Viktor Dukhovni [Sun, 9 Feb 2025 02:07:39 +0000 (13:07 +1100)]
Make the ML-DSA seed gettable as documented
- Also fix the get_params keymgmt function to always return what's
available. Requested, but unavailable, parameters are simply left
unmodified. It is not an error to request more than is present.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26674)
Viktor Dukhovni [Mon, 3 Feb 2025 01:39:29 +0000 (12:39 +1100)]
Flexible encoders for ML-DSA
- Same UX as ML-KEM. The main ASN.1 private key syntax is the one from
Russ Housley's post on the LAMPS list, subsequently amended to tag the
seed instead of the key (each of the three parameter sets will have a
fixed size for the `expandedKey`):
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26638)
slontis [Tue, 4 Feb 2025 23:20:50 +0000 (10:20 +1100)]
ML_DSA: Make apps.c do_X509_REQ_verify() call work correctly.
- Added sigid_algs for ML_DSA such that OBJ_find_sigid_algs() works.
- OBJ_sn2nid() was also being called, so the SN form of ML_DSA
algorithms needed to be added to the provider dispatch tables.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26636)
Pauli [Mon, 3 Feb 2025 04:22:00 +0000 (15:22 +1100)]
endecoders: make ML-KEM endecoders have fips=yes property
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Mon, 3 Feb 2025 04:19:44 +0000 (15:19 +1100)]
doc: ML-DSA is in the FIPS provider too, so update docs
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Tue, 28 Jan 2025 21:29:27 +0000 (08:29 +1100)]
test: update endecode test in light of ML-DSA being in the FIPS provider
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Fri, 24 Jan 2025 02:58:54 +0000 (13:58 +1100)]
ml-dsa(fips): add ML-DSA key generation self test
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Fri, 24 Jan 2025 01:55:21 +0000 (12:55 +1100)]
ml-dsa(fips): add power up signature self tests for ML-DSA-65
This added self tests for ML-DSA. IG 10.3.A.15 requires known answer
tests for both signing and verify. This adds them.
The signature generation is constructed to encounter all three of the rejection
loop tests that are relevant for ML-DSA-65. The message has been generated
so that:
* it fails the z_max rejection test on iteration one
* it fails the r0_max rejection test on iteration two
* it fails the h_ones rejection test on iteration three
* it successfully generates the signature on iteration four
It is thus an optimal self test in terms of iterations and coverage.
Key generation self tests will be dealt with separately.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Wed, 22 Jan 2025 02:42:12 +0000 (13:42 +1100)]
ml-dsa: document self test names
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Wed, 22 Jan 2025 02:41:47 +0000 (13:41 +1100)]
ml-dsa: add FIPS self test macro
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Wed, 22 Jan 2025 02:11:10 +0000 (13:11 +1100)]
test: run ML-DSA tests on FIPS provider
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Wed, 22 Jan 2025 02:10:54 +0000 (13:10 +1100)]
ml-dsa: add PCT for FIPS provider
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Wed, 22 Jan 2025 02:09:19 +0000 (13:09 +1100)]
ml-dsa: add to FIPS provider
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Wed, 22 Jan 2025 02:08:33 +0000 (13:08 +1100)]
ml-dsa: add more to internal header
The ossl_ml_dsa_key_get0_libctx() and the various size macros are better in the intneral header
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Mon, 20 Jan 2025 03:19:31 +0000 (14:19 +1100)]
fips: build ML-DSA for FIPS provider
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Mon, 20 Jan 2025 03:18:49 +0000 (14:18 +1100)]
fips: build ML-DSA for FIPS provider
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Mon, 20 Jan 2025 03:18:13 +0000 (14:18 +1100)]
build: fix copy/paste mistake
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
Pauli [Mon, 20 Jan 2025 03:16:37 +0000 (14:16 +1100)]
Add ML-DSA to the FIPS provider
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
slontis [Wed, 29 Jan 2025 00:58:00 +0000 (11:58 +1100)]
ML-DSA Add digestsign tests - The digest must be NULL
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26575)
slontis [Tue, 28 Jan 2025 08:46:07 +0000 (19:46 +1100)]
ML_DSA Add support for generation of X509 certificates using the openssl
commandline.
In order to support this gettables are required in both the key and
signature.:
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26575)
slontis [Tue, 28 Jan 2025 06:25:32 +0000 (17:25 +1100)]
ML-DSA Updates to encoders required because of changes on the master
branch.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26575)
slontis [Fri, 10 Jan 2025 01:41:12 +0000 (12:41 +1100)]
Add ML_DSA encoders
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26575)
Pauli [Thu, 23 Jan 2025 05:21:38 +0000 (16:21 +1100)]
ml-dsa: avoid param builder
Using param builder consumes more resources and it is only beneficial
when dealing with bignums. Directly using the param helpers is a better
alternative.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26529)
slontis [Mon, 13 Jan 2025 06:01:45 +0000 (17:01 +1100)]
Add ML-DSA design document.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26400)
slontis [Mon, 13 Jan 2025 02:53:55 +0000 (13:53 +1100)]
Add ML-DSA documentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26400)
slontis [Tue, 21 Jan 2025 00:58:49 +0000 (11:58 +1100)]
ML-DSA encoder fixups
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26483)
slontis [Fri, 17 Jan 2025 08:23:50 +0000 (19:23 +1100)]
ML-DSA: Add python utility used to parse ACVP test data.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)
slontis [Fri, 17 Jan 2025 07:48:53 +0000 (18:48 +1100)]
ML-DSA: Fix endian issue in ossl_ml_dsa_poly_sample_in_ball().
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)
slontis [Fri, 17 Jan 2025 04:07:47 +0000 (15:07 +1100)]
ML-DSA: Add evp_test support for ML-DSA ACVP test vectors.
The evp_test line buffer was increased to 32K to deal with the large
lines required for PQ messages and signatures.
The test data files were generated by parsing AVCP test files using
a python script.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)
slontis [Fri, 17 Jan 2025 04:05:21 +0000 (15:05 +1100)]
ML-DSA: Add support for dup.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)
slontis [Fri, 17 Jan 2025 03:58:14 +0000 (14:58 +1100)]
ML_DSA: Fix partially uninitialised hint buffer.
The encoded hint data consists of omega + k bytes.
The bytes at the end of omega section of the buffer may be 0,
so the buffer must be cleared initially.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)
slontis [Fri, 10 Jan 2025 01:41:12 +0000 (12:41 +1100)]
Add ML_DSA encoders
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)
slontis [Mon, 6 Jan 2025 06:42:12 +0000 (17:42 +1100)]
ML-DSA fixups
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
Viktor Dukhovni [Sun, 5 Jan 2025 12:32:23 +0000 (23:32 +1100)]
Add ML-DSA-44 and ML-DSA-87, fix endian issues & add fixups
- Make data encoding work on big-endian systems.
- Fix some ML-DSA-44 specific bugs related to w1-vector bits
per-coefficient, overall size and high-bits rounding.
- Use "do { ... } while (pointer < end)" style consistently.
- Drop redundant reference counting of provided keys.
- Add parameter blocks for ML-DSA-44 and ML-DSA-87 and turn on
associated provider glue. These now pass both keygen and
siggen tests (to be added separately).
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
slontis [Fri, 20 Dec 2024 03:18:27 +0000 (14:18 +1100)]
Add ML-DSA sign/verify
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
slontis [Mon, 9 Dec 2024 23:24:05 +0000 (10:24 +1100)]
ML_DSA: Use pointers instead of arrays for polynomials in Vectors and Matrix.
A DSA_KEY when created will alloc enough space to hold its k & l
vectors and then just set the vectors to point to the allocated blob.
Local Vectors and Matricies can then be initialised in a similar way by
passing them an array of Polnomials that are on the local stack.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
slontis [Tue, 3 Dec 2024 04:03:09 +0000 (15:03 +1100)]
Add ML-DSA Keygen support
The key generation algorithm requires a significant portion of the many
algorithms present in FIPS 204.
This work is derived from the BoringSSL code located at
https://boringssl.googlesource.com/boringssl/+/refs/heads/master/crypto/mldsa/mldsa.cc
Instead of c++ templates it uses an ML_DSA_PARAMS object to store constants such as k & l.
To perform hash operations a temporary EVP_MD_CTX object is used, which is supplied with a
prefetched EVP_MD shake128 or shake256 object that reside in the ML_DSA_KEY object.
The ML_DSA_KEY object stores the encoded public and/or private key
whenever a key is loaded or generated. A public key is always present
if the private key component exists.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
Josh Soref [Tue, 11 Feb 2025 16:04:29 +0000 (11:04 -0500)]
Fix arithmetic in a comment
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26707)
Viktor Dukhovni [Tue, 11 Feb 2025 10:45:23 +0000 (21:45 +1100)]
Address coverity reports
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26703)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26641)
X509_STORE_CTX_get1_issuer(): make happy path quicker again
Fixes #26588
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26600)
x509_vfy.c: refactor parameter of get0_best_issuer_sk() and adapt its use by build_chain()
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26600)
Simo Sorce [Fri, 7 Feb 2025 19:20:00 +0000 (14:20 -0500)]
Add documentation to explain DRBG changes
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26542)
Simo Sorce [Fri, 7 Feb 2025 16:21:51 +0000 (11:21 -0500)]
Change also other DRBG's algorithm fetching
- DRBG_HASH
- DRBG_HMAC
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26542)
...instead of the default one Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26542)
Simo Sorce [Thu, 23 Jan 2025 16:01:39 +0000 (11:01 -0500)]
Prefer DRBG ciphers from the same provider
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26542)
Ingo Franzki [Mon, 10 Feb 2025 14:45:26 +0000 (15:45 +0100)]
test/quicapitest.c: Increase timeout of test_fin_only_blocking to 40ms
Running this test on heavily loaded systems may cause the SSL_read_ex() to
take more than 20ms, due to concurrent workload.
Increase the timeout to 40ms to allow a little bit more time.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26693)
Matt Caswell [Fri, 7 Feb 2025 11:53:59 +0000 (11:53 +0000)]
Add a test for configuring provider certs via config
A bug existed where provider added cert algorithms caused a crash when
they were configured via a config file. We add a test for this scenario.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Matt Caswell [Fri, 7 Feb 2025 12:11:41 +0000 (12:11 +0000)]
Fix configuring provider certificate algs via config file
A crash could occur when attempting to configure a certificate via a
config file, where the algorithm for the certificate key was added
dynamically via a provider.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Matt Caswell [Fri, 3 Jan 2025 15:57:47 +0000 (15:57 +0000)]
Enable the quic-tls API to work, even in the case of no-quic
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Wed, 21 Aug 2024 13:50:55 +0000 (14:50 +0100)]
Add a test for the quic-tls API
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Wed, 21 Aug 2024 10:16:54 +0000 (11:16 +0100)]
Add a CHANGES.md entry
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Tue, 20 Aug 2024 15:19:10 +0000 (16:19 +0100)]
Add documentation for the new third party QUIC stack API
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Tue, 20 Aug 2024 14:09:17 +0000 (15:09 +0100)]
Add an API for other QUIC stacks to use our TLS implementation
We provide some callbacks for third party QUIC stacks to use in order
to be able to reuse the OpenSSL TLS implementation in that stack. This is
essentially a thin wrapper around the same API that OpenSSL's own QUIC
stack uses in order to integrate TLS.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Viktor Dukhovni [Thu, 19 Dec 2024 17:25:15 +0000 (04:25 +1100)]
With SSL_VERIFY_PEER client RPK should abort on X509 error
While RPK performs X.509 checks correctly, at the SSL layer the
SSL_VERIFY_PEER flag was not honoured and connections were allowed to
complete even when the server was not verified. The client can of
course determine this by calling SSL_get_verify_result(), but some
may not know to do this.
Added tests to make sure this does not regress.
Fixes CVE-2024-12797
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
Dave Kelsey [Thu, 16 Jan 2025 15:10:41 +0000 (15:10 +0000)]
Add support for multiple key shares
This PR is the implementation of concluded discussion that occurred in a
draft PR #25605. This changes were mainly authored by @martinschmatz
with some contribution from myself.
It addresses issue #21633
This extends the group list definition to support a more complex
definition while still retaining backward compatibility with the simple
form of colon separated groups.
Details of the agreed format and expected behaviour can be found in
#25605 and in the documentation changes.
Signed-off-by: Dave Kelsey <d_kelsey@uk.ibm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26445)
Zhiguo Zhou [Mon, 6 Jan 2025 14:05:55 +0000 (22:05 +0800)]
Dual 1024/1536/2048-bit exponentiation optimization for Intel Sierra Forest CPU
It optimizes the RSA-2k/3k/4k via the AVXIFMA ISA on Sierra Forest.
The performance improvements of 1.8x-2.2x are observed in the speed
tests of sign and decryption operations on this CPU.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25751)
Dmitry Misharov [Wed, 5 Feb 2025 09:11:55 +0000 (10:11 +0100)]
add workflow dispatch inputs into coveralls workflow
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26645)
sashan [Wed, 29 Jan 2025 09:57:14 +0000 (10:57 +0100)]
perlasm: Replace .previous with the actual previous section
Older versions of darwin (10.8 and earlier) don't understand .previous.
this tweak emits the previous section directive which preceeds the
rodata (for example .text) instead of using .previous. We use the
same for mingw.
Fixes #26447
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26585)
projects / thirdparty / openssl.git / log
