068c9bee | 08-Aug-2024 |
Pauli |
test: add error reasons to RSA tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/open
test: add error reasons to RSA tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
8e316edd | 08-Aug-2024 |
Pauli |
fips: change from function call to macro in rsa_enc.c Use of the function instead of the macro for the indicator unapproved check was noted in: https://github.com/openssl/openssl/pull/25
fips: change from function call to macro in rsa_enc.c Use of the function instead of the macro for the indicator unapproved check was noted in: https://github.com/openssl/openssl/pull/25070#discussion_r1706564363 Fix things to use the macro properly. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25134)
show more ...
|
f0768376 | 26-Jul-2024 |
Neil Horman |
limit bignums to 128 bytes Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmai
limit bignums to 128 bytes Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25013)
show more ...
|
250a7adb | 01-Aug-2024 |
slontis |
Add "no-fips-post" configure option. Using this option disables the OpenSSL FIPS provider self tests. This is intended for debugging purposes only, as it breaks FIPS compliance.
Add "no-fips-post" configure option. Using this option disables the OpenSSL FIPS provider self tests. This is intended for debugging purposes only, as it breaks FIPS compliance. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25063)
show more ...
|
ea3888a3 | 07-Aug-2024 |
slontis |
Fix FIPS indicator defines for larger indicies. A newer PR is using setable3 now so these indicies should be fixed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul
Fix FIPS indicator defines for larger indicies. A newer PR is using setable3 now so these indicies should be fixed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25118)
show more ...
|
fd39d1c8 | 05-Aug-2024 |
Pauli |
test: add negative tests for KBKDF key size check under FIPS Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://gith
test: add negative tests for KBKDF key size check under FIPS Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
ae87c488 | 05-Aug-2024 |
Pauli |
fips: add kbkdf key length check as per SP 800-131a revision 2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://gi
fips: add kbkdf key length check as per SP 800-131a revision 2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
6cb6b171 | 05-Aug-2024 |
Pauli |
fips: add kbkdf key check checking function Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/op
fips: add kbkdf key check checking function Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
57fb8841 | 05-Aug-2024 |
Pauli |
doc: docment key-check param for kbkdf Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl
doc: docment key-check param for kbkdf Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
8d52cf52 | 05-Aug-2024 |
Pauli |
doc: document kbkdf key check argument for fipsinstall Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com
doc: document kbkdf key check argument for fipsinstall Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
243b7f39 | 05-Aug-2024 |
Pauli |
fips: install with the kbkdf key check option set Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/open
fips: install with the kbkdf key check option set Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
c2b8af89 | 05-Aug-2024 |
Pauli |
params: add kbkdf key check param Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull
params: add kbkdf key check param Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
090247b2 | 05-Aug-2024 |
Pauli |
fipsinstall: add kbkdf key check option Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openss
fipsinstall: add kbkdf key check option Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
e77eb1dc | 19-Apr-2024 |
JulieDzeze1 |
Update BN_add.pod documentation so it is consistent with header declarations CLA: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@
Update BN_add.pod documentation so it is consistent with header declarations CLA: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24215)
show more ...
|
de8861a7 | 01-Aug-2024 |
Mathis Marion |
Remove duplicate colon in otherName display The colon is already added in X509V3_EXT_val_prn(). In fact, the other branches from i2v_GENERAL_NAME() do not include a trailing colon.
Remove duplicate colon in otherName display The colon is already added in X509V3_EXT_val_prn(). In fact, the other branches from i2v_GENERAL_NAME() do not include a trailing colon. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23428)
show more ...
|
387491d5 | 12-Jan-2024 |
Mathis Marion |
Add OIDs id-kp-wisun-fan-device and id-on-hardwareModule Sub-OIDs for {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 45605} are recorded in the document "
Add OIDs id-kp-wisun-fan-device and id-on-hardwareModule Sub-OIDs for {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 45605} are recorded in the document "Wi-SUN Assigned Value Registry" (WAVR). OID id-on-hardwareModule is defined in RFC 4108. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23428)
show more ...
|
c0c4e6ba | 06-Aug-2024 |
Matt Caswell |
Remove the event queue code PR #18345 added some code for an event queue. It also added a test for it. Unfortunately this event queue code has never been used for anything. Additiona
Remove the event queue code PR #18345 added some code for an event queue. It also added a test for it. Unfortunately this event queue code has never been used for anything. Additionally the test was never integrated into a test recipe, so it never actually gets invoked via "make test". This makes the code entirely dead, unnecessarily bloats the size of libssl and causes a decrease in our testing code coverage value. We remove the dead code. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25100)
show more ...
|
e70e34d8 | 05-Aug-2024 |
Tomas Mraz |
dh_kmgmt.c: Avoid expensive public key validation for known safe-prime groups The partial validation is fully sufficient to check the key validity. Thanks to Szilárd Pfeiffer for re
dh_kmgmt.c: Avoid expensive public key validation for known safe-prime groups The partial validation is fully sufficient to check the key validity. Thanks to Szilárd Pfeiffer for reporting the issue. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25088)
show more ...
|
7bcfb414 | 05-Aug-2024 |
Tomas Mraz |
ossl_print_attribute_value(): use a sequence value only if type is a sequence Move the switch to print a distinguished name inside the switch by the printed attribute type, otherwise a m
ossl_print_attribute_value(): use a sequence value only if type is a sequence Move the switch to print a distinguished name inside the switch by the printed attribute type, otherwise a malformed attribute will cause a crash. Updated the fuzz corpora with the testcase Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25087)
show more ...
|
217e215e | 05-Aug-2024 |
Tomas Mraz |
rsa_pss_compute_saltlen(): Avoid integer overflows and check MD and RSA sizes Fixes Coverity 1604651 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove
rsa_pss_compute_saltlen(): Avoid integer overflows and check MD and RSA sizes Fixes Coverity 1604651 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25085)
show more ...
|
e3e15e77 | 05-Aug-2024 |
Tomas Mraz |
do_print_ex(): Avoid possible integer overflow Fixes Coverity 1604657 Fixes openssl/project#780 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom
do_print_ex(): Avoid possible integer overflow Fixes Coverity 1604657 Fixes openssl/project#780 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25084)
show more ...
|
00f32b22 | 02-Aug-2024 |
Pauli |
test: update SSL API test in light of PKCS#1 version 1.5 padding change under FIPS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
test: update SSL API test in light of PKCS#1 version 1.5 padding change under FIPS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25070)
show more ...
|
d0575619 | 02-Aug-2024 |
Pauli |
test: update SSL old test in light of PKCS#1 version 1.5 padding change under FIPS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
test: update SSL old test in light of PKCS#1 version 1.5 padding change under FIPS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25070)
show more ...
|
449bc104 | 01-Aug-2024 |
Pauli |
sslapitest: add meaningful skip messages Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openss
sslapitest: add meaningful skip messages Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25070)
show more ...
|
29a0f040 | 01-Aug-2024 |
Pauli |
cms: fix tests in light of PKCS#1 version 1.5 padding check Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https:
cms: fix tests in light of PKCS#1 version 1.5 padding check Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25070)
show more ...
|