| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an alternative to #20893
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
(cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CTRL translation is missing for SM2 key types.
Fixes #20899
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20900)
(cherry picked from commit 43d5dac9d00ac486823d949f85ee3ad650b62af8)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
(cherry picked from commit e0f1ec3b2ec1b137695abc3199a62def5965351f)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
(cherry picked from commit 2d6585986f3b754750b25e7a296a08e7129a5320)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
(cherry picked from commit 14ca1b6f4694ad27b1163bcafda1683f4dd05a30)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #20889
There was an incorrect value passed to EC_POINT_point2oct() for the
buffer size of the param passed-in.
Added testcases.
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20890)
(cherry picked from commit 91070877adb905f51eb4b19b730d42fc257bae13)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix only typos in doc/man* for inclusion in 3.* branches.
Other typos have been fixed in a different commit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20924)
(cherry picked from commit 9a271795f84eb5402ce1ecfbcfd21392ad1560d0)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20848)
(cherry picked from commit 25bab273ccc9b517cc4c1783950e3f95421cb570)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20848)
(cherry picked from commit 9fdf9a44bbe3827fe653165a07281ccae8ab0947)
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20922)
(cherry picked from commit be6497aa208948c960a28363bac98a429677bd9d)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
(cherry picked from commit 20d4dc8898edc12806ead2100ac09b907662aff6)
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #20031
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
(cherry picked from commit 30b9a6ec89d97152b5a564b3acf3a94ee57185a7)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have no experience with building on Windows, so I don't know the
effect of fixing this typo. I guess that this will fix a bug at worst.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20911)
(cherry picked from commit e5a054b7fcafc98a1dbf4358da390dc6e7759de5)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a typo that is confusing for newcomers.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20909)
(cherry picked from commit 2913b5c09fcc4e5d493589ded2c22a3116127ed0)
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #20870
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20880)
(cherry picked from commit 8c63b14296f117b07781509ced529a8955d78fb9)
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20489)
(cherry picked from commit 32344a74b7ee2693a5bfda361c40ec60ab5be624)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fuzzer was creating a config file with large numbers of includes
which are expensive to process. However this should not cause a security
issue, and should never happen in normal operation so we can ignore it.
Fixes ossfuzz issue 57718.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20839)
(cherry picked from commit 5f3adf396b06ee3b81938468995e69cff4ca64d1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... after it was broken for almost 5 years,
since the first 1.1.1 release.
Note: The last working version was 1.1.0l release.
Fixes #20073
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20146)
(cherry picked from commit 849ed515c7838943eab42de5c29d6a1f91079a11)
|
|
|
|
|
|
|
|
|
|
|
| |
Links were missing starting tags
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20729)
(cherry picked from commit 010333be5362a07508888124c83efac35b28760f)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The negative integer check is done to prevent potential overflow.
Fixes #20719.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20862)
(cherry picked from commit 1258a8e4361320cd3cfaf9ede692492ce01034c8)
|
|
|
|
|
|
|
|
|
|
| |
Fixes #20841
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20843)
(cherry picked from commit 56547da9d3fa24f54b439497d322b12beb004c80)
|
|
|
|
|
|
|
|
|
|
| |
Ensure that ctx.ctrl_cmd defaults to translation->cmd_num
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)
(cherry picked from commit 1009940c14716ac03d5f161bdb4ae626ec6fe729)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function didn't prepare space to get the param string, which causes
the default_fixup_args() call to fail.
Fixes #20161
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)
(cherry picked from commit ac52fe5f5ae7a1d062f09adab7744e3a3b2ddbcf)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We swap p and q in that case except when ACVP tests are being run.
Fixes #20823
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20833)
(cherry picked from commit dc231eb598460aec239c7f597f560bca47d9f72a)
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20829)
(cherry picked from commit 004bd8f97d11bb7ac5f2de89f7060e03222b60fe)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-no_tls1_3 options
Fixes #19014
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20834)
(cherry picked from commit 06565f36e78e6155834875ad544bb48838a812e4)
|
|
|
|
|
|
|
|
|
|
| |
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20810)
(cherry picked from commit e7cbb09fdf8d835bd0d88b4b288edfd525be569c)
|
|
|
|
|
|
|
|
| |
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20838)
(cherry picked from commit 26f0150fce64dd878b77eddc4504fd441cbdef87)
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20797)
(cherry picked from commit 4df13d1054e143f1cbf13fa347491807289f87b7)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic for handling inconsistent use of -rspin etc., -port, -server,
and -use_mock_srv options proved faulty. This is fixed here, updating and
correcting also the documentation and diagnostics of the involved options.
In particular, the case that -rspin (or -rspout. reqin, -reqout) does not
provide enough message file names was not properly described and handled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20295)
(cherry picked from commit 1f757df1f3de0c18cc22a4992d66e9a7b113f61d)
|
|
|
|
|
|
|
|
| |
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20798)
(cherry picked from commit e6990079c2413625d2039ebed49ea17a5b8cf935)
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using stat() to check if a file is a directory
we just skip . and .. as a workaround.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20786)
(cherry picked from commit 3155b5a90e6ad9c7369d09e70e81686f4b321a73)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
default_context_do_init may be never called and CRYPTO_THREAD_init_local
inside it may be never called too. But corresponding
CRYPTO_THREAD_cleanup_local is always called at cleanup stage. This lead
to undefined behavior.
So, add flag to check that default_context_do_init will be called
successfully or not.
Fix: #20697
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20801)
(cherry picked from commit 31295ca02c0a2d7209a33047c7f6dd1dabc12c93)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
(cherry picked from commit c04e78f0c69201226430fed14c291c281da47f2d)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new option to the `test' section of SSL test data structure.
This contains a space separated list of version checks, all of which must
pass.
Note that the version checks are as they as because:
- 3.1.0 doesn't have mandatory EMS support, so it can run the old tests.
- 3.1.1 (& later) will have mandatory EMS support, so they can't run them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
(cherry picked from commit 4454c20f026bb47f158ea05c207f143c81d674d8)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
(cherry picked from commit e07999369a13a29243f34cbd5d24281783984299)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
(cherry picked from commit cf3d5c2fbaf734731b1ccbd3a84e21eeb6d0f30d)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SSL API tests copies fipsmodule.cnf and modifies it. Unfortunately, it
grabbed the wrong instance of this file.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
(cherry picked from commit bc5d9502c5f3c726e42ef72263a4076fd48300d6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.5.0...v4.6.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20792)
(cherry picked from commit 3ac96c8f715672ff77025d48b5773f5de4f84215)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to docs, EVP_PKEY_get_int_param should return 1 on Success, and
0 on Failure. So, fix checking of this return value at check_curve
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20770)
(cherry picked from commit 4e5f3d691343a691ddae739c51f7ae71e9893c98)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Original author: Nevine Ebeid (Amazon)
Fixes: CVE-2023-1255
The buffer overread happens on decrypts of 4 mod 5 sizes.
Unless the memory just after the buffer is unmapped this is harmless.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20759)
(cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)
|
|
|
|
|
|
|
|
| |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
(cherry picked from commit c8093347f736c7991350d26048b680d0e64974a0)
|
|
|
|
|
|
|
|
| |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
(cherry picked from commit d30fec6ff438f73f4e255b0b9c6af3ea57ec122a)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a -pedantic option to fipsinstall that adjusts the various
settings to ensure strict FIPS compliance rather than backwards
compatibility.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
(cherry picked from commit bc2a4225a4a03f70bb0154a72c2889aa80c1b0f6)
|
|
|
|
|
|
|
|
|
|
|
| |
These typos caused failed propagation of the 'cflags' attribute from
Configurations/10-main.conf.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20737)
(cherry picked from commit 04e0abc8bb1c24534d16cc930b611ac1d03bc9bf)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20741)
(cherry picked from commit d79b6104ae947b8749623d3152c309f398387a54)
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20257)
(cherry picked from commit 44e816bd540c8687c1b4995febbde2626a655338)
|
|
|
|
|
|
|
|
|
|
|
| |
requests in a transaction
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20257)
(cherry picked from commit 154625e1090b18c8c306a6b7a6970dbab185c49d)
|
|
|
|
|
|
|
|
|
|
|
| |
functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20257)
(cherry picked from commit 7439661627b8009f69b13c57b7372286e85a2805)
|
|
|
|
|
|
|
|
|
|
|
| |
request of a transaction
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20257)
(cherry picked from commit 7cd91d221f630f18eb2cc5c01c4204e31c0a15aa)
|