summaryrefslogtreecommitdiffstats
path: root/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* feat: support the aAissuingDistributionPoint X.509v3 extensionJonathan M. Wilbur15 hours3-0/+172
| | | | | | Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26174)
* Support CLI and API setting of provider configuration parametersViktor Dukhovni15 hours2-14/+22
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26427)
* Work around to get llvm-mingw working on aarch64Alexandr Nedvedicky15 hours1-0/+9
| | | | | | | | | | | | | | | | | It looks like llvm-mingw tool chain does not understand `.previous` asm directive (see https://sourceware.org/binutils/docs/as/Previous.html). As a workaround for win64 flavor (llvm-mingw toolchain) we let xlate to emit .text instead of emitting .previous. We also need to revisit usage of win64 flavor here in aarch64. We should perhaps introduce a mingw flavour on aarch64 as well. win assembly flavour should be used for microsoft assembler. Fixes #26415 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26428)
* Move rodata to .rodata section for armv8Alexey Moksyakov16 hours3-22/+46
| | | | | | | | | | | | | | | | Adds missing files where asm code is generated by perl scripts and read only constant is used PR #24137 closes #23312 Signed-off-by: Alexey Moksyakov <yavtuk@yandex.ru> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26440)
* provider_deactivate(): Check return value of CRYPTO_atomic_add()onexyoung22 hours1-1/+8
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26249)
* Workaround for RSA on AArch64 Big EndianNikolay Nikolaev3 days1-0/+2
| | | | | | | | | | | | | | | | | | | 10646160125 introduced and optimized RSA NEON implementation for AArch64 architecture, namely Cortex-A72 and Neoverse N1. This implementation is broken in Big Endian mode, which is not widely used, therefore not properly verified. Here we disable this optimized implementation when Big Endian platform is used. Fixes: #22687 CLA: trivial Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26257)
* Remove non-existing error code.Peter Bierma3 days1-1/+0
| | | | | | | | | CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26389)
* Synchronize openssl.txt with comperr.hPeter Bierma3 days1-5/+5
| | | | | | | | | CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26389)
* Finishing touch to perlasm update to make it work on OpenBSDsashan4 days2-6/+42
| | | | | | | | | | | | | This changeset brings a finishing touch to stuff we got from botovoq@ Changes to `crypto/perlasm/arm-xlate.pl` deal with verious assembler flavours to keep various assembler compilers happy. We also need to keep original code for 32-bit flavour in `crypto/aes/asm/aesv8-armx.pl`. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24137)
* Make it able to run asm code on OpenBSD (arm64)Theo Buehler4 days12-73/+164
| | | | | | | | | | | | | | | In order to get asm code running on OpenBSD we must place all constants into .rodata sections. The change to crypto/perlasm/arm-xlate.pl adjusts changes from Theo for additional assembler variants/flavours we use for building OpenSSL. Fixes #23312 Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24137)
* LoongArch: we should access global symbol by la.global instead ofWang Xin4 days1-1/+1
| | | | | | | | | | | | | | la.pcrel openssl will not be built successfully with binutils-2.43.50.20241230 which checks if global symbols are accessed by PC-relative in shared library. CLA: trivial Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26336)
* Fix premature reuse of qp's in rcu locksNeil Horman4 days2-6/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An intermittent failure was noted on our new ppc64le CI runner, in which what appeared to be a corrupted or invalid value getting returned from a shared pointer under rcu protection Investigation showed that the problem was with our small number of qp's in a lock, and slightly incorrect accounting of the number of qp's available we were prematurely recycling qp's, which led in turn to premature completion of synchronization states, resulting in readers reading memory that may have already been freed. Fix it by: a) Ensuring that we account for the fact that the first qp in an rcu lock is allocated at the time the lock is created and b) Ensuring that we have a minimum number of 3 qp's: 1 that is free for write side allocation 1 that is in use by the write side currently 1 "next" qp that the read side can update while the prior qp is being retired With this change, the rcu threadstest runs indefinately in my testing Fixes #26356 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26384)
* Tweak case of [fs] variant letter in SLH-DSA algorithmsViktor Dukhovni7 days3-144/+144
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26359)
* Update error codes in "crypto/err/openssl.txt"Michael Baentsch9 days1-2/+1
| | | | | | | | Fixes #26316 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26330)
* Fix the use of OPENSSL_HTTP_PROXY / OPENSSL_HTTPS_PROXYRichard Levitte9 days1-1/+1
| | | | | | | | Fixes #26337 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26340)
* Free data if sk_OPENSSL_STRING_push fails.Frederik Wedel-Heinen10 days1-1/+5
| | | | | | | | | Fixes #26203 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26227)
* Return NULL from ossl_lib_ctx_get_concrete() when it is uninitializedFrederik Wedel-Heinen10 days2-4/+16
| | | | | | | | | | | When default_context_inited is set to false we return NULL instead of the global default context. Fixes #25442 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26319)
* Check returns of various sk_*_push functionsFrederik Wedel-Heinen10 days2-2/+4
| | | | | | | | | | | | Check returns of sk_POLICY_MAPPING_push, sk_GENERAL_NAME_push, sk_ACCESS_DESCRIPTION_push, sk_X509_push, sk_X509_NAME_push, sk_OPENSSL_CSTRING_push, sk_SCT_push, sk_DIST_POINT_push, sk_OSSL_CMP_CRLSTATUS_push, sk_ASN1_UTF8STRING_push and sk_ASN1_OBJECT_push and handle appropriately. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26240)
* Pass functions with correct signatures to the evp_generic_fetch_xxx methodsFrederik Wedel-Heinen10 days7-34/+104
| | | | | | | | | UBSan complains about functions being called with incorrect signatures. Relates to #22896 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26318)
* Some PQ-related CSOR OIDsViktor Dukhovni11 days4-9/+242
| | | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26321)
* Fix potential memory leak in PKCS12_add_key_ex()Niels Dossche11 days1-1/+3
| | | | | | | | | | | p8 is allocated using EVP_PKEY2PKCS8(), but when PKCS8_add_keyusage() fails this memory is not freed. Fix this by adding a call to PKCS8_PRIV_KEY_INFO_free(). Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25818)
* Clean up ASN1_STRING comment and improve example in docsJob Snijders12 days1-4/+4
| | | | | | Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26195)
* Fix CMS encryption with key agreement when originator setJakub Zelenka12 days3-51/+62
| | | | | | | | | | OpenSSL currently does not support encryption with originator flag so it should fail nicely instead of segfaulting. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26014)
* Optimize x86/aarch64 MD5 implementationJonathan Swinney12 days2-67/+66
| | | | | | | | | | | | | | As suggested in https://github.com/animetosho/md5-optimisation?tab=readme-ov-file#dependency-shortcut-in-g-function, we can delay the dependency on 'x' by recognizing that ((x & z) | (y & ~z)) is equivalent to ((x & z) + (y + ~z)) in this scenario, and we can perform those additions independently, leaving our dependency on x to the final addition. This speeds it up around 5% on both platforms. Signed-off-by: Oli Gillespie <ogillesp@amazon.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25737)
* Avoid leaking memory when realloc failsFrederik Wedel-Heinen2025-01-031-2/+1
| | | | | | | | | | | In ossl_property_merge() we can drop the realloc because it just makes the allocation smaller. In quic-hq-interop.c we check the realloc result. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26244)
* feat: support the allowedAttributeAssignments X.509v3 extensionJonathan M. Wilbur2025-01-024-1/+132
| | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26163)
* Fix potential memory leak in BIO_get_accept_socket()Niels Dossche2025-01-022-2/+7
| | | | | | | | | | When BIO_parse_hostserv() fails it may still have allocated memory, yet this memory is not freed. Fix it by jumping to the err label. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25817)
* core_namemap.c: Use OPENSSL_STRING instead of defining STRING typeTomas Mraz2024-12-311-12/+11
| | | | | | | | Also avoid leak if stack push fails. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26230)
* X509_ACERT_sign_ctx(): Remove superfluous referenceryuishii2024-12-261-1/+1
| | | | | | | | | | CLA: trivial Fixes #26107 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26120)
* Add CMS_NO_SIGNING_TIME flag to CMS_sign(), CMS_add1_signer()Peter Juhasz2024-12-262-1/+13
| | | | | | | | | | | | | | | | Previously there was no way to create a CMS SignedData signature without a signing time attribute, because CMS_SignerInfo_sign added it unconditionally. However, there is a use case (PAdES signatures) where this attribute is not allowed, so this commit introduces a new flag to the CMS API that causes this attribute to be omitted at signing time. Also add -no_signing_time option to cms command. Fixes #15777 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15783)
* feat: support the attributeMappings X.509v3 extensionJonathan M. Wilbur2024-12-234-1/+120
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26157)
* Take into account no_store when pushing algorithmDmitry Belyavskiy2024-12-201-1/+1
| | | | | | | | | When we put algorithm to the store, we have a fallback to the OSSL_LIB_CTX level store when store is NULL. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26197)
* ossl_i2c_ASN1_BIT_STRING(): Fix a possible heap buffer overflowAndrey Tsygunka2024-12-201-18/+23
| | | | | | | | | | | | When data contains only zero values a buffer overflow happens. CLA: trivial Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26190)
* Check whether ctx->pctx != NULLotherddn19782024-12-171-4/+8
| | | | | | | | | | If it is NULL, ctx->pctx->pmeth dereference will cause a crash. Found by Linux Verification Center (linuxtesting.org) with SVACE. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26176)
* feat: add EVP APIs for cipher pipeliningRamkumar2024-12-174-7/+188
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24636)
* Fix breakage on arm64_32 platformsTomas Mraz2024-12-131-2/+3
| | | | | | | | | | | We just avoid the special handling needed for Apple M1. Fixes #26135 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/26145)
* Extension of OPENSSL_ia32cap to accommodate additional CPUID bitsElizarova, Alina2024-12-137-32/+107
| | | | | | | | | | bits 128 - 191 CPUID.(EAX=07H,ECX=0H).EDX and CPUID.(EAX=07H,ECX=1H).EAX bits 192 - 255 CPUID.(EAX=07H,ECX=1H).EDX and CPUID.(EAX=07H,ECX=1H).EBX bits 256 - 319 CPUID.(EAX=07H,ECX=1H).ECX and CPUID.(EAX=24H,ECX=0H).EBX Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25709)
* feat: support the timeSpecification X.509v3 extensionJonathan M. Wilbur2024-12-114-1/+601
| | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25476)
* dh_cms_set_peerkey(): Fix the incorrect conditionShakti Shah2024-12-111-1/+1
| | | | | | | | | | Only absent parameters allowed in RFC 3370. Fixes #25824 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26058)
* Add function to mix in an additional input into a RAND_POOLTomas Mraz2024-12-103-36/+78
| | | | | | | | | It will be just xor-ed over the existing entropy in the pool. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26128)
* Fix potential use-after-free in REF_PRINT_COUNTNeil Horman2024-12-1017-26/+26
| | | | | | | | | | | | | | | | | | | | | We use REF_PRINT_COUNT to dump out the value of various reference counters in our code However, we commonly use this macro after an increment or decrement. On increment its fine, but on decrement its not, because the macro dereferences the object holding the counter value, which may be freed by another thread, as we've given up our ref count to it prior to using the macro. The rule is that we can't reference memory for an object once we've released our reference, so lets fix this by altering REF_PRINT_COUNT to accept the value returned by CRYPTO_[UP|DOWN]_REF instead. The eliminates the need to dereference the memory the object points to an allows us to use the call after we release our reference count Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25664)
* ossl_cms_get1_crls_ex(): Avoid doublefree if CRL up ref failsTomas Mraz2024-12-101-2/+4
| | | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/26100) (cherry picked from commit ef0be53f90045d0a9f0d085a7a4289335f49ee41)
* Revert the behavior change of CMS_get1_certs() and CMS_get1_crls()Tomas Mraz2024-12-103-19/+54
| | | | | | | | | | Fixes #26079 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/26100) (cherry picked from commit afd36cbef8b3b7b00bd4bcdc33802d4cb39fdffa)
* Code & comments changes to make them in consistentwillmafh2024-12-063-9/+16
| | | | | | | | CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26095)
* one more empty line for code style consistencywillmafh2024-12-061-0/+1
| | | | | | | | CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26095)
* Change all one's complement to ones' complement for consistencywillmafh2024-12-062-4/+4
| | | | | | | | CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26095)
* BN_secure_new function indentation correctionwillmafh2024-12-061-7/+7
| | | | | | | | CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26095)
* Delete redundant parentheses for code consistencywillmafh2024-12-061-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26095)
* fips: zeroization of ECX public keysJoachim Vandersmissen2024-12-031-0/+3
| | | | | | | | | | Commit fa338aa7cd added zeroization of public security parameters as required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit overlooked ECX keys, which are used for EdDSA and X25519/X448. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25807)
* Avoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURETomas Mraz2024-12-021-0/+5
| | | | | | | | | | We would dereference p7->d.sign pointer which can be NULL. Reported by Han Zheng. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26078)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 09:09:45 +0100