root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
38,166 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

38166 Commits

Author SHA1 Message Date
Pauli e676a87a27 asym cipher: make the pad type decoding more straightforward 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28242)
 2025-08-15 11:13:19 +10:00
Pauli 1aae0a4016 rsa sig: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli ecc3491d53 ecdsa sig: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli a9d7e696ec dsa sig: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli fc7a72db24 hmac drbg: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli 4e1eaa17c7 hash drbg: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli 226b5a5ea4 ctr drbg: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli 2f205fc496 crng test: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli b830ebaf62 test_rng: make indicator parameter conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli 40dd58e016 kmac: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli 60f8ff1511 hmac: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli 2d1280e5ee cmac: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:12 +10:00
Pauli 3473f699fd rsa kem: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:11 +10:00
Pauli b27f840351 ecx: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:11 +10:00
Pauli f9bf224ef9 ecdh: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:11 +10:00
Pauli d01910a4f9 dh: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:11 +10:00
Pauli b411ef0b53 rsa: make parameters conditional on FIPS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:11 +10:00
Pauli 2b7c555fec params: fix conditionals in param parser generation script 
These problems only occur in edge cases when using conditional parameters.
I.e. not a problem before now.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
 2025-08-15 11:03:11 +10:00
Jiasheng Jiang d6fcaa5658 test/ml_kem_internal_test.c: Add EVP_MD_free() in the error path to avoid memory leak 
Add EVP_MD_free() to free sha256 in the error path to avoid memory leak.

Fixes: d2136d9 ("Multi-variant ML-KEM")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27946)
 2025-08-15 11:01:51 +10:00
Neil Horman d2a71ed94e Add CRYPTO_FREE_REF to ossl_quic_free_token_store 
ossl_quic_free_token_store doesn't call CRYPTO_FREE_REF on the
hdl->reference object, which could lead to memory leaks on platforms
that don't support atomics (where the call to CRYPTO_NEW_REF allocates a
mutex as part of its function.  It wasn't caught before because all the
platforms we do ci on support threads.

Fixes #28241

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28247)
 2025-08-14 11:19:52 -04:00
Bernd Edlinger d582adc672 Add test coverage for PKCS7_TEXT mode 
This was inspired by the following commit
9882d389df ("crypto/pkcs7/pk7_smime.c: Add BIO_free() to avoid memory leak")
which discovered a bug in PKCS7_verify(..., PKCS7_TEXT).
While there is some test coverage for PKCS_verify by
./test/pkcs7_test.c, there is no test coverage whatsoever
of the PKCS7_TEXT flag for PKCS7_sign, PKCS7_encrypt and
PKCS7_decrypt.
So this adds some test coverage for those functions as well.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28223)
 2025-08-14 11:07:27 -04:00
Bernd Edlinger d6510d99ae DH private key size was one bit too large 
In the case when no q parameter was given,
the function generate_key in dh_key.c did create
one bit too much, so the priv_key value was exceeding
the DH group size q = (p-1)/2.
When the length is used in this case the limit is also
one bit too high, but for backward compatibility this
limit was left as is, instead we have to silently reduce
the value by one.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27870)
 2025-08-13 11:24:13 +02:00
Julian Zhu 80c664db43 RISC-V: Add MD5 assembly implementation with rv64gc and Zbb 
For the rv64gc assembly implementation, we can get about 20%-50% better performance than compiler-generated code (-O3).
For the Zbb assembly implementation, we can get about 10%-30% better performance than compiler-generated code (-O3 -march=rv64gc_zbb).

Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn>

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27990)
 2025-08-13 18:28:38 +10:00
Julian Zhu 5a68746099 RISC-V: Add Zbb orn and its pseudo instruction opcode to rv64gc in riscv.pm 
Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn>

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27990)
 2025-08-13 18:28:38 +10:00
Richard Levitte ba2c314a60 Correct the synthetisized OPENSSL_VERSION_NUMBER 
The last hex digit always became 0x0L, even of OPENSSL_VERSION_PRE_RELEASE
was the empty string.

Resolves: https://github.com/openssl/openssl/issues/28227

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28230)
 2025-08-13 06:05:18 +02:00
Dimitri John Ledkov 861eea4738 git: add x942kdf.c to gitignore 
It is now a generated file. See:
- https://github.com/openssl/openssl/pull/27923

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28231)
 2025-08-13 14:03:08 +10:00
Pauli f4de265c0f encode_key2ms: convert to use generated parameter parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:58 +10:00
Pauli 6696830609 encode_key2any: convert to use generated parameter parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:58 +10:00
Pauli 3b69c40a27 decode_spki2typespki: convert to use generated parameter parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:58 +10:00
Pauli f9a5796357 decode_pvk2key: convert to use generated parameter parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:58 +10:00
Pauli 70e33aef6e decode_pem2der: convert to use generated parameter parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:58 +10:00
Pauli 324fc17017 decode_epki2pki: convert to use generated parameter parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:58 +10:00
Pauli 360388e55d decode_der2key: convert to use generated parameter parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:58 +10:00
Pauli 33651beaf7 encode_decode: rename files for generated param parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)
 2025-08-13 12:10:24 +10:00
Pauli a14e2f417e rsa: update to use generated param decoders for signature operations 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
 2025-08-13 12:07:50 +10:00
Pauli 79197465e3 sm2: update to use generated param decoders for signature operations 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
 2025-08-13 12:07:50 +10:00
Pauli 74ccf8ce97 slh_dsa: update to use generated param decoders for signature operations 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
 2025-08-13 12:07:50 +10:00
Pauli 3c9ad1dba9 ecdsa: update to use generated param decoders for signature operations 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
 2025-08-13 12:07:50 +10:00
Pauli c1fd9a4f8b dsa: update to use generated param decoders for signature operations 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
 2025-08-13 12:07:43 +10:00
Pauli 2c214751fe signatures: rename files in anticipation of generated param decoding 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
 2025-08-13 12:07:43 +10:00
Pauli ea5c3c284e rsa kem: convert to using generated param decoders 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
 2025-08-13 12:06:00 +10:00
Pauli af841adf9f ml_kem kem: convert to using generated param decoders 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
 2025-08-13 12:06:00 +10:00
Pauli d6d2cc7509 ecx kem: convert to using generated param decoders 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
 2025-08-13 12:06:00 +10:00
Pauli c90eb15268 ec kem: convert to using generated param decoders 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
 2025-08-13 12:06:00 +10:00
Pauli 47a305bc78 kem: rename files for autogeneration of param parsing 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
 2025-08-13 12:06:00 +10:00
Pauli 213135a758 ecx: convert key exchange to using generated param decoder 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
 2025-08-13 12:04:52 +10:00
Pauli fcb7e772fb ecdh: convert key exchange to using generated param decoder 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
 2025-08-13 12:04:30 +10:00
Pauli fa4545f421 dh: convert key exchange to using generated param decoder 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
 2025-08-13 12:04:30 +10:00
Pauli 6928f97b7c exchange: rename files for generated param decoders 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
 2025-08-13 12:04:26 +10:00
Pauli 0247b0ada1 file_store_any: convert to using generated param decoder 
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
 2025-08-13 12:01:15 +10:00