fips: upgrade self-test KATs to reduce SHA-1/SHA-224 usage
FIPS 140-3 IG states that SHA-224 needs standalone KAT, if it is
implemented without SHA-256. As OpenSSL implements SHA-256, upgrade
existing higher level KAT from SHA-224 to SHA-256 without adding
SHA-224 digest KAT.
Upgrade KATs that use SHA-1 to SHA-256, and add explicit SHA-1 KAT.
SHA-1 and SHA-224 are promised to be deprecated by 2030, as per draft
[NIST SP 800-131A Rev. 3](https://csrc.nist.gov/pubs/sp/800/131/a/r3/ipd).
With upgrades to these KATs it makes it easier to build a modules with
SHA-1 and SHA-224 marked as unapproved services, or removed
altogether.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28307)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28213)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28213)
Add DetECDSA self test, signature is one byte shorter somehow
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28213)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28213)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28213)
[FIPS 186-5](https://doi.org/10.6028/NIST.FIPS.186-5) approved
deterministic ECDSA in the same manner as [RFC
6979](https://datatracker.ietf.org/doc/html/rfc6979).
Thus add deterministic ECDSA capability to the FIPS provider.
DSA signature generation has been deprecated and removed from FIPS
186-5, thus deterministic DSA signature creation is not added to the
FIPS provider.
Testing can be done by performing 20-test_dgst.t but need to version
guarded against different FIPS provider versions. Thus is left out of
this PR for now.
It is not clear if HMAC-DRBG-KDF should be exposed publically for
direct usage as an approved usage, or if it should be marked as
unapproved or better yet made completely internal to the FIPS
provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28213)
Pavol Žáčik [Mon, 11 Aug 2025 10:19:59 +0000 (12:19 +0200)]
apps/speed.c: Support more signature algorithms
Some signature algorithms (e.g., ML-DSA-65) cannot be initialized
via EVP_PKEY_sign_init, so try also EVP_PKEY_sign_message_init
before reporting an error.
Fixes #27108.
Signed-off-by: Pavol Žáčik <zacik.pa@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28224)
Pavol Žáčik [Mon, 11 Aug 2025 10:02:03 +0000 (12:02 +0200)]
apps/speed.c: Disable testing of composite signature algorithms
Creating public key context from name would always fail
for composite signature algorithms (such as RSA-SHA256)
because the public key algorithm name (e.g., RSA) does
not match the name of the composite algorithm.
Relates to #27855.
Signed-off-by: Pavol Žáčik <zacik.pa@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28224)
Matt Caswell [Fri, 15 Aug 2025 16:12:11 +0000 (17:12 +0100)]
Test setting a client to send a key share not allowed in TLSv1.3
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28283)
Matt Caswell [Fri, 15 Aug 2025 15:43:49 +0000 (16:43 +0100)]
Fail immediately if we have no key shares to send
If we are configured in such a way that we have no valid key shares to
send in the ClientHello we should immediately abort the connection.
Fixes #28281
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28283)
test/stack_test.c: check sk_sint_push result in test_int_stack
coverity complains about possible double free, which does not seem
to be the case with the current implementation, but it still
would be nice to check and reacto on unexpected sk_sint_push result.
Complements: 9837496142cf "Unit tests for crypto/stack."
Resolves: https://scan5.scan.coverity.com/#/project-view/65249/10222?selectedIssue=1662046
Related: https://github.com/openssl/project/issues/1317 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28238)
Referencing to old_ret after it has been freed by realloc is UB, so drop
its usage in the printing routine, and don't check it for being non-NULL
(as it is not a mistake to call free() on NULL pointer anyway).
Fixes: d090695101a9 "test: add a sanity test for memory allocation functions"
Resolves: https://scan5.scan.coverity.com/#/project-view/65279/10222?selectedIssue=1662052
Related: https://github.com/openssl/project/issues/1317 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28238)
test/sslapitest.c: tfix in row allocation in create_new_vfile
sizeof(*row) and not sizeof(row) is supposed to be used for the array
allocation.
Fixes: 76fd7a1d6192 "Add a test for SRP"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1662054
Related: https://github.com/openssl/project/issues/1317 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28238)
Bernd Edlinger [Mon, 18 Aug 2025 09:39:52 +0000 (11:39 +0200)]
Fix the return value of OBJ_create
OBJ_create is supposed to return NID_undef on error
and the newly created NID on success.
Fixes: 88a1fbb8d1b2 ("reduce lock contention when adding objects to ADDED_OBJ hash table") Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28293)
BIO_dgram: Fix BIO_CTRL_DGRAM_QUERY_MTU for IPv4-mapped IPv6 addresses
Ensure the correct IP header size is subtracted by reusing
dgram_get_mtu_overhead(), which handles address families properly.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28088)
Tracking it back, it occurs because tls1_set_server_sigalgs attempts to
preform an allocation, and in the event of failure, returns 0 without
setting SSLfatal, like the other failure paths in this function do when
returning 0, which translates to a return of WORK_ERROR higher up the
stack
The result is that on the next call to check_fatal in
read_state_machine, we fail the assert when deubg is enabled (as it is
in the coverage tests).
Fix it by calling SSLfatal when the call to OPENSSL_calloc fails in this
function.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28250)
Neil Horman [Wed, 13 Aug 2025 14:12:38 +0000 (10:12 -0400)]
Add CRYPTO_FREE_REF to ossl_quic_free_token_store
ossl_quic_free_token_store doesn't call CRYPTO_FREE_REF on the
hdl->reference object, which could lead to memory leaks on platforms
that don't support atomics (where the call to CRYPTO_NEW_REF allocates a
mutex as part of its function. It wasn't caught before because all the
platforms we do ci on support threads.
Fixes #28241
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28247)
Bernd Edlinger [Sun, 10 Aug 2025 16:50:37 +0000 (18:50 +0200)]
Add test coverage for PKCS7_TEXT mode
This was inspired by the following commit 9882d389df71 ("crypto/pkcs7/pk7_smime.c: Add BIO_free() to avoid memory leak")
which discovered a bug in PKCS7_verify(..., PKCS7_TEXT).
While there is some test coverage for PKCS_verify by
./test/pkcs7_test.c, there is no test coverage whatsoever
of the PKCS7_TEXT flag for PKCS7_sign, PKCS7_encrypt and
PKCS7_decrypt.
So this adds some test coverage for those functions as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28223)
Bernd Edlinger [Sat, 21 Jun 2025 10:53:56 +0000 (12:53 +0200)]
DH private key size was one bit too large
In the case when no q parameter was given,
the function generate_key in dh_key.c did create
one bit too much, so the priv_key value was exceeding
the DH group size q = (p-1)/2.
When the length is used in this case the limit is also
one bit too high, but for backward compatibility this
limit was left as is, instead we have to silently reduce
the value by one.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27870)
RISC-V: Add MD5 assembly implementation with rv64gc and Zbb
For the rv64gc assembly implementation, we can get about 20%-50% better performance than compiler-generated code (-O3).
For the Zbb assembly implementation, we can get about 10%-30% better performance than compiler-generated code (-O3 -march=rv64gc_zbb).
Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27990)
RISC-V: Add Zbb orn and its pseudo instruction opcode to rv64gc in riscv.pm
Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27990)
Pauli [Wed, 30 Jul 2025 02:31:55 +0000 (12:31 +1000)]
encode_key2ms: convert to use generated parameter parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Wed, 30 Jul 2025 02:31:55 +0000 (12:31 +1000)]
encode_key2any: convert to use generated parameter parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Wed, 30 Jul 2025 02:31:55 +0000 (12:31 +1000)]
decode_spki2typespki: convert to use generated parameter parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Wed, 30 Jul 2025 02:31:55 +0000 (12:31 +1000)]
decode_pvk2key: convert to use generated parameter parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Wed, 30 Jul 2025 02:31:55 +0000 (12:31 +1000)]
decode_pem2der: convert to use generated parameter parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Wed, 30 Jul 2025 02:31:55 +0000 (12:31 +1000)]
decode_epki2pki: convert to use generated parameter parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Wed, 30 Jul 2025 02:31:55 +0000 (12:31 +1000)]
decode_der2key: convert to use generated parameter parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Wed, 30 Jul 2025 02:12:04 +0000 (12:12 +1000)]
encode_decode: rename files for generated param parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
Pauli [Mon, 28 Jul 2025 01:02:45 +0000 (11:02 +1000)]
rsa: update to use generated param decoders for signature operations
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
Pauli [Mon, 28 Jul 2025 00:11:34 +0000 (10:11 +1000)]
sm2: update to use generated param decoders for signature operations
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
Pauli [Mon, 28 Jul 2025 00:11:34 +0000 (10:11 +1000)]
slh_dsa: update to use generated param decoders for signature operations
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
Pauli [Mon, 28 Jul 2025 00:11:34 +0000 (10:11 +1000)]
ecdsa: update to use generated param decoders for signature operations
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
Pauli [Mon, 28 Jul 2025 00:11:34 +0000 (10:11 +1000)]
dsa: update to use generated param decoders for signature operations
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
Pauli [Sun, 27 Jul 2025 22:44:38 +0000 (08:44 +1000)]
signatures: rename files in anticipation of generated param decoding
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
Pauli [Fri, 25 Jul 2025 03:15:26 +0000 (13:15 +1000)]
rsa kem: convert to using generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Fri, 25 Jul 2025 03:15:26 +0000 (13:15 +1000)]
ml_kem kem: convert to using generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Fri, 25 Jul 2025 03:15:26 +0000 (13:15 +1000)]
ecx kem: convert to using generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Fri, 25 Jul 2025 03:15:26 +0000 (13:15 +1000)]
ec kem: convert to using generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Fri, 25 Jul 2025 03:03:40 +0000 (13:03 +1000)]
kem: rename files for autogeneration of param parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Thu, 24 Jul 2025 02:01:03 +0000 (12:01 +1000)]
ecx: convert key exchange to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 02:00:55 +0000 (12:00 +1000)]
ecdh: convert key exchange to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 02:00:48 +0000 (12:00 +1000)]
dh: convert key exchange to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 01:28:12 +0000 (11:28 +1000)]
exchange: rename files for generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 01:24:00 +0000 (11:24 +1000)]
file_store_any: convert to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Thu, 24 Jul 2025 01:23:47 +0000 (11:23 +1000)]
win store: convert to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Thu, 24 Jul 2025 01:23:33 +0000 (11:23 +1000)]
file_store: convert to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Thu, 24 Jul 2025 01:14:29 +0000 (11:14 +1000)]
storemgmt: rename files for generate param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Tue, 22 Jul 2025 02:09:23 +0000 (12:09 +1000)]
rsa: update sm asymmetric cipher to use generated param parser
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)
Pauli [Tue, 22 Jul 2025 02:09:12 +0000 (12:09 +1000)]
sm2: update sm asymmetric cipher to use generated param parser
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)
Pauli [Tue, 22 Jul 2025 01:33:45 +0000 (11:33 +1000)]
asym: rename RSA and SM2 asymmetric cipher files
To allow generated param parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)
Pauli [Mon, 21 Jul 2025 02:13:47 +0000 (12:13 +1000)]
drbg: convert DRBGs to use generated ctx get param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Mon, 21 Jul 2025 01:40:35 +0000 (11:40 +1000)]
drbg: convert DRBGs to use generated ctx set param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Mon, 21 Jul 2025 00:09:13 +0000 (10:09 +1000)]
crngt: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Mon, 21 Jul 2025 00:07:42 +0000 (10:07 +1000)]
drbg: move drbg_local.h to somewhere it can be found by generated files
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:48:16 +0000 (09:48 +1000)]
seed: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:44:14 +0000 (09:44 +1000)]
jitter: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:36:56 +0000 (09:36 +1000)]
test rand: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:24:50 +0000 (09:24 +1000)]
rands: rename files for autogeneration of param parser
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Wed, 16 Jul 2025 00:50:03 +0000 (10:50 +1000)]
blake2: use generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Wed, 16 Jul 2025 00:49:49 +0000 (10:49 +1000)]
blake2: add generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 01:22:56 +0000 (11:22 +1000)]
poly1305: convert poly1305 to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 01:15:43 +0000 (11:15 +1000)]
siphash: convert siphash to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 01:07:21 +0000 (11:07 +1000)]
gmac: convert GMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 00:57:54 +0000 (10:57 +1000)]
cmac: convert CMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 00:48:04 +0000 (10:48 +1000)]
kmac: convert KMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Sun, 13 Jul 2025 23:56:00 +0000 (09:56 +1000)]
hmac: convert HMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Sun, 13 Jul 2025 23:26:23 +0000 (09:26 +1000)]
hmac: remove two unsupported params
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
projects / thirdparty / openssl.git / log
