f83707dc | 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
open brace '{' following struct go on the same line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Revie
open brace '{' following struct go on the same line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
962431d5 | 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
1cf2f823 | 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Remove trailing whitespace Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb
Remove trailing whitespace Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
a4fd9485 | 18-Jul-2024 |
jasper-smit-servicenow |
Update X509V3_get_d2i.pod returned pointer needs to be freed CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Review
Update X509V3_get_d2i.pod returned pointer needs to be freed CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24927)
show more ...
|
b2deefb9 | 18-Jul-2024 |
Tomas Mraz |
i2d_name_canon(): Check overflow in len accumulation Fixes Coverity 1604638 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed
i2d_name_canon(): Check overflow in len accumulation Fixes Coverity 1604638 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24930)
show more ...
|
10c36d2f | 19-Jul-2024 |
Georgi Valkov |
gitignore: add .DS_Store macOS creates .DS_Store files all over the place while browsing directories. Add it to the list of ignored files. Signed-off-by: Georgi Valkov <gvalkov@
gitignore: add .DS_Store macOS creates .DS_Store files all over the place while browsing directories. Add it to the list of ignored files. Signed-off-by: Georgi Valkov <gvalkov@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24942)
show more ...
|
787e1dd9 | 11-Jul-2024 |
Richard Levitte |
fix: style nits Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Sho
fix: style nits Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24854)
show more ...
|
b96e10b9 | 11-Jul-2024 |
Richard Levitte |
fix: refactor the EVP_PKEY_OP checks On the one hand, we have public macros that are collections of EVP_PKEY_OP bits, like EVP_PKEY_OP_TYPE_SIG, obviously meant to be used like this:
fix: refactor the EVP_PKEY_OP checks On the one hand, we have public macros that are collections of EVP_PKEY_OP bits, like EVP_PKEY_OP_TYPE_SIG, obviously meant to be used like this: if ((ctx->operation & EVP_PKEY_OP_TYPE_SIG) == 0) ... On the other hand, we also have internal test macros, like EVP_PKEY_CTX_IS_SIGNATURE_OP(), obviously meant to be used like this: if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) ... Unfortunately, these two sets of macros were completely separate, forcing developers to keep them both sync, manually. This refactor makes the internal macros use the corresponding public macros, and adds the missing public macros, for consistency. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24854)
show more ...
|
a9887041 | 18-Jul-2024 |
Tomas Mraz |
tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length() Fixes Coverity 1598052 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgr
tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length() Fixes Coverity 1598052 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24929)
show more ...
|
53b0527d | 19-Jul-2024 |
slontis |
Remove check for RSA encryption allowing X9.31 padding. X9.31 is a Signature Standard, and should not apply to encryption. rsa_ossl_public_encrypt() does not allow this padding mode
Remove check for RSA encryption allowing X9.31 padding. X9.31 is a Signature Standard, and should not apply to encryption. rsa_ossl_public_encrypt() does not allow this padding mode. The openssl rsautil command line tool already failed if the -x931 option was used with -encrypt Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24938)
show more ...
|
98afa01f | 18-Jul-2024 |
Pauli |
fips: correctly initialise FIPS indicator settables The `memset(3)` just happened to work because 2s complement. This is more robust. Also reduced the size of the indicator stru
fips: correctly initialise FIPS indicator settables The `memset(3)` just happened to work because 2s complement. This is more robust. Also reduced the size of the indicator structure. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24923)
show more ...
|
8a79f5bc | 18-Jul-2024 |
Tomas Mraz |
prov-compat-label.yml: Do not test fips provider from master The master branch will be modified by the PR so the result will be misleading. Reviewed-by: Paul Dale <ppzgs1@gmail.
prov-compat-label.yml: Do not test fips provider from master The master branch will be modified by the PR so the result will be misleading. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/24933)
show more ...
|
d357e547 | 18-Jul-2024 |
Tomas Mraz |
Fix the provider compatibility CI Added missing fips version checks in rand_test.c and evprand.txt Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lon
Fix the provider compatibility CI Added missing fips version checks in rand_test.c and evprand.txt Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/24933)
show more ...
|
50066236 | 16-Jul-2024 |
Neil Horman |
Fix coverity-1604661 Coverity called out an error in asn1parse_main, indicating that the for(;;) loop which repeatedly reads from a bio and updates the length value num, may overflow
Fix coverity-1604661 Coverity called out an error in asn1parse_main, indicating that the for(;;) loop which repeatedly reads from a bio and updates the length value num, may overflow said value prior to exiting the loop. We could probably call this a false positive, but on very large PEM file, I suppose it could happen, so just add a check to ensure that num doesn't go from a large positive to a large negative value inside the loop Fixes openssl/private#571 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24910)
show more ...
|
0b67643a | 12-Jul-2024 |
Neil Horman |
Fix coverity-1610057 Coverity caught a error in a recent change, in which atoi was used to assign a value to two size_t variables, and then checked them for being >= 0, which will al
Fix coverity-1610057 Coverity caught a error in a recent change, in which atoi was used to assign a value to two size_t variables, and then checked them for being >= 0, which will always be true. given that atoi returns an undefined value (usually zero) in the event of a failure, theres no good way to check the return value of atoi for validitiy. Instead use OPENSSL_strtoul and confirm both that the translation passed, and that the endptr value is at the NULL terminator (indicating that the entire string was consumed) Fixes openssl/private#552 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24861)
show more ...
|
863e44c1 | 12-Jul-2024 |
Neil Horman |
Add a stroul test Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24861) |
04f7729c | 12-Jul-2024 |
Neil Horman |
Add an OPENSSL_strtoul wrapper utility function to give us sane checking on strtoul conversions Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@o
Add an OPENSSL_strtoul wrapper utility function to give us sane checking on strtoul conversions Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24861)
show more ...
|
202ef97e | 24-Oct-2023 |
Tomas Mraz |
Allow short reads in asn1_d2i_read_bio() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull
Allow short reads in asn1_d2i_read_bio() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22486)
show more ...
|
0d4663ca | 14-Jul-2024 |
erbsland-dev |
Improve clarity and readability of password input documentation Fixed #7310: Enhanced existing documentation for password input methods - Refined descriptions for password input methods:
Improve clarity and readability of password input documentation Fixed #7310: Enhanced existing documentation for password input methods - Refined descriptions for password input methods: `file:`, `fd:`, and `stdin` - Enhanced readability and consistency in the instructions - Clarified handling of multiple lines in read files. - Clarified that `fd:` is not supported on Windows. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24878)
show more ...
|
1b2ab42e | 16-Jul-2024 |
Randall S. Becker |
Change strnlen() to OPENSSL_strnlen() in fuzz/provider. strnlen() is not portable. It is preferable to use the wrapper. Fixes: #24908 Signed-off-by: Randall S. Becker <rand
Change strnlen() to OPENSSL_strnlen() in fuzz/provider. strnlen() is not portable. It is preferable to use the wrapper. Fixes: #24908 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24912)
show more ...
|
d7af3f7a | 15-Jul-2024 |
Gerd Hoffmann |
fix vs2019 warning windows vs2019 throws warnings when compiling openssl for edk2: ERROR - Compiler #2220 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\
fix vs2019 warning windows vs2019 throws warnings when compiling openssl for edk2: ERROR - Compiler #2220 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : the following warning is treated as an error WARNING - Compiler #4701 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local variable 'peer_rpk' used WARNING - Compiler #4703 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local pointer variable 'peer_rpk' used Explicitly initialize the peer_rpk variable to make the compiler happy. Yes, it's a false positive, but you have to check the tls_process_rpk() body in another source file to see that, which apparently is beyond the compiler's capabilities. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24895)
show more ...
|
7e7c41df | 18-Jul-2024 |
Tomas Mraz |
Fix test_cms recipe The number of tests was not bumped in 29bbe7d008 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merge
Fix test_cms recipe The number of tests was not bumped in 29bbe7d008 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24926)
show more ...
|
7821b7b9 | 16-Jul-2024 |
Richard Levitte |
fix: util/check-format-commit.sh to handle one-line diff hunks For multi-line hunks, 'git diff -U0' outputs a pair of START,COUNT indicators to show where the hunk starts and ends. Howe
fix: util/check-format-commit.sh to handle one-line diff hunks For multi-line hunks, 'git diff -U0' outputs a pair of START,COUNT indicators to show where the hunk starts and ends. However, if the hunk is just one line, only START is output, with the COUNT of 1 being implied. Typically, this happens for copyright change hunks, like this: --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -3 +3 @@ - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. This is normal unified diff output, and our script must adapt. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24900)
show more ...
|
cf3d65b8 | 09-Jul-2024 |
Tomas Mraz |
EVP_PKEY-DH.pod: Clarify the manpage in regards to DH and DHX types Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx
EVP_PKEY-DH.pod: Clarify the manpage in regards to DH and DHX types Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/24819)
show more ...
|
45611a8a | 09-Jul-2024 |
Tomas Mraz |
Document that DH and DHX key types cannot be used together in KEX Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <k
Document that DH and DHX key types cannot be used together in KEX Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/24819)
show more ...
|