Kazuki Yamaguchi [Sat, 25 Jan 2025 08:31:31 +0000 (17:31 +0900)]
Use ASN1_INTEGER_get_int64() in ossl_serial_number_print()
A -1 return from ASN1_INTEGER_get() indicates both success and error.
Our man page calls out this ambiguity. Use ASN1_INTEGER_get_int64()
instead, which has a better error reporting and also a platform
independent behavior with respect to sizeof(long).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26557)
Kazuki Yamaguchi [Sat, 25 Jan 2025 08:31:16 +0000 (17:31 +0900)]
Fix pretty-printing empty serial number in ossl_serial_number_print()
Fix a crash when the ASN1_INTEGER has empty content. While it is
illegal, this is the initial state of the serialNumber field when an
X509 object is allocated by X509_new(). X509_print*() should be able to
process an incomplete X509 object too.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26557)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25716)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25716)
Michael Baentsch [Sat, 18 Jan 2025 08:58:33 +0000 (09:58 +0100)]
Add version field check to PKCS8 decoder
Fixes #26459
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26464)
Rajeev Ranjan [Tue, 5 Nov 2024 13:26:29 +0000 (14:26 +0100)]
Add function X509_VERIFY_PARAM_get_purpose()
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25132)
Rajeev Ranjan [Wed, 29 May 2024 16:19:29 +0000 (18:19 +0200)]
CMP: add support for central key generation
- add testcase for central keygen
- add documentation
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25132)
Sean Kannanaikal [Wed, 22 Jan 2025 12:38:47 +0000 (07:38 -0500)]
Fix magic + 20 in PEM_ASN1_write_bio
Fixes #26476
In the file crypto/pem/pem_lib.c the function had a +20 to account for
padding in the data size, however this was recognized to not be up to
standard quality. Instead it has now been updated to use the static
maximum block size and uses that for the calculation as opposed to a +20.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26526)
Mae [Wed, 22 Jan 2025 16:54:43 +0000 (16:54 +0000)]
Fix passing struct by value rather than by reference to syscall
Fixes #26521
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26523)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26522)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26522)
Viktor Dukhovni [Thu, 23 Jan 2025 04:42:14 +0000 (15:42 +1100)]
Expose the provider `c_get_params` function via PROV_CTX.
This applies to the base, default and FIPS providers, could be added in
principle also to the legacy provider, but there's no compelling reason
to do that at the moment.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26530)
Viktor Dukhovni [Wed, 22 Jan 2025 15:43:53 +0000 (02:43 +1100)]
Don't lose config infopairs of built-in providers
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26520)
Stas Cymbalov [Tue, 21 Jan 2025 13:42:19 +0000 (16:42 +0300)]
Fix data race in asn1_str2tag() on tntmp which was accidentally made static
Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
parameter. This can happen if other thread modifies tntmp to point to
a different tnst element right after a successful name check in the
if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
This can happen when multiple threads all first execute tntmp = tnst;
line and then start executing the loop. If that case those threads
can end up incrementing tntmp past the end of tnst array.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)
Signed-off-by: Alexander Heinlein <alexander.heinlein@web.de> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26497)
Richard Levitte [Thu, 9 Jan 2025 13:36:20 +0000 (14:36 +0100)]
Refactor MAKE_ENCODER in providers/implementations/encode_decode/encode_key2any.c
It took a parameter 'evp_type', which isn't used. The comment describing
it mentions a future refactoring, but it appears that this has already
happened.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26360)
Bernd Edlinger [Tue, 21 Jan 2025 15:12:18 +0000 (16:12 +0100)]
Give DTLS tests more time to complete
Increase the timeout for DTLS tests to 10 seconds.
But do that only for DTLS as this would waste time
for other tests, most of the TLS tests do not need
this at all.
Fixes #26491
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26502)
When this pattern occurs, the atomic or operation fails to see the published
value of CPU1 and when the or-ed value is written back to ram, the incremented
value in get_hold_current_qp is overwritten, meaning the hold that the reader
placed on the rcu lock is lost, allowing the writer to complete early, freeing
memory before a reader is done reading any held memory.
Why this is only observed on ppc64le I'm not sure, but it seems like a pretty
clear problem.
fix it by implementing ATOMIC_COMPARE_EXCHANGE_N, so that, on the write side in
update_qp, we can ensure that updates are only done if the read side hasn't
changed anything. If it has, retry the operation.
With this fix, I'm able to run the threads test overnight (4000 iterations and
counting) without failure.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26478)
Nadav Tasher [Fri, 20 Dec 2024 15:59:01 +0000 (17:59 +0200)]
s_socket: naccept: close listening socket after accepting clients
When `-naccept` is passed (i.e with `s_server`), the listening socket remains open while handling
client, even after `naccept` is supposed to reach `0`.
This is caused to to the decrementation of `naccept` and closing of the socket
happening a little too late in the `do_server` function.
Signed-off-by: Nadav Tasher <tashernadav@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26228)
Viktor Dukhovni [Fri, 17 Jan 2025 11:58:43 +0000 (22:58 +1100)]
Support boolean queries against provider config
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26455)
Restoring [sp, #64] into d15,d16 instead of d14,d15.
Fixes: #26466
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26469)
Viktor Dukhovni [Sat, 18 Jan 2025 07:34:54 +0000 (18:34 +1100)]
Check return of OSSL_PROVIDER_do_all to avoid coverity noise
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26462)
Viktor Dukhovni [Thu, 16 Jan 2025 08:45:50 +0000 (19:45 +1100)]
Don't promise a non-zero return size in error cases.
When a requested parameter has a non-NULL result pointer,
and the error isn't simply that the result buffer is too
small, don't return a non-zero result size.
Returning a non-zero result size that isn't larger than the
user's provided space is an indication that a result of
that size was actually written, inviting trouble if the
error indication was inadvertenly lost.
Also, in such cases (wrong type, data can't be converted to the
requested type when otherwise supported, ...) there is nothing useful to
be done with the return size value, it can't help to address the
problem.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26436)
Viktor Dukhovni [Sun, 19 Jan 2025 15:51:07 +0000 (02:51 +1100)]
Make the provider context available to encoders
At the moment the provider context is only available to
encoders that encrypt, but it is useful more generally.
A similar change has already been merged to "master" on the
decoder side, this is the mirror change for encoders. The
only significant difference is that PEM_ASN1_write_bio needed
to be "extended" (cloned) to allow it to pass the provider context
down to the `k2d` function it uses to encode the data.
I had to "hold my nose" and live with the random "20" added to the data
size in order to accomodate encryption with padding, which may produce
one more cipher block than the input length. This really should ask
the EVP layer about the block length of the cipher, and allocate the
right amount. This should be a separate fix for both the old
PEM_ASN1_write_bio() and the new PEM_ASN1_write_bio_ctx().
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26475)
Tomas Mraz [Wed, 15 Jan 2025 17:29:52 +0000 (18:29 +0100)]
Add CHANGES.md and NEWS.md updates for CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
Tomas Mraz [Wed, 15 Jan 2025 17:27:02 +0000 (18:27 +0100)]
Fix timing side-channel in ECDSA signature computation
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
Attacks on ECDSA nonce are also known as Minerva attack.
Fixes CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
otherddn1978 [Thu, 26 Dec 2024 10:26:34 +0000 (13:26 +0300)]
If you call X509_add_cert with cert == NULL and the X509_ADD_FLAG_UP_REF
flag, it will сrash to X509_up_ref. Passing NULL here is not valid,
return 0 if cert == NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26267)
Richard Levitte [Wed, 15 Jan 2025 09:14:41 +0000 (10:14 +0100)]
Fix documentation of OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION
This drops OSSL_PKEY_PARAM_IMPLICIT_REJECTION - which is a meaningless
name - everywhere apart from still existing (for API stability, in
case someone uses that macro).
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26421)
It looks like llvm-mingw tool chain does not understand `.previous` asm
directive (see https://sourceware.org/binutils/docs/as/Previous.html).
As a workaround for win64 flavor (llvm-mingw toolchain) we let xlate
to emit .text instead of emitting .previous.
We also need to revisit usage of win64 flavor here in aarch64. We should
perhaps introduce a mingw flavour on aarch64 as well. win assembly
flavour should be used for microsoft assembler.
Fixes #26415
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26428)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26418)
When we compile with -O0 for Linux, the command
`./util/checkplatformsyms.pl ./util/platform_symbols/unix-symbols.txt ./libcrypto.so ./libssl.so`
complains to the lack of `atoi`
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26417)
Nikolay Nikolaev [Tue, 24 Dec 2024 11:26:09 +0000 (13:26 +0200)]
Workaround for RSA on AArch64 Big Endian
10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.
Fixes: #22687
CLA: trivial
Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)
Peter Bierma [Sun, 12 Jan 2025 16:12:18 +0000 (11:12 -0500)]
Remove non-existing error code.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26389)
Peter Bierma [Sat, 11 Jan 2025 17:02:45 +0000 (12:02 -0500)]
Synchronize openssl.txt with comperr.h
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26389)
Bernd Edlinger [Fri, 10 Jan 2025 07:45:20 +0000 (08:45 +0100)]
Fix dtls tests
The dtls server process exits too early when the input
has an EOF condition.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Dmitry Misharov [Thu, 10 Oct 2024 14:15:55 +0000 (16:15 +0200)]
Add a GitHub workflow to make a release
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25662)
Bernd Edlinger [Fri, 10 Jan 2025 18:58:46 +0000 (19:58 +0100)]
Fix test failure in 30-test_evp_pkey_provided.t
In this test there is a random test output corruption.
`make test TESTS=test_evp_pkey_provided V=1` has some random output,
that can with a certain probability start a line with "ok" or so:
# Setting up a OSSL_ENCODER context with passphrase
# Testing with no encryption
jLixONcRPi/m64CGie4KKKDuGeTjtYwfima3BNYCGlgbLGeK3yYxBfZb9JjviOJ4
# nHaNsRsONTAKyg==
This happens because large random data is output to bio_out
but some data remains buffered, and then test_note() is used to print
some comments on the bio_err file. This causes output corruption that
confuses the TAP parser.
Fix that by flushing any pending output with test_flush_stdout() first.
Fixes #23992
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26383)
Finishing touch to perlasm update to make it work on OpenBSD
This changeset brings a finishing touch to stuff we got from botovoq@
Changes to `crypto/perlasm/arm-xlate.pl` deal with verious assembler
flavours to keep various assembler compilers happy.
We also need to keep original code for 32-bit flavour in
`crypto/aes/asm/aesv8-armx.pl`.
Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24137)
drbg: provide requested amount of entropy, rather than self-strength
Parent DRBG can be seed source (os or jitter) and thus able to provide
unlimited entropy.
get_entropy is documented to provide at least the request amount of
entropy. If requested amount of entropy is same as, or less than
drbg->strength, everything is compliant. However, if requested entropy
is more than drbg->strength (unlikely, but possible), the returned
amount of entropy will be insufficient and additional repeated calls
to get_entropy will be required.
Reading history of refactors, it seems to me that this function call
previouslly had assumptions and usecases that couldn't ever request or
require more than strength amount of entropy.
If entropy is set, request that amount, otherwise request
drbg->strength amount.
Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25850)
Neil Horman [Fri, 10 Jan 2025 19:37:28 +0000 (14:37 -0500)]
Fix premature reuse of qp's in rcu locks
An intermittent failure was noted on our new ppc64le CI runner, in which
what appeared to be a corrupted or invalid value getting returned from a
shared pointer under rcu protection
Investigation showed that the problem was with our small number of qp's
in a lock, and slightly incorrect accounting of the number of qp's
available we were prematurely recycling qp's, which led in turn to
premature completion of synchronization states, resulting in readers
reading memory that may have already been freed.
Fix it by:
a) Ensuring that we account for the fact that the first qp in an rcu
lock is allocated at the time the lock is created
and
b) Ensuring that we have a minimum number of 3 qp's:
1 that is free for write side allocation
1 that is in use by the write side currently
1 "next" qp that the read side can update while the prior qp is being
retired
With this change, the rcu threadstest runs indefinately in my testing
Fixes #26356
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26384)
Bernd Edlinger [Thu, 9 Jan 2025 14:14:15 +0000 (15:14 +0100)]
Fix intermittent test failure in 80-test_cmp_http.t
output to stderr is unbuffered bypassing the normal output, which does
not happen at line boundaries and is therefore confusing the TAP parser.
This is known to cause random test failures like this one:
80-test_cmp_http.t (Wstat: 0 Tests: 5 Failed: 0)
Parse errors: Tests out of sequence. Found (6) but expected (5)
Bad plan. You planned 6 tests but ran 5.
Fixes #23992
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26363)
Ingo Franzki [Wed, 8 Jan 2025 15:00:33 +0000 (16:00 +0100)]
speed: Pass IV to EVP_CipherInit_ex for -evp runs with non-AEAD ciphers
Some (non-AEAD) ciphers require an IV to be used. Always pass a (dummy) IV
when setting the key. It is ignored by ciphers that do not use an IV.
Commit 607a46d003f472d4bce646f3df6e85725094d68a corrected the use of AEAD
ciphers, but removed the IV from being passed to EVP_CipherInit_ex() for
non-AEAD ciphers.
Fixes: https://github.com/openssl/openssl/commit/607a46d003f472d4bce646f3df6e85725094d68a Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26346)
Tomas Mraz [Fri, 10 Jan 2025 15:10:46 +0000 (16:10 +0100)]
coveralls.yml: Add --ignore-errors mismatch
Once lcov is updated to 2.2 version or later, it could be dropped.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26381)
Viktor Dukhovni [Thu, 9 Jan 2025 03:33:18 +0000 (14:33 +1100)]
Pre-ML-KEM/DSA decoder/encoder refactor
Simplify some decoder/encoder internals to facilitate upcoming support
for ML-KEM and ML-DSA.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26355)
Kai Pastor [Sat, 4 Jan 2025 10:48:26 +0000 (11:48 +0100)]
Fix buildinf.h generation for space and backslash
Builds may be configured with CC or CFLAGS containing space and
double quotes. In particular on Windows, this may lead to passing
more than two arguments into mkbuildinf.pl.
In addition, backslashes must be escaped for constructing the C string.
Fixes #26253.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26315)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26330)
projects / thirdparty / openssl.git / log
