public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Dimitri John Ledkov aa5f1b4cf5 fips-jitter: Force use jitter entropy in the FIPS 3.0.9 provider callback 
FIPS 3.0.9 provider does not honor runtime seed configuration, thus if
one desires to use JITTER entropy source with FIPS 3.0.9 provider
something like this needs to be applied to the core (libcrypto) build.

Not sure if this is at all suitable for upstream.

With fips-jitter (3.5+) config, also ensure that core<->provider
callback for entropy uses jitter entropy source, rather than os seed
(getrandom syscall).

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25930)
2025-02-25 14:45:57 -05:00
..
aes LoongArch: Fix output file name detection for Perl scripts 2025-02-14 11:35:23 +01:00
aria
asn1 SLH-DSA: Remove legacy ASN1 method tables for SLH-DSA. Update to use 2025-02-18 10:17:29 +01:00
async one more empty line for code style consistency 2024-12-06 15:27:51 +01:00
bf Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
bio Fix read out of buffer bounds when dealing with BIO_ADDR 2025-02-25 15:55:46 +01:00
bn Fix the checks of factor_size/modulus_bitsize 2025-02-10 15:14:33 +08:00
buffer Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
camellia Copyright year updates 2024-09-05 09:35:49 +02:00
cast Copyright year updates 2023-09-07 09:59:15 +01:00
chacha LoongArch: Fix output file name detection for Perl scripts 2025-02-14 11:35:23 +01:00
cmac Add FIPS indicator to CMAC. 2024-07-31 09:04:17 +10:00
cmp Fix potential leak in error path in cert_response() 2025-02-25 15:48:50 +01:00
cms Adds missing checks of return from XXX_up_ref(). 2025-02-18 16:32:59 +01:00
comp Copyright year updates 2023-09-07 09:59:15 +01:00
conf Check returns of various sk_*_push functions 2025-01-08 11:11:00 +01:00
crmf CMP: add support for central key generation 2025-01-27 08:56:46 +01:00
ct Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
des Copyright year updates 2024-09-05 09:35:49 +02:00
dh Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
dsa Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
dso Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
ec Fix memory leak in ecdsa_keygen_knownanswer_test 2025-02-19 09:30:25 -05:00
encode_decode More consistent ML-KEM key checks 2025-02-20 09:59:22 +11:00
engine Open pem files in binary mode 2025-01-28 20:57:14 +01:00
err Fixup error ennumeration 2025-02-17 11:27:34 -05:00
ess Copyright year updates 2024-09-05 09:35:49 +02:00
evp EVP_PKEY_derive_set_peer_ex(): Don't free peer on error 2025-02-25 15:47:08 +01:00
ffc ffc: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define 2024-11-28 15:13:35 +01:00
hashtable Rename fnv1a_hash() to ossl_fnv1a_hash() 2025-02-25 15:45:42 +01:00
hmac s390x: Disable HMAC hardware acceleration when an engine is used for the digest 2024-09-03 21:15:00 +02:00
hpke Fix potential memory leak in OSSL_HPKE_CTX_new() 2024-10-30 11:58:16 +00:00
http http_client.c: fix error and default case handling in OSSL_HTTP_REQ_CTX_nbio() state machine 2025-02-11 22:11:03 +01:00
idea Copyright year updates 2024-09-05 09:35:49 +02:00
kdf
lhash Copyright year updates 2024-04-09 13:43:26 +02:00
md2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md5 LoongArch: Fix output file name detection for Perl scripts 2025-02-14 11:35:23 +01:00
mdc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
ml_dsa More seed and private key checks for ML-DSA 2025-02-25 12:49:49 +11:00
ml_kem Configurable import-time PCT for ML-KEM 2025-02-20 18:21:40 +11:00
modes Make it able to run asm code on OpenBSD (arm64) 2025-01-14 12:14:27 +01:00
objects SLH_DSA: Make apps.c do_X509_REQ_verify() call work correctly. 2025-02-18 10:17:29 +01:00
ocsp Check returns of various sk_*_push functions 2025-01-08 11:11:00 +01:00
pem Fix magic + 20 in PEM_ASN1_write_bio 2025-01-24 17:14:39 +01:00
perlasm SPARC assembly: Don't file aes-cbc on T4 with small sizes. 2025-02-14 11:42:35 +01:00
pkcs7 Adds missing checks of return from XXX_up_ref(). 2025-02-18 16:32:59 +01:00
pkcs12 Fix potential memory leak in PKCS12_add_key_ex() 2025-01-06 21:32:50 +01:00
poly1305 [poly1305][aarch64] Extend address range by adrp + add 2025-02-13 09:51:37 +01:00
property Do not call BIO_printf() from FIPS_MODULE 2025-02-18 16:31:45 +01:00
rand rand: avoid property query manipulations 2025-02-14 17:08:42 +01:00
rc2 Copyright year updates 2023-09-07 09:59:15 +01:00
rc4 Copyright year updates 2023-09-07 09:59:15 +01:00
rc5 Copyright year updates 2023-09-07 09:59:15 +01:00
ripemd Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rsa Fix potential memory leaks in error paths in ossl_rsa_multiprime_derive() 2025-02-25 15:36:43 +01:00
seed Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
sha Make it able to run asm code on OpenBSD (arm64) 2025-01-14 12:14:27 +01:00
siphash crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
slh_dsa SLH-DSA - restrict keygen seed length to exact value of 3*n 2025-02-22 22:46:44 +11:00
sm2 sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start() 2024-11-21 11:13:56 +01:00
sm3 [sm3][aarch64] Move constant to .rodata section 2025-02-13 09:51:37 +01:00
sm4 [vpsm4_ex][aarch64] Move constant to .rodata section 2025-02-13 09:51:37 +01:00
srp Fix potential double free through SRP_user_pwd_set1_ids() 2024-10-11 14:22:36 +02:00
stack Copyright year updates 2024-04-09 13:43:26 +02:00
store Adds missing checks of return from XXX_up_ref(). 2025-02-18 16:32:59 +01:00
thread Fix no-thread-pool build on Windows 2024-09-10 16:36:39 +02:00
ts Adds missing checks of return from XXX_up_ref(). 2025-02-18 16:32:59 +01:00
txt_db Copyright year updates 2023-09-07 09:59:15 +01:00
ui Fix Edge Cases in Password Callback Handling 2024-09-09 08:58:03 +02:00
whrlpool Copyright year updates 2024-09-05 09:35:49 +02:00
x509 Fix potential memory leak in policy_section() 2025-02-25 15:52:13 +01:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h Copyright year updates 2024-04-09 13:43:26 +02:00
armcap.c Enable AES and SHA3 optimisations on Apple Silicon M4-based macOS systems 2024-11-22 14:56:04 +01:00
armv4cpuid.pl Mark OPENSSL_armcap_P .hidden in arm asm 2024-11-22 11:22:00 +01:00
asn1_dsa.c
bsearch.c
build.info Add base code to load a SLH_DSA public key. 2025-02-18 10:13:53 +01:00
c64xpluscpuid.pl
comp_methods.c Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
context.c Expanding trace of providers algorithms fetching/caching/etc 2025-01-27 09:07:48 +01:00
core_algorithm.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
core_fetch.c Expanding trace of providers algorithms fetching/caching/etc 2025-01-27 09:07:48 +01:00
core_namemap.c core_namemap.c: Use OPENSSL_STRING instead of defining STRING type 2024-12-31 15:03:13 +01:00
cpt_err.c Use the new hashtable for core_namemap 2024-08-21 15:21:26 +02:00
cpuid.c Extension of OPENSSL_ia32cap to accommodate additional CPUID bits 2024-12-13 14:51:22 +01:00
cryptlib.c Copyright year updates 2023-09-07 09:59:15 +01:00
ctype.c Copyright year updates 2023-09-07 09:59:15 +01:00
cversion.c Revert API change of OPENSSL_version() 2024-10-17 13:36:58 +02:00
defaults.c Fix typos found by codespell 2024-08-07 19:09:43 +02:00
der_writer.c
deterministic_nonce.c Copyright year updates 2024-09-05 09:35:49 +02:00
dllmain.c
ebcdic.c
ex_data.c Fix error handling in CRYPTO_get_ex_new_index 2023-09-21 14:43:08 +02:00
getenv.c
ia64cpuid.S
indicator_core.c Add FIPS indicator callback. 2024-07-11 08:29:43 +10:00
info.c Extension of OPENSSL_ia32cap to accommodate additional CPUID bits 2024-12-13 14:51:22 +01:00
init.c Copyright year updates 2024-04-09 13:43:26 +02:00
initthread.c Recycle the TLS key that holds thread_event_handler 2024-09-05 17:19:53 +02:00
loongarch64cpuid.pl LoongArch: Fix output file name detection for Perl scripts 2025-02-14 11:35:23 +01:00
loongarch_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
loongarchcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
mem.c Use static array (length 256) for copy of OPENSSL_MALLOC_FAILURES 2024-11-28 17:01:28 +01:00
mem_clr.c
mem_sec.c Copyright year updates 2024-09-05 09:35:49 +02:00
mips_arch.h
o_dir.c
o_fopen.c Copyright year updates 2024-09-05 09:35:49 +02:00
o_init.c
o_str.c crypto: factorize to hex chars conversion code. 2024-08-07 19:25:10 +02:00
o_time.c
packet.c Copyright year updates 2023-09-07 09:59:15 +01:00
param_build.c params: drop INT_MAX checks 2023-12-29 10:21:10 +01:00
param_build_set.c ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs 2023-10-18 18:07:13 +02:00
params.c Don't promise a non-zero return size in error cases. 2025-01-21 17:21:52 +11:00
params_dup.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params_from_text.c Make ossl_trace_param_values an official api function 2024-11-19 08:38:25 -05:00
params_idx.c.in params: provide a faster TRIE based param lookup. 2023-06-02 15:13:20 +10:00
pariscid.pl
passphrase.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ppccap.c Copyright year updates 2024-09-05 09:35:49 +02:00
ppccpuid.pl
provider.c ossl_provider_prov_ctx is redundant 2025-01-28 20:10:44 +11:00
provider_child.c Copyright year updates 2023-09-07 09:59:15 +01:00
provider_conf.c Support CLI and API setting of provider configuration parameters 2025-01-18 03:46:37 +11:00
provider_core.c fips-jitter: Force use jitter entropy in the FIPS 3.0.9 provider callback 2025-02-25 14:45:57 -05:00
provider_local.h
provider_predefined.c
punycode.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_vlint.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
rcu_internal.h Copyright year updates 2024-04-09 13:43:26 +02:00
README-sparse_array.md
riscv32cpuid.pl Copyright year updates 2024-09-05 09:35:49 +02:00
riscv64cpuid.pl riscv: Add basic vector extension support 2023-10-26 15:55:49 +01:00
riscvcap.c riscv: add dl_hwcap for capability detection 2025-02-25 12:01:59 +01:00
s390x_arch.h s390x: Don't probe crypto cards for ME/CRT offloading during initialization 2024-10-23 15:07:01 +02:00
s390xcap.c s390x: Don't probe crypto cards for ME/CRT offloading during initialization 2024-10-23 15:07:01 +02:00
s390xcpuid.pl Copyright year updates 2024-09-05 09:35:49 +02:00
self_test_core.c Copyright year updates 2024-09-05 09:35:49 +02:00
sleep.c For Unix, refactor OSSL_sleep() to use nanosleep() instead of usleep() 2024-05-22 09:59:32 +02:00
sparccpuid.S
sparcv9cap.c
sparse_array.c Copyright year updates 2024-09-05 09:35:49 +02:00
threads_lib.c Define threads_lib.c functions only for OPENSSL_SYS_UNIX 2022-11-14 07:47:53 +00:00
threads_none.c threads: follow formatting rules 2024-09-05 17:09:50 +02:00
threads_pthread.c Revert wrong macos RCU fix 2025-02-25 10:38:26 +01:00
threads_win.c Don't use __ATOMIC_ACQ_REL on older compilers 2025-02-16 15:09:03 -05:00
time.c crypto: fix missing <winsock.h> indirection inclusion. 2024-09-05 17:02:51 +02:00
trace.c Add a QUERY trace category 2024-11-19 08:36:19 -05:00
uid.c Copyright year updates 2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl Remove unnecessary flag clearance in crypto/x86_64cpuid.pl 2025-02-10 15:14:33 +08:00
x86cpuid.pl Extension of OPENSSL_ia32cap to accommodate additional CPUID bits 2024-12-13 14:51:22 +01:00