| openssl: add loongarch64 support Signed-off-by: Wu Xiaotian <wuxiaotian@loongson.cn> | 1 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| Ensure ASN1 types are checked before use. Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8 this fix includes the other fixes in that commit, as well as fixes for others found by a scan for a similar unvalidated access paradigm in the tree. Fixes CVE-2026-22795, CVE-2026-22796 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/29582) Signed-off-by: jing-wang177 <wangjing561@huawei.com> | 5 个月前 |
| cms: kek_unwrap_key: Fix out-of-bounds read in check-byte validation the check-byte test in kek_unwrap_key() reads tmp[1] through tmp[6] unconditionally, so the decrypted buffer must hold at least seven octets. The pre-decryption size check enforces inlen >= 2 * blocklen, which yields the required seven octets only when blocklen >= 4. For a KEK cipher with a smaller block size, inlen can be as small as 2 * blocklen and the check-byte read overruns the inlen-sized tmp allocation. Reject blocklen < 4 in the early sanity check. All block ciphers appropriate for CMS PasswordRecipientInfo key wrapping have a block size of at least 8 octets (DES/3DES = 8, AES = 16), so this only forbids ciphers that would not be valid KEK choices anyway, and the existing inlen >= 2 * blocklen check then guarantees the seven-octet lower bound the check-byte test relies on. Fixes CVE-2026-9076 Reviewed-by: Daniel Kubec <kubec@openssl.foundation> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> MergeDate: Mon Jun 8 14:11:44 2026 Signed-off-by: jing-wang177 <wangjing561@huawei.com> | 3 天前 |
| demos/bio/sconnect.c: Free ssl_bio on error to avoid memory leak Call BIO_free() to release ssl_bio if an error occurs before BIO_push(), preventing a memory leak. Fixes: 396e720965 ("Fix certificate validation for IPv6 literals in sconnect demo") Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27639) (cherry picked from commit 55d8d859797e8229bc499bbc7c3c76821b654682) Signed-off-by: zzh593245631 <zhangzhaohua2@huawei.com> | 1 年前 |
| apps/enc.c: avoid signed integer overflow on bufsize assignment The calculated option value, while being long-typed, is not checked for fitting into int-sized bufsize. Avoid overflow by throwing error if it is bigger than INT_MAX and document that behaviour. Fixes: 7e1b7485706c "Big apps cleanup (option-parsing, etc)" Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665149 References: https://github.com/openssl/project/issues/1362 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28408) (cherry picked from commit 98cb959999e4db9be524a972dccaf6b0c8167431) Signed-off-by: jing-wang177 <wangjing561@huawei.com> | 9 个月前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| [Backport] obj: Add SM4 GCM/CCM OID Reference: https://github.com/openssl/openssl/commit/a596d38a8cddca4af3416b2664e120028d96e6a9 Add the following OID: SM4-GCM: 1.2.156.10197.1.104.8 SM4-CCM: 1.2.156.10197.1.104.9 Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16731) Signed-off-by: lanming <lanming@huawei.com> | 2 年前 |
| Disable ML-KEM and ML-DSA by default with positive opt-in macros Change ML-KEM and ML-DSA from enabled-by-default to disabled-by-default. Replace negative guards (OPENSSL_NO_ML_KEM/ML_DSA) with positive opt-in guards (OPENSSL_ML_KEM/ML_DSA) across all provider and encoder/decoder code. Users must explicitly enable via Configure options: ./Configure ... enable-ml-kem enable-ml-dsa Configure changes: - Add ml-kem/ml-dsa to %disabled hash with 'default' reason - Skip OPENSSL_NO_ macro generation for these features - Define OPENSSL_ML_KEM/ML_DSA when user enables them Signed-off-by: kang1024 <yangjiankang3@huawei.com> | 2 个月前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| solve 'legacy sigalg disallowed or unsupported' problem Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| Fix handling of empty-ciphertext messages in AES-SIV AES-SIV: EVP_DecryptUpdate_ex Accepts All-Zero Tag for Empty-Ciphertext Messages on context reuse. Fixes CVE-2026-45446 Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> MergeDate: Mon Jun 8 20:19:02 2026 Signed-off-by: jing-wang177 <wangjing561@huawei.com> | 3 天前 |
| Fix memory leak in tls_parse_ctos_psk() sess is not NULL at this point, and is freed on the success path, but not on the error path. Fix this by going to the err label such that SSL_SESSION_free(sess) is called. CLA: trivial Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25643) Signed-off-by: lanming <lanming@huawei.com> | 1 年前 |
| Add ML-KEM and ML-DSA support from OpenSSL 3.5.6 Port ML-KEM (FIPS 203) and ML-DSA (FIPS 204) post-quantum cryptography from OpenSSL 3.5.6 to OpenSSL 3.0.9 with API compatibility adaptations. Key compatibility shims: - Add include/openssl/byteorder.h (OPENSSL_load/store_u{16,32,64}_le) - Add include/internal/fips.h (ossl_fips_self_testing() inline stub) - Map EVP_DigestSqueeze() to EVP_DigestFinalXOF() + large buffer - Map EVP_MD_xof() to EVP_MD flags check - Map OSSL_FUNC_SIGNATURE_SIGN/VERIFY_MESSAGE_INIT dispatch IDs to existing SIGN_INIT/VERIFY_INIT (2/4) - Map EVP_PKEY_sign/verify_message_init() to sign/verify_init_ex() - Add OSSL_SIGNATURE_PARAM_MU constant - Add OSSL_FUNC typedef + OSSL_DISPATCH_END macro - Use correct NID names (NID_id_alg_ml_dsa_44 vs NID_ML_DSA_44) Provider registrations: - ML-KEM KEM, ML-KEM/ML-DSA keymgmt, ML-DSA signature providers - ML-KEM/ML-DSA encoders/decoders (der/pem/text for pub/priv/pkcs8) - ML-KEM TLS group capabilities Build system fixes: - Add providers/common/provider_ctx.c with get_param/bool_param stubs - Fix DER build.info $COMMON variable override order - Fix decode_der2key.c PROV_CTX vs OSSL_LIB_CTX type mismatch (6 calls) - Link ML tests against libcrypto.a (not .so) for internal symbols - Remove references to missing der_ml_kem_{gen,key}.c Adapt BUILD.gn for OpenHarmony: - Add 18 new source files across three build sections (libcommon, libdefault, crypto_source) to support ML-KEM/ML-DSA in the OpenHarmony/OHOS build system. Test infrastructure: - Add 3 test recipes (evp_extra_ml_kem, internal_ml_kem, ml_dsa) - Add #include "internal/nelem.h" for OSSL_NELEM in test files - Add LABELED_BUF_PRINT_WIDTH definition for codec text output All 253 tests pass (3374 test cases), 0 compilation warnings. Signed-off-by: kang1024 <yangjiankang3@huawei.com> | 2 个月前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl: add loongarch64 support Signed-off-by: Wu Xiaotian <wuxiaotian@loongson.cn> | 1 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| Add -Os optimization to openssl binary and libapps via openssl_app_config Co-Authored-By: Agent Signed-off-by: kang1024 <yangjiankang3@huawei.com> | 14 天前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| 版本1.1.1k升级到1.1.ln并兼容MUSL Signed-off-by: zhao_zhen_zhou <zhaozhenzhou@huawei.com> | 3 年前 |
| Disable ML-KEM and ML-DSA by default with positive opt-in macros Change ML-KEM and ML-DSA from enabled-by-default to disabled-by-default. Replace negative guards (OPENSSL_NO_ML_KEM/ML_DSA) with positive opt-in guards (OPENSSL_ML_KEM/ML_DSA) across all provider and encoder/decoder code. Users must explicitly enable via Configure options: ./Configure ... enable-ml-kem enable-ml-dsa Configure changes: - Add ml-kem/ml-dsa to %disabled hash with 'default' reason - Skip OPENSSL_NO_ macro generation for these features - Define OPENSSL_ML_KEM/ML_DSA when user enables them Signed-off-by: kang1024 <yangjiankang3@huawei.com> | 2 个月前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| compatible_with_legacy_build_system, copy LICENSE.txt NOTICE Signed-off-by: code4lala <fengziteng2@huawei.com> Change-Id: Ia28f5004d76a906d5e63057158511775f365c93f | 2 年前 |
| 升级步骤 Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| 升级步骤 Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| usr目录下增加软连接 Signed-off-by: lyn1121 <335661597@qq.com> | 5 个月前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| openssl-3.0.9.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 2 年前 |
| tar -xf openssl-openssl-3.0.7.tar.gz Signed-off-by: code4lala <fengziteng2@huawei.com> | 3 年前 |
| make build_all_generated before compilation Signed-off-by: code4lala <fengziteng2@huawei.com> Change-Id: If0feac1105ed773eb9c56463c4a4281a3437040e | 3 年前 |
| Disable ML-KEM and ML-DSA by default with positive opt-in macros Change ML-KEM and ML-DSA from enabled-by-default to disabled-by-default. Replace negative guards (OPENSSL_NO_ML_KEM/ML_DSA) with positive opt-in guards (OPENSSL_ML_KEM/ML_DSA) across all provider and encoder/decoder code. Users must explicitly enable via Configure options: ./Configure ... enable-ml-kem enable-ml-dsa Configure changes: - Add ml-kem/ml-dsa to %disabled hash with 'default' reason - Skip OPENSSL_NO_ macro generation for these features - Define OPENSSL_ML_KEM/ML_DSA when user enables them Signed-off-by: kang1024 <yangjiankang3@huawei.com> | 2 个月前 |
| make build_all_generated before compilation Signed-off-by: code4lala <fengziteng2@huawei.com> Change-Id: If0feac1105ed773eb9c56463c4a4281a3437040e | 3 年前 |