mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
35,741 Commits 34 Branches 385 Tags 513 MiB
0cd9dd703e
Commit Graph

35741 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pauli
90f64d064e test: add error reasons to X9.63 test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
0acf9f8934 test: add error reasons to X9.42 test 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
41a9aeb672 test: add error reasons to TLS 1.3 KDF tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
a969c466b1 test: add error reasons to TLS 1.2 PRF tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
3cccd17eed test: add error reasons to Single Step KDF tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
20284908c4 test: add error reasons to SSHKDF tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
bb3b3abfd5 test: add error reasons to PBKDF2 tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
8c24acda18 test: add error reasons to HKDF tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:54 +10:00
Pauli
77915ae8eb test: add error reasons to KMAC tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:53 +10:00
Pauli
068c9bee37 test: add error reasons to RSA tests 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)
 2024-08-10 16:35:53 +10:00
Pauli
8e316edd71 fips: change from function call to macro in rsa_enc.c 
Use of the function instead of the macro for the indicator unapproved check was
noted in: https://github.com/openssl/openssl/pull/25070#discussion_r1706564363
Fix things to use the macro properly.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25134)
 2024-08-10 16:34:51 +10:00
Neil Horman
11adb943ab amend! fixup! limit bignums to 512 bytes 
fixup! limit bignums to 512 bytes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25013)
 2024-08-09 07:59:03 -04:00
Neil Horman
f0768376e1 limit bignums to 128 bytes 
Keep us from spinning forever doing huge amounts of math in the fuzzer

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25013)
 2024-08-09 07:59:03 -04:00
slontis
250a7adbea Add "no-fips-post" configure option. 
Using this option disables the OpenSSL FIPS provider
self tests.
This is intended for debugging purposes only,
as it breaks FIPS compliance.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25063)
 2024-08-09 09:12:45 +10:00
slontis
ea3888a397 Fix FIPS indicator defines for larger indicies. 
A newer PR is using setable3 now so these indicies should be fixed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25118)
 2024-08-09 07:16:29 +10:00
Pauli
fd39d1c80c test: add negative tests for KBKDF key size check under FIPS 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:44:42 +10:00
Pauli
ae87c48895 fips: add kbkdf key length check as per SP 800-131a revision 2 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:44:38 +10:00
Pauli
6cb6b17171 fips: add kbkdf key check checking function 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:43:00 +10:00
Pauli
57fb8841dc doc: docment key-check param for kbkdf 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:42:59 +10:00
Pauli
8d52cf525b doc: document kbkdf key check argument for fipsinstall 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:42:59 +10:00
Pauli
243b7f399a fips: install with the kbkdf key check option set 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:42:59 +10:00
Pauli
c2b8af893f params: add kbkdf key check param 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:42:59 +10:00
Pauli
090247b2e2 fipsinstall: add kbkdf key check option 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
 2024-08-08 08:42:59 +10:00
JulieDzeze1
e77eb1dc0b Update BN_add.pod documentation so it is consistent with header declarations 
CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24215)
 2024-08-07 19:55:57 +02:00
Mathis Marion
de8861a7e3 Remove duplicate colon in otherName display 
The colon is already added in X509V3_EXT_val_prn(). In fact, the other
branches from i2v_GENERAL_NAME() do not include a trailing colon.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23428)
 2024-08-07 19:53:49 +02:00
Mathis Marion
387491d537 Add OIDs id-kp-wisun-fan-device and id-on-hardwareModule 
Sub-OIDs for {iso(1) identified-organization(3) dod(6) internet(1)
private(4) enterprise(1) 45605} are recorded in the document "Wi-SUN
Assigned Value Registry" (WAVR).

OID id-on-hardwareModule is defined in RFC 4108.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23428)
 2024-08-07 19:53:19 +02:00
Matt Caswell
c0c4e6ba0a Remove the event queue code 
PR #18345 added some code for an event queue. It also added a test for it.
Unfortunately this event queue code has never been used for anything.
Additionally the test was never integrated into a test recipe, so it never
actually gets invoked via "make test". This makes the code entirely dead,
unnecessarily bloats the size of libssl and causes a decrease in our
testing code coverage value.

We remove the dead code.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25100)
 2024-08-07 19:48:26 +02:00
Tomas Mraz
e70e34d857 dh_kmgmt.c: Avoid expensive public key validation for known safe-prime groups 
The partial validation is fully sufficient to check the key validity.

Thanks to Szilárd Pfeiffer for reporting the issue.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25088)
 2024-08-07 19:47:00 +02:00
Tomas Mraz
7bcfb41489 ossl_print_attribute_value(): use a sequence value only if type is a sequence 
Move the switch to print a distinguished name inside the
switch by the printed attribute type, otherwise a malformed
attribute will cause a crash.

Updated the fuzz corpora with the testcase

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25087)
 2024-08-07 19:43:34 +02:00
Tomas Mraz
217e215e99 rsa_pss_compute_saltlen(): Avoid integer overflows and check MD and RSA sizes 
Fixes Coverity 1604651

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25085)
 2024-08-07 19:41:52 +02:00
Tomas Mraz
e3e15e77f1 do_print_ex(): Avoid possible integer overflow 
Fixes Coverity 1604657
Fixes openssl/project#780

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25084)
 2024-08-07 19:39:26 +02:00
Pauli
00f32b22b8 test: update SSL API test in light of PKCS#1 version 1.5 padding change under FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
d0575619ad test: update SSL old test in light of PKCS#1 version 1.5 padding change under FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
449bc104c8 sslapitest: add meaningful skip messages 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
29a0f0403f cms: fix tests in light of PKCS#1 version 1.5 padding check 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
47f8f0d6e5 fips: add PKCS#1 version 1.5 padding check option 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
e928684320 rsa: disallow PKCS#1 version 1.5 padding for encrpytion under FIPS. 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
2c73d92b20 fips: add option to disable PKCS#1 version 1.5 padding 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
61ac0ca154 param: add ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
18fd8f687f doc: document pkcs15-padding-disabled param for RSA 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
9bd5362a71 doc: fix typos 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
08bd84b2e4 doc: document the fipsintsall option to disallow PKCS#1 version 1.5 padding for key agreement & transport 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Pauli
dd43e8a9ec fipsinstall: add option to disable RSA PKCS#1 version 1.5 padding 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
 2024-08-07 19:35:51 +02:00
Matt Caswell
2ccd57b2c3 Add a test for a missing supported_versions extension in the HRR 
Confirm that we correctly fail if supported_versions is missing from an
HRR.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25068)
 2024-08-07 19:34:23 +02:00
Matt Caswell
293d0a0052 Check that a supported_versions extension is present in an HRR 
If an HRR is sent then it MUST contain supported_versions according to the
RFC. We were sanity checking any supported_versions extension that was sent
but failed to verify that it was actually present.

Fixes #25041

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25068)
 2024-08-07 19:34:23 +02:00
Leonie Theobald
cc37ef7d90 Add logging support for early data 
-trace option didn't cover early data message which resulted in
misleading logging.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25026)
 2024-08-07 19:32:17 +02:00
FdaSilvaYY
f21ededc3c ssl: factorize and improved hex conversion code 
Add inline qualifier to avoid exporting a function for one unique use

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)
 2024-08-07 19:25:10 +02:00
FdaSilvaYY
ca3c6f3829 crypto: factorize to hex chars conversion code. 
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)
 2024-08-07 19:25:10 +02:00
FdaSilvaYY
668fdb593a ssl: remove stdio.h and sprintf use from libssl. 
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)
 2024-08-07 19:25:10 +02:00
FdaSilvaYY
2432a9da03 apps: add missing entry to tls extension label list 
noticed by @sftcd

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)
 2024-08-07 19:25:10 +02:00