Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
3df5736 Bernd Edlinger18 September 2023, 06:16:01 UTCImprove Malloc Failure Test Allow 2 digits after the comma in percentage in OPENSSL_MALLOC_FAILURES. Add OPENSSL_MALLOC_SEED to allow for some randomization. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22127)11 October 2023, 07:01:09 UTC
ac0677b Dr. David von Oheimb11 June 2023, 15:41:03 UTCCMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS Fixes #21120 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21176)10 October 2023, 18:36:06 UTC
2f76888 Dr. David von Oheimb11 June 2023, 16:19:50 UTCOSSL_CMP_CTX_new.pod: remove overlap with OSSL_HTTP_transfer.pod; improve the latter Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21176)10 October 2023, 18:36:06 UTC
4a9299a Dr. David von Oheimb11 June 2023, 15:36:55 UTCapps/cmp.c: -tls_used may be implied by -server https:...; improve related checks and doc Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21176)10 October 2023, 18:36:05 UTC
8d120ae Klavishnik10 August 2023, 10:56:24 UTCAdded check for the return value of the RAND_bytes() function Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21706)10 October 2023, 15:15:54 UTC
d0bf010 Tomas Mraz09 October 2023, 15:32:53 UTCECDSA with SHA3 verification does not depend on FIPS provider version Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22322)10 October 2023, 14:46:13 UTC
2989041 Tomas Mraz09 October 2023, 14:47:07 UTCprovider-compatibility.yml: Correct the directory where opensslwrap.sh is being run Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22322)10 October 2023, 14:46:13 UTC
636ee1d Evgeny Karpov07 August 2023, 12:28:20 UTC* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21673)10 October 2023, 13:37:41 UTC
2b8d815 Matt Caswell06 October 2023, 14:56:15 UTCWhen calling ossl_crypto_condvar_wait_timeout() we must use real time Although many of the QUIC tests use fake time, the time we pass to the ossl_crypto_condvar_wait_timeout() must be a real time. Passing fake time was causing the QUIC tserver test to hang because ossl_crypto_convar_wait_timeout() always timed out immediately and never relinquished the CPU. If using fake time we adjust the time to real time just before using it. Fixes #22020 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22301)10 October 2023, 07:17:43 UTC
91895e3 Klavishnik09 August 2023, 14:05:03 UTCAvoid divide-by-zero in kmac_prov.c's bytepad() This would happen if EVP_MD_get_block_size() returned 0 so we return an error instead. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21698)09 October 2023, 10:02:59 UTC
581c87b Matt Caswell05 October 2023, 16:11:25 UTCFix the BIO_addr test The BIO_addr test is failing on non-stop. The length of the data is larger than the size we have allocated for it. We dynamically allocate instead. Fixes #22218 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22294)09 October 2023, 08:15:40 UTC
50b3c47 Tomas Mraz31 August 2023, 08:26:22 UTCtest_provider_ex(): Add missing call failure checks Fixes Coverity 1542440 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21913)08 October 2023, 23:21:19 UTC
79997a9 Matt Caswell04 October 2023, 16:55:33 UTCTimeout in the tserver test using real time When running the tserver test we bail out if a timeout expires. We shouldn't use fake time for that timeout, because fake time might never actually get incremented. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22284)06 October 2023, 09:55:24 UTC
2e62b07 Matt Caswell04 October 2023, 16:50:53 UTCDon't wait in the tesrver idle testing every time around the loop If we wait for 100ms 600 times - then the test takes a minute to complete which is far too long. The purpose of the wait is to give the assistance thread a chance to catch up. We only do that if the event timeout has actually expired - otherwise we are waiting for no reason. Fixes #22156 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22284)06 October 2023, 09:55:24 UTC
4ace824 Tomas Mraz05 October 2023, 13:24:38 UTCWindows CI: Continue on error during cpuinfo Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22293)06 October 2023, 09:18:00 UTC
8f67c6b Tomas Mraz04 October 2023, 15:23:27 UTCAlways back off on the first packet noise from client to server The test server cannot really cope with modifications Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22267)06 October 2023, 08:24:58 UTC
6dfc57f Tomas Mraz03 October 2023, 15:19:16 UTCAdd testing of bitflips in packet headers A new type of noise is introduced in the noisy dgram bio filter. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22267)06 October 2023, 08:24:58 UTC
7ae3158 Vladimir Kotal04 October 2023, 14:11:42 UTCavoid sun as variable name Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22281)05 October 2023, 17:12:51 UTC
4ca56f5 Tomas Mraz03 October 2023, 13:45:13 UTCd2i_X509.pod: Better document using the reuse capability for libctx setup Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22265)05 October 2023, 17:10:51 UTC
4bad474 Neil Horman04 October 2023, 13:48:37 UTCembed bio_dgram_data inside bio_dgram_sctp_data the sctp BIO implementation uses the generic BIO dgram implementation under the covers for some operations. However, the private data for each bio is incongruous, leading to segfaults when doing things like passing a dgram_sctp_ctrl operation to the underlying dgram_ctrl method. Fix this by removing the common fields between the two strcutres and embedding a bio_dgram_data as the first member of the bio_dgram_sctp_data struct. This allows implicit casting when that call path is taken, avoiding any memory mis-use Fixes #20643 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22278)05 October 2023, 17:09:06 UTC
31fc8a8 Matt Caswell04 October 2023, 15:32:31 UTCFix coverity alert on use of uninitialised data The function `ossl_blake2b_param_init` should initialise only, and not read the data it is initialising Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22282)05 October 2023, 17:07:55 UTC
0f7a3b0 Tomas Mraz04 October 2023, 07:30:43 UTCBN_gcd(): Avoid shifts of negative values Fixes #22216 Thanks to Leland Mills for investigation and testing. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22272)05 October 2023, 10:05:16 UTC
f7b8013 Tomas Mraz03 October 2023, 12:43:13 UTCDH_check: Emphasize the importance of return value check Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22262)05 October 2023, 09:24:35 UTC
e8e2b13 Richard Levitte18 September 2023, 07:30:13 UTC[design] Make it possible to use explicitly fetched signature implementation This design is to allow the use of explicitly fetched EVP_SIGNATURE implementations. Ref: openssl/project#171 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22129)05 October 2023, 07:11:24 UTC
11f69aa Richard Levitte21 September 2023, 12:39:30 UTC[design] Make it possible to pass AlgorithmIdentifier parameter data This design is to allow passing AlgorithmIdentifier parameter data to and from any cryptograpfic operation, with convenience functions for them all, not just for symmetric ciphers. This is crucial to support CMS, among others. Ref: openssl/project#172 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22162)04 October 2023, 23:07:58 UTC
fb20e66 Pauli24 September 2023, 23:34:07 UTCossl_property_list_to_string: handle quoted strings ossl_property_list_to_string() didn't quote strings correctly which could result in a generated property string being unparsable. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22182)04 October 2023, 21:09:13 UTC
456e6ca dependabot[bot]04 October 2023, 17:03:39 UTCBump suisei-cn/actions-download-file from 1.3.0 to 1.4.0 Bumps [suisei-cn/actions-download-file](https://github.com/suisei-cn/actions-download-file) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/suisei-cn/actions-download-file/releases) - [Commits](https://github.com/suisei-cn/actions-download-file/compare/v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: suisei-cn/actions-download-file dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22268)04 October 2023, 17:14:20 UTC
8316029 Tomas Mraz04 October 2023, 10:30:22 UTCd2i_PKCS8PrivateKey_bio.pod: evp.h include is unnecessary It is also not allowed by doc nits check to have multiple includes. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22276)04 October 2023, 11:02:46 UTC
74f8d9c Frederik Wedel-Heinen02 October 2023, 13:53:28 UTCAdded info on change to HISTORY of SSL_CTX_set_msg_callback() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22241)04 October 2023, 10:56:53 UTC
fac54a6 Frederik Wedel-Heinen02 October 2023, 11:08:56 UTCUpdate documentation on SSL_CTX_set_msg_callback() to match the actual functionality. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22241)04 October 2023, 10:56:53 UTC
5f79670 Frederik Wedel-Heinen02 October 2023, 10:00:58 UTCPrint record version for DTLSv1_listen() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22241)04 October 2023, 10:56:53 UTC
b31597d Frederik Wedel-Heinen02 October 2023, 09:11:29 UTCPass the dtls record version to the record layer msg_callback function. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22241)04 October 2023, 10:56:53 UTC
706512e Matthias St. Pierre02 October 2023, 10:10:01 UTCDon't (re-)initialize the FFC_PARAMs in dh_init and dsa_init The initialization was introduced in commit dc8de3e6f1ee and changes the behaviour of the `init` method for DSA and DH between 1.1.1 and 3.0, while the behaviour for RSA and EC_KEY remains unchanged. The initialization is not necessary in 3.x and master imho and breaks the use-case of intercepting the methods of an existing key. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185)04 October 2023, 10:22:04 UTC
860e36d Matthias St. Pierre23 September 2023, 23:13:20 UTCtest: evp_extra: test signing with legacy app method based keys This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression test for the bug fix in commit 1acc3e8cc3c6 (pull request #22163). It is analogous to `test_EVP_PKEY_sign`, only with a fake app method based key. (The EC key test case was omitted, because there is no `EC_KEY_METHOD_dup` method.) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185)04 October 2023, 10:22:04 UTC
b49cafd Matthias St. Pierre23 September 2023, 23:24:59 UTCtest: evp_extra: fix indentation error Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185)04 October 2023, 10:22:04 UTC
82496b8 Sumitra Sharma03 October 2023, 03:58:44 UTCCorrect documentation for PKCS5_PBKDF2_HMAC In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states that an iter value less than 1 is treated as a single iteration. Upon further investigation in providers/implementations/kdfs/pbkdf2.c, it appears that invalid iter values will result in failure and raise the PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation to accurately reflect the behavior in OpenSSL 3.x. Closes openssl#22168 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22252)04 October 2023, 10:19:22 UTC
1296c2e Richard Levitte02 October 2023, 07:12:12 UTCRestore the meaning of EVP_PKEY_print_private() With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD function "priv_print", effectively asking the backend to print whatever it regards as private key components. In all backends that were built into libcrypto, this function printed what was included in the private key structure, which usually includes the public key components as well. With OpenSSL 3.0, some of the corresponding key2text encoders got a slightly different behavior, where the presence of the selector OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be regarded as private key components printed. This isn't entirely consistent, though, as the RSA key2text encoder will still print the public key components regardless. To compensate for the changed backend behavior, EVP_PKEY_print_private() was made to ask the encoder to print the keypair rather than just the private key, thereby moving the backend semantics to the application API. Unfortunately, this causes confusion for providers where the key2text encoder really should print the private key only. This change restores the built-in 1.1.1 backend behavior in the encoders that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its documented behavior, leaving it to the backend to decide what it regards as "private key components". Fixes #22233 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22237)04 October 2023, 06:10:55 UTC
2b74e75 Dmitry Belyavskiy26 December 2022, 19:38:44 UTCImproved detection of engine-provided private "classic" keys Resolves #17092 (?) Resolves #17286 (?) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19965)04 October 2023, 00:02:00 UTC
5c20c20 Frederik Wedel-Heinen02 October 2023, 08:58:48 UTCRemove duplicates of EVP_aes_xxx_wrap() from EVP_aes_128_gcm.pod Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22236)03 October 2023, 23:54:46 UTC
1d3f266 Frederik Wedel-Heinen02 October 2023, 07:58:30 UTCCall post_process_record for dtls records Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22239)03 October 2023, 23:54:01 UTC
515856f Matthias St. Pierre26 September 2023, 16:25:27 UTCdoc/man3: fix misnamed function name Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`, fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph in commit b3696a55a5ed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22242)03 October 2023, 23:52:32 UTC
21d2041 Matt Caswell02 October 2023, 10:47:08 UTCBack off on generating noise in the event of a PING frame If either endpoint issues a PING frame while we are introducing noise into the communication then there is a danger that the connection itself will fail. We detect the PING and then back off on generating noise for a short while. It should be sufficient to just ensure that the next datagram does not get dropped for each endpoint. Fixes #22199 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22243)03 October 2023, 23:51:51 UTC
3f8b7b9 Tomas Mraz02 October 2023, 15:07:52 UTCCHANGES.md: Mention new features added after 3.2 alpha1 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22251)03 October 2023, 23:51:01 UTC
cda2e7c Sumitra Sharma02 October 2023, 15:23:52 UTCAdd openssl/pem.h inclusion for d2i_PKCS8PrivateKey Include the necessary header file openssl/pem.h in the documentation to ensure that all functions related to d2i_PKCS8PrivateKey are correctly defined. Closes openssl#22188 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22253)03 October 2023, 20:54:17 UTC
4b5b223 Frederik Wedel-Heinen02 October 2023, 07:49:34 UTCOccupy the rec_version field of a decoded dtls record Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22238)03 October 2023, 20:53:30 UTC
6f66602 Tomas Mraz02 October 2023, 13:49:42 UTCmacros.h: There are just 3.1 deprecations, no 3.2 deprecations Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22247)03 October 2023, 20:52:41 UTC
6a92159 Tomas Mraz02 October 2023, 13:38:12 UTCAll lh_stats functions were deprecated in 3.1 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22247)03 October 2023, 20:52:41 UTC
d2751ee Tomas Mraz29 September 2023, 12:55:05 UTCquicapitest: Enable test_ssl_trace with enable-zlib To improve Coverage mapping in Coveralls make it possible to run test_ssl_trace() with enable-zlib Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22222)03 October 2023, 15:23:58 UTC
4a1bdb0 Tomas Mraz29 September 2023, 10:09:10 UTCcoveralls: Drop no-shared and -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22222)03 October 2023, 15:23:58 UTC
2d374e1 Dmitry Misharov28 September 2023, 08:50:55 UTCGH action workflows: Add cpu report before 'make test' Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22232)03 October 2023, 13:53:25 UTC
0782940 Tomas Mraz03 October 2023, 06:39:31 UTCcoveralls: Fix invocation of lcov Fixes recent regression from commit febe8cf4dee9939ee3e5523b6f14d9dc1ec74153 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22258)03 October 2023, 06:39:49 UTC
f7e7bbc dependabot[bot]02 October 2023, 17:23:41 UTCBump actions/setup-python from 4.7.0 to 4.7.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.0 to 4.7.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.7.0...v4.7.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22254)03 October 2023, 06:32:51 UTC
ad4af6d Matt Caswell28 September 2023, 12:59:45 UTCFix timeouts in the quic_multistream test script 13 Script 13 is a stress test which can timeout on some low powered platforms or with some options that significantly slow performance. We increase the timeout. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22214)02 October 2023, 13:59:24 UTC
febe8cf Dmitry Misharov28 September 2023, 11:21:37 UTCremove files under test directory from coverage report Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22212)02 October 2023, 13:56:25 UTC
92986c0 Matthias St. Pierre29 September 2023, 13:31:37 UTCdoc: correct the SSL_CTX_set_info_callback(3) manual page The info callback is not prototyped correctly, and the code example fails to compile because of const-incorrectness. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22224)02 October 2023, 12:12:39 UTC
3d3a7ec Danny Tsen22 August 2023, 19:58:53 UTCImprove performance for 6x unrolling with vpermxor instruction Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21812)02 October 2023, 12:00:23 UTC
fd27a7e Mathieu Tortuyaux22 September 2023, 20:09:33 UTCtest: add verify test for EC cert signed with SHA3 Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22147)02 October 2023, 10:46:24 UTC
de4aa81 Mathieu Tortuyaux19 September 2023, 15:24:43 UTCobj_xref.h: make update Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22147)02 October 2023, 10:46:24 UTC
98e0755 Mathieu Tortuyaux19 September 2023, 15:23:23 UTCobj_xref: ecdsa support sha3 hash function Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22147)02 October 2023, 10:46:24 UTC
0c74339 Richard Levitte02 October 2023, 08:24:38 UTCConfigurations/unix-Makefile.tmpl: Ensure that md-nits always works The body of the "md-nits" Makefile target assumed an in source build tree. This change ensures that it works correctly when called from an out-of-source build tree as well. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22240)02 October 2023, 10:38:51 UTC
5995dc3 Richard Levitte02 October 2023, 08:22:24 UTC[DOCS] Fix table inconsistencies detected by mdl Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22240)02 October 2023, 10:38:51 UTC
b07a0b1 Tomas Mraz26 September 2023, 12:56:02 UTCAvoid having ecp_sm2p256-armv8.pl in fips.module.sources Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22194)02 October 2023, 10:37:17 UTC
6bd0794 Pauli28 September 2023, 01:47:35 UTCCoverity 1545175: use after free Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22211)02 October 2023, 08:18:21 UTC
eaf0879 Pauli28 September 2023, 01:45:01 UTCCoverity 1545174: calling risky function Remove the call to rand() and replace with an xor-shift RNG. There are no security implications to worry about here. This RNG is used during testing only. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22211)02 October 2023, 08:18:21 UTC
1541083 Pauli28 September 2023, 01:34:48 UTCCoverity 1545176: dereference before NULL check Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22211)02 October 2023, 08:18:21 UTC
8ed76c6 Tomas Mraz26 September 2023, 15:39:50 UTCOptimize out unneeded up_ref/free of EVP_CIPHER Fixes #22189 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22198)29 September 2023, 13:22:38 UTC
9f6eb62 Tomas Mraz27 September 2023, 12:32:50 UTCTest client certificate authentication with QUIC Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22207)29 September 2023, 09:29:19 UTC
219bd6a Matt Caswell28 September 2023, 13:24:47 UTCPrepare for 3.2 alpha 3 Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes28 September 2023, 13:24:47 UTC
1e6b4ba Matt Caswell28 September 2023, 13:24:32 UTCPrepare for release of 3.2 alpha 2 Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes28 September 2023, 13:24:32 UTC
746b95c Matt Caswell28 September 2023, 13:24:31 UTCmake update Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes28 September 2023, 13:24:31 UTC
556009c Matt Caswell28 September 2023, 13:23:29 UTCCopyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes28 September 2023, 13:23:29 UTC
7f5b29c Matt Caswell26 September 2023, 11:14:56 UTCFix no-ssl-trace Ensure we use OPENSSL_NO_SSL_TRACE guards where appropriate. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22193)28 September 2023, 08:49:49 UTC
b07107e Randall S. Becker23 September 2023, 14:38:13 UTCMove e_os2.h up in quictestlib.c to allow symbol definition consistency. Fixes: #22178 Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22179)27 September 2023, 16:34:28 UTC
be203ea Matt Caswell25 September 2023, 15:44:47 UTCFix a mem leak when the FIPS provider is used in a different thread We were neglecting to register the main thread to receive thread stop notifications. This is important if the thread that starts the FIPS provider is not the same one that is used when OPENSSL_cleanup() is called. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:23:04 UTC
1a18596 Pauli21 September 2023, 22:46:31 UTCevp_test: recondition cipher dupctx FIPS version check. Until the cipher dupctx is properly implemented in 3.1 and 3.0 the check is wrong. This should be reverted once the implemenation has been done. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:23:04 UTC
4cde758 Pauli05 September 2023, 02:51:05 UTCfips: use seed source requested Fixes #21909 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:23:04 UTC
a9483b8 Pauli25 September 2023, 04:25:58 UTCrand: add extra error code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:22:54 UTC
fffa78c Pauli05 September 2023, 00:16:49 UTCfips selftest: avoid relying on a real RNG for self tests Rather than instantiate the private and primary DRBGs during the selftest, instead use a test RNG. This leaves the DRBG setup pristine and permits later replacement of the seed source despite the very early running power up self tests. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:22:54 UTC
54e60d2 Pauli13 September 2023, 00:54:28 UTCProvider cross version checks warning Add a warning note to the provider cross version checks indicating that a pull request branch will not be used if execution is set to on pull request. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:22:54 UTC
6935101 Pauli04 September 2023, 00:22:29 UTCfix indentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:22:54 UTC
c37184f Pauli04 September 2023, 04:37:09 UTCremove redundant free of NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)27 September 2023, 16:22:54 UTC
91bc783 Jonathan M. Wilbur01 July 2023, 15:56:40 UTCSupport all NULL-syntax X.509v3 extensions Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21342)25 September 2023, 19:12:04 UTC
30224a2 Matt Caswell21 September 2023, 15:28:58 UTCAdd a test for BIO_ADDR_copy() We also add a test for BIO_ADDR_dup() which was also added in 3.2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22164)24 September 2023, 21:46:45 UTC
d058ae6 Matt Caswell21 September 2023, 11:16:38 UTCClean away the test code implementation of bio_addr_copy We now have a public function for BIO_ADDR_copy() which can be used in preference to the test code's private implementation. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22164)24 September 2023, 21:46:45 UTC
e55843a Matt Caswell21 September 2023, 11:10:15 UTCAdd documentation for the BIO_ADDR_copy() function Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22164)24 September 2023, 21:46:45 UTC
a18c9f8 Matt Caswell21 September 2023, 10:59:58 UTCImplement a public BIO_ADDR_copy() function We already have BIO_ADDR_dup() but in some contexts that is not sufficent. We implement BIO_ADDR_copy() and make BIO_ADDR_dup() use it. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22164)24 September 2023, 21:46:45 UTC
442d08f Matt Caswell22 September 2023, 16:31:34 UTCRemove a spurious inclusion of the sparse array header file Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22174)24 September 2023, 21:45:32 UTC
6c03fa2 Michael Baentsch22 September 2023, 15:52:09 UTCadding -outpubkey option to genpkey Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22173)24 September 2023, 18:51:42 UTC
1acc3e8 Matthias St. Pierre21 September 2023, 14:43:43 UTCno-engine: fix signing with legacy app method based keys Signing with an app method based key (i.e. an `EVP_PKEY` which wraps an `RSA` key with an application defined `RSA_METHOD`) used to work in 1.1.1. That feature was broken in commit 60488d2434, but later on fixed by @t8m in commit b247113c05 (see #14859). This commit corrects a minor flaw of the fix, which affects only `no-engine` builds: the special treatment for foreign keys is guarded by an `OPENSSL_NO_ENGINE` check. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/22163)22 September 2023, 19:07:49 UTC
34d36cd Huiyue Xu14 September 2023, 08:21:35 UTCDo not include sparse_array.o in libssl sparse_array.o is not needed in libssl at 3.0.x version. Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22111) (cherry picked from commit a31cd07af1ca34cdbbd2b077a933208d447ed0b2)22 September 2023, 18:42:48 UTC
523c5a0 Matt Caswell21 September 2023, 09:25:00 UTCClarify the terminology in the noisy dgram BIO The previous terminology was quite confusing. We try to use drop, duplicate and delay more consistently and introduce the "reinject" terminology as a mechanism for implementing duplicates and delays. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
18fd0ea Matt Caswell20 September 2023, 15:25:44 UTCEnsure we free all the BIOs in a chain for QUIC like we do in TLS An application may pass in a whole BIO chain via SSL_set_bio(). When we free the BIO we should be using BIO_free_all() not BIO_free() like we do with TLS. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
f13f9b7 Matt Caswell20 September 2023, 15:24:37 UTCEnsure we up-ref the sbio before passing it to tserver We are actually passing two references to sbio: one as part of a BIO chain and one stand alone. Therefore we need two references. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
c29b13a Matt Caswell20 September 2023, 12:25:42 UTCRemove some redundant code from test helper BIOs Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
0a2369f Matt Caswell19 September 2023, 15:52:00 UTCEnsure client to server datagrams are noisy too So far we've only applied noise to the server to client datagrams. Do the same thing the other way around. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
8d8c0a9 Matt Caswell19 September 2023, 15:40:25 UTCAdd the ability to do client side tracing in quictestlib.c We add a new flag QTEST_FLAG_CLIENT_TRACE to get debug tracing output if required. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
b1584a8 Matt Caswell19 September 2023, 11:21:27 UTCExtend the noisy dgram test so that packets are also affected by noise Where multiple packets are in a single datagram we split them so that all packets can be affected by the noise Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
35bd8a6 Matt Caswell19 September 2023, 10:52:42 UTCAdd a packet splitting BIO Provide a BIO filter that can split QUIC datagrams containing multiple packets, such that each packet is in its own datagram. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
5d3933e Matt Caswell18 September 2023, 16:06:31 UTCUse fake time rather than real time in the noisy dgram test Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
a2026db Matt Caswell18 September 2023, 15:55:52 UTCAdd support for timeouts into quictestlib.c Now that we have a noisy datagram BIO we cannot rely on datagrams always reliably being delivered in the test framework. We need to start taking notice of timeouts and handling them appropriately. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22157)22 September 2023, 12:56:43 UTC
back to top