crypto/x509/t_x509.c: check i2d_X509_NAME() return value in X509_ocspid_print()
There is little reason for this call to fail, but there is also little
reason for not to check for it, and, since Coverity noticed
that the check is missing, just add it.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665420
References: https://github.com/openssl/project/issues/1432 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28546)
Neil Horman [Sun, 14 Sep 2025 17:13:00 +0000 (13:13 -0400)]
Enable LMS on provider compat fips build for 3.6
The LMS test for fips assumes that LMS is available in the provider in
any version equal to or later than 3.6.
We should probably augment the test such that instead of just checking
the openssl version, we instead query the provider to see if the needed
algs are available to use LMS.
But given the current state of affairs, it seems more sensible to just
enable lms in the 3.6 fips provider build to ensure lms gets tested.
Fixes openssl/project#1435
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28541)
Viktor Dukhovni [Sat, 13 Sep 2025 02:52:42 +0000 (12:52 +1000)]
Test failure of rsa_encrypt when buffer too short
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28517)
Viktor Dukhovni [Thu, 11 Sep 2025 08:50:44 +0000 (18:50 +1000)]
Harden RSA public encrypt
Check the that the indicated output buffer length is large enough.
Fix EVP_SealInit() to initialise the output buffer length to the RSA
modulus length, not the input KEK length.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28517)
Neil Horman [Thu, 11 Sep 2025 12:40:14 +0000 (08:40 -0400)]
Update our CI jobs to cover the 3.6 stable branch
The coveralls, prov-compat and provider-compatibiity CI jobs test each
of the stable branches. We need to add 3.6 to the list in each of those
tests
Fixes openssl/project#1424
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28519)
kmac_prov.c.in: avoid resource leak on kmac_new_decoder fail in kmac_fetch_new
kctx was not freed in a case of kmac_new_decoder failure; consolidate
all the error paths under the "err:" label and jump to it on kmac_new_decoder()
returning 0.
Fixes: d5efc853796b "kmac: avoid using ossl_prov_digest_load_from_params()"
Resolves: https://github.com/openssl/project/issues/1419
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1453634 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28516)
Replace homebrewed implementation of *printf*() functions with libc
Switching from ANSI-C we can use implementation of printf like
function provided by libc on target platform. This applies
starting from 3.6 and onwards.
The slight exception here is old windows printf functions
before 2015, those are supported.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28305)
crmf_lib.c create_popo_signature(): add error queue entry on signature failure
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28482)
OSSL_CALLBACK.pod: add missing info on required return values of callback functions
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28474)
Jakub Jelen [Tue, 9 Sep 2025 16:10:30 +0000 (18:10 +0200)]
doc: Add missing commas
CLA: trivial Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28493)
Igor Ustinov [Tue, 9 Sep 2025 19:50:01 +0000 (21:50 +0200)]
Doc changes: the -hmac-env and -hmac-stdin options of openssl-dgst
will appear in version 4.0
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28497)
Add one more trace message to the torture_rcu_high test
It is interesting that in the very rare cases, where this
test failure has been observed so far, the rcu torture value
went always backwards to 0. This could be either due to
ossl_rcu_deref(&writer_ptr) returning NULL, or the initial
value of "new = CRYPTO_zalloc(sizeof(uint64_t), NULL, 0)"
still visible despite ossl_rcu_assign_ptr(&writer_ptr, &new)
immediatley after the "*new = global_ctr++" statement.
Add one additional trace message to find out what exactly
happens here, when it happens again.
Additionally, we do no longer initialize the new value to
zero but something else, so it can also be detected.
Related to #27267
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28487)
In some cases this information is necessary on the provider side
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28486)
doc/man3/RAND_load_file.pod: RAND_load_file on non-regular files with bytes=-1
Mention that RAND_load_file attempts to read only RAND_DRBG_STRENGTH
bytes on non-regular files if the number of bytes to be read
is not specified explicitly.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.
Reported-by: Liu-Ermeng <liuermeng2@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
util/find-doc-nits: do not check files in submodules in check_env_vars
The reports about undocumented environment variables coming from files
in submodules are superfluous; get the list of directories
from .gitmodules and exclude them from processing.
Resolves: https://github.com/openssl/openssl/issues/28109 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28378)
Enji Cooper [Fri, 5 Sep 2025 03:22:00 +0000 (20:22 -0700)]
Make the Unix build process more repeatable
Before this change all manpages would contain the date when pod2man was
run. This resulted in outputs that differed between builds--or
potentially across a single build if the host clock "ticked" to the next
day when the build was being run.
This commit modifies the manpage generation process as follows:
- The date all manpages were generated will be normalized to a single
date.
- The release date specified in `VERSION.dat` is used instead of the
date/time when `pod2man` was executed OR--in the event a date isn't
specified in `VERSION.dat`--the time when the Makefiles were last
regenerated.
Embedding a consistent date into the generated manpages helps ensure that
the build process as a whole is more repeatable and helps ensure that
release versions of OpenSSL create artifacts consistent with the date
that the official release was cut.
Co-authored-by: Richard Levitte <levitte@openssl.org> Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28449)
It is replaced by a few flags starting with '--allow-'. Currently:
--allow-unauthenticated
--allow-downgrades
--allow-remove-essential
--allow-change-held-packages
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28435)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28422)
David Benjamin [Sun, 31 Aug 2025 22:09:52 +0000 (18:09 -0400)]
Add a helper function to delete the extension list
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28398)
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
This means that a present but empty extensions list is actually invalid.
Rather, if you have no extensions to encode, you are meant to omit the
list altogether. Fix the delete_ext functions to handle this correctly.
This would mostly be moot, as an application adding extensions only to
delete them all would be unusual. However, #13658 implemented a slightly
roundabout design where, to omit SKID/AKID, the library first puts them
in and then the command-line tool detects some placeholder values and
deletes the extension again.
Fixes #28397
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28398)
Viperinius [Sun, 31 Aug 2025 16:09:11 +0000 (16:09 +0000)]
Fix typo in BN_generate_prime docs
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28395)
Norbert Pocs [Wed, 27 Aug 2025 13:45:45 +0000 (15:45 +0200)]
docs: Be case specific with links to man headers
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28356)
Also update a check for a negative int length value
in mem_write().
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26438)
The last (and only?) user has been removed in commit eca471391378 "APPS:
Drop interactive mode in the 'openssl' program".
Complements: eca471391378 "APPS: Drop interactive mode in the 'openssl' program" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28441)
Pauli [Thu, 4 Sep 2025 21:24:19 +0000 (07:24 +1000)]
slh-dsa: omit test of import PCT
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28447)
Pauli [Thu, 4 Sep 2025 21:23:28 +0000 (07:23 +1000)]
import pct: remove import PCTs for most algorithms
This coveres DH, EC, RSA and SLH-DSA.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28447)
Tomas Mraz [Fri, 5 Sep 2025 10:14:31 +0000 (12:14 +0200)]
interop-test.yml: Install new openssl version alongside the old
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28451)
Tomas Mraz [Fri, 5 Sep 2025 07:20:11 +0000 (09:20 +0200)]
interop-tests.yml: Fix also the soversion in the RPM spec file
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28451)
Only unlock in rsa_get_blinding when locking was successful
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28438)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28437)
Refactor cache_objects() loop and object type handling
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28382)
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28370)
There are some code paths where resp is used without a previous check
for being non-NULL (specifically, OCSP_response_create() can return
NULL, and do_responder() can return -1, that would also lead to resp
being NULL). Avoid hitting NULL dereferences by wrapping the code that
uses resp in "if (resp != NULL)".
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665155
References: https://github.com/openssl/project/issues/1362 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28405)
crypto/x509/t_req.c: avoid exts leaking on error paths
If an error occurred and jump to the "err" label is performed after
exts has been allocated, it can leak. Avoid that by adding
sk_X509_EXTENSION_pop_free() on the error path and setting exts to NULL
after sk_X509_EXTENSION_pop_free() in the normal handling.
Fixes: ae880ae6719e "Fix error handling in X509_REQ_print_ex" Fixes: 87c49f622e7f "Support for parsing of certificate extensions in PKCS#10 requests: these are"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665161
References: https://github.com/openssl/project/issues/1362 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28405)
test/radix/quic_bindings.c: move locking after child_script_info assignment
Coverity complains that some child_script_info field accesses are guarded
by the mutexes, while others are not; placate it by performing the assignment
before taking the lock.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665151
References: https://github.com/openssl/project/issues/1362 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28405)
doc/man1/openssl-enc.pod.in: document 'k' handling for -bufsize
Apparently, '-bufsize' option parser can handle the 'k' suffix
(and treat is as the value being provided in the multiples of 1024).
Document that.
Complements: d02b48c63a58 "Import of old SSLeay release: SSLeay 0.8.1b" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28405)
apps/enc.c: avoid signed integer overflow on bufsize assignment
The calculated option value, while being long-typed, is not checked
for fitting into int-sized bufsize. Avoid overflow by throwing error
if it is bigger than INT_MAX and document that behaviour.
Fixes: 7e1b7485706c "Big apps cleanup (option-parsing, etc)"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665149
References: https://github.com/openssl/project/issues/1362 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28405)
Per paragraph 3 of section 6.5.16.1 "Simple assignment" of ISO 9899:1999 TC3:
If the value being stored in an object is read from another object
that overlaps in any way the storage of the first object, then the overlap
shall be exact and the two objects shall have qualified or unqualified
versions of a compatible type; otherwise, the behavior is undefined.
And that is what exactly violated when one field of the union is
assigned to another; avoid that by introducing separate local variable
where the cast value is stored and then compared.
Fixes: 9deaf8383338 "test/bioprinttest.c: add some checks for integer and string printing"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665144
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665145
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665146
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665147
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665148
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665150
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665152
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665153
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665156
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665157
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665158
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665159
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665160
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665162
References: https://github.com/openssl/project/issues/1362 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28405)
Pauli [Thu, 28 Aug 2025 04:48:59 +0000 (14:48 +1000)]
remove ossl_prov_digest_load_from_params()
This is no longer used or needed and is internal, so away it goes.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28361)
Pauli [Thu, 28 Aug 2025 04:48:51 +0000 (14:48 +1000)]
kmac: avoid using ossl_prov_digest_load_from_params()
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28361)
Pauli [Thu, 28 Aug 2025 04:48:31 +0000 (14:48 +1000)]
pvkkdf: avoid using ossl_prov_digest_load_from_params()
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28361)
Pauli [Thu, 28 Aug 2025 04:48:10 +0000 (14:48 +1000)]
pbkdf2: avoid using ossl_prov_digest_load_from_params()
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28361)
Pauli [Thu, 28 Aug 2025 04:47:52 +0000 (14:47 +1000)]
hkdf: avoid using ossl_prov_digest_load_from_params()
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28361)
slontis [Fri, 29 Aug 2025 04:11:59 +0000 (14:11 +1000)]
FIPS: Don't allow SHA512-224 and SHA512-256 for ECDSA/DSA signatures
These algorithms do not have OIDS (Note that RSA does have OIDS),
and are not valid values for FIPS.
Note that this was only possible if the "ECDSA" algorithm is fetched.
Note that "ECDSA-SHA512-256" and "ECDSA-SHA512-224" are not currently
fetchable.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28377)
Pauli [Sun, 31 Aug 2025 07:21:42 +0000 (17:21 +1000)]
slh-dsa: enter FIPS error state if pairwise test fails
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28394)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28403)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Simo Sorce [Fri, 10 Jan 2025 22:20:59 +0000 (17:20 -0500)]
Implement EVP_KDF_CTX_set_SKEY
This allows to use a SKEY as input to a KDF derive operation.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Design document of using opaque object as symmetric key
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Leonabcd123 [Thu, 28 Aug 2025 08:46:13 +0000 (11:46 +0300)]
Fix typos and whitespace
Added "the" before "use"
Add missing whitespace
Removed unnecessary apostrophe in FIPS.md
CLA: trivial
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28362)
projects / thirdparty / openssl.git / log
