| 8781087a | 12-Aug-2024 |
Matt Caswell |
Ensure the msg_callback is called on CCS receipt in TLSv1.3
CCS records are ignore in TLSv1.3. But we should still call the msg_callback
anyway.
Fixes #25166
Reviewed-b
Ensure the msg_callback is called on CCS receipt in TLSv1.3
CCS records are ignore in TLSv1.3. But we should still call the msg_callback
anyway.
Fixes #25166
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25169)
show more ...
|
| 05681e0e | 08-Aug-2024 |
slontis |
Add FIPS Indicator for ECDH cofactor.
FIPS KAS requires use of ECC CDH.
The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key w
Add FIPS Indicator for ECDH cofactor.
FIPS KAS requires use of ECC CDH.
The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key when deriving the shared secret.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25139)
show more ...
|
| 0813ffee | 18-May-2024 |
Andreas Treichel |
apps/cms.c, apps/smime.c: Fix -crlfeol help messages
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: T
apps/cms.c, apps/smime.c: Fix -crlfeol help messages
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24434)
show more ...
|
| 2ec4e950 | 08-Mar-2024 |
David Benjamin |
Fix SSL_CTX_set1_groups documentation on preference orders
The documentation currently describes SSL_CTX_set1_groups as a
preference order, but this does not match the typical interpreta
Fix SSL_CTX_set1_groups documentation on preference orders
The documentation currently describes SSL_CTX_set1_groups as a
preference order, but this does not match the typical interpretation of
"preference order" in OpenSSL and TLS. Typically, an application can
order more secure options ahead of less secure ones and pick up TLS's
usual downgrade protection guarantees.
TLS 1.3 servers need to balance an additional consideration: some
options will perform worse than others due to key share prediction. The
prototypical selection procedure is to first select the set of more
secure options, then select the most performant among those.
OpenSSL follows this procedure, but it *unconditionally* treats all
configured curves as equivalent security. Per discussion on GitHub,
OpenSSL's position is that this is an intended behavior.
While not supported by built-in providers, OpenSSL now documents that
external providers can extend the group list and CHANGES.md explicitly
cites post-quantum as a use case. With post-quantum providers, it's
unlikely that application developers actually wanted options to be
equivalent security. To avoid security vulnerabilities arising from
mismatched expectations, update the documentation to clarify the server
behavior.
Per the OTC decision in
https://github.com/openssl/openssl/issues/22203#issuecomment-1744465829,
this documentation fix should be backported to stable branches.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23776)
show more ...
|
| 1d2cbd9b | 14-Aug-2024 |
Bhaskar Metiya |
apps/req.c: No warning reading from stdin if redirected
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ri
apps/req.c: No warning reading from stdin if redirected
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25179)
show more ...
|
| 02b8b7b8 | 14-Aug-2024 |
Bhaskar Metiya |
Return SSL_AD_DECRYPT_ERROR alert on PSK binder validation failure (RFC 8446)
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@a
Return SSL_AD_DECRYPT_ERROR alert on PSK binder validation failure (RFC 8446)
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25176)
show more ...
|
| 8945f406 | 10-May-2024 |
Dimitri John Ledkov |
fips: allow to customize provider vendor name
FIPS providers need to specify identifiable names and versions. Allow
to customize the fips provider name prefix, via VERSION.dat which
fips: allow to customize provider vendor name
FIPS providers need to specify identifiable names and versions. Allow
to customize the fips provider name prefix, via VERSION.dat which
already allows to customize version & buildinfo. With this patch
in-place it removes the need of patching code to set customized
provider name.
E.g. echo FIPS_VENDOR=ACME >> VERSION.dat, results in
```
$ OPENSSL_CONF=fips-and-base.cnf ../util/wrap.pl ../apps/openssl list -providers --verbose
Providers:
base
name: OpenSSL Base Provider
version: 3.4.0
status: active
build info: 3.4.0-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
fips
name: ACME FIPS Provider for OpenSSL
version: 3.4.0
status: active
build info: 3.4.0-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
security-checks: integer (arbitrary size)
tls1-prf-ems-check: integer (arbitrary size)
drbg-no-trunc-md: integer (arbitrary size)
```
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24368)
show more ...
|
| ca112fcc | 14-Aug-2024 |
Tomas Mraz |
Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://
Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25188)
show more ...
|
| 096a54ee | 12-Aug-2024 |
Matt Caswell |
Don't compile in support for DSA speed testing if not needed
If there is no DSA support in the library we should not compile in support
for speed testing of DSA. We should skip it in muc
Don't compile in support for DSA speed testing if not needed
If there is no DSA support in the library we should not compile in support
for speed testing of DSA. We should skip it in much the same way that we
do for other algorithms.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
show more ...
|
| 8e82304a | 12-Aug-2024 |
Matt Caswell |
Fix a memory leak in the speed app
Make sure we free the ecdsa_key object after we have finished using it.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgro
Fix a memory leak in the speed app
Make sure we free the ecdsa_key object after we have finished using it.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
show more ...
|
| 509022dd | 09-Aug-2024 |
Matt Caswell |
Add a test recipe for testing the speed command
Previously there was no test for the speed command. We just do some simple
testing, running the command with various options to confirm th
Add a test recipe for testing the speed command
Previously there was no test for the speed command. We just do some simple
testing, running the command with various options to confirm that it doesn't
crash or report errors. We use the new -testmode option to ensure that this
happens quickly and doesn't really run full speed tests.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
show more ...
|
| 1867aac8 | 09-Aug-2024 |
Matt Caswell |
Document the new -testmode option to the speed command
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@
Document the new -testmode option to the speed command
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
show more ...
|
| 9309b0b8 | 09-Aug-2024 |
Matt Caswell |
Add a test mode to the speed app
We add a testmode option to the speed app which simply runs 1 iteration of
any speed tests. If anything fails along the way the app returns an error
Add a test mode to the speed app
We add a testmode option to the speed app which simply runs 1 iteration of
any speed tests. If anything fails along the way the app returns an error
code.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
show more ...
|
| dbe8059e | 07-Aug-2024 |
Shih-Yi Chen |
Update krb5 to latest master to pick up CVE fixes
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz
Update krb5 to latest master to pick up CVE fixes
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25131)
(cherry picked from commit 099a71b48b6e1f27f39b2905fb67f2afaefd9171)
show more ...
|
| 5f04124a | 15-Sep-2023 |
slontis |
Add EDDSA FIPS self tests.
See FIPS 140-3 IG Section 10.3.A Part 11
Indicates ECDSA requires a sign and verify test.
Note 11 states that HashEdDSA is not required to be tested if Pur
Add EDDSA FIPS self tests.
See FIPS 140-3 IG Section 10.3.A Part 11
Indicates ECDSA requires a sign and verify test.
Note 11 states that HashEdDSA is not required to be tested if PureEdDSA is tested.
Note 12 indicates that both ED25519 and X448 need to be tested.
Since ED uses the oneshot interface, additional API's needed to be exposed to the
FIPS provider using #ifdef FIPS_MODULE.
Changed ED25518 and ED448 to use fips=true in the FIPS provider.
Updated documentation for provider lists for EDDSA.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22112)
show more ...
|
| 12ba471c | 12-Aug-2024 |
Dmitry Belyavskiy |
Improve the EVP_PKEY_CTX_set_kem_op() documentation
Fixes #25142
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged fro
Improve the EVP_PKEY_CTX_set_kem_op() documentation
Fixes #25142
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25164)
show more ...
|
| 21bcae65 | 12-Aug-2024 |
Pauli |
test: Improve coverage for the PBKDF2 unit tests
Fixes #25136
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from
test: Improve coverage for the PBKDF2 unit tests
Fixes #25136
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25160)
show more ...
|
| bd3b24c3 | 08-Aug-2024 |
Dmitry Belyavskiy |
Encap/decap in pkeyutl - tests
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged
Encap/decap in pkeyutl - tests
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
show more ...
|
| 14fa2f5f | 07-Aug-2024 |
Dmitry Belyavskiy |
Encap/decap in pkeyutl - documentation
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Encap/decap in pkeyutl - documentation
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
show more ...
|
| 12b2e555 | 07-Aug-2024 |
Dmitry Belyavskiy |
Support of en/decapsulation in the pkeyutl command
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gma
Support of en/decapsulation in the pkeyutl command
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
show more ...
|
| 38a71831 | 09-Jul-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
adds TLS signature algorithms list feature
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Me
adds TLS signature algorithms list feature
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24821)
show more ...
|
| f3c03be3 | 07-Aug-2024 |
pohsingwu |
Restrict salt length for RSA-PSS in the FIPS provider
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/o
Restrict salt length for RSA-PSS in the FIPS provider
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25115)
show more ...
|
| 878f74eb | 06-Aug-2024 |
pohsingwu |
Setup padding mode correctly in acvp_test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/opens
Setup padding mode correctly in acvp_test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25115)
show more ...
|
| 2f332650 | 29-Jul-2024 |
Pauli |
fipsmodule.cnf: set the signature digest checks option on installation
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged
fipsmodule.cnf: set the signature digest checks option on installation
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
| fc5c86b8 | 29-Jul-2024 |
Pauli |
fips: support signature-digest-checks in FIPS provider
Fixes #24936
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(M
fips: support signature-digest-checks in FIPS provider
Fixes #24936
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)
show more ...
|
