| fdded23b | 25-Nov-2024 |
Bartel Artem |
apps/passwd.c: Convert a redundant check to assert
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@open
apps/passwd.c: Convert a redundant check to assert
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26053)
show more ...
|
| 4c04a198 | 27-Nov-2024 |
Neil Horman |
Fix solaris build in CRYPTO_atomic_store api
Misnamed variable, just correct it to dst
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org
Fix solaris build in CRYPTO_atomic_store api
Misnamed variable, just correct it to dst
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26075)
show more ...
|
| 740668f0 | 25-Nov-2024 |
sftcd |
Use static array (length 256) for copy of OPENSSL_MALLOC_FAILURES
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi
Use static array (length 256) for copy of OPENSSL_MALLOC_FAILURES
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26039)
show more ...
|
| 0bba8218 | 25-Nov-2024 |
Tomas Mraz |
Deprecate all BIO_meth_get_*() functions
Their use by applications is inherently unsafe.
Fixes #26047
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <to
Deprecate all BIO_meth_get_*() functions
Their use by applications is inherently unsafe.
Fixes #26047
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26056)
show more ...
|
| a64d26ac | 16-Oct-2024 |
Niels Dossche |
Use sk_X509_ATTRIBUTE_deep_copy() to copy attribute stacks in pk7_doit.c
Clean up the code by using the dedicated stack copy function.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Use sk_X509_ATTRIBUTE_deep_copy() to copy attribute stacks in pk7_doit.c
Clean up the code by using the dedicated stack copy function.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25713)
show more ...
|
| ce4b2444 | 27-Nov-2024 |
Pauli |
ci: add daily runcheckers to exercise the -DOPENSSL_PEDANTIC_ZEROIZATION option
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged f
ci: add daily runcheckers to exercise the -DOPENSSL_PEDANTIC_ZEROIZATION option
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
show more ...
|
| 01cfee2c | 27-Nov-2024 |
Pauli |
fips: change integrity check zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(
fips: change integrity check zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
show more ...
|
| 8d09e61b | 27-Nov-2024 |
Pauli |
pbkdf2: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged fr
pbkdf2: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
show more ...
|
| db1d8c90 | 27-Nov-2024 |
Pauli |
hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from
hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
show more ...
|
| e73c1faa | 27-Nov-2024 |
Pauli |
rsa: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from
rsa: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
show more ...
|
| de22c10b | 27-Nov-2024 |
Pauli |
ffc: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from
ffc: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
show more ...
|
| f4710617 | 27-Nov-2024 |
Pauli |
ec: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from h
ec: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
show more ...
|
| 0b05db0e | 27-Nov-2024 |
willmafh |
A typo fix in a comment
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
A typo fix in a comment
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26069)
show more ...
|
| 847a2375 | 25-Nov-2024 |
David Benjamin |
Document expected BIO operations for libssl
If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but
this is not document anywhere.
Reviewed-by: Matt Caswell <ma
Document expected BIO operations for libssl
If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but
this is not document anywhere.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26060)
show more ...
|
| 5dbcfbff | 11-Nov-2024 |
Richard Levitte |
Upgrade action/{upload,download}-artifact to v4
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/o
Upgrade action/{upload,download}-artifact to v4
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25920)
show more ...
|
| b9886a6f | 15-Nov-2024 |
Dimitri John Ledkov |
fips-jitter: set provider into error state upon CRNG permanent failures
With fips-jitter build time option, jitter can be inside FIPS
boundary.
Calls to jent_read_entropy() can
fips-jitter: set provider into error state upon CRNG permanent failures
With fips-jitter build time option, jitter can be inside FIPS
boundary.
Calls to jent_read_entropy() can return permanent failures for
Repetitive Count Test (RTC), Adaptive Proportion Test (APT), LAG
prediction test.
Ensure the module enters error state upon permanent jitter failures.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25957)
show more ...
|
| 98be2e8f | 20-Nov-2024 |
Niels Dossche |
Fix potential memory leak on failure of ecx_gen_init()
When ecx_gen_set_params() returns 0, it could have duplicated the memory
for the parameter OSSL_KDF_PARAM_PROPERTIES already in gct
Fix potential memory leak on failure of ecx_gen_init()
When ecx_gen_set_params() returns 0, it could have duplicated the memory
for the parameter OSSL_KDF_PARAM_PROPERTIES already in gctx->propq,
leading to a memory leak.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26015)
show more ...
|
| d7e8f6f7 | 20-Nov-2024 |
Niels Dossche |
Fix potential memory leak on failure of dsa_gen_init()
When dsa_gen_set_params() returns 0, it could have duplicated the memory for the parameter
OSSL_PKEY_PARAM_FFC_DIGEST already in g
Fix potential memory leak on failure of dsa_gen_init()
When dsa_gen_set_params() returns 0, it could have duplicated the memory for the parameter
OSSL_PKEY_PARAM_FFC_DIGEST already in gctx->mdname, leading to a memory leak.
Allocated here: https://github.com/openssl/openssl/blob/47a80fd2034cd4314d3b4958539dcd3106087109/providers/implementations/keymgmt/dsa_kmgmt.c#L524
Can return 0 here: https://github.com/openssl/openssl/blob/47a80fd2034cd4314d3b4958539dcd3106087109/providers/implementations/keymgmt/dsa_kmgmt.c#L529-L536
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26016)
show more ...
|
| ea581785 | 12-Nov-2024 |
Tom Cosgrove |
Enable AES and SHA3 optimisations on Apple Silicon M4-based macOS systems
AES gets a performance enhancement of 7-33%.
Tested on an M4 Pro, but the CPU cores are the same on M4 and
Enable AES and SHA3 optimisations on Apple Silicon M4-based macOS systems
AES gets a performance enhancement of 7-33%.
Tested on an M4 Pro, but the CPU cores are the same on M4 and M4 Max.
Change-Id: I634c03f1d2b50fa5f8ca97dd65975e49d970c72b
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/25940)
show more ...
|
| 635bf494 | 14-Nov-2024 |
Dimitri John Ledkov |
fips: remove redundant RSA encrypt/decrypt KAT
FIPS 140-2 IG D.9 has become FIPS 140-3 D.G (see "Mapping FIPS 140-2
IGs to FIPS 140-3" in the FIPS 140-3 IG).
The requirements w.
fips: remove redundant RSA encrypt/decrypt KAT
FIPS 140-2 IG D.9 has become FIPS 140-3 D.G (see "Mapping FIPS 140-2
IGs to FIPS 140-3" in the FIPS 140-3 IG).
The requirements w.r.t. RSA KATs have now been relaxed, meaning that
existing full-message RSA signature verification (which is performed
separately) is sufficient to meet KAT requirements for all RSA
usecases (KEM/Encrypt/Decrypt/Sign/Verify).
Dropping this KAT is very useful, because it is large/expensive on
module startup, but also because it enables in the future to block RSA
Encrypt/Decrypt operations with paddings other than OAEP, which are
legacy or deprecated by either current or draft algorithm transition
SP.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25988)
show more ...
|
| 5946465a | 14-Nov-2024 |
Dimitri John Ledkov |
fips: zeroize temporary self-check out MD variable
At least this is done on module startup only.
To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10]
requirement.
fips: zeroize temporary self-check out MD variable
At least this is done on module startup only.
To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10]
requirement.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25945)
show more ...
|
| 69d0d939 | 20-Nov-2024 |
Dmitry Belyavskiy |
.gitignore: Ignoring demo executables
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged
.gitignore: Ignoring demo executables
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26009)
show more ...
|
| 7b08f256 | 19-Nov-2024 |
Peiwei Hu |
Remove the negative return values of EVP_KDF_* functions in documents
None of the EVP_KDF_* functions will ever return a negative value.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Remove the negative return values of EVP_KDF_* functions in documents
None of the EVP_KDF_* functions will ever return a negative value.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
show more ...
|
| 8baf61d5 | 27-Oct-2024 |
Peiwei Hu |
Fix wrong return value checks for some functions
- in particular in use of X509_LOOKUP_load_file, EVP_PKEY_print_params,
EVP_PKEY_keygen, X509_CRL_add1_ext_i2d, EVP_PKEY_keygen_init
Fix wrong return value checks for some functions
- in particular in use of X509_LOOKUP_load_file, EVP_PKEY_print_params,
EVP_PKEY_keygen, X509_CRL_add1_ext_i2d, EVP_PKEY_keygen_init
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
show more ...
|
| b2b995ec | 27-Oct-2024 |
Peiwei Hu |
Fix multiple wrong use of BN_check_prime
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25
Fix multiple wrong use of BN_check_prime
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
show more ...
|
