very first include Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14344) | 05 September 2024, 15:02:51 UTC |
| 23b795d | FdaSilvaYY | 20 February 2021, 23:10:52 UTC | apps: directly inclusion of "e_os.h when needed Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14344) | 05 September 2024, 15:02:51 UTC |
| 0022bc8 | FdaSilvaYY | 20 February 2021, 23:10:07 UTC | crypto: fix missing <winsock.h> indirection inclusion. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14344) | 05 September 2024, 15:02:51 UTC |
| b2ac9c7 | FdaSilvaYY | 20 February 2021, 22:46:34 UTC | Move inclusion of <winsock.h> out of "e_os.h" into a dedicated header file. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14344) | 05 September 2024, 15:02:51 UTC |
| 5472786 | Tomas Mraz | 05 September 2024, 07:38:19 UTC | Prepare for 3.4 beta 1 Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 05 September 2024, 07:38:19 UTC |
| 2648f68 | Tomas Mraz | 05 September 2024, 07:37:44 UTC | Prepare for release of 3.4 alpha 1 Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 05 September 2024, 07:37:44 UTC |
| 13add4d | Tomas Mraz | 05 September 2024, 07:37:42 UTC | make update Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 05 September 2024, 07:37:42 UTC |
| 7ed6de9 | Tomas Mraz | 05 September 2024, 07:35:49 UTC | Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 05 September 2024, 07:35:49 UTC |
| 210dc9a | Richard Levitte | 03 September 2024, 17:16:05 UTC | util/mkinstallvars.pl: replace List::Util::pairs with out own Unfortunately, List::Util::pairs didn't appear in perl core modules before 5.19.3, and our minimum requirement is 5.10. Fortunately, we already have a replacement implementation, and can re-apply it in this script. Fixes #25366 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25367) | 05 September 2024, 07:04:28 UTC |
| c4a5d70 | Tomas Mraz | 04 September 2024, 15:17:29 UTC | CI: Update upload-artifact action to be compatible The download-artifact action was updated to 4.x and the upload-artifact must be kept in sync. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25383) | 04 September 2024, 15:17:29 UTC |
| 2a6305d | dependabot[bot] | 03 September 2024, 22:45:53 UTC | build(deps): bump actions/download-artifact in /.github/workflows Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.1.7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4.1.7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25374) | 04 September 2024, 06:48:29 UTC |
| bbe4571 | Alexandr Nedvedicky | 28 August 2024, 12:37:07 UTC | EVP_CIPHER_CTX_get_algor_params() may attempt to access params array at position -1 (prams[=1]). The issue has been reported by coverity check. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25303) | 03 September 2024, 19:18:51 UTC |
| c23ce35 | Ingo Franzki | 02 September 2024, 07:08:02 UTC | s390x: Fix prehash-by-caller handling for ED25519 and ED448 In case of prehash or prehash-by-caller is set skip the s390x specific acceleration an fallback to the non-accelerated code path. Fixes: 66966827740a04249300b0b25735e9d4c9bcab26 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25351) | 03 September 2024, 19:16:23 UTC |
| a75d626 | Ingo Franzki | 26 August 2024, 09:26:03 UTC | s390x: Disable HMAC hardware acceleration when an engine is used for the digest The TLSProxy uses the 'ossltest' engine to produce known output for digests and HMAC calls. However, when running on a s390x system that supports hardware acceleration of HMAC, the engine is not used for calculating HMACs, but the s390x specific HMAC implementation is used, which does produce correct output, but not the known output that the engine would produce. This causes some tests (i.e. test_key_share, test_sslextension, test_sslrecords, test_sslvertol, and test_tlsextms) to fail. Disable the s390x HMAC hardware acceleration if an engine is used for the digest of the HMAC calculation. This provides compatibility for engines that provide digest implementations, and assume that these implementations are also used when calculating an HMAC. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25287) | 03 September 2024, 19:15:00 UTC |
| 03b22b4 | Tomas Mraz | 03 September 2024, 10:24:58 UTC | Add CVE-2024-5535 to CHANGES and NEWS Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit abcb0f83d060eb816503a6a36959ce8498a24111) | 03 September 2024, 19:06:19 UTC |
| ca979e8 | Viktor Dukhovni | 10 July 2024, 09:50:57 UTC | Updated CHANGES and NEWS for CVE-2024-6119 fix Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (cherry picked from commit cf384d35aa7142cc3b5de19f64d3972e77d3ff74) | 03 September 2024, 19:04:03 UTC |
| 0890cd1 | Viktor Dukhovni | 19 June 2024, 11:04:11 UTC | Avoid type errors in EAI-related name check logic. The incorrectly typed data is read only, used in a compare operation, so neither remote code execution, nor memory content disclosure were possible. However, applications performing certificate name checks were vulnerable to denial of service. The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on `gen->type`, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read. The code in question was lightly refactored with the intent to make it more obviously correct. Fixes CVE-2024-6119 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> | 03 September 2024, 09:58:40 UTC |
| 5650289 | Tomas Mraz | 30 August 2024, 15:06:12 UTC | Add CHANGES.md and NEWS.md updates for the 3.4 release Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25339) | 03 September 2024, 09:20:45 UTC |
| 01f4b44 | Brad Smith | 01 September 2024, 05:07:16 UTC | Add support for elf_aux_info() on OpenBSD CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25346) | 02 September 2024, 14:12:48 UTC |
| 16e7da0 | Theo Buehler | 30 August 2024, 15:06:26 UTC | Missing .rodata for AVX2/AVX512 codepaths This is a follow-up to #23997 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25340) | 02 September 2024, 08:26:45 UTC |
| c94d13a | Adam (ThinLinc team) | 29 July 2024, 11:54:46 UTC | Detect MinGW 32 bit for NO_INTERLOCKEDOR64 Builds using 32 bit MinGW will fail, due to the same reasoning described in commit 2d46a44ff24173d2cf5ea2196360cb79470d49c7. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25025) | 02 September 2024, 08:24:58 UTC |
| d5b3c0e | Ingo Franzki | 28 August 2024, 12:56:33 UTC | s390x: Fix HMAC digest detection Use EVP_MD_is_a() instead of EVP_MD_get_type() to detect the digest type. EVP_MD_get_type() does not always return the expected NID, e.g. when running in the FIPS provider, EVP_MD_get_type() returns zero, causing to skip the HMAC acceleration path. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25304) | 02 September 2024, 08:23:22 UTC |
| 0cd9dd7 | Viktor Dukhovni | 21 August 2024, 14:43:33 UTC | Improve base64 BIO correctness and error reporting Also improve related documentation. - The BIO_FLAGS_BASE64_NO_NL flag did not behave as advertised, only leading and trailing, but not internal, whitespace was supported: $ echo 'AA AA' | openssl base64 -A -d | wc -c 0 - Switching from ignored leading input to valid base64 input misbehaved when the length of the skipped input was one more than the length of the second and subsequent valid base64 lines in the internal 1k buffer: $ printf '#foo\n#bar\nA\nAAA\nAAAA\n' | openssl base64 -d | wc -c 0 - When the underlying BIO is retriable, and a read returns less than 1k of data, some of the already buffered input lines that could have been decoded and returned were retained internally for a retry by the caller. This is somewhat surprising, and the new code decodes as many of the buffered lines as possible. Issue reported by Michał Trojnara. - After all valid data has been read, the next BIO_read(3) should return 0 when the input was all valid or -1 if an error was detected. This now occurs in more consistently, but further tests and code refactoring may be needed to ensure this always happens. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25253) | 30 August 2024, 13:09:10 UTC |
| d1c2c05 | Richard Levitte | 28 August 2024, 14:36:31 UTC | fix: ossl_digest_get_approved_nid() returns NID_undef on invalid digest We checked using 'md_nid < 0', which is faulty. Impact: DSA and ECDSA signature provider implementations Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24992) | 30 August 2024, 09:54:13 UTC |
| f68ba38 | Richard Levitte | 24 July 2024, 20:07:32 UTC | Refactor OpenSSL 'ECDSA' EVP_SIGNATURE to also include ECDSA+hash composites Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24992) | 30 August 2024, 09:54:13 UTC |
| bb2be4f | Richard Levitte | 24 July 2024, 13:37:08 UTC | Refactor OpenSSL 'DSA' EVP_SIGNATURE to also include DSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24992) | 30 August 2024, 09:54:13 UTC |
| c6c6af1 | Pauli | 30 August 2024, 01:43:29 UTC | endecode_test.c: Fix !fips v3.0.0 check The fips_provider_version_* functions return true if the FIPS provider isn't loaded. This is somewhat counterintuitive and the fix in #25327 neglected this nuance resulting in not running the SM2 tests when the FIPS provider wasn't being loaded. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25331) | 30 August 2024, 09:42:40 UTC |
| 15b7484 | Richard Levitte | 28 August 2024, 16:52:39 UTC | exporters for pkg-config: align with the changes for CMake The latest CMake exporter changes reworked the the variables in builddata.pm and installdata.pm. Unfortunately, the pkg-config exporter templates were forgotten in that effort. Fixes #25299 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25308) | 30 August 2024, 03:20:48 UTC |
| 0b97a55 | Tomas Mraz | 29 August 2024, 16:42:14 UTC | endecode_test.c: Avoid running the SM2 tests with 3.0.0 FIPS provider Fixes #25326 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25327) | 29 August 2024, 17:45:47 UTC |
| b4e4bf2 | Viktor Dukhovni | 28 August 2024, 10:36:09 UTC | Check for excess data in CertificateVerify As reported by Alicja Kario, we ignored excess bytes after the signature payload in TLS CertificateVerify Messages. These should not be present. Fixes: #25298 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25302) | 29 August 2024, 17:32:00 UTC |
| 25f5d7b | Joerg Schmidbauer | 29 February 2024, 11:50:05 UTC | s390x: support CPACF sha3/shake performance improvements On newer machines the SHA3/SHAKE performance of CPACF instructions KIMD and KLMD can be enhanced by using additional modifier bits. This allows the application to omit initializing the ICV, but also affects the internal processing of the instructions. Performance is mostly gained when processing short messages. The new CPACF feature is backwards compatible with older machines, i.e. the new modifier bits are ignored on older machines. However, to save the ICV initialization, the application must detect the MSA level and omit the ICV initialization only if this feature is supported. Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25235) | 29 August 2024, 17:26:06 UTC |
| 6772c2a | Clemens Lang | 28 August 2024, 15:18:03 UTC | doc: Document properties param for Argon2 KDF The Argon2 KDF uses OSSL_KDF_PARAM_PROPERTIES to fetch implementations of blake2bmac and blake2b512 if ctx->mac and ctx->md are NULL. This isn't documented in the manpage, so users that might, for example, want to fetch an instance of Argon2 with the -fips property query to obtain a working Argon2 KDF even though the default property query requires fips=yes are left wondering why this fails. Fortunately, EVP_KDF(3)/PARAMETERS already explains what the properties are used for, so we really just need to add a single line. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25306) | 29 August 2024, 17:20:05 UTC |
| 80008d4 | erbsland-dev | 25 August 2024, 10:08:36 UTC | Refactor and Enhance Compression Field Testing Fixes #7940: Enhances the existing test for compression methods in the ClientHello message, aligning with RFC 8446 specifications. Refactored the test code to improve modularity and maintainability, making it easier to extend and modify in the future. Added checks for the appropriate alerts, ensuring that `SSL_AD_ILLEGAL_PARAMETER` or `SSL_AD_DECODE_ERROR` are correctly triggered as per the RFC 8446 guidelines. Expanded Test Coverage: Introduced additional test cases to cover scenarios involving: - Lists of unknown compression methods - Absence of any compression method - Validation of a single null compression method, which should always succeed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25255) | 29 August 2024, 17:16:38 UTC |
| c026101 | erbsland-dev | 21 August 2024, 16:18:58 UTC | Correct Alert Handling for Missing Compression Methods Fixes #7940: Updated the compression check logic to improve protocol compliance. The code now returns `SSL_AD_DECODE_ERROR` when no compression method is provided in the ClientHello message. It returns `SSL_AD_ILLEGAL_PARAMETER` if the “null” compression method (0x00) is missing. Additionally, refactored the related test code for enhanced readability and maintainability. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25255) | 29 August 2024, 17:16:38 UTC |
| 6696682 | Richard Levitte | 24 July 2024, 05:25:57 UTC | Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2() In this mode, only the ph instances are supported, and must be set explicitly through a parameter. The caller is assumed to pass a prehash to EVP_PKEY_{sign,verify}(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975) | 29 August 2024, 17:13:07 UTC |
| 1751334 | Richard Levitte | 02 February 2024, 07:20:06 UTC | Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448 implementations, including ph and ctx variants. Tests are added with test_evp stanzas. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975) | 29 August 2024, 17:13:06 UTC |
| d20cf21 | Zhiqing Xie | 25 July 2024, 02:25:01 UTC | Fix compile err when building VC-CLANG-WIN64-CLANGASM-ARM target The error happens with MSVC v143,C++ Clang Compiler for Windows(16.0.5) Error is "brackets expression not supported on this target" in libcrypto-shlib-bsaes-armv8.obj.asm Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25293) | 29 August 2024, 13:38:57 UTC |
| 25bd0c7 | Jamie Cui | 22 August 2024, 03:41:50 UTC | Fix decoder error on SM2 private key Added sm2 testcases to endecode_test.c. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25266) | 29 August 2024, 13:28:27 UTC |
| 14c4533 | slontis | 26 August 2024, 01:24:24 UTC | EVP_MD_size() updates For SHAKE algorithms we now return 0 from EVP_MD_size(). So all the places that check for < 0 needed to change to <= 0 (Otherwise the behaviour will be to digest nothing in most cases). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285) | 29 August 2024, 08:29:53 UTC |
| 976dd35 | slontis | 26 August 2024, 01:14:55 UTC | Update code to use EVP_MD_xof() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285) | 29 August 2024, 08:29:53 UTC |
| c48e568 | slontis | 25 August 2024, 23:38:56 UTC | XOF / EVP_MD_size() changes. Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and does a ctx get rather than just returning EVP_MD_size(). SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen. Added a helper function EVP_MD_xof() EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to keep it the same I added an extra function. EVP_MD_size() always returns 0 for SHAKE now, since it caches the value of md_size at the time of an EVP_MD_fetch(). This is probably better than returning the incorrect initial value it was before e.g (16 for SHAKE128) and returning tht always instead of the set xoflen. Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285) | 29 August 2024, 08:29:53 UTC |
| 6dacee4 | sashan | 14 August 2024, 18:07:29 UTC | RSA decoder should check also sanity of p, q, e, d ... with respect to n This issue has been discovered by osss-fuzzer [1]. The test function decodes RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long exceeding timeout (45secs). The idea is to fix OSSL_DECODER_from_data() code path so invalid RSA keys will be refused. [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134 Test case generated by the fuzzer is added. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25190) | 28 August 2024, 14:50:46 UTC |
| f6a296c | slontis | 12 August 2024, 09:31:10 UTC | Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related headers have moved to providers/fips/include so that they can use fips_indicator_params.inc. securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes fipscommon.h. fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used. fips_names.h just uses aliases now for existing public names. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25162) | 28 August 2024, 12:46:16 UTC |
| accd835 | Richard Levitte | 17 July 2024, 16:23:57 UTC | fix: for exporters to work for build config, there may be two include dirs For CMake / pkg-config configuration files to be used for an uninstalled build, the include directory in the build directory isn't enough, if that one is separate from the source directory. The include directory in the source directory must be accounted for too. This includes some lighter refactoring of util/mkinstallvars.pl, with the result that almost all variables in builddata.pm and installdata.pm have become arrays, even though unnecessarily for most of them; it was simpler that way. The CMake / pkg-config templates are adapted accordingly. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24918) | 27 August 2024, 15:20:12 UTC |
| a82d9e5 | Richard Levitte | 17 July 2024, 09:09:11 UTC | fix: exporters/cmake/OpenSSLConfig.cmake.in to work for build config This template file is made to make both: 1. OpenSSLConfig.cmake (CMake config used when building a CMake package against an uninstalled OpenSSL build) 2. exporters/OpenSSLConfig.cmake (CMake config that's to be installed alongside OpenSSL, and is used when building a CMake package against an OpenSSL installation). Variant 1 was unfortunately getting the internal '_ossl_prefix' variable wrong, which is due to how the perl snippet builds the command(s) to figure out its value. That needed some correction. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24918) | 27 August 2024, 15:20:12 UTC |
| 0acb320 | Jonathan M. Wilbur | 20 August 2024, 23:27:43 UTC | test: issuedOnBehalfOf X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25241) | 27 August 2024, 14:48:57 UTC |
| 2546932 | Jonathan M. Wilbur | 20 August 2024, 23:24:01 UTC | feat: add support for issuedOnBehalfOf X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25241) | 27 August 2024, 14:48:57 UTC |
| 873f269 | Richard Levitte | 21 August 2024, 09:10:00 UTC | fix coding style Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
| 9524ca1 | Richard Levitte | 25 July 2024, 14:55:08 UTC | doc: Document EVP_{TYPE}_CTX_get_algor etc Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
| 033dcce | Richard Levitte | 25 July 2024, 11:30:28 UTC | feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor() This should be sufficient to cover the intent with the following legacy ctrls: - EVP_PKEY_CTRL_PKCS7_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_SIGN (through EVP_SIGNATURE implementations) - EVP_PKEY_CTRL_CMS_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_SIGN (through EVP_SIGNATURE implementations) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
