History log of /openssl/ (Results 201 – 225 of 36072)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
12d14de630-Sep-2024 Pauli

test: add FIPS version check for EC cofactor derive tests

These were added in #25548 but didn't include a FIPS version check which
causes failures testing older FIPS providers against la

test: add FIPS version check for EC cofactor derive tests

These were added in #25548 but didn't include a FIPS version check which
causes failures testing older FIPS providers against later versions.

Also change some skips to use TEST_skip.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25582)

show more ...

2f362e9926-Sep-2024 slontis

Fix bugs in ECDH cofactor FIPS indicator.

The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FI

Fix bugs in ECDH cofactor FIPS indicator.

The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FIPS indicator error being triggered.

Added a test for all possible combinations of a EVP_PKEY setting
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE.

This only affects the B & K curves (which have a cofactor that is not 1).

Bug reported by @abkarcher

Testing this properly, also detected a memory leak of privk when the
FIPS indicator error was triggered (in the case where mode = 0 and
use_cofactor was 1).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25548)

show more ...

fc68cf2121-Sep-2024 Dimitri John Ledkov

kdfs: implement key length check in X9.42

Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dal

kdfs: implement key length check in X9.42

Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25529)

show more ...

3be6387530-Sep-2024 Dimitri John Ledkov

docs: document options added in openssl-fipsinstall 3.4+

Document new command line options added in 3.4.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul D

docs: document options added in openssl-fipsinstall 3.4+

Document new command line options added in 3.4.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)

show more ...

9331a20230-Sep-2024 Dimitri John Ledkov

docs: document options added in openssl-fipsinstall 3.2+

Document new command line options added in 3.2.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul D

docs: document options added in openssl-fipsinstall 3.2+

Document new command line options added in 3.2.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)

show more ...

1b52b24a30-Sep-2024 Dimitri John Ledkov

docs: document options added in openssl-fipsinstall 3.1+

Document new command line options added in 3.1.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul D

docs: document options added in openssl-fipsinstall 3.1+

Document new command line options added in 3.1.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)

show more ...

634d843230-Sep-2024 Dimitri John Ledkov

docs: add HISTORY section to openssl-fipsinstall (3.0+)

Documents when the command was added.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@

docs: add HISTORY section to openssl-fipsinstall (3.0+)

Documents when the command was added.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)

show more ...

c788f1c625-Sep-2024 Pauli

Add CHANGES entry

To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/

Add CHANGES entry

To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)

show more ...

0081964825-Sep-2024 Pauli

test: fix unit tests for fips CRNG tests

To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged f

test: fix unit tests for fips CRNG tests

To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)

show more ...

d927eb2925-Sep-2024 Pauli

doc: fix typo in CRNG test documentation.

To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged

doc: fix typo in CRNG test documentation.

To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)

show more ...

ed68623223-Sep-2024 Dimitri John Ledkov

fips: Prohibit SHA1 in DH & ECDH exchange

See Section 5 Key Agreement Using Diffie-Hellman and MQV of
[NIST SP 800-131Ar2](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8

fips: Prohibit SHA1 in DH & ECDH exchange

See Section 5 Key Agreement Using Diffie-Hellman and MQV of
[NIST SP 800-131Ar2](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).

Strengths less than 112bits is disallowed, thus eliminating SHA1.

Skip cms test case that requires use of SHA1 with X9.42 DH.

Rename ossl_fips_ind_digest_check to ossl_fips_ind_digest_exch_check

Add myself to Changes for fips indicator work

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25517)

show more ...

3ef1b74213-Sep-2024 Зишан Мирза

Check file name for not being NULL before opening it

Fixes #24416

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h

Check file name for not being NULL before opening it

Fixes #24416

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25458)

show more ...

4f89984912-Sep-2024 Зишан Мирза

Fix examples in EVP_PKEY_encapsulate/decapsulate documentation

Fixes #25448

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
R

Fix examples in EVP_PKEY_encapsulate/decapsulate documentation

Fixes #25448

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25450)

show more ...

ffc5a29616-Sep-2024 Зишан Мирза

Remove double engine reference in ossl_ec_key_dup()

Fixes #25260

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:

Remove double engine reference in ossl_ec_key_dup()

Fixes #25260

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25453)

show more ...

8ac42a5f19-Sep-2024 Shawn C

Fix NULL ptr dereference on EC_POINT *point

Use non-usual params of pkcs11 module will trigger a null ptr deref bug. Fix it for #25493

CLA: trivial

Reviewed-by: Tim Hudson

Fix NULL ptr dereference on EC_POINT *point

Use non-usual params of pkcs11 module will trigger a null ptr deref bug. Fix it for #25493

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25496)

show more ...

c4ec708b23-Sep-2024 Neil Horman

Rename list macros

The quic implementation defined a set of LIST_* macros for list
manipulation, which conflicts with the generally support BSD api found
in the queue.h system header

Rename list macros

The quic implementation defined a set of LIST_* macros for list
manipulation, which conflicts with the generally support BSD api found
in the queue.h system header. While this isn't normally a problem, A
report arrived indicating that MacOSX appears to implicitly include
queue.h from another system header which causes definition conflicts.

As the openssl macros are internal only, it seems the most sensible
thing to do is place them in a well known namespace for our library to
avoid the conflict, so add an OSSL_ prefix to all our macros

Fixes #25516

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/25519)

show more ...

91ec19e924-Sep-2024 Dr. David von Oheimb

check-format.pl: do checks regarding statement/block after for() also on {OSSL_,}LIST_FOREACH{,_*}

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com

check-format.pl: do checks regarding statement/block after for() also on {OSSL_,}LIST_FOREACH{,_*}

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25535)

show more ...

260ecea023-Sep-2024 Pauli

ctr-drbg: always use the DF for OpenSSL's DRBGs

Force the use of the derivation function when creating OpenSSL's internal
DRBGs.

FIPS mandates the use of a derivation function,

ctr-drbg: always use the DF for OpenSSL's DRBGs

Force the use of the derivation function when creating OpenSSL's internal
DRBGs.

FIPS mandates the use of a derivation function, so 3.4 cannot be validated as
it stands which run counter to the indicator work that was included.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25511)

(cherry picked from commit 0ab796ef9674b378ac644ad8d477685619a2ff37)

show more ...

9d71a66224-Jul-2024 JohnnySavages

Check sk_X509_value result before dereference

issuer passed as second parameter to check_issued may result in
NULL dereference

CLA: trivial

Reviewed-by: Hugo Landau <hl

Check sk_X509_value result before dereference

issuer passed as second parameter to check_issued may result in
NULL dereference

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24760)

show more ...

e7abc21106-Mar-2024 Vladimir Kotal

document the format of DSA signature

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23762)

1ef3032e26-Jul-2024 David von Oheimb

80-test_cmp_http.t: fix handling of IPv6 server host (localhost '::1')

Fixes 22467

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

80-test_cmp_http.t: fix handling of IPv6 server host (localhost '::1')

Fixes 22467

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)

show more ...

ac91bd8801-Aug-2024 David von Oheimb

doc/man{1,3}: fix details on IPv6 host addresses and of whitespace in no_proxy

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged f

doc/man{1,3}: fix details on IPv6 host addresses and of whitespace in no_proxy

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)

show more ...

fe004a0901-Aug-2024 David von Oheimb

OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openss

OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)

show more ...

1c90d36a01-Aug-2024 David von Oheimb

OSSL_HTTP_open(): fix completion with default port for IPv6 host addresses

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

OSSL_HTTP_open(): fix completion with default port for IPv6 host addresses

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)

show more ...

ec4b123a31-Jul-2024 David von Oheimb

http_server.{c,h}: make clear that IPv4 or IPv6 is used by http_server_init()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

http_server.{c,h}: make clear that IPv4 or IPv6 is used by http_server_init()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)

show more ...

12345678910>>...1443