Limit size of modulus for BN_mod_exp_mont_consttime()

Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <matt@openssl.org>

Limit size of modulus for BN_mod_exp_mont_consttime()

Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19632)

show more ...

Revert "Skip DES based tests in FIPS mode"

This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas M

Revert "Skip DES based tests in FIPS mode"

This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)

show more ...

Revert "Remove conditional FIPS dependence for 3DES"

This reverts commit 464c1011b02936850fc779739013dba52650840a.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-b

Revert "Remove conditional FIPS dependence for 3DES"

This reverts commit 464c1011b02936850fc779739013dba52650840a.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)

show more ...

Revert "Move DES based test cases out of FIPS territory"

This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Review

Revert "Move DES based test cases out of FIPS territory"

This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)

show more ...

Put 3DES back into the FIPS provider as a non-approved algorithm

This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes
how 3DES is advertised.

Reviewed-by: Sh

Put 3DES back into the FIPS provider as a non-approved algorithm

This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes
how 3DES is advertised.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)

show more ...

pkcs7: Remove unused includes

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.o

pkcs7: Remove unused includes

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19608)

show more ...

fips-label.yml: Fix the script after actions/github-script upgrade

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github

fips-label.yml: Fix the script after actions/github-script upgrade

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19636)

show more ...

CI: Add Alpine (musl)

I'm not intending to add every single possible combination of distros
to compiler-zoo, but I think this one is worthwhile.

musl tends to be Different Enoug

CI: Add Alpine (musl)

I'm not intending to add every single possible combination of distros
to compiler-zoo, but I think this one is worthwhile.

musl tends to be Different Enough (TM) to allow problems to be found,
in particular (but not limited to) its malloc implementation ("mallocng").

It's also quite a common environment, especially in containers, so
I think it's worth testing on.

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19577)

show more ...

Fix CertificateCompressionAlgorithm to be read as 2-octet-wide

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged f

Fix CertificateCompressionAlgorithm to be read as 2-octet-wide

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19600)

show more ...

Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread

Either suppress the error, or better make smbuf longer.
Detected with -Werror.

CLA: trivial

Reviewed-by: Hug

Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread

Either suppress the error, or better make smbuf longer.
Detected with -Werror.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19528)

show more ...

QUIC CFQ Fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)

QUIC FIFD

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)

QUIC TXPIM

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)

QUIC CFQ

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)

QUIC Frame-in-Flight Manager Design

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1920

QUIC Frame-in-Flight Manager Design

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)

show more ...

Use the same encryption growth macro consistently

We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffe

Use the same encryption growth macro consistently

We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.

Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19622)

show more ...

Test that signatures using hash name commands work properly

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github

Test that signatures using hash name commands work properly

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)

show more ...

apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name

Fixes #19589

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>

apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name

Fixes #19589

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)

show more ...

Assert that we do not exceed the DTLS MTU

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

Assert that we do not exceed the DTLS MTU

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)

show more ...

Fix dtls_get_max_record_overhead()

We fix dtls_get_max_record_overhead() to give a better value for the max
record overhead. We can't realistically handle the compression case so we

Fix dtls_get_max_record_overhead()

We fix dtls_get_max_record_overhead() to give a better value for the max
record overhead. We can't realistically handle the compression case so we
just ignore that.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)

show more ...

Fix the ceiling on how much encryption growth we can have

Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to

Fix the ceiling on how much encryption growth we can have

Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)

show more ...

Add zlib oneshot compression

Fixes #19520

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/op

Add zlib oneshot compression

Fixes #19520

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19603)

show more ...

Check for private key existence before calling eddsa sign functions

Fixes #19524

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merg

Check for private key existence before calling eddsa sign functions

Fixes #19524

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19525)

show more ...

crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case

The use case is that uppercase .ASM extension may be used on some platforms,
and we were only testing for t

crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case

The use case is that uppercase .ASM extension may be used on some platforms,
and we were only testing for the lowercase extension.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19604)

show more ...

Configurations/*.tmpl: overhaul assembler make rules.

NOTE: Not Configurations/unix-Makefile.tmpl, as that was done 4 years
ago, in commit a23f03166e0ec49ac09b3671e7ab4ba4fa57d42a.

Configurations/*.tmpl: overhaul assembler make rules.

NOTE: Not Configurations/unix-Makefile.tmpl, as that was done 4 years
ago, in commit a23f03166e0ec49ac09b3671e7ab4ba4fa57d42a.

So far assembly modules were intended to be built as .pl->.S->.{asmext}
followed by .{asmext}->.o. This posed a problem in build_all_generated
rule if it was executed on another computer, and also turned out to be
buggy, as .S was also translated to .{asmext} on Windows and VMS.
Both issues are fixed by changing the rule sequence to .pl->.S and then
.S->.s->.o, with the added benefit that the Windows and VMS build file
templates are more in sync with unix-Makefile.tmpl and slightly simpler.

Fixes #19594

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19598)

show more ...