History log of /openssl/ (Results 101 – 125 of 36072)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
a08a145d22-Oct-2024 Dimitri John Ledkov

github: add fips configuration, with legacy transitions turned off

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.c

github: add fips configuration, with legacy transitions turned off

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25762)

show more ...

9d70bba122-Oct-2024 Dimitri John Ledkov

fips no-des: compile out TDES KAT

FIPS provider correctly supports no-des build time option and doesn't
advertise DES related algorithms. However KAT test for DES is still
attempted

fips no-des: compile out TDES KAT

FIPS provider correctly supports no-des build time option and doesn't
advertise DES related algorithms. However KAT test for DES is still
attempted to be executed and fails.

This prevents configuring FIPS provider without legacy behaviour as
defined in SP 800-131Arev2. Also see #25761 internal docs.

Fix `enable-fips no-des` build option, and add a daily checker for
"legacy-free" (as much as currently feasible) FIPS configuration.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25762)

show more ...

fc0e794622-Oct-2024 Frederik Wedel-Heinen

tls_common.c: Align the calculation of maximal alignment value

In tls_setup_write_buffer() and tls_setup_read_buffer() the calculation
is different. Make them the same.

Fixes #2

tls_common.c: Align the calculation of maximal alignment value

In tls_setup_write_buffer() and tls_setup_read_buffer() the calculation
is different. Make them the same.

Fixes #25746

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25764)

show more ...

3d3bb26a05-Oct-2024 Alexandr Nedvedicky

Do not confuse TAP::Parser by mixing up stderr with stdout.

This avoids false psotivie failures on FreeBSD-CI which
suffers most from this issue.

Fixes #23992

Reviewed-

Do not confuse TAP::Parser by mixing up stderr with stdout.

This avoids false psotivie failures on FreeBSD-CI which
suffers most from this issue.

Fixes #23992

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/25613)

show more ...

76783a8216-Oct-2024 Kurt Roeckx

Dependabot: no longer set an "approval: otc review pending" label

The label doesn't exist anymore.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgr

Dependabot: no longer set an "approval: otc review pending" label

The label doesn't exist anymore.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25706)

show more ...

c579568916-Oct-2024 Tomas Mraz

Fix missing sendmmsg/recvmmsg on AIX

This at least fixes the build failures on AIX

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.or

Fix missing sendmmsg/recvmmsg on AIX

This at least fixes the build failures on AIX

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25704)

show more ...

72d3e9ba09-Oct-2024 Dr. David von Oheimb

TRACE: automatically respect disabled categories

by fixing OSSL_trace_begin() to return NULL when given category is not enabled

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>

TRACE: automatically respect disabled categories

by fixing OSSL_trace_begin() to return NULL when given category is not enabled

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25652)

show more ...

e8d9635908-Oct-2024 Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix memory leaks in ossl_quic_calculate_retry_integrity_tag()

Fixes #25625

Several error paths return 0 directly instead of going to err to clean
up the objects.

CLA: t

Fix memory leaks in ossl_quic_calculate_retry_integrity_tag()

Fixes #25625

Several error paths return 0 directly instead of going to err to clean
up the objects.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25636)

show more ...

37aa114307-Oct-2024 Michael Baentsch <57787676+baentsch@users.noreply.github.com>

Improve documentation about duplicate algorithm registrations

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Da

Improve documentation about duplicate algorithm registrations

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25624)

show more ...

f928304a26-Sep-2024 Ingo Franzki

s390x: Don't probe crypto cards for ME/CRT offloading during initialization

Probing for crypto cards during initialization by issuing an ioctl to the
zcrypt device driver can cause a lot

s390x: Don't probe crypto cards for ME/CRT offloading during initialization

Probing for crypto cards during initialization by issuing an ioctl to the
zcrypt device driver can cause a lot of traffic and overhead, because it
runs for each and every application that uses OpenSSL, regardless if that
application will later perform ME or CRT operations or not.

Fix this by performing no probing during initialization, but detect the
crypto card availability only at the first ME/CRT operation that is subject
to be offloaded. If the ioctl returns ENODEV, then no suitable crypto
card is available in the system, and we disable further offloading
attempts by setting flag OPENSSL_s390xcex_nodev to 1.

Setting the global flag OPENSSL_s390xcex_nodev in case of ENODEV is
intentionally not made in a thread save manner, because the only thing
that could happen is that another thread, that misses the flag update,
also issues an ioctl and gets ENODEV as well.

The file descriptor is not closed in such error cases, because this could
cause raise conditions where we would close a foreign file if the same
file descriptor got reused by another thread. The file descriptor is finally
closed during termination by the atexit handler.

In case the ioctl returns ENOTTY then this indicates that the file descriptor
was closed (e.g. by a sandbox), but in the meantime the same file descriptor
has been reused for another file. Do not use the file descriptor anymore,
and also do not close it during termination.

Fixes: https://github.com/openssl/openssl/commit/79040cf29e011c21789563d74da626b7465a0540

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25576)

show more ...

e1886edf15-Oct-2024 Michael Baentsch <57787676+baentsch@users.noreply.github.com>

work around oqsprovider out-of-source build bug

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.co

work around oqsprovider out-of-source build bug

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25702)

show more ...

8bcf488015-Oct-2024 Michael Baentsch <57787676+baentsch@users.noreply.github.com>

Updated oqsprovider to v0.7.0

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged fro

Updated oqsprovider to v0.7.0

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25702)

show more ...

36254fda18-Oct-2024 Tomas Mraz

Add CHANGES.md and NEWS.md entries for CVE-2024-9143

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Bernd Edlinger <b

Add CHANGES.md and NEWS.md entries for CVE-2024-9143

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/25734)

(cherry picked from commit 233034bc5a294b26d37186dc68d7d6d8357d889a)

show more ...

1f0cb85018-Oct-2024 Tomas Mraz

ecdh_cofactor_derive_test(): Skip the test if the curve is not supported

It will not be supported if the fips provider was built with no-ec2m.

Fixes #25729

Reviewed-by: Tim

ecdh_cofactor_derive_test(): Skip the test if the curve is not supported

It will not be supported if the fips provider was built with no-ec2m.

Fixes #25729

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25731)

show more ...

dfc5ba8a18-Oct-2024 Tomas Mraz

run-checker-merge.yml: Combine no-ec2m with enable-fips

This can reveal more errors than just no-ec2m.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@g

run-checker-merge.yml: Combine no-ec2m with enable-fips

This can reveal more errors than just no-ec2m.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25731)

show more ...

e84878a717-Oct-2024 Dmitry Misharov

update logo

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25725)

51921b8708-Oct-2024 Michael Baentsch <57787676+baentsch@users.noreply.github.com>

first cut at KEM & key management skeletons

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.or

first cut at KEM & key management skeletons

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25640)

show more ...

00776cba10-Oct-2024 Ondrej Moris

ci: re-organize external tests

Signed-off-by: Ondrej Moris <omoris@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

ci: re-organize external tests

Signed-off-by: Ondrej Moris <omoris@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25587)

show more ...

7832374f10-Oct-2024 Ondrej Moris

test: clean-up README-external documentation

Signed-off-by: Ondrej Moris <omoris@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@op

test: clean-up README-external documentation

Signed-off-by: Ondrej Moris <omoris@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25587)

show more ...

e9af1eaa25-Sep-2024 Ondrej Moris

test: Add external test for pkcs11-provider

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope

test: Add external test for pkcs11-provider

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25587)

show more ...

144b9ebc29-Aug-2024 Alicja Kario

add test coverage for #25298

Add test coverage for issue #25298, clean up the json file so
it uses consistent indentation

Signed-off-by: Alicja Kario <hkario@redhat.com>

add test coverage for #25298

Add test coverage for issue #25298, clean up the json file so
it uses consistent indentation

Signed-off-by: Alicja Kario <hkario@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25329)

show more ...

bb221d3629-Aug-2024 Alicja Kario

update tlsfuzzer to new version

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
R

update tlsfuzzer to new version

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25329)

show more ...

5b29c71a09-Oct-2024 Neil Horman

updating comments in test recipie

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Revie

updating comments in test recipie

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)

show more ...

5dffe6af09-Oct-2024 Neil Horman

updating docs to reflect security risks for SSLKEYLOGFILE

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlanda

updating docs to reflect security risks for SSLKEYLOGFILE

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)

show more ...

6f7273a908-Oct-2024 Neil Horman

Convert keylogging in response to comments

1) Convert failures in keylog setup to trace messages for a warning-like
mechanism

2) Convert sslkeylogfile_cb to be a flag used to

Convert keylogging in response to comments

1) Convert failures in keylog setup to trace messages for a warning-like
mechanism

2) Convert sslkeylogfile_cb to be a flag used to determine making a
direct call to the internal logging function

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)

show more ...

12345678910>>...1443