| edb5dd56 | 11-Jul-2024 |
Richard Levitte |
fix(stylecheck): Take advantage of check-format-commit.sh's new capability
.github/workflows/style-checks.yml now runs util/check-format-commit.sh
with the whole range of commits of the
fix(stylecheck): Take advantage of check-format-commit.sh's new capability
.github/workflows/style-checks.yml now runs util/check-format-commit.sh
with the whole range of commits of the given PR. This allows code style
fixups to be in a separate commit.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)
show more ...
|
| c2083f4e | 11-Jul-2024 |
Richard Levitte |
feat: enhance util/check-format-commit.sh to be able to handle a commit range
Additionally, the 'git diff' call is modified to not show context lines, as
it's confusing to have style nit
feat: enhance util/check-format-commit.sh to be able to handle a commit range
Additionally, the 'git diff' call is modified to not show context lines, as
it's confusing to have style nits displayed on lines the author of the
commits hasn't touched.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)
show more ...
|
| b74646b6 | 11-Jul-2024 |
erbsland-dev |
Document Internal EVP_MD_CTX_ Flags
Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
intern
Document Internal EVP_MD_CTX_ Flags
Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
internal use only and must not be used in user code.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24829)
show more ...
|
| 20da3dab | 11-Jul-2024 |
Georgi Valkov |
o_fopen: fix coding style and build error with VS2010
Follow the coding style to place variable definitions before code
Fixes a build error on Windows 2003 with VS2010 introduced in
o_fopen: fix coding style and build error with VS2010
Follow the coding style to place variable definitions before code
Fixes a build error on Windows 2003 with VS2010 introduced in [1]
crypto\o_fopen.c(45) : error C2143: syntax error : missing ';' before 'type'
crypto\o_fopen.c(46) : error C2275: 'DWORD' : illegal use of this type as an expression
E:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\windef.h(152) : see declaration of 'DWORD'
crypto\o_fopen.c(46) : error C2146: syntax error : missing ';' before identifier 'flags'
crypto\o_fopen.c(46) : error C2065: 'flags' : undeclared identifier
[1] https://github.com/openssl/openssl/commit/917f37195ac95252a4c90e86d7d7414c5569aed8
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24853)
show more ...
|
| b24a8200 | 01-Jul-2024 |
Tomas Mraz |
x_attrib.c: Fix print_hex() function
- Better handle 0 length input
- Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex()
which fixes insufficient length of the allocate bu
x_attrib.c: Fix print_hex() function
- Better handle 0 length input
- Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex()
which fixes insufficient length of the allocate buffer.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24771)
show more ...
|
| 6cf42ad3 | 24-May-2024 |
Hongren Zheng |
riscv: Fix cpuid_obj asm checks for sm4/sm3
Similar to #22881 / #23752
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged fro
riscv: Fix cpuid_obj asm checks for sm4/sm3
Similar to #22881 / #23752
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/24486)
show more ...
|
| 6eb64894 | 10-Jul-2024 |
Richard Levitte |
fix: drop DSA <=> dsaWithSHA1 aliasing
For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
fix: drop DSA <=> dsaWithSHA1 aliasing
For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.
This was first discovered with 'openssl list':
$ openssl list -signature-algorithms
...
{ 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default
This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).
Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)
show more ...
|
| 8b591dce | 10-Jul-2024 |
Dmitry Misharov |
deploy docs.openssl.org on doc changes
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24
deploy docs.openssl.org on doc changes
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24839)
show more ...
|
| 861e1f45 | 10-Jul-2024 |
Neil Horman |
ignore various files in commit checker
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Mer
ignore various files in commit checker
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24845)
show more ...
|
| ad33d623 | 27-Jun-2024 |
sashan |
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1
the issue has been introduced with openssl 3.0.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
show more ...
|
| 939dd479 | 09-Jul-2024 |
Matt Caswell |
Limit the number of commands that can be used in the quic-lcidm fuzzer
The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the num
Limit the number of commands that can be used in the quic-lcidm fuzzer
The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the number of commands to avoid this.
Found by OSSFuzz
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24831)
show more ...
|
| c86d37ce | 10-Jul-2024 |
Neil Horman |
Modify check-format to match line length coding style
In an effort to clarify our coding style, generally line lengths SHOULD
be no longer than 80 columns but MUST be no longer than 100
Modify check-format to match line length coding style
In an effort to clarify our coding style, generally line lengths SHOULD
be no longer than 80 columns but MUST be no longer than 100 columns
Modify the check-format.pl script to account for this.
Replace the -l|--sloppy-len option (which modifies the max line length
to 84 rather than 80 cols), with -l|--strict-len which reduces allowed
line length to 80 cols from the new default 100 cols).
Also fix up a typo in the docs indicating --sloppy-bodylen has a short
-l option (its actually -b)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/24841)
show more ...
|
| 00163371 | 10-Jul-2024 |
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
Dependabot update
CLA: trivial
(deps): Bump actions/setup-python
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1.
- [Release n
Dependabot update
CLA: trivial
(deps): Bump actions/setup-python
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.1.0...v5.1.1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24843)
show more ...
|
| 06da1473 | 03-Jul-2024 |
slontis |
Add FIPS indicators to evp_test
evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
u
Add FIPS indicators to evp_test
evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
until the run phase, which allows the context to initialize in a controlled order.
This allows params to be passed into the algorithm init function.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
| c13ddf0a | 01-Jul-2024 |
slontis |
Change all existing FIPS configurable checks to use FIPS indicators.
This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Fa
Change all existing FIPS configurable checks to use FIPS indicators.
This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Failure of a check causes
either a failure OR the FIPS indicator callback to be triggered.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
| d4848934 | 01-Jul-2024 |
slontis |
Add FIPS indicator helpers
Each provider algorithm context can use these helpers to add indicator
support.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul D
Add FIPS indicator helpers
Each provider algorithm context can use these helpers to add indicator
support.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
| 0557d6c6 | 01-Jul-2024 |
slontis |
Add FIPS indicator callback.
Add a FIPS indicator callback that can be set via
OSSL_INDICATOR_set_callback(). This callback is intended to be run
whenever a non approved algorithm ch
Add FIPS indicator callback.
Add a FIPS indicator callback that can be set via
OSSL_INDICATOR_set_callback(). This callback is intended to be run
whenever a non approved algorithm check has occurred and strict checking
has been disabled.The callback may be used to
log non approved algorithms. The callback is passed a type and
description string as well as the cbarg specified in OSSL_INDICATOR_set_callback.
The return value can be either 0 or 1.
A value of 0 can be used for testing purposes to force an error to occur from the algorithm
that called the callback.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
| 45cada13 | 05-Jul-2024 |
Jiasheng Jiang |
apps/rehash.c: Add the check for the EVP_MD_get_size()
Add the check for the return value of EVP_MD_get_size() to avoid invalid negative
numbers and then explicitly cast from int to size
apps/rehash.c: Add the check for the EVP_MD_get_size()
Add the check for the return value of EVP_MD_get_size() to avoid invalid negative
numbers and then explicitly cast from int to size_t.
Add the check to prevent that EVP_MD_get_size() returns a value greater
than EVP_MAX_MD_SIZE.
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24802)
show more ...
|
| eaf577c8 | 04-Jul-2024 |
Dr. David von Oheimb |
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions
Fixes #11169
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions
Fixes #11169
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
| 4925af7b | 04-Jul-2024 |
Dr. David von Oheimb |
add X509v3_add_extensions()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792) |
| 94b40ec4 | 04-Jul-2024 |
Dr. David von Oheimb |
refactor and constify X509_REQ_get_extensions()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope
refactor and constify X509_REQ_get_extensions()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
| b0ebb87a | 04-Jul-2024 |
Dr. David von Oheimb |
constify ossl_x509at_add1_attr()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792) |
| 77600210 | 04-Jul-2024 |
Dr. David von Oheimb |
X509at_add1_attr*(): extend error entry on duplicate attribute
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.
X509at_add1_attr*(): extend error entry on duplicate attribute
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
| 39424d96 | 04-Jul-2024 |
Dr. David von Oheimb |
apps/req: avoid needless hint on using -help on duplicate extensions added via -addext
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Mer
apps/req: avoid needless hint on using -help on duplicate extensions added via -addext
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
| 850bd09c | 09-Jul-2024 |
Tomas Mraz |
windows_comp.yml: Run openssl after it is built
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/opens
windows_comp.yml: Run openssl after it is built
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24820)
show more ...
|
