| c8093347 | 17-Apr-2023 |
Pauli |
test: test -pedantic option in fipsinstall
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope
test: test -pedantic option in fipsinstall
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
show more ...
|
| d30fec6f | 17-Apr-2023 |
Pauli |
doc: document the -pedantic option to fipsinstall.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope
doc: document the -pedantic option to fipsinstall.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
show more ...
|
| bc2a4225 | 17-Apr-2023 |
Pauli |
fipsinstall: add -pedantic option
This adds a -pedantic option to fipsinstall that adjusts the various
settings to ensure strict FIPS compliance rather than backwards
compatibility.
fipsinstall: add -pedantic option
This adds a -pedantic option to fipsinstall that adjusts the various
settings to ensure strict FIPS compliance rather than backwards
compatibility.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
show more ...
|
| 1adc45b1 | 14-Apr-2023 |
gakamath |
Adding Control Flow guard to Windows Builds
Control flow guard is a code security implementation: https://learn.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
We identified i
Adding Control Flow guard to Windows Builds
Control flow guard is a code security implementation: https://learn.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
We identified it with BlackDuck security scan utility
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20739)
show more ...
|
| 04e0abc8 | 14-Apr-2023 |
Richard Levitte |
Configurations/descrip.mms.tmpl: Fix a few typos
These typos caused failed propagation of the 'cflags' attribute from
Configurations/10-main.conf.
Reviewed-by: Paul Dale <pauli@
Configurations/descrip.mms.tmpl: Fix a few typos
These typos caused failed propagation of the 'cflags' attribute from
Configurations/10-main.conf.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20737)
show more ...
|
| d79b6104 | 15-Apr-2023 |
Ladislav Marko |
Fix broken links in crypto manpage
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged
Fix broken links in crypto manpage
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20741)
show more ...
|
| 524c2cab | 17-Apr-2023 |
zhangzhilei |
fix test failure on Kunpeng-920
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fr
fix test failure on Kunpeng-920
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20751)
show more ...
|
| 8b6bbcaa | 14-Apr-2023 |
Dr. David von Oheimb |
crmf_lib.c: clean up coments on OSSL_CRMF_CERTTEMPLATE*()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.
crmf_lib.c: clean up coments on OSSL_CRMF_CERTTEMPLATE*()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20736)
show more ...
|
| 09f30b0c | 14-Apr-2023 |
Dr. David von Oheimb |
OSSL_CRMF_CERTTEMPLATE_get0_publicKey(): fix return type and doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb
OSSL_CRMF_CERTTEMPLATE_get0_publicKey(): fix return type and doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20736)
show more ...
|
| 25b18e62 | 15-Feb-2023 |
Dr. David von Oheimb |
crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: David
crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20298)
show more ...
|
| dcfeb617 | 16-Apr-2023 |
Alois Klink |
bn_local: remove unused `PTR_SIZE_INT` definition
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openss
bn_local: remove unused `PTR_SIZE_INT` definition
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20748)
show more ...
|
| f659f7a1 | 16-Apr-2023 |
Alois Klink |
bn_nist: remove unused type-punning union `u`
We no longer need to cast function pointers to PTR_SIZE_INT.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul D
bn_nist: remove unused type-punning union `u`
We no longer need to cast function pointers to PTR_SIZE_INT.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20748)
show more ...
|
| 326af4ad | 16-Apr-2023 |
Alois Klink |
bn_nist: replace pointer bit-fiddling with ternary
Bit-fiddling pointers is technically implementation defined behavior
in the C specification so the following code is not supported in a
bn_nist: replace pointer bit-fiddling with ternary
Bit-fiddling pointers is technically implementation defined behavior
in the C specification so the following code is not supported in all
platforms:
PTR_SIZE_INT mask;
void * a, b, c;
int boolean_flag;
mask = 0 - boolean_flag;
/* Not guaranteed to be a valid ptr to a or b on all platforms */
a = (void *)
((((PTR_SIZE_INT) b & ~mask) | (((PTR_SIZE_INT)) c & mask)));
Using a ternary conditional operator is supported on all platforms
(i.e. `a = boolean_flag ? b : c;`).
On most modern compilers/CPUs, this will be faster, since it will
get converted to a CMOV instruction.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20748)
show more ...
|
| 8835940d | 13-Apr-2023 |
Danny Carpenter |
adding provider_unload functions for cmp_ tests
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://gith
adding provider_unload functions for cmp_ tests
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20731)
show more ...
|
| 7eab7680 | 30-Mar-2023 |
GauriSpears |
List also non-fetchable hashes in openssl dgst -list
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/
List also non-fetchable hashes in openssl dgst -list
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20651)
show more ...
|
| 8b7b9aac | 23-Mar-2023 |
slontis |
Fix a HPKE API to put libctx, propq as last (optional parameters).
This keeps the interface consistent with other HPKE API's.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewe
Fix a HPKE API to put libctx, propq as last (optional parameters).
This keeps the interface consistent with other HPKE API's.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20583)
show more ...
|
| efbff4de | 11-Apr-2023 |
Tomas Mraz |
Fix the LCM computation in the RSA multiprime key check
Fixes #20693
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from
Fix the LCM computation in the RSA multiprime key check
Fixes #20693
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20708)
show more ...
|
| e35a2133 | 11-Apr-2023 |
Ladislav Marko |
Fix typo in ssl_ciph.c
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.co
Fix typo in ssl_ciph.c
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20703)
show more ...
|
| c0e090bd | 11-Apr-2023 |
Aidan Khoury |
Fix UEFI support on win32
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20714) |
| 51b941ac | 11-Apr-2023 |
Ladislav Marko |
doc: Fix incorrect pairing of functions
CLA: trivial
The functions that should be implemented together are `OSSL_FUNC_signature_verify_recover_init` and `OSSL_FUNC_signature_verify_
doc: Fix incorrect pairing of functions
CLA: trivial
The functions that should be implemented together are `OSSL_FUNC_signature_verify_recover_init` and `OSSL_FUNC_signature_verify_recover` and not `OSSL_FUNC_signature_verify_recover_init` with ` OSSL_FUNC_signature_verify_init`
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20704)
show more ...
|
| b2023d5d | 11-Apr-2023 |
Ladislav Marko |
doc: Fix misleading stucture info
CLA: trivial
The thing created by `OSSL_FUNC_signature_newctx()` and `OSSL_FUNC_signature_dupctx()` is a signature context, not a signature. It's i
doc: Fix misleading stucture info
CLA: trivial
The thing created by `OSSL_FUNC_signature_newctx()` and `OSSL_FUNC_signature_dupctx()` is a signature context, not a signature. It's in the name of the function and surrounding documentation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20705)
show more ...
|
| 40f48849 | 04-Apr-2023 |
Yuan, Shuai |
Fixes #19580 ECX keygen
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Me
Fixes #19580 ECX keygen
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20680)
show more ...
|
| 7a4e109e | 27-Feb-2023 |
Matt Caswell |
Allow partially releasing a record for TLS
This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.
Re
Allow partially releasing a record for TLS
This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
| 2eb91b0e | 23-Feb-2023 |
Matt Caswell |
Make the data field for get_record() const
Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record
Make the data field for get_record() const
Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record
layer. We should not expect that the TLS implementation should be able to
change the underlying buffer. Future record layers may not expect that.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
| 7257188b | 23-Feb-2023 |
Matt Caswell |
Add support for rstream get/release record in the QUIC TLS layer
The QUIC TLS layer was taking an internal copy of rstream data while
reading. The QUIC rstream code has recently been ext
Add support for rstream get/release record in the QUIC TLS layer
The QUIC TLS layer was taking an internal copy of rstream data while
reading. The QUIC rstream code has recently been extended to enable a
get/release model which avoids the need for this internal copy, so we use
that instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
