b74646b6 | 11-Jul-2024 |
erbsland-dev |
Document Internal EVP_MD_CTX_ Flags Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and `EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for intern
Document Internal EVP_MD_CTX_ Flags Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and `EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for internal use only and must not be used in user code. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24829)
show more ...
|
20da3dab | 11-Jul-2024 |
Georgi Valkov |
o_fopen: fix coding style and build error with VS2010 Follow the coding style to place variable definitions before code Fixes a build error on Windows 2003 with VS2010 introduced in
o_fopen: fix coding style and build error with VS2010 Follow the coding style to place variable definitions before code Fixes a build error on Windows 2003 with VS2010 introduced in [1] crypto\o_fopen.c(45) : error C2143: syntax error : missing ';' before 'type' crypto\o_fopen.c(46) : error C2275: 'DWORD' : illegal use of this type as an expression E:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\windef.h(152) : see declaration of 'DWORD' crypto\o_fopen.c(46) : error C2146: syntax error : missing ';' before identifier 'flags' crypto\o_fopen.c(46) : error C2065: 'flags' : undeclared identifier [1] https://github.com/openssl/openssl/commit/917f37195ac95252a4c90e86d7d7414c5569aed8 Signed-off-by: Georgi Valkov <gvalkov@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24853)
show more ...
|
b24a8200 | 01-Jul-2024 |
Tomas Mraz |
x_attrib.c: Fix print_hex() function - Better handle 0 length input - Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex() which fixes insufficient length of the allocate bu
x_attrib.c: Fix print_hex() function - Better handle 0 length input - Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex() which fixes insufficient length of the allocate buffer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24771)
show more ...
|
6cf42ad3 | 24-May-2024 |
Hongren Zheng |
riscv: Fix cpuid_obj asm checks for sm4/sm3 Similar to #22881 / #23752 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged fro
riscv: Fix cpuid_obj asm checks for sm4/sm3 Similar to #22881 / #23752 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/24486)
show more ...
|
6eb64894 | 10-Jul-2024 |
Richard Levitte |
fix: drop DSA <=> dsaWithSHA1 aliasing For some reason, DSA has been aliased with dsaWithSHA1 for an eternity. They are not the same, though, and should never have been aliased in the
fix: drop DSA <=> dsaWithSHA1 aliasing For some reason, DSA has been aliased with dsaWithSHA1 for an eternity. They are not the same, though, and should never have been aliased in the first place. This was first discovered with 'openssl list': $ openssl list -signature-algorithms ... { 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default This isn't good at all, as it confuses the key algorithms signature function with a signature scheme that involves SHA1, and it makes it look like OpenSSL's providers offer a DSA-SHA1 implementation (which they currently do not do). Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption and dsaEncryption-old separately from the names that involve SHA) appears harmless as far as OpenSSL's test suite goes. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24828)
show more ...
|
8b591dce | 10-Jul-2024 |
Dmitry Misharov |
deploy docs.openssl.org on doc changes Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24
deploy docs.openssl.org on doc changes Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24839)
show more ...
|
861e1f45 | 10-Jul-2024 |
Neil Horman |
ignore various files in commit checker Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Mer
ignore various files in commit checker Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24845)
show more ...
|
ad33d623 | 27-Jun-2024 |
sashan |
EVP_DigestUpdate(): Check if ctx->update is set The issue has been discovered by libFuzzer running on provider target. There are currently three distinct reports which are addressed by
EVP_DigestUpdate(): Check if ctx->update is set The issue has been discovered by libFuzzer running on provider target. There are currently three distinct reports which are addressed by code change here. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1 the issue has been introduced with openssl 3.0. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24753)
show more ...
|
939dd479 | 09-Jul-2024 |
Matt Caswell |
Limit the number of commands that can be used in the quic-lcidm fuzzer The fuzzer was reporting a spurious timeout due to excessive numbers of commands in a single file. We limit the num
Limit the number of commands that can be used in the quic-lcidm fuzzer The fuzzer was reporting a spurious timeout due to excessive numbers of commands in a single file. We limit the number of commands to avoid this. Found by OSSFuzz Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24831)
show more ...
|
c86d37ce | 10-Jul-2024 |
Neil Horman |
Modify check-format to match line length coding style In an effort to clarify our coding style, generally line lengths SHOULD be no longer than 80 columns but MUST be no longer than 100
Modify check-format to match line length coding style In an effort to clarify our coding style, generally line lengths SHOULD be no longer than 80 columns but MUST be no longer than 100 columns Modify the check-format.pl script to account for this. Replace the -l|--sloppy-len option (which modifies the max line length to 84 rather than 80 cols), with -l|--strict-len which reduces allowed line length to 80 cols from the new default 100 cols). Also fix up a typo in the docs indicating --sloppy-bodylen has a short -l option (its actually -b) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/24841)
show more ...
|
00163371 | 10-Jul-2024 |
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
Dependabot update CLA: trivial (deps): Bump actions/setup-python Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1. - [Release n
Dependabot update CLA: trivial (deps): Bump actions/setup-python Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.1.0...v5.1.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24843)
show more ...
|
06da1473 | 03-Jul-2024 |
slontis |
Add FIPS indicators to evp_test evp_test code needed to be modified to defer setting algorithm contexts until the run phase. The parse functions also defer setting into the context u
Add FIPS indicators to evp_test evp_test code needed to be modified to defer setting algorithm contexts until the run phase. The parse functions also defer setting into the context until the run phase, which allows the context to initialize in a controlled order. This allows params to be passed into the algorithm init function. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
c13ddf0a | 01-Jul-2024 |
slontis |
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Fa
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Failure of a check causes either a failure OR the FIPS indicator callback to be triggered. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
d4848934 | 01-Jul-2024 |
slontis |
Add FIPS indicator helpers Each provider algorithm context can use these helpers to add indicator support. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul D
Add FIPS indicator helpers Each provider algorithm context can use these helpers to add indicator support. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
0557d6c6 | 01-Jul-2024 |
slontis |
Add FIPS indicator callback. Add a FIPS indicator callback that can be set via OSSL_INDICATOR_set_callback(). This callback is intended to be run whenever a non approved algorithm ch
Add FIPS indicator callback. Add a FIPS indicator callback that can be set via OSSL_INDICATOR_set_callback(). This callback is intended to be run whenever a non approved algorithm check has occurred and strict checking has been disabled.The callback may be used to log non approved algorithms. The callback is passed a type and description string as well as the cbarg specified in OSSL_INDICATOR_set_callback. The return value can be either 0 or 1. A value of 0 can be used for testing purposes to force an error to occur from the algorithm that called the callback. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
45cada13 | 05-Jul-2024 |
Jiasheng Jiang |
apps/rehash.c: Add the check for the EVP_MD_get_size() Add the check for the return value of EVP_MD_get_size() to avoid invalid negative numbers and then explicitly cast from int to size
apps/rehash.c: Add the check for the EVP_MD_get_size() Add the check for the return value of EVP_MD_get_size() to avoid invalid negative numbers and then explicitly cast from int to size_t. Add the check to prevent that EVP_MD_get_size() returns a value greater than EVP_MAX_MD_SIZE. Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24802)
show more ...
|
eaf577c8 | 04-Jul-2024 |
Dr. David von Oheimb |
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions Fixes #11169 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions Fixes #11169 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
4925af7b | 04-Jul-2024 |
Dr. David von Oheimb |
add X509v3_add_extensions() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792) |
94b40ec4 | 04-Jul-2024 |
Dr. David von Oheimb |
refactor and constify X509_REQ_get_extensions() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/ope
refactor and constify X509_REQ_get_extensions() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
b0ebb87a | 04-Jul-2024 |
Dr. David von Oheimb |
constify ossl_x509at_add1_attr() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792) |
77600210 | 04-Jul-2024 |
Dr. David von Oheimb |
X509at_add1_attr*(): extend error entry on duplicate attribute Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
X509at_add1_attr*(): extend error entry on duplicate attribute Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
39424d96 | 04-Jul-2024 |
Dr. David von Oheimb |
apps/req: avoid needless hint on using -help on duplicate extensions added via -addext Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Mer
apps/req: avoid needless hint on using -help on duplicate extensions added via -addext Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
850bd09c | 09-Jul-2024 |
Tomas Mraz |
windows_comp.yml: Run openssl after it is built Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/opens
windows_comp.yml: Run openssl after it is built Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24820)
show more ...
|
fc22d74c | 08-Jul-2024 |
Neil Horman |
Add a style-check workflow Add a CI job that evaluates style issues, restricted only to lines changed for the affected files in a given commit Also provide a mechanism to waive
Add a style-check workflow Add a CI job that evaluates style issues, restricted only to lines changed for the affected files in a given commit Also provide a mechanism to waive those style issues. by applying the style:exempted label to a PR, the checks are still run (its nice to see what they are regardless), but the test will pass CI regardless of weather any issues are found. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24806)
show more ...
|
acae12eb | 08-Jul-2024 |
Neil Horman |
Add a check-format-commit.sh script Add a wrapper script to check-format.pl, which is capable of analyzing commits rather than just a file. for a provided commit this script: 1
Add a check-format-commit.sh script Add a wrapper script to check-format.pl, which is capable of analyzing commits rather than just a file. for a provided commit this script: 1) runs check-format.pl on the files changed in the provided commit 2) filters the output of check-format.pl, only producing lines that match ranges of changed lines in those files Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24806)
show more ...
|