| 82b81161 | 07-Jun-2023 |
Tomas Mraz |
Coverity 1528490: Avoid assignment of unused value of i
It is used only within the loop and initialized at the beginning |
| a33842ef | 07-Jun-2023 |
Tomas Mraz |
Coverity 1528492: Fix possible memory leak if t == NULL |
| f9a4e2b6 | 07-Jun-2023 |
Tomas Mraz |
Coverity 1528494 and 1528493: Remove unused assignment of wvalue
wvalue is always initialized at the beginning of each cycle
and used only within the cycle |
| 0c6c3782 | 07-Jun-2023 |
Tomas Mraz |
Coverity 1528496: remove assignment of unused value
ctx is used only within the loop and always assigned at start |
| a3fcafb3 | 07-Jun-2023 |
Tomas Mraz |
Coverity 1529992: Check return value of sscanf()
Also moving the call to setup_tests() where it
fits better. |
| 7efc073d | 07-Jun-2023 |
Tomas Mraz |
Coverity 1531836: Check return value of CRYPTO_atomic_add() |
| 4bcbf8d4 | 07-Jun-2023 |
Tomas Mraz |
Coverity 1531872: j is not used anywhere later, remove the assignment |
| c4ce0e33 | 06-Jun-2023 |
Tomas Mraz |
Include poll.h instead of incorrect sys/poll.h
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.or
Include poll.h instead of incorrect sys/poll.h
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
show more ...
|
| ab77026c | 06-Jun-2023 |
Tomas Mraz |
Fix failures of OS Zoo CI
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from h
Fix failures of OS Zoo CI
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
show more ...
|
| 58e8af4c | 08-Jun-2023 |
Tomas Mraz |
Set RC4 defines on libcrypto/liblegacy
Also add missing prototype for rc4_md5_enc.
Fixes #21150
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pau
Set RC4 defines on libcrypto/liblegacy
Also add missing prototype for rc4_md5_enc.
Fixes #21150
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21153)
show more ...
|
| 8a2e74d0 | 08-Jun-2023 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
Cast the argument to unsigned char when calling isspace()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope
Cast the argument to unsigned char when calling isspace()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21151)
show more ...
|
| 0ef024a4 | 17-May-2023 |
Matthias St. Pierre |
util/find-doc-nits: extend regex to match new OPT_INFORM A
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.
util/find-doc-nits: extend regex to match new OPT_INFORM A
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
| 34df960a | 26-Sep-2018 |
Dr. Matthias St. Pierre |
apps/asn1parse: improve RFC7462 compliance
The asn1parse command now supports three different input formats:
openssl asn1parse -inform PEM|DER|B64
PEM: base64 e
apps/asn1parse: improve RFC7462 compliance
The asn1parse command now supports three different input formats:
openssl asn1parse -inform PEM|DER|B64
PEM: base64 encoded data enclosed by PEM markers (RFC7462)
DER: der encoded binary data
B64: raw base64 encoded data
The PEM input format is the default format. It is equivalent
to the former `-strictpem` option which is now marked obsolete
and kept for backward compatibility only.
The B64 is equivalent to the former default input format of the
asn1parse command (without `-strictpem`)
Fixes #7317
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
show more ...
|
| ca857d73 | 26-Sep-2018 |
Dr. Matthias St. Pierre |
apps/opt: refactor input format parsing
- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)
Reviewed-by: Dmitry Belyavskiy <bel
apps/opt: refactor input format parsing
- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
show more ...
|
| dc19f2f6 | 11-May-2023 |
fisher.yu |
Optimize CMAC_Update for better performance.
Reduce the number of EVP_Cipher function calls in CMAC_Update,
to improve performance of CMAC.
Below are command and result o
Optimize CMAC_Update for better performance.
Reduce the number of EVP_Cipher function calls in CMAC_Update,
to improve performance of CMAC.
Below are command and result of performance improvement.
COMMAND: openssl speed -cmac ALGORITHM
IMPROVEMENT(%):
A72 stands for Cortex A72
N1 stands for Neoverse N1
N2 stands for Neoverse N2
A72 N1 N2 x86
aes-128-cbc@256 65.4 54.6 37.9 86.6
aes-128-cbc@1024 156.0 105.6 65.8 197.1
aes-128-cbc@8192 237.7 139.2 80.5 285.8
aes-128-cbc@16384 249.1 143.5 82.2 294.1
aes-192-cbc@256 65.6 46.5 30.9 77.8
aes-192-cbc@1024 154.2 87.5 50.8 167.4
aes-192-cbc@8192 226.5 117.0 60.5 231.7
aes-192-cbc@16384 236.3 120.1 61.7 238.4
aes-256-cbc@256 66.0 40.3 22.2 69.5
aes-256-cbc@1024 136.8 74.6 35.7 142.2
aes-256-cbc@8192 189.7 93.5 41.5 191.7
aes-256-cbc@16384 196.6 95.8 42.2 195.9
des-ede3-cbc@64 6.9 4.4 2.9 7.2
des-ede3-cbc@256 9.3 6.1 4.3 13.1
des-ede3-cbc@1024 10.0 6.4 4.8 14.9
des-ede3-cbc@8192 10.3 6.5 5.1 15.5
des-ede3-cbc@16384 10.3 6.4 5.1 15.5
sm4-cbc@256 9.5 3.0 - 18.0
sm4-cbc@1024 12.3 3.6 - 24.6
sm4-cbc@8192 13.2 3.8 - 27.0
sm4-cbc@16384 13.5 3.8 - 27.2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)
show more ...
|
| fd54fadb | 22-May-2023 |
fisher.yu |
Update CMAC cipher algorithm list and test cases.
1. Update manual, add SM4-CBC to CMAC cipher algorithm list.
2. Add test case for SM4-CBC CMAC, add "data length is greater
Update CMAC cipher algorithm list and test cases.
1. Update manual, add SM4-CBC to CMAC cipher algorithm list.
2. Add test case for SM4-CBC CMAC, add "data length is greater
than 4 block-length" cases for aes-128-cbc, aes-192-cbc,
aes-256-cbc and des-ede3-cbc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)
show more ...
|
| 247f307f | 07-Jun-2023 |
Pauli |
Add 3.0.9 to list of FIPS releases
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140) |
| 67fc06a7 | 07-Jun-2023 |
Pauli |
Update versions tested to include 3.1.1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/
Update versions tested to include 3.1.1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
show more ...
|
| 45fefe17 | 06-Jun-2023 |
Pauli |
kdf test: restrict the version of the FIPS provider
Concatenation tests are provider version specific, limit them to supporting
versions.
Fixes #21134
Reviewed-by: Matt
kdf test: restrict the version of the FIPS provider
Concatenation tests are provider version specific, limit them to supporting
versions.
Fixes #21134
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
show more ...
|
| 2c4124a3 | 06-Jun-2023 |
Antony Polukhin |
Workaround false positive warning of MSAN in eng_rdrand.c
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@o
Workaround false positive warning of MSAN in eng_rdrand.c
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21136)
show more ...
|
| ac083de6 | 08-Jun-2023 |
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
Bump coverallsapp/github-action from 2.1.2 to 2.2.0
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.1.2 to 2.2.0.
- [Release notes](https://githu
Bump coverallsapp/github-action from 2.1.2 to 2.2.0
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.1.2...v2.2.0)
---
updated-dependencies:
- dependency-name: coverallsapp/github-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21147)
show more ...
|
| b684ee2c | 02-Jun-2023 |
Richard Levitte |
build.info: Introduce special syntax for dependencies on script modules
The DEPEND statement, when applied on files generated with GENERATE, may
be used to specify script modules that th
build.info: Introduce special syntax for dependencies on script modules
The DEPEND statement, when applied on files generated with GENERATE, may
be used to specify script modules that the template to be generated from
depends on. In short, this sort of depend:
DEPEND[generated]=util/perl/OpenSSL/something.pm
... would generate a perl run that has the inclusion directory
'util/perl/OpenSSL' and 'something' as the module to be loaded. However,
the package name for this module is 'OpenSSL::something', so to load it the
way it's expected, the inclusion directory should be 'util/perl', and the
module to be loaded should be specified as 'OpenSSL/something' (to be
massaged into a proper module name by the build file template).
To allow this, we introduce a file syntax, where a single '|' is used as a
directory separator, to delineate what part should be used as the inclustion
directory, and which part the module name to be loaded should be derived
from:
DEPEND[generated]=util/perl|OpenSSL/something.pm
Fixes #21112
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21117)
show more ...
|
| b8fa5be5 | 12-May-2023 |
Matt Caswell |
Modify ENGINE_pkey_asn1_find_str() to use a read lock instead of a write
ENGINE_pkey_asn1_find_str() does not make any modifications to fields
controlled by the global_engine_lock. The o
Modify ENGINE_pkey_asn1_find_str() to use a read lock instead of a write
ENGINE_pkey_asn1_find_str() does not make any modifications to fields
controlled by the global_engine_lock. The only change made is the struct_ref
field which is controlled separately. Therefore we can afford to only take
a read lock. This also impacts EVP_PKEY_asn1_find_str().
This lock ends up being obtained indirectly from numerous public API
functions including EVP_PKEY_key_gen(), EVP_PKEY_new_raw_public_key_ex(),
EVP_PKEY_copy_parameters() etc. This occurs even if no engines are actually
in use.
Some tests showed this lock being obtained 6 times after a "warmed up"
s_server instance with default configuration processed a handshake from a
default s_client. When processing a resumption handshake from s_client it
was obtained 8 times.
Partially fixes #20286
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
show more ...
|
| e568d64f | 11-May-2023 |
Matt Caswell |
Convert the ENGINE struct_ref field to be an atomic
We use atomic primitives to up ref and down the struct_ref field rather
than relying on the global lock for this.
Reviewed-by
Convert the ENGINE struct_ref field to be an atomic
We use atomic primitives to up ref and down the struct_ref field rather
than relying on the global lock for this.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
show more ...
|
| 68668243 | 19-May-2023 |
Alex Bozarth |
Add SSL_get0_group_name() to get name of the group used for KEX
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <to
Add SSL_get0_group_name() to get name of the group used for KEX
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20866)
show more ...
|
