History log of /openssl/ (Results 676 – 700 of 36077)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
b74646b611-Jul-2024 erbsland-dev

Document Internal EVP_MD_CTX_ Flags

Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
intern

Document Internal EVP_MD_CTX_ Flags

Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
internal use only and must not be used in user code.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24829)

show more ...

20da3dab11-Jul-2024 Georgi Valkov

o_fopen: fix coding style and build error with VS2010

Follow the coding style to place variable definitions before code

Fixes a build error on Windows 2003 with VS2010 introduced in

o_fopen: fix coding style and build error with VS2010

Follow the coding style to place variable definitions before code

Fixes a build error on Windows 2003 with VS2010 introduced in [1]
crypto\o_fopen.c(45) : error C2143: syntax error : missing ';' before 'type'
crypto\o_fopen.c(46) : error C2275: 'DWORD' : illegal use of this type as an expression
E:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\windef.h(152) : see declaration of 'DWORD'
crypto\o_fopen.c(46) : error C2146: syntax error : missing ';' before identifier 'flags'
crypto\o_fopen.c(46) : error C2065: 'flags' : undeclared identifier

[1] https://github.com/openssl/openssl/commit/917f37195ac95252a4c90e86d7d7414c5569aed8

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24853)

show more ...

b24a820001-Jul-2024 Tomas Mraz

x_attrib.c: Fix print_hex() function

- Better handle 0 length input
- Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex()
which fixes insufficient length of the allocate bu

x_attrib.c: Fix print_hex() function

- Better handle 0 length input
- Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex()
which fixes insufficient length of the allocate buffer.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24771)

show more ...

6cf42ad324-May-2024 Hongren Zheng

riscv: Fix cpuid_obj asm checks for sm4/sm3

Similar to #22881 / #23752

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged fro

riscv: Fix cpuid_obj asm checks for sm4/sm3

Similar to #22881 / #23752

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/24486)

show more ...

6eb6489410-Jul-2024 Richard Levitte

fix: drop DSA <=> dsaWithSHA1 aliasing

For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the

fix: drop DSA <=> dsaWithSHA1 aliasing

For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.

This was first discovered with 'openssl list':

$ openssl list -signature-algorithms
...
{ 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default

This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).

Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)

show more ...

8b591dce10-Jul-2024 Dmitry Misharov

deploy docs.openssl.org on doc changes

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24

deploy docs.openssl.org on doc changes

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24839)

show more ...

861e1f4510-Jul-2024 Neil Horman

ignore various files in commit checker

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Mer

ignore various files in commit checker

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24845)

show more ...

ad33d62327-Jun-2024 sashan

EVP_DigestUpdate(): Check if ctx->update is set

The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by

EVP_DigestUpdate(): Check if ctx->update is set

The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1

the issue has been introduced with openssl 3.0.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)

show more ...

939dd47909-Jul-2024 Matt Caswell

Limit the number of commands that can be used in the quic-lcidm fuzzer

The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the num

Limit the number of commands that can be used in the quic-lcidm fuzzer

The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the number of commands to avoid this.

Found by OSSFuzz

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24831)

show more ...

c86d37ce10-Jul-2024 Neil Horman

Modify check-format to match line length coding style

In an effort to clarify our coding style, generally line lengths SHOULD
be no longer than 80 columns but MUST be no longer than 100

Modify check-format to match line length coding style

In an effort to clarify our coding style, generally line lengths SHOULD
be no longer than 80 columns but MUST be no longer than 100 columns

Modify the check-format.pl script to account for this.

Replace the -l|--sloppy-len option (which modifies the max line length
to 84 rather than 80 cols), with -l|--strict-len which reduces allowed
line length to 80 cols from the new default 100 cols).

Also fix up a typo in the docs indicating --sloppy-bodylen has a short
-l option (its actually -b)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/24841)

show more ...

0016337110-Jul-2024 dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Dependabot update

CLA: trivial

(deps): Bump actions/setup-python

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1.
- [Release n

Dependabot update

CLA: trivial

(deps): Bump actions/setup-python

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.1.0...v5.1.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24843)

show more ...

06da147303-Jul-2024 slontis

Add FIPS indicators to evp_test

evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
u

Add FIPS indicators to evp_test

evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
until the run phase, which allows the context to initialize in a controlled order.
This allows params to be passed into the algorithm init function.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

show more ...

c13ddf0a01-Jul-2024 slontis

Change all existing FIPS configurable checks to use FIPS indicators.

This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Fa

Change all existing FIPS configurable checks to use FIPS indicators.

This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Failure of a check causes
either a failure OR the FIPS indicator callback to be triggered.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

show more ...

d484893401-Jul-2024 slontis

Add FIPS indicator helpers

Each provider algorithm context can use these helpers to add indicator
support.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul D

Add FIPS indicator helpers

Each provider algorithm context can use these helpers to add indicator
support.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

show more ...

0557d6c601-Jul-2024 slontis

Add FIPS indicator callback.

Add a FIPS indicator callback that can be set via
OSSL_INDICATOR_set_callback(). This callback is intended to be run
whenever a non approved algorithm ch

Add FIPS indicator callback.

Add a FIPS indicator callback that can be set via
OSSL_INDICATOR_set_callback(). This callback is intended to be run
whenever a non approved algorithm check has occurred and strict checking
has been disabled.The callback may be used to
log non approved algorithms. The callback is passed a type and
description string as well as the cbarg specified in OSSL_INDICATOR_set_callback.
The return value can be either 0 or 1.
A value of 0 can be used for testing purposes to force an error to occur from the algorithm
that called the callback.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

show more ...

45cada1305-Jul-2024 Jiasheng Jiang

apps/rehash.c: Add the check for the EVP_MD_get_size()

Add the check for the return value of EVP_MD_get_size() to avoid invalid negative
numbers and then explicitly cast from int to size

apps/rehash.c: Add the check for the EVP_MD_get_size()

Add the check for the return value of EVP_MD_get_size() to avoid invalid negative
numbers and then explicitly cast from int to size_t.

Add the check to prevent that EVP_MD_get_size() returns a value greater
than EVP_MAX_MD_SIZE.

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24802)

show more ...

eaf577c804-Jul-2024 Dr. David von Oheimb

extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions

Fixes #11169

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed

extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions

Fixes #11169

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)

show more ...

4925af7b04-Jul-2024 Dr. David von Oheimb

add X509v3_add_extensions()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)

94b40ec404-Jul-2024 Dr. David von Oheimb

refactor and constify X509_REQ_get_extensions()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope

refactor and constify X509_REQ_get_extensions()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)

show more ...

b0ebb87a04-Jul-2024 Dr. David von Oheimb

constify ossl_x509at_add1_attr()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)

7760021004-Jul-2024 Dr. David von Oheimb

X509at_add1_attr*(): extend error entry on duplicate attribute

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.

X509at_add1_attr*(): extend error entry on duplicate attribute

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)

show more ...

39424d9604-Jul-2024 Dr. David von Oheimb

apps/req: avoid needless hint on using -help on duplicate extensions added via -addext

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Mer

apps/req: avoid needless hint on using -help on duplicate extensions added via -addext

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)

show more ...

850bd09c09-Jul-2024 Tomas Mraz

windows_comp.yml: Run openssl after it is built

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/opens

windows_comp.yml: Run openssl after it is built

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24820)

show more ...

fc22d74c08-Jul-2024 Neil Horman

Add a style-check workflow

Add a CI job that evaluates style issues, restricted only to lines
changed for the affected files in a given commit

Also provide a mechanism to waive

Add a style-check workflow

Add a CI job that evaluates style issues, restricted only to lines
changed for the affected files in a given commit

Also provide a mechanism to waive those style issues. by applying the
style:exempted label to a PR, the checks are still run (its nice to see
what they are regardless), but the test will pass CI regardless of
weather any issues are found.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24806)

show more ...

acae12eb08-Jul-2024 Neil Horman

Add a check-format-commit.sh script

Add a wrapper script to check-format.pl, which is capable of analyzing
commits rather than just a file. for a provided commit this script:

1

Add a check-format-commit.sh script

Add a wrapper script to check-format.pl, which is capable of analyzing
commits rather than just a file. for a provided commit this script:

1) runs check-format.pl on the files changed in the provided commit

2) filters the output of check-format.pl, only producing lines that
match ranges of changed lines in those files

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24806)

show more ...

1...<<21222324252627282930>>...1444