| c94d13a | Adam (ThinLinc team) | 29 July 2024, 11:54:46 UTC | Detect MinGW 32 bit for NO_INTERLOCKEDOR64 Builds using 32 bit MinGW will fail, due to the same reasoning described in commit 2d46a44ff24173d2cf5ea2196360cb79470d49c7. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25025) | 02 September 2024, 08:24:58 UTC |
| d5b3c0e | Ingo Franzki | 28 August 2024, 12:56:33 UTC | s390x: Fix HMAC digest detection Use EVP_MD_is_a() instead of EVP_MD_get_type() to detect the digest type. EVP_MD_get_type() does not always return the expected NID, e.g. when running in the FIPS provider, EVP_MD_get_type() returns zero, causing to skip the HMAC acceleration path. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25304) | 02 September 2024, 08:23:22 UTC |
| 0cd9dd7 | Viktor Dukhovni | 21 August 2024, 14:43:33 UTC | Improve base64 BIO correctness and error reporting Also improve related documentation. - The BIO_FLAGS_BASE64_NO_NL flag did not behave as advertised, only leading and trailing, but not internal, whitespace was supported: $ echo 'AA AA' | openssl base64 -A -d | wc -c 0 - Switching from ignored leading input to valid base64 input misbehaved when the length of the skipped input was one more than the length of the second and subsequent valid base64 lines in the internal 1k buffer: $ printf '#foo\n#bar\nA\nAAA\nAAAA\n' | openssl base64 -d | wc -c 0 - When the underlying BIO is retriable, and a read returns less than 1k of data, some of the already buffered input lines that could have been decoded and returned were retained internally for a retry by the caller. This is somewhat surprising, and the new code decodes as many of the buffered lines as possible. Issue reported by Michał Trojnara. - After all valid data has been read, the next BIO_read(3) should return 0 when the input was all valid or -1 if an error was detected. This now occurs in more consistently, but further tests and code refactoring may be needed to ensure this always happens. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25253) | 30 August 2024, 13:09:10 UTC |
| d1c2c05 | Richard Levitte | 28 August 2024, 14:36:31 UTC | fix: ossl_digest_get_approved_nid() returns NID_undef on invalid digest We checked using 'md_nid < 0', which is faulty. Impact: DSA and ECDSA signature provider implementations Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24992) | 30 August 2024, 09:54:13 UTC |
| f68ba38 | Richard Levitte | 24 July 2024, 20:07:32 UTC | Refactor OpenSSL 'ECDSA' EVP_SIGNATURE to also include ECDSA+hash composites Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24992) | 30 August 2024, 09:54:13 UTC |
| bb2be4f | Richard Levitte | 24 July 2024, 13:37:08 UTC | Refactor OpenSSL 'DSA' EVP_SIGNATURE to also include DSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24992) | 30 August 2024, 09:54:13 UTC |
| c6c6af1 | Pauli | 30 August 2024, 01:43:29 UTC | endecode_test.c: Fix !fips v3.0.0 check The fips_provider_version_* functions return true if the FIPS provider isn't loaded. This is somewhat counterintuitive and the fix in #25327 neglected this nuance resulting in not running the SM2 tests when the FIPS provider wasn't being loaded. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25331) | 30 August 2024, 09:42:40 UTC |
| 15b7484 | Richard Levitte | 28 August 2024, 16:52:39 UTC | exporters for pkg-config: align with the changes for CMake The latest CMake exporter changes reworked the the variables in builddata.pm and installdata.pm. Unfortunately, the pkg-config exporter templates were forgotten in that effort. Fixes #25299 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25308) | 30 August 2024, 03:20:48 UTC |
| 0b97a55 | Tomas Mraz | 29 August 2024, 16:42:14 UTC | endecode_test.c: Avoid running the SM2 tests with 3.0.0 FIPS provider Fixes #25326 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25327) | 29 August 2024, 17:45:47 UTC |
| b4e4bf2 | Viktor Dukhovni | 28 August 2024, 10:36:09 UTC | Check for excess data in CertificateVerify As reported by Alicja Kario, we ignored excess bytes after the signature payload in TLS CertificateVerify Messages. These should not be present. Fixes: #25298 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25302) | 29 August 2024, 17:32:00 UTC |
| 25f5d7b | Joerg Schmidbauer | 29 February 2024, 11:50:05 UTC | s390x: support CPACF sha3/shake performance improvements On newer machines the SHA3/SHAKE performance of CPACF instructions KIMD and KLMD can be enhanced by using additional modifier bits. This allows the application to omit initializing the ICV, but also affects the internal processing of the instructions. Performance is mostly gained when processing short messages. The new CPACF feature is backwards compatible with older machines, i.e. the new modifier bits are ignored on older machines. However, to save the ICV initialization, the application must detect the MSA level and omit the ICV initialization only if this feature is supported. Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25235) | 29 August 2024, 17:26:06 UTC |
| 6772c2a | Clemens Lang | 28 August 2024, 15:18:03 UTC | doc: Document properties param for Argon2 KDF The Argon2 KDF uses OSSL_KDF_PARAM_PROPERTIES to fetch implementations of blake2bmac and blake2b512 if ctx->mac and ctx->md are NULL. This isn't documented in the manpage, so users that might, for example, want to fetch an instance of Argon2 with the -fips property query to obtain a working Argon2 KDF even though the default property query requires fips=yes are left wondering why this fails. Fortunately, EVP_KDF(3)/PARAMETERS already explains what the properties are used for, so we really just need to add a single line. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25306) | 29 August 2024, 17:20:05 UTC |
| 80008d4 | erbsland-dev | 25 August 2024, 10:08:36 UTC | Refactor and Enhance Compression Field Testing Fixes #7940: Enhances the existing test for compression methods in the ClientHello message, aligning with RFC 8446 specifications. Refactored the test code to improve modularity and maintainability, making it easier to extend and modify in the future. Added checks for the appropriate alerts, ensuring that `SSL_AD_ILLEGAL_PARAMETER` or `SSL_AD_DECODE_ERROR` are correctly triggered as per the RFC 8446 guidelines. Expanded Test Coverage: Introduced additional test cases to cover scenarios involving: - Lists of unknown compression methods - Absence of any compression method - Validation of a single null compression method, which should always succeed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25255) | 29 August 2024, 17:16:38 UTC |
| c026101 | erbsland-dev | 21 August 2024, 16:18:58 UTC | Correct Alert Handling for Missing Compression Methods Fixes #7940: Updated the compression check logic to improve protocol compliance. The code now returns `SSL_AD_DECODE_ERROR` when no compression method is provided in the ClientHello message. It returns `SSL_AD_ILLEGAL_PARAMETER` if the “null” compression method (0x00) is missing. Additionally, refactored the related test code for enhanced readability and maintainability. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25255) | 29 August 2024, 17:16:38 UTC |
| 6696682 | Richard Levitte | 24 July 2024, 05:25:57 UTC | Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2() In this mode, only the ph instances are supported, and must be set explicitly through a parameter. The caller is assumed to pass a prehash to EVP_PKEY_{sign,verify}(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975) | 29 August 2024, 17:13:07 UTC |
| 1751334 | Richard Levitte | 02 February 2024, 07:20:06 UTC | Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448 implementations, including ph and ctx variants. Tests are added with test_evp stanzas. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975) | 29 August 2024, 17:13:06 UTC |
| d20cf21 | Zhiqing Xie | 25 July 2024, 02:25:01 UTC | Fix compile err when building VC-CLANG-WIN64-CLANGASM-ARM target The error happens with MSVC v143,C++ Clang Compiler for Windows(16.0.5) Error is "brackets expression not supported on this target" in libcrypto-shlib-bsaes-armv8.obj.asm Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25293) | 29 August 2024, 13:38:57 UTC |
| 25bd0c7 | Jamie Cui | 22 August 2024, 03:41:50 UTC | Fix decoder error on SM2 private key Added sm2 testcases to endecode_test.c. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25266) | 29 August 2024, 13:28:27 UTC |
| 14c4533 | slontis | 26 August 2024, 01:24:24 UTC | EVP_MD_size() updates For SHAKE algorithms we now return 0 from EVP_MD_size(). So all the places that check for < 0 needed to change to <= 0 (Otherwise the behaviour will be to digest nothing in most cases). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285) | 29 August 2024, 08:29:53 UTC |
| 976dd35 | slontis | 26 August 2024, 01:14:55 UTC | Update code to use EVP_MD_xof() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285) | 29 August 2024, 08:29:53 UTC |
| c48e568 | slontis | 25 August 2024, 23:38:56 UTC | XOF / EVP_MD_size() changes. Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and does a ctx get rather than just returning EVP_MD_size(). SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen. Added a helper function EVP_MD_xof() EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to keep it the same I added an extra function. EVP_MD_size() always returns 0 for SHAKE now, since it caches the value of md_size at the time of an EVP_MD_fetch(). This is probably better than returning the incorrect initial value it was before e.g (16 for SHAKE128) and returning tht always instead of the set xoflen. Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285) | 29 August 2024, 08:29:53 UTC |
| 6dacee4 | sashan | 14 August 2024, 18:07:29 UTC | RSA decoder should check also sanity of p, q, e, d ... with respect to n This issue has been discovered by osss-fuzzer [1]. The test function decodes RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long exceeding timeout (45secs). The idea is to fix OSSL_DECODER_from_data() code path so invalid RSA keys will be refused. [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134 Test case generated by the fuzzer is added. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25190) | 28 August 2024, 14:50:46 UTC |
| f6a296c | slontis | 12 August 2024, 09:31:10 UTC | Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related headers have moved to providers/fips/include so that they can use fips_indicator_params.inc. securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes fipscommon.h. fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used. fips_names.h just uses aliases now for existing public names. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25162) | 28 August 2024, 12:46:16 UTC |
| accd835 | Richard Levitte | 17 July 2024, 16:23:57 UTC | fix: for exporters to work for build config, there may be two include dirs For CMake / pkg-config configuration files to be used for an uninstalled build, the include directory in the build directory isn't enough, if that one is separate from the source directory. The include directory in the source directory must be accounted for too. This includes some lighter refactoring of util/mkinstallvars.pl, with the result that almost all variables in builddata.pm and installdata.pm have become arrays, even though unnecessarily for most of them; it was simpler that way. The CMake / pkg-config templates are adapted accordingly. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24918) | 27 August 2024, 15:20:12 UTC |
| a82d9e5 | Richard Levitte | 17 July 2024, 09:09:11 UTC | fix: exporters/cmake/OpenSSLConfig.cmake.in to work for build config This template file is made to make both: 1. OpenSSLConfig.cmake (CMake config used when building a CMake package against an uninstalled OpenSSL build) 2. exporters/OpenSSLConfig.cmake (CMake config that's to be installed alongside OpenSSL, and is used when building a CMake package against an OpenSSL installation). Variant 1 was unfortunately getting the internal '_ossl_prefix' variable wrong, which is due to how the perl snippet builds the command(s) to figure out its value. That needed some correction. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24918) | 27 August 2024, 15:20:12 UTC |
| 0acb320 | Jonathan M. Wilbur | 20 August 2024, 23:27:43 UTC | test: issuedOnBehalfOf X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25241) | 27 August 2024, 14:48:57 UTC |
| 2546932 | Jonathan M. Wilbur | 20 August 2024, 23:24:01 UTC | feat: add support for issuedOnBehalfOf X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25241) | 27 August 2024, 14:48:57 UTC |
| 873f269 | Richard Levitte | 21 August 2024, 09:10:00 UTC | fix coding style Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
| 9524ca1 | Richard Levitte | 25 July 2024, 14:55:08 UTC | doc: Document EVP_{TYPE}_CTX_get_algor etc Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
| 033dcce | Richard Levitte | 25 July 2024, 11:30:28 UTC | feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor() This should be sufficient to cover the intent with the following legacy ctrls: - EVP_PKEY_CTRL_PKCS7_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_SIGN (through EVP_SIGNATURE implementations) - EVP_PKEY_CTRL_CMS_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_SIGN (through EVP_SIGNATURE implementations) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
| 258aaa9 | Richard Levitte | 25 July 2024, 10:34:06 UTC | feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor() EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can be used instead of EVP_CIPHER_asn1_to_param() and EVP_CIPHER_param_to_asn1(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
| 3b1ea04 | Richard Levitte | 25 July 2024, 10:18:24 UTC | fix: in RC2 implementation, handle both old and new AID.params keys Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:28 UTC |
| 0941666 | Richard Levitte | 25 July 2024, 09:56:13 UTC | Amend the design of AlgorithmIdentifier parameter passing I realised that any application that passes AlgorithmIdentifier parameters to and from a provider may also be interested in the full AlgorithmIdentifier of the implementation invocation. Likewise, any application that wants to get the full AlgorithmIdentifier from an implementation invocation may also want to pass AlgorithmIdentifier parameters to that same implementation invocation. These amendments should be useful to cover all intended uses of the legacy ctrls for PKCS7 and CMS: - EVP_PKEY_CTRL_PKCS7_ENCRYPT - EVP_PKEY_CTRL_PKCS7_DECRYPT - EVP_PKEY_CTRL_PKCS7_SIGN - EVP_PKEY_CTRL_CMS_ENCRYPT - EVP_PKEY_CTRL_CMS_DECRYPT - EVP_PKEY_CTRL_CMS_SIGN It should also cover a number of other cases that were previously implemented through EVP_PKEY_ASN1_METHOD, as well as all sorts of other cases where the application has had to assemble a X509_ALGOR on their own. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000) | 27 August 2024, 11:56:20 UTC |
| c07a34e | cx | 21 August 2024, 18:13:01 UTC | Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any other change_cipher_spec value(RFC 8446) Fixes: #25086 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25257) | 26 August 2024, 09:58:10 UTC |
| 91432b9 | Jonathan M. Wilbur | 01 August 2024, 17:45:54 UTC | fix: alias auditEntity OID Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754) | 26 August 2024, 09:38:44 UTC |
| dbd3d65 | Jonathan M. Wilbur | 27 June 2024, 20:30:06 UTC | test: auditIdentity X.509v3 extension decoding and display Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754) | 26 August 2024, 09:38:44 UTC |
| 9216859 | Jonathan M. Wilbur | 27 June 2024, 20:29:49 UTC | feat: support auditIdentity X.509v3 extension Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754) | 26 August 2024, 09:38:44 UTC |
| bce3a8d | Jonathan M. Wilbur | 27 June 2024, 20:29:26 UTC | fix: wrong name for OID -> auditIdentity Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754) | 26 August 2024, 09:25:23 UTC |
| 8e7f39e | slontis | 15 August 2024, 06:20:26 UTC | Cleanups for FIPS indicator documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25195) | 25 August 2024, 22:28:44 UTC |
| 5139b51 | slontis | 15 August 2024, 06:18:56 UTC | Add FIPS indicator documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25195) | 25 August 2024, 22:28:44 UTC |
| c37e217 | slontis | 21 August 2024, 07:43:19 UTC | Add FIPS indicators to X25519 and X448. X25519 and X448 are unapproved in FIPS 140-3 So always trigger the indicator callback if these Keys are used, and add "fips-indicator" getters that return 0. This has been added to keygen and key exchange. (KEM will also require it if ever becomes a FIPS algorithm). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25246) | 25 August 2024, 00:50:05 UTC |
| 32b43b9 | slontis | 22 August 2024, 04:11:13 UTC | Update new FIPS indicator evp_tests to use FIPSversion + Availablein options. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25267) | 23 August 2024, 19:26:03 UTC |
| f2a5c80 | slontis | 22 August 2024, 04:07:33 UTC | Revert evp_test change that made "FIPSversion" skip the default provider. Fixes #25199 This should be done using "Availablein" if required. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25267) | 23 August 2024, 19:25:41 UTC |
| bb1aab3 | slontis | 22 August 2024, 01:50:17 UTC | FIPS: Add EDDSA public key validation. EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to determine if the public key is a valid point on the curve. The FIPS ACVP tests require public key validation tests. See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0/internalProjection.json Note that this is NOT required to be called before EDDSA signature verification since it is done internally. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25265) | 23 August 2024, 19:23:53 UTC |
| f7fd434 | slontis | 19 August 2024, 02:01:53 UTC | Update FIPS 140-3 self tests Cleanup + remove a few tests that are not required. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25222) | 23 August 2024, 09:07:36 UTC |
| 06179b4 | slontis | 21 August 2024, 23:09:14 UTC | FIPS: Change fips tests to use SHA2 for corruption test. Fixes cross testing with OpenSSL 3.4 with removed SHA1 from the self tests. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25262) | 23 August 2024, 08:23:37 UTC |
| 19b87d2 | Ingo Franzki | 20 August 2024, 09:35:20 UTC | s390x: Fix memory leak in s390x_HMAC_CTX_copy() When s390x_HMAC_CTX_copy() is called, but the destination context already has a buffer allocated, it is not freed before duplicating the buffer from the source context. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25238) | 23 August 2024, 07:11:01 UTC |
| fe1ce91 | Pauli | 19 August 2024, 01:34:12 UTC | acvptest: add positive and negative tests for verify message param Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211) | 22 August 2024, 21:17:03 UTC |
| f5c8000 | Pauli | 19 August 2024, 00:40:24 UTC | rsa: add verify_message param support Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211) | 22 August 2024, 21:17:03 UTC |
| b80e2dd | Pauli | 19 August 2024, 00:40:14 UTC | ecdsa: add verify_message param support Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211) | 22 August 2024, 21:17:03 UTC |
| 38f1e18 | Pauli | 16 August 2024, 00:24:05 UTC | param: add OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter name Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211) | 22 August 2024, 21:17:02 UTC |
| a9fc870 | Pauli | 16 August 2024, 00:21:12 UTC | doc: document the OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211) | 22 August 2024, 21:17:02 UTC |
| 3c1713a | Tomas Mraz | 22 August 2024, 12:49:05 UTC | fuzz/hashtable.c: rc == -1 on insert is OK when fuzzing Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25273) | 22 August 2024, 12:52:43 UTC |
| 8951ee0 | Tomas Mraz | 22 August 2024, 12:44:02 UTC | ossl_ht_insert(): Allow for 4 iterations of grow_hashtable() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25273) | 22 August 2024, 12:52:43 UTC |
| 6c39d21 | Joachim Vandersmissen | 15 March 2024, 16:34:12 UTC | Replace PKCS#1 v1.5 padding in RSA PCT After December 31, 2023, SP 800-131Ar2 [0] no longer allows PKCS#1 v1.5 padding for RSA "key-transport" (aka encryption and decryption). There's a few good options to replace this usage in the RSA PCT, but the simplest is verifying m = (m^e)^d mod n, (where 1 < m < (n − 1)). This is specified in SP 800-56Br2 (Section 6.4.1.1) [1] and allowed by FIPS 140-3 IG 10.3.A. In OpenSSL, this corresponds to RSA_NO_PADDING. [0]: https://doi.org/10.6028/NIST.SP.800-131Ar2 [1]: https://doi.org/10.6028/NIST.SP.800-56Br2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23832) | 21 August 2024, 21:24:29 UTC |
| 9341e66 | Joachim Vandersmissen | 14 March 2024, 00:26:21 UTC | Replace PKCS#1 v1.5 encryption in RSA PCT After December 31, 2023, SP 800-131Ar2 [0] no longer allows PKCS#1 v1.5 padding for RSA "key-transport" (aka encryption and decryption). There's a few good options to replace this usage in the RSA PCT, but signature generation and verification using PKCS#1 v1.5 padding (which remains approved) is the simplest. [0]: https://doi.org/10.6028/NIST.SP.800-131Ar2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23832) | 21 August 2024, 21:24:08 UTC |
| e91384d | Bernd Edlinger | 27 October 2023, 10:05:05 UTC | Fix error handling in OBJ_add_object This fixes the possible memory leak in OBJ_add_object when a pre-existing object is replaced by a new one, with identical NID, OID, and/or short/long name. We do not try to delete any orphans, but only mark them as type == -1, because the previously returned pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln may be cached by applications and can thus not be cleaned up before the application terminates. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22534) | 21 August 2024, 13:53:37 UTC |
| 223e002 | Beat Bolli | 15 August 2024, 10:35:02 UTC | x_attrib: fix a memory leak The X509_NAME object needs to be free'd even if printing it fails. Introduced in be5adfd6e3 ("Support subjectDirectoryAttributes and associatedInformation exts", 2024-06-18), but subsequently moved in 7bcfb41489 ("ossl_print_attribute_value(): use a sequence value only if type is a sequence", 2024-08-05). Signed-off-by: Beat Bolli <dev@drbeat.li> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25207) | 21 August 2024, 13:51:29 UTC |
| 1fb3952 | Neil Horman | 15 August 2024, 12:29:34 UTC | Add Changes entry for debuginfo generation Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25174) | 21 August 2024, 13:50:30 UTC |
| 0fdbcf4 | Neil Horman | 14 August 2024, 15:18:04 UTC | Add a test for debuginfo generation Add a check to ensure debug info generation works. We piggyback on a test that already builds DWARF symbols (--debug) The test 1) makes the debuginfo files 2) runs gdb, loading the libcrypto.so.3 file 3) Check to make sure that the output of gdb indicates that it loads the .debug file base on the reference in the loaded file Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25174) | 21 August 2024, 13:50:17 UTC |
| a5d5662 | Neil Horman | 13 August 2024, 19:16:08 UTC | Add debuginfo build target In the webinar we are currently producing on debugging openssl applications, we talk about ways to allow debugable binaries without having to ship all the debug DWARF information to production systems. Add an optional target to do that DWARF separation to aid users Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25174) | 21 August 2024, 13:50:17 UTC |
| 55662b6 | Jiasheng Jiang | 06 August 2024, 19:18:34 UTC | test/provider_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak Add OSSL_PROVIDER_unload() when OSSL_PROVIDER_add_builtin() fails to avoid memory leak. Fixes: 5442611dff ("Add a test for OSSL_LIB_CTX_new_child()") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25109) | 21 August 2024, 13:38:58 UTC |
| 6e8a103 | Jiasheng Jiang | 06 August 2024, 18:42:06 UTC | test/provider_fallback_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak Add OSSL_PROVIDER_unload() when test_provider() fails to avoid memory leak. Fixes: f995e5bdcd ("TEST: Add provider_fallback_test, to test aspects of fallback providers") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25108) | 21 August 2024, 13:37:05 UTC |
| 60358f2 | Matt Caswell | 31 July 2024, 14:25:48 UTC | Fix the alert used on a missing key_share RFC8446 requires we send an illegal_parameter alert if we don't get a key_share back from the server and our kex_modes require one. We were instead reporting this as missing_extension. Fixes #25040 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25059) | 21 August 2024, 13:35:51 UTC |
| 95994de | slontis | 07 August 2024, 00:58:10 UTC | Add additional test cases for Single Step KDF. SSKDF KMAC tests added. Added FIPS indicator tests for SSKDF Hash, HMAC, and KMAC cases. Added short salt length tests for SSKDF HMAC and KMAC. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049) | 21 August 2024, 13:34:58 UTC |
| ea396c7 | slontis | 05 August 2024, 05:25:35 UTC | Add FIPS KMAC key check This adds a FIPS indicator for KMAC key size. Note that 112 bits keys are still smaller than the sizes required to reach 128 bits for KMAC128 and 256 bits for KMAC256 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049) | 21 August 2024, 13:34:58 UTC |
| 390f00a | slontis | 31 July 2024, 04:56:44 UTC | Add HMAC FIPS keysize check. HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mechanism to bypass this check in HMAC. A seperate 'internal' query table has been added to the FIPS provider for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore the key check. If a KDF requires the key check then it must do the check itself. The normal MAC dipatch table is used if the user fetches HMAC directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049) | 21 August 2024, 13:34:40 UTC |
| d2739fc | Tomas Mraz | 16 August 2024, 14:27:17 UTC | hashtable.c: Code style fixes Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:26 UTC |
| f0b1d4d | Tomas Mraz | 16 August 2024, 13:54:15 UTC | core_namemap.c: 2048 hashtable buckets should be sufficient It is unlikely we would need more than 4000 names and even with more names (up to 8192) it would still work, just the performance fo the namemap would degrade. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:26 UTC |
| 9f74898 | Tomas Mraz | 16 August 2024, 13:40:43 UTC | For lockless reads use the whole hashtable for colliding entries Instead of just using the neighborhood, fill subsequent neighborhoods with colliding entries. If the hashtable is properly sized, it won't degrade performance too much. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:26 UTC |
| 4cad608 | Tomas Mraz | 27 May 2024, 14:50:05 UTC | Use the new hashtable for core_namemap This replaces LHASH in core_namemap with the new hashtable and adds a reverse mapping in form of stack of stacks instead of iterating the existing hash table members. The new hashtable is used in lockless-read mode. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:26 UTC |
| 71fe7f0 | Tomas Mraz | 27 May 2024, 14:49:15 UTC | hashtable: Support lockless reads Also build it in the FIPS provider too and properly report error on insert when hashtable cannot be grown. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:25 UTC |
| 6cdca7b | Tomas Mraz | 17 May 2024, 11:41:09 UTC | hashtable.c: Avoid infinite loop in ossl_ht_insert() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:25 UTC |
| 14efc05 | Neil Horman | 15 May 2024, 19:34:15 UTC | some performance improvements Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:25 UTC |
| 435531e | Neil Horman | 15 May 2024, 13:20:30 UTC | alternate collision checking support Add full key matching to hashtable the idea is that on a hash value match we do a full memory comparison of the unhashed key to validate that its actually the key we're looking for Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24504) | 21 August 2024, 13:21:25 UTC |
| 772481c | Richard Levitte | 16 July 2024, 04:52:07 UTC | fix: Have util/mkerr.pl comply better with our coding style util/mkerr.pl produced lines like these: {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, According to our coding style, they should look like this: {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, This nit was correctly picked up by util/check-format.pl Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24902) | 21 August 2024, 08:55:59 UTC |
| 523187d | Richard Levitte | 19 August 2024, 06:38:56 UTC | Enable RSA-SM3 in the default provider It turns out that we didn't allow the combination RSA + SM3 anywhere. This is perfectly reasonable in the FIPS module, but less so in the default provider. This change enables it in the default provider, and adds a simple evp_test stanza for the RSA-SM3 signature scheme. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416) | 21 August 2024, 06:21:06 UTC |
| 8736de5 | Richard Levitte | 16 July 2024, 05:06:05 UTC | fix coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416) | 21 August 2024, 06:21:06 UTC |
| b02cf2f | Richard Levitte | 10 July 2024, 19:26:30 UTC | Add new test types in test/evp_test.c, and a test for RSA sigalgs With these tests, we get to test: - EVP_PKEY_sign_init_ex() - EVP_PKEY_verify_init_ex2() - EVP_PKEY_verify_recover_init_ex2() - EVP_PKEY_sign_message_init() and friends - EVP_PKEY_verify_message_init() and friends A few test cases for RSA-{hash} are added, in test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416) | 21 August 2024, 06:21:06 UTC |
| 572a837 | Richard Levitte | 06 July 2024, 14:26:39 UTC | Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416) | 21 August 2024, 06:21:06 UTC |
| e675aab | Richard Levitte | 18 January 2024, 14:27:34 UTC | Implement functionality for direct use of composite signature algorithms The following API groups are extended with a new init function, as well as an update and final function, to allow the use of explicitly fetched signature implementations for any composite signature algorithm, like "sha1WithRSAEncryption": - EVP_PKEY_sign - EVP_PKEY_verify - EVP_PKEY_verify_recover To support this, providers are required to add a few new functions, not the least one that declares what key types an signature implementation supports. While at this, the validity check in evp_signature_from_algorithm() is also refactored; the SIGNATURE provider functionality is too complex for counters. It's better, or at least more readable, to check function combinations. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416) | 21 August 2024, 06:21:06 UTC |
| 1985ba6 | Hubert Kario | 26 July 2024, 14:25:42 UTC | Link to the place where signature options are defined ca man page: link to section Signed-off-by: Hubert Kario <hkario@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25011) | 20 August 2024, 09:55:36 UTC |
| 391334d | XZ-X | 22 July 2024, 18:33:02 UTC | When calling ASN1_item_i2d () check both returned length and allocated pointer Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24979) | 20 August 2024, 09:45:14 UTC |
| dc6993a | erbsland-dev | 17 July 2024, 21:21:42 UTC | Enhance s_client Output Fixes #8123: Clarify cipher and protocol version display - Added a new line “Protocol:” to display the protocol version separately after the cipher line. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24921) | 20 August 2024, 09:16:22 UTC |
| a0b6528 | Pauli | 15 August 2024, 00:58:25 UTC | test: add command line indicator option checking to fipsinstall Validate that the relevant options are on when -pedantic is specified, off when it isn't and can be given to enable the setting. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25194) | 20 August 2024, 03:41:44 UTC |
| 96de408 | slontis | 16 August 2024, 09:10:22 UTC | Add FIPS self test updates After reviewing the FIPS 140-3 IG self tests requirements the following were added: - TDES Decryption (Not sure why this was missing) - DH changed to use ffdhe2048 instead of P,Q,G params. - Signature code has been changed to use a msg rather than a digest as input. (Since some digests dont provide the one shot API, the EVP_DigestSignFinal and EVP_DigestVerifyFinal needed to be exposed to the FIPS provider). The code is now shared between ED and the other key types. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25217) | 20 August 2024, 00:05:13 UTC |
| e113a92 | Ingo Franzki | 02 February 2024, 13:55:32 UTC | test/hmactest: Add further tests for HMAC with multiple update calls Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25161) | 19 August 2024, 16:23:35 UTC |
| 0499de5 | Ingo Franzki | 01 February 2024, 14:15:27 UTC | s390x: Add hardware acceleration for HMAC The CPACF instruction KMAC provides support for accelerating the HMAC algorithm on newer machines for HMAC with SHA-224, SHA-256, SHA-384, and SHA-512. Preliminary measurements showed performance improvements of up to a factor of 2, dependent on the message size, whether chunking is used and the size of the chunks. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25161) | 19 August 2024, 16:23:35 UTC |
| 518b53b | Ingo Franzki | 31 January 2024, 15:26:52 UTC | s390x: Add defines for new CPACF functions Add defines for new CPACF functions codes, its required MSA levels, and document how to disable these functions via the OPENSSL_s390xcap environment variable. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25161) | 19 August 2024, 16:23:35 UTC |
| a6c9378 | Tomas Mraz | 19 August 2024, 09:34:27 UTC | Explicitly include e_os.h for close() Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25229) (cherry picked from commit 0c0c6954bf4fa7b56e21e1393c9e5e5d55c1b2d6) | 19 August 2024, 10:27:41 UTC |
| d604834 | shridhar kalavagunta | 04 August 2024, 21:04:53 UTC | RAND_write_file(): Avoid potential file descriptor leak If fdopen() call fails we need to close the fd. Also return early as this is most likely some fatal error. Fixes #25064 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25081) | 19 August 2024, 09:10:43 UTC |
| 4c37778 | slontis | 19 August 2024, 03:52:24 UTC | CI: Fix GCM IV check in acvp_test for crosstest Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25223) | 19 August 2024, 08:25:41 UTC |
| 5111eac | Tomas Mraz | 16 August 2024, 09:54:00 UTC | speed.c: Return success with -testmode -async_jobs if not ASYNC_is_capable() Fixes #25203 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25204) | 19 August 2024, 07:06:33 UTC |
| 34877db | Pauli | 18 August 2024, 22:31:15 UTC | test: add a default greeting to avoid printing a null pointer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/25221) | 18 August 2024, 22:31:15 UTC |
| 563c51c | slontis | 14 August 2024, 07:21:54 UTC | Add an indicator for AES GCM that returns if the iv has been generated internally. This is not using a strict check since there may be applications that require the IV to be generated externally (e.g. java). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25178) | 18 August 2024, 21:21:28 UTC |
| 47645bf | Andrew Dinh | 16 August 2024, 13:55:16 UTC | list_tls_signatures(): Avoid leak with zero length builtin_sigalgs Fixes Coverity 1616307 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25219) | 17 August 2024, 21:32:17 UTC |
| 8d28402 | Dmitry Belyavskiy | 14 August 2024, 12:40:39 UTC | We can't check policy if we got an empty stack of certs Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25186) | 17 August 2024, 16:09:15 UTC |
| 7c3c737 | Neil Horman | 15 August 2024, 13:48:42 UTC | Move docker files to test Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25091) | 16 August 2024, 18:34:08 UTC |
| 4c2242b | Neil Horman | 05 August 2024, 20:52:06 UTC | Add workflow to do nightly build of interop container and push to quay Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25091) | 16 August 2024, 18:34:08 UTC |
| 8ffdfea | Neil Horman | 05 August 2024, 20:42:06 UTC | Add dockerfile for generation of a quic interop container Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25091) | 16 August 2024, 18:34:08 UTC |
