Matt Caswell [Thu, 17 Apr 2025 11:45:31 +0000 (12:45 +0100)]
Fix a typo in evpciph_des3_common.txt
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27408)
Matt Caswell [Tue, 15 Apr 2025 14:03:36 +0000 (15:03 +0100)]
Fix a deadlock while attempting to get the Primary EVP_RAND_CTX
When only the FIPS provider was loaded we could get a deadlock when
calling RAND_get0_primary() due to attempting to obtain a recursive
lock.
We reduce the scope of the locks that we hold to avoid this.
Fixes #27391
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27408)
Matt Caswell [Wed, 16 Apr 2025 11:20:10 +0000 (12:20 +0100)]
Ensure that our fips internal provider is always loaded
The fips provider has an internal provider. In some circumstances we
could end up trying to find it, but failing because it hasn't been loaded
yet. We just always ensure it is loaded early to avoid this.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27408)
Matt Caswell [Wed, 16 Apr 2025 11:15:51 +0000 (12:15 +0100)]
Assert that we successfully obtained a lock
We should never fail to obtain a lock, so assert that we are successful
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27408)
Matt Caswell [Wed, 16 Apr 2025 11:14:55 +0000 (12:14 +0100)]
Add a test for calling RAND_get0_primary()
We simply test that calling RAND_get0_primary() returns a success
for both the default and fips providers.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27408)
Arne Schwabe [Sat, 26 Apr 2025 18:21:28 +0000 (20:21 +0200)]
Fix aesv8 arm assembler code not working on 32 bit Android
OpenSSL uses 'void' as perlasm for the 32 bit armeabi-arm target, which
most notably lacks a 32 or 64 in its name. So while most code that is
targeted for 32 uses !~ /64/ there is one instance that uses ~= /32/,
introduced by commit 8e69c18 between 3.4.0 and 3.5.0. This leaves out
that line on 32 bit android causing a segfault.
This fixes the compilation issue by replacing the ~= /32/ with !~ /64/
compilation taget (see 15-android.conf)
Signed-off-by: Arne Schwabe <arne@rfc2549.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27510)
By updating the `util/find-doc-nits` new missing history sections were
discovered. This commit adds the missing.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27488)
doc/man3: Change formulation to let the script to catch it
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27488)
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27488)
util/find-doc-nits: Check function macros in history
Add a checker for function macros if they are present in the HISTORY
section of the man page.
Resolves: #26774
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27488)
Matt Caswell [Fri, 25 Apr 2025 14:21:47 +0000 (15:21 +0100)]
Clarify how s_client -ign_eof and -quiet impact command processing
If -ign_eof -or -quiet are passed to s_client this implicitly turns off
command processing (i.e. equivalent to -nocommands). This was stated on
the man page in the "CONNECTED COMMANDS" section, but not in the
documentation for "-ign_eof" or "-quiet" directly. We state it here as
well to make it clearer.
Fixes #27443
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27500)
Anton Tieleman [Mon, 28 Apr 2025 11:49:25 +0000 (13:49 +0200)]
Test+fix handling "wrong" downgrade signals
This accounts for cases that can only occur when een non-compliant server sends
the wrong downgrade signal. (TLS1.1 signal when negotiating TLS1.2 or TLS1.2
signal when negotiating TLS1.0/TLS1.1). According to the TLS1.3 RFC these
cases should be rejected:
RFC8446, section 4.1.3: TLS 1.3 clients receiving a ServerHello indicating
TLS 1.2 or below MUST check that the last 8 bytes are not equal to either of
these values. TLS 1.2 clients SHOULD also check that the last 8 bytes are
not equal to the second value if the ServerHello indicates TLS 1.1 or below.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27518)
Anton Tieleman [Mon, 28 Apr 2025 11:30:01 +0000 (13:30 +0200)]
Repair downgrade tests
A number of these tests were failing for the wrong reasons. The intention is to verify
that the client sends an illegal parameter alert when an unexpected downgrade signal
is received. Instead, a number of tests failed because TLS1.1 was not available. The
tests are adapted to explicitly check for an illegal parameter alert from the client.
Client and server flags are updated to enable TLS1.1 where required and a few tests
requiring TLS1.1 were moved to be disabled when TLS1.1 is not available.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27518)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26994)
Tomas Mraz [Tue, 29 Apr 2025 09:56:23 +0000 (11:56 +0200)]
apps/prime.c: Fix memory leak of a BIGNUM
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27521)
Update to use BIO_get_line() with support for multiple primes per in file
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26549)
zriback [Fri, 31 Jan 2025 02:05:32 +0000 (21:05 -0500)]
Address and add tests for edge cases involving short or empty files
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26549)
zriback [Thu, 30 Jan 2025 16:41:15 +0000 (11:41 -0500)]
Fix issue where file is not read correctly with Windows line endings
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26549)
zriback [Fri, 24 Jan 2025 20:43:22 +0000 (15:43 -0500)]
Add 20-test_prime unit test
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26549)
zriback [Fri, 24 Jan 2025 06:03:35 +0000 (01:03 -0500)]
Add -in option to prime function to allow input from file for primality testing. Update -hex option documentation to reflect use with input and output.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26549)
Fix typo in SHA256 RISC-V64 Zbb comments: Sigma0 -> Sum0
This corrects a misleading comment in sha256-riscv64-zbb.pl. The rotation
operation corresponds to the Sum0 function as defined in the FIPS 180-4
standard, not Sigma0.
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27480)
The microsoft compiler does not like the empty struct,
so go add a dummy field instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27494)
file_store.c: give detail on file_set_ctx_params() error
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27498)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27498)
A. Wilcox [Thu, 17 Apr 2025 13:51:53 +0000 (08:51 -0500)]
Fix P-384 curve on lower-than-P9 PPC64 targets
The change adding an asm implementation of p384_felem_reduce incorrectly
uses the accelerated version on both targets that support the intrinsics
*and* targets that don't, instead of falling back to the generics on older
targets. This results in crashes when trying to use P-384 on < Power9.
Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com> Closes: #27350 Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC") Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27429)
Simo Sorce [Thu, 24 Apr 2025 14:05:53 +0000 (10:05 -0400)]
Add test to check SKEYMGMT interfaces
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27483)
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27483)
Richard Levitte [Wed, 23 Apr 2025 18:14:38 +0000 (20:14 +0200)]
Relax absolut path checking in our 'file' scheme implementation
So far, we strictly obeyed [RFC 8089], which only allows absolute paths
in a 'file:' URI. However, this seems to give a confusing user
experience, where something like 'file:foo.pem' wouldn't open foo.pem,
even though it's there in the current directory, but 'file:$(pwd)/foo.pem'
would.
To be less surprising for such use cases, we relax our implementation
visavi [RFC 8089] to allow relative paths.
Ensure z and d are actually zeroized by cleansing the full size of s,
rather than just vector_bytes.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27437)
Matt Caswell [Fri, 11 Apr 2025 13:19:46 +0000 (14:19 +0100)]
Fix errors on SSL_accept() and SSL_get_error()
Calling SSL_accept() was raising two errors on the stack if you passed
the wrong object type. Similarly SSL_get_error() was adding an error to
the stack if the wrong object type was passed and returning the wrong
result.
We also ensure SSL_set_accept_state() and SSL_set_connect_state() don't
raise spurious errors since these are void functions.
Fixes #27347
Fixes #27348
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27351)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27157)
Luke Kurlandski [Tue, 4 Mar 2025 16:53:36 +0000 (11:53 -0500)]
Improved error message for X509_V_ERR_CERT_NOT_YET_VALID
In addition to an invalid certificate, it is not unlikely that this
exact error (case X509_V_ERR_CERT_NOT_YET_VALID) is caused by an
incorrect system clock. This cannot be trivially fixed, so for now,
we simply improve the quality of the error message.
Fixes #14771
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27141)
Viktor Dukhovni [Wed, 9 Apr 2025 07:33:02 +0000 (17:33 +1000)]
Fix default pkey(1) DER output
This is expected to be PKCS#8, but was defaulting to traditional when
possible. Changed default DER output format to PKCS#8 and extended the
`-traditional` option to apply also to DER output.
Fixes: #21708 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27273)
Simo Sorce [Tue, 15 Apr 2025 19:42:22 +0000 (15:42 -0400)]
Advertize signature setting in settable_ctx fn
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Tue, 15 Apr 2025 18:58:20 +0000 (14:58 -0400)]
Add test for ML-DSA sig/ver message update
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Fri, 11 Apr 2025 21:24:09 +0000 (17:24 -0400)]
Add ml_dsa msg_update functions to provider code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Fri, 11 Apr 2025 17:38:20 +0000 (13:38 -0400)]
Make public ml_dsa_mu_.. helpers
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Wed, 9 Apr 2025 13:35:20 +0000 (09:35 -0400)]
Split the ML-DSA internal sigver functions
Deconstruct the functions into 2 parts:
- mu computation (if needed)
- actual signing/verification
Adds helper to compute mu that is split in 3 parts
(init/update/finalize) where the update part can be used to feed the message
to be signed or verified in chunks of any size.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Tue, 15 Apr 2025 19:21:19 +0000 (15:21 -0400)]
Fix EVP_PKEY_verify man page
Various functions were misnamed in the descriptions.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Tue, 15 Apr 2025 19:20:41 +0000 (15:20 -0400)]
Fix mldsa'a msg_inits operation type
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
olszomal [Fri, 3 Jan 2025 07:42:55 +0000 (08:42 +0100)]
Fix URL parsing to handle missing ports and ISO 8601 timestamps in paths
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26303)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27455)
If the function is not called the settings default to 0.
Fixes #10584
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27410)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
provider-signature.pod: fix doc of OSSL_SIGNATURE_PARAM_ALGORITHM_ID, describing its relevance
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
ASN1_item_sign.pod: fix description of the algor1, algor2, and signature in/out-parameters
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
Pauli [Wed, 9 Apr 2025 02:42:40 +0000 (12:42 +1000)]
test: test for setting hkdf salt to null
Fixes #27302
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Wed, 9 Apr 2025 02:42:10 +0000 (12:42 +1000)]
hkdf: allow salt to be set to null
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Mon, 31 Mar 2025 22:57:50 +0000 (09:57 +1100)]
params: refactor some of the param helper code
Unifies some duplicated code.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27221)
Pauli [Mon, 31 Mar 2025 22:15:40 +0000 (09:15 +1100)]
commands: fix parameter value output
The parameter value output library routine was incorrect. It used the
incorrect length when printing fetched parameter sizes. It also printed
a string which was potentially not zero terminated. Both of these are
addressed here.
Additionally, octet strings have their initial bytes printed in hex.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27221)
Older versions place an error code to the error queue when retrieving
updated IV.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27417)
Neil Horman [Mon, 14 Apr 2025 16:23:15 +0000 (12:23 -0400)]
Serialize install process to avoid multiple make depend operations
If make install is run with a large -j value (make install -j N , where
N < 1)
We can run into a situation in which the install fails because multiple
make depend operations are running in parallel, which will fail due to
makefile rewriting.
Serialize the install process to guarantee that those operations don't
step on one another
Fixes # 27074
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27388)
Jan Luebbe [Fri, 4 Apr 2025 10:38:40 +0000 (12:38 +0200)]
80-test_cms.t: Add test case for verification of multiple signatures
openssl cms -verify requires all signatures to pass verification, so adding
a signature with -resign will cause overall verification to fail if the new
signature cannot be verified.
As I intend to optionally allow this case (see #26382), this new test
case ensures that the current behaviour stays the default.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27269)
Mironenko [Fri, 28 Mar 2025 10:41:26 +0000 (13:41 +0300)]
Fix OSSL_FUNC_keymgmt_load declaration in man7/provider-keymgmt
OSSL_FUNC_keymgmt_load prototype declared in man7 does not match
the actual OSSL_FUNC_keymgmt_load prototype declared in
include/openssl/core_dispatch.h. This commit fixes the prototype
in man7.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27189)
Neil Horman [Mon, 14 Apr 2025 15:03:02 +0000 (11:03 -0400)]
Fix winstore provider to work with recent decoder changes
Changes made recently in commit 31b5f3f made changes to how a default
decoder was created, in which ossl_decoder_instance_new() started
returning null. Other storemgmt providers were updated to start using
ossl_decoder_instance_new_forprov, but the winstore manager seems to
have got missed. Fix it up properly
Fixes #27355
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27384)
Fix silent error in EVP_CIPHER_CTX_get_updated_iv.
Added new params API function OSSL_PARAM_set_octet_string_or_ptr to only
call the correct setter for OSSL_CIPHER_PARAM_IV and OSSL_CIPHER_PARAM_UPDATED_IV.
Both OSSL_PARAM_set_octet_string and OSSL_PARAM_set_octet_ptr could be called with
only one expected to succeed. This would put a silent error on the error stack when
calling EVP_CIPHER_CTX_get_updated_iv.
Fixes #27117
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27120)
Updated with new information since des3 and dsa are not recommended
algorithms.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27343)
Jon Ericson [Thu, 10 Apr 2025 05:04:41 +0000 (22:04 -0700)]
Point to new docs location
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27331)
This commit removes the duplicate definition of cipher 0xC102 in
ssl/t1_trce.c, as reported in issue #27303.
The first definition (IANA-GOST2012-GOST8912-GOST8912) is kept as the
canonical one.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27329)
When entering the branch (pbe_nid <= 0), line 66 assigns new values to the variable of line 67 (pbe_nid = NID_id_pbkdf2).
However, it is not used anywhere in the future.
For this reason, lines 66 and 67 were removed.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27296)
David Benjamin [Mon, 7 Apr 2025 20:40:05 +0000 (16:40 -0400)]
Fix PKCS7_sign and CMS_sign default hash documentation
Fixes #27291. See issue for details.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)
Updated the change log to include SSLv3 being disabled by default.
This change was implemented into version 1.1.0 and onward. The last version that had SSLv3 enabled was version 1.0.2h, which is why the addition was made where it is.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27289)
added deprecated note to OPENSSL_instrument_bus docs
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27288)
Malcolm Hogan [Fri, 7 Mar 2025 23:30:43 +0000 (18:30 -0500)]
Remove DAYS argument
This commit removes DAYS from certificate requests to avoid the warning
'Ignoring -days without -x509; not generating a certificate'
This argument is not needed with the -new argument. Additionally makes sure
$1 is handled when -nodes is not given. Preventing an uninitialized value
error when the DAYS argument is removed.
Fixes #26595
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27277)
Fix potential NULL pointer dereference in final_maxfragmentlen()
In the final_maxfragmentlen() function, s->session is checked
for NULL after it was dereferenced earlier.
So move this NULL check to the top of the function.
CLA: trivial
Fixes: fa49560451 (Fix handling of max_fragment_length extension for PSK) Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27272)
This fixes a couple of big-endian issues in the
assembler code of chacha, SM3 and SM4.
Fixes #27197 Tested-by: @zeldin Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27252)
Graham Leggett [Wed, 2 Apr 2025 11:08:11 +0000 (12:08 +0100)]
ssl/ssl_lib.c: Avoid crash when SSL_CONNECTION is NULL
Detection for sc == NULL is performed after sc is used. Add the
check to the correct place.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27241)
crypto/ui/ui_lib.c: Add OPENSSL_free to avoid memory leaks
Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks.
Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27218)
Tim Perry [Thu, 6 Mar 2025 13:33:17 +0000 (14:33 +0100)]
Add SSL_CTX_set_ec_point_formats() and SSL_set_ec_point_formats()
The internal fields and implementation for configuration of this
parameter already existed, but was not exposed. This change adds simple
setters to allow configuration of this field.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26990)
fangming.fang [Fri, 26 Jan 2024 10:48:17 +0000 (10:48 +0000)]
Implement AES-CBC-HMAC-SHA512 on aarch64
This is to implement #19932, it adds enc-then-mac aes-cbc-hmac-sha512 on
aarch64, aes-cbc and hmac-sha512 are interleaved to achieve better
performance.It only supports non-padding mode that means the length of
input data should be multiple of 16 bytes.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22949)
fangming.fang [Wed, 17 Jan 2024 10:48:55 +0000 (10:48 +0000)]
Implement interleaving aes-cbc-hmac-sha on aarch64
This is to implement #19932, it adds enc-then-mac aes-cbc-hmac-sha1/256,
aes-cbc and hmac-sha1/256 are interleaved to achieve better performance.
It only supports non-padding mode that means the length of input data
should be multiple of 16 bytes.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22949)
Matt Caswell [Wed, 9 Apr 2025 12:08:09 +0000 (13:08 +0100)]
Test that SSL_poll does not report a stream as writable if it isn't
We consume all the credit and check the stream is no longer writeable
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27319)
projects / thirdparty / openssl.git / log
