doc: fix typos

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)

doc: document the fipsintsall option to disallow PKCS#1 version 1.5 padding for key agreement & transport

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavsk

doc: document the fipsintsall option to disallow PKCS#1 version 1.5 padding for key agreement & transport

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)

show more ...

fipsinstall: add option to disable RSA PKCS#1 version 1.5 padding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from

fipsinstall: add option to disable RSA PKCS#1 version 1.5 padding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)

show more ...

Add a test for a missing supported_versions extension in the HRR

Confirm that we correctly fail if supported_versions is missing from an
HRR.

Reviewed-by: Tom Cosgrove <tom.cosg

Add a test for a missing supported_versions extension in the HRR

Confirm that we correctly fail if supported_versions is missing from an
HRR.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25068)

show more ...

Check that a supported_versions extension is present in an HRR

If an HRR is sent then it MUST contain supported_versions according to the
RFC. We were sanity checking any supported_versi

Check that a supported_versions extension is present in an HRR

If an HRR is sent then it MUST contain supported_versions according to the
RFC. We were sanity checking any supported_versions extension that was sent
but failed to verify that it was actually present.

Fixes #25041

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25068)

show more ...

Add logging support for early data

-trace option didn't cover early data message which resulted in
misleading logging.

CLA: trivial

Reviewed-by: Matt Caswell <matt@open

Add logging support for early data

-trace option didn't cover early data message which resulted in
misleading logging.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25026)

show more ...

ssl: factorize and improved hex conversion code

Add inline qualifier to avoid exporting a function for one unique use

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-b

ssl: factorize and improved hex conversion code

Add inline qualifier to avoid exporting a function for one unique use

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)

show more ...

crypto: factorize to hex chars conversion code.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/o

crypto: factorize to hex chars conversion code.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)

show more ...

ssl: remove stdio.h and sprintf use from libssl.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/

ssl: remove stdio.h and sprintf use from libssl.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)

show more ...

apps: add missing entry to tls extension label list

noticed by @sftcd

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

apps: add missing entry to tls extension label list

noticed by @sftcd

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)

show more ...

Fix '--strict-warnings' build breakage

... due to a missing const.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

Fix '--strict-warnings' build breakage

... due to a missing const.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)

show more ...

Fix typos found by codespell

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24949)

coveralls.yml: Do not run tests in parallel

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openss

coveralls.yml: Do not run tests in parallel

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25105)

show more ...

Fix Potential NULL pointer dereference

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@o

Fix Potential NULL pointer dereference

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25065)

show more ...

Use parent directory instead of index.html

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl

Use parent directory instead of index.html

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25073)

show more ...

Update links in CONTRIBUTING.md

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25073)

Fix some small typos

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25073)

Test vectors from rfc9579 and creation tests

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Test vectors from rfc9579 and creation tests

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24577)

show more ...

Implementation of the RFC 9579, PBMAC1 in PKCS#12 - documentation

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.co

Implementation of the RFC 9579, PBMAC1 in PKCS#12 - documentation

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24577)

show more ...

Implementation of the RFC 9579, PBMAC1 in PKCS#12

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openss

Implementation of the RFC 9579, PBMAC1 in PKCS#12

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24577)

show more ...

test: omit failing test when using a FIPS provider that supports eddsa_no_verify_digested

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>

test: omit failing test when using a FIPS provider that supports eddsa_no_verify_digested

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)

show more ...

test: update EdDSA tests for FIPS and no pre-hashing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/o

test: update EdDSA tests for FIPS and no pre-hashing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)

show more ...

EdDSA: disallow verification from a pregenerated hash when in FIPS

Also includes an indicator and the capability to bypass via configuration
or params.

Fixes #24937

Rev

EdDSA: disallow verification from a pregenerated hash when in FIPS

Also includes an indicator and the capability to bypass via configuration
or params.

Fixes #24937

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)

show more ...

fips: add no digested option to FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/

fips: add no digested option to FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)

show more ...

param: add OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/

param: add OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)

show more ...