Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
9010cc0 Richard Levitte20 March 2024, 12:09:34 UTCPrepare for release of 3.3 alpha 1 Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes20 March 2024, 12:09:34 UTC
529d8e3 Richard Levitte20 March 2024, 12:09:28 UTCmake update Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes20 March 2024, 12:09:28 UTC
0ce7d1f Richard Levitte20 March 2024, 12:07:54 UTCCopyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes20 March 2024, 12:07:54 UTC
dc9bc6c Matt Caswell13 March 2024, 15:19:43 UTCFix unbounded memory growth when using no-cached-fetch When OpenSSL has been compiled with no-cached-fetch we do not cache algorithms fetched from a provider. When we export an EVP_PKEY to a provider we cache the details of that export in the operation cache for that EVP_PKEY. Amoung the details we cache is the EVP_KEYMGMT that we used for the export. When we come to reuse the key in the same provider that we have previously exported the key to, we check the operation cache for the cached key data. However because the EVP_KEYMGMT instance was not cached then instance will be different every time and we were not recognising that we had already exported the key to the provider. This causes us to re-export the key to the same provider everytime the key is used. Since this consumes memory we end up with unbounded memory growth. The fix is to be more intelligent about recognising that we have already exported key data to a given provider even if the EVP_KEYMGMT instance is different. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23841)15 March 2024, 18:10:49 UTC
bc3eb7b Bernd Edlinger10 March 2024, 12:15:55 UTCTry to fix intermittent CI failures in quic_multistream test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23807)15 March 2024, 16:21:35 UTC
707b54b Alexandr Nedvedicky14 March 2024, 08:53:56 UTCplug potential memory leak in error code path Function `module_add()` may leak stack of modules when it fails to initialize newly added module. Fixes #23835 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23836)15 March 2024, 12:42:57 UTC
12f5f26 Tomas Mraz15 March 2024, 10:28:42 UTCRaise the AFL_MAP_SIZE to accommodate future growth Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23851)15 March 2024, 12:37:50 UTC
33f6d61 Tomas Mraz15 March 2024, 10:27:41 UTC82-test_ocsp_cert_chain.t: Just ignore unrecognized lines in server output There might be warnings from AFL fuzz checker or other warnings that we do not care about. For success it is just required that cert_status: ocsp response sent: is present. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23851)15 March 2024, 12:37:50 UTC
103952d Alexandr Nedvedicky14 March 2024, 09:40:06 UTCMinor docfix for OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(3) Also removal of duplicate assignment and addition of comment in test/http_test.c Follow up change to PR #23781 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23837)15 March 2024, 10:36:25 UTC
13ee569 Tomas Mraz14 March 2024, 17:58:00 UTCSet AFL_MAP_SIZE to avoid crash in the AFL CI job Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23843)15 March 2024, 09:23:45 UTC
b7de38e Tomas Mraz14 February 2024, 11:45:15 UTCAdd a test using the bandwidth limit filter Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23588)15 March 2024, 09:19:19 UTC
37ffd4a Tomas Mraz05 February 2024, 15:03:15 UTCAdd support for bandwidth limitation in noisydgram BIO filter Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23588)15 March 2024, 09:19:19 UTC
45d16a4 Tomas Mraz19 January 2024, 14:06:45 UTCbio_f_noisy_dgram_filter(): Fix typo Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23588)15 March 2024, 09:19:19 UTC
9f3a7ca Shakti Shah30 January 2024, 18:56:32 UTCSSL_add_dir_cert_subjects_to_stack(): Documented return values In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions returning int have undocumented return values. Fixes #23171 Signed-off-by: Shakti Shah <shaktishah33@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23433)15 March 2024, 09:15:03 UTC
c5e097d Job Snijders29 January 2024, 20:40:32 UTCAdd Content Type OID for id-ct-rpkiSignedPrefixList References: draft-ietf-sidrops-rpki-prefixlist Title: "A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)" OID assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23426)15 March 2024, 08:10:22 UTC
5c846d3 Tomas Mraz08 February 2024, 16:19:19 UTCapps/x509.c: No warning reading from stdin if redirected Fixes #22893 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23526)15 March 2024, 08:07:51 UTC
37cd49f Neil Horman14 March 2024, 16:04:17 UTCFix ASLR to be smaller during asan/tsan/ubsan runs Recently asan/tsan/ubsan runs have been failing randomly. It appears that a recent runner update may have led to the Address Space Layout Randomization setting in the linux kernel of ubuntu-latest runner getting set to too high a value (it defaults to 30). Such a setting leads to the possibility that a given application will have memory mapped to an address space that the sanitizer code typically uses to do its job. Lowering this value allows a/t/ubsan to work consistently again Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23842)15 March 2024, 07:47:24 UTC
f08be09 Frederik Wedel-Heinen13 March 2024, 09:17:37 UTCAvoid a memcpy in dtls_get_reassembled_message() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23828)14 March 2024, 17:19:17 UTC
c91f0ca Vladimirs Ambrosovs12 March 2024, 16:23:55 UTCFix dasync_rsa_decrypt to call EVP_PKEY_meth_get_decrypt Signed-off-by: Vladimirs Ambrosovs <rodriguez.twister@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23825)14 March 2024, 07:49:01 UTC
3cb0755 Joachim Vandersmissen05 March 2024, 01:16:23 UTCImplement KAT for KBKDF with KMAC128 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23745)13 March 2024, 16:04:31 UTC
3920283 sharad300111 March 2024, 10:19:01 UTCUpdate tls13ccstest.c, removal of deadcode tst has been already checked for invalid value in the start of the function with switch statement. Checked again here, so removed deadcode CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23813)13 March 2024, 16:00:48 UTC
7649b55 Frederik Wedel-Heinen14 February 2024, 09:09:55 UTCAdd fuzzing for DTLS Update the fuzz corpora submodule with the DTLS fuzz corpus. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23585)12 March 2024, 19:10:40 UTC
cf84224 James Muir20 December 2023, 05:15:17 UTCs_server: test ocsp with "-cert_chain" Add a test to exercise the use of s_server with "-cert_chain" to construct an ocsp request. This new functionality was added in PR #22192. Testing: make V=1 TESTS='test_ocsp_cert_chain' test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23101)12 March 2024, 18:54:27 UTC
7f8aba2 Alexandr Nedvedicky08 March 2024, 10:21:18 UTCLimit the number of http headers when receiving the http response Change introduces a default limit on HTTP headers we expect to receive from server to 256. If limit is exceeded http client library indicates HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default. Setting limit to 0 implies no limit (current behavior). Fixes #22264 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23781)12 March 2024, 18:35:41 UTC
bc930be Jiasheng Jiang06 March 2024, 16:08:06 UTCAdd check for xor_get_aid() Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference. For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL. Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23764)12 March 2024, 18:32:32 UTC
7ceb770 olszomal08 February 2024, 13:30:22 UTCImprove the documentation on -cert_chain and -status_verbose options Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22192)12 March 2024, 13:02:13 UTC
d6aafeb olszomal05 January 2024, 12:41:59 UTCUse the untrusted certificate chain to create a valid certificate ID for OCSP_request Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22192)12 March 2024, 13:02:13 UTC
52a75f4 谭九鼎10 March 2024, 02:18:05 UTCDoc: fix style CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23805)12 March 2024, 05:44:45 UTC
8211ca4 Jiasheng Jiang04 March 2024, 17:34:02 UTCPKCS7: Remove one of the duplicate checks There are two consecutive identical checks "if (i <= 0)". We can remove one of them to make the code clear. CLA: trivial Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23741)11 March 2024, 14:19:15 UTC
1f03d33 Aarni Koskela05 March 2024, 10:52:34 UTCAdd reformatting commit to .git-blame-ignore-revs CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23748)11 March 2024, 12:18:03 UTC
5df34ca slontis27 February 2024, 02:34:49 UTCMake the generated params_idx.c file deterministic if run multiple times. Fixes #23672 There are many name/value pairs currently that have duplicate names e.g. 'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls", 'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls", Stripping the .pm file down to just the above entries and running multiple times gives different results for the produce_decoder. On multiple runs any iterations over the unordered hash table keys using foreach my $name (keys %params) results in a different order on multiple runs. Because of this the mapping from the hash 'value' back to the 'key' will be different. Note that the code also uses another mechanism in places that uses "name1" => "value" "name2" => "*name1" Rather than fix all the strings the change done was to sort the keys. If we were to chose to fix the strings then the perl code should be changed to detect duplicates. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23688)11 March 2024, 12:08:00 UTC
8545398 Alexandr Nedvedicky01 March 2024, 07:25:19 UTCFAQ.md should be removed the page the link refers to does not exist. Anyone objects to delete file? Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23719)11 March 2024, 11:40:25 UTC
d60b375 slontis04 March 2024, 02:08:08 UTCFix BIO_get_new_index() to return an error when it is exhausted. Fixes #23655 BIO_get_new_index() returns a range of 129..255. It is set to BIO_TYPE_START (128) initially and is incremented on each call. >= 256 is reserved for the class type flags (BIO_TYPE_DESCRIPTOR) so it should error if it reaches the upper bound. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23732)11 March 2024, 11:34:25 UTC
53a8728 Neil Horman08 March 2024, 20:06:33 UTCBring SSL_group_to_name docs in line with API definition docs say the SSL object in this function is const, but the api doesn't qualify it as such. Adjust the docs to match the definition Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23785)10 March 2024, 00:05:23 UTC
bf7ae25 Hugo Landau14 February 2024, 09:26:37 UTCAdd CHANGES Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584)09 March 2024, 08:56:59 UTC
7b4436a Hugo Landau14 February 2024, 09:09:54 UTCQUIC MULTISTREAM TEST: Test write buffer statistics queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584)09 March 2024, 08:56:59 UTC
b317583 Hugo Landau14 February 2024, 08:44:36 UTCQUIC: Add stream write buffer queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584)09 March 2024, 08:56:59 UTC
a24f29b Bernd Edlinger28 February 2024, 06:14:08 UTCTry to fix intermittent CI failures in sslapitest Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23705)08 March 2024, 17:23:20 UTC
6d42be3 Hugo Landau15 February 2024, 09:23:56 UTCQLOG: Fix indentation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598)07 March 2024, 23:48:49 UTC
5f02bbd Hugo Landau15 February 2024, 09:14:41 UTCQUIC: Define error code for stateless reset Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598)07 March 2024, 23:48:49 UTC
c385583 Hugo Landau15 February 2024, 09:03:26 UTCQUIC: Add documentation for QUIC error codes Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598)07 March 2024, 23:48:49 UTC
4b4b9c9 Hugo Landau15 February 2024, 08:55:36 UTCQUIC: Uniform changes for QUIC error code definitions rename Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598)07 March 2024, 23:48:49 UTC
02f5ab7 Hugo Landau15 February 2024, 08:55:24 UTCQUIC: Make QUIC transport error codes public Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598)07 March 2024, 23:48:49 UTC
74fd682 Bernd Edlinger23 February 2024, 11:04:38 UTCDont run the self-hosted workflows when not available Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23678)07 March 2024, 17:27:02 UTC
b5e076b Neil Horman05 March 2024, 15:56:35 UTCGate setting of ipi_spec_dst on not building for freebsd some variants of FreeBSD (notably Dells OneFS) implement IP_PKTINFO partially, and as such the build breaks for those variants. specifically, it supports IP_PKTINFO, but the in_pktinfo struct has no defined ipi_spec_dst field. Work around this by gating the setting of that variable on not building for FreeBSD Fixes #23739 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23753)07 March 2024, 13:14:12 UTC
f38d9b7 Stanislav Zidek01 March 2024, 14:33:30 UTCinterop tests: Fedora 39 config, simplify updates Imitating Fedora 39 configuration in openssl.cnf with SECLEVEL lowered to 0 in order to be able to run TLS 1.3 tests with TLS_AES_128_CCM_8_SHA256. In order to make updating smoother, check out specific tag rather than the branch. This way, "old" tests can be fetched until PR pointing to "new" tests is merged, so backwards-incompatible changes can be done when needed. Files specific for openssl upstream moved to separate directory. CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23747)07 March 2024, 12:52:43 UTC
6134e8e Dmitry Belyavskiy27 February 2024, 14:22:58 UTCFix a memory leak on successful load of CRL Fixes #23693 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23695)07 March 2024, 10:03:31 UTC
8d8866a Hugo Landau04 March 2024, 22:56:45 UTCQUIC QLOG: Fix ANSI Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23744)06 March 2024, 20:44:48 UTC
6a11cd5 Hugo Landau04 March 2024, 22:55:51 UTCQUIC QLOG: Fix use of sprintf Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23744)06 March 2024, 20:44:48 UTC
e98940d Hugo Landau04 March 2024, 22:49:54 UTCEnable qlog support by default Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23744)06 March 2024, 20:44:48 UTC
cd2cdb6 Tomas Mraz14 December 2023, 17:04:58 UTCDocument that unknown groups and sigalgs marked with ? are ignored Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050)06 March 2024, 09:42:05 UTC
2b4cea1 Tomas Mraz14 December 2023, 16:47:43 UTCAdd test for ignoring unknown sigalgs and groups marked with ? Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050)06 March 2024, 09:42:05 UTC
10f65f7 Tomas Mraz14 December 2023, 16:08:56 UTCAllow ignoring unknown sigalgs and groups in the configuration Related to #20789 Signature algorithms and groups in the configuration that are preceded with ? character and are unknown to libssl are just ignored. The handling for them is similar to handling of ciphers. I.e., there should be a failure only in case the configuration produces no valid sigalgs or groups. Also ignore duplicate sigalgs and groups as such confiuration errors should not be fatal. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050)06 March 2024, 09:42:05 UTC
d6d9277 Dr. David von Oheimb04 August 2023, 15:05:20 UTCapps/cmp: improve -reqin option to read fallback public key from first request message file given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)06 March 2024, 07:49:28 UTC
bcd3707 Dr. David von Oheimb04 August 2023, 19:45:07 UTCcrypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)06 March 2024, 07:49:28 UTC
904ee65 Dr. David von Oheimb04 August 2023, 09:47:17 UTCapps/cmp: extend documentation and diagnostics for using -reqin in special situations Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)06 March 2024, 07:49:28 UTC
2fbe23b Dr. David von Oheimb03 August 2023, 14:55:35 UTCapps/cmp: add -reqout_only option for dumping/saving just the initial CMP request message Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)06 March 2024, 07:49:28 UTC
a143e4e Dr. David von Oheimb04 August 2023, 19:54:29 UTCapps/cmp.c: refactor to fix some coding style nits and more convenient source-level debugging Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)06 March 2024, 07:48:48 UTC
5003aba Dr. David von Oheimb17 January 2024, 17:32:46 UTCcmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21660)06 March 2024, 07:48:48 UTC
5677992 Neil Horman29 February 2024, 17:01:31 UTCDump out qlog json if it is malformed We're still seeing periodic failures in qlog from malformed json output, so lets try to catch it. Modify the verify-qlog.py script to, in the event of an exception in json.loads, to replay the entire json file to the console, followed by an exception indicating what line it died trying to parse. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23715)02 March 2024, 14:12:54 UTC
fbce6eb pohsingwu28 January 2024, 10:18:02 UTCImplement PCT for EDDSA According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be performed consistent with the intended use of the keys. This commit implements PCT for EDDSA via performing sign and verify operations after key generated. Also use the same pairwise test logic in EVP_PKEY_keygen and EVP_PKEY_pairwise_check for EDDSA in FIPS_MODULE. Add OSSL_SELF_TEST_DESC_PCT_EDDSA to OSSL_PROVIDER-FIPS page. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23408)01 March 2024, 10:06:03 UTC
c18c301 Alexandr Nedvedicky15 February 2024, 11:07:26 UTCdemos/http3: Use `SSL_write_ex2()` together with `SSL_WRITE_FLAG_CONCLUDE` These calls were introduced by PR #23343. Change also does a minor tweak to Makefile so CFLAGS and LDFLAGS variables from the environment are respected. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23602)01 March 2024, 09:56:16 UTC
c5cc9c4 shridhar kalavagunta27 January 2024, 03:10:32 UTCFix off by one issue in buf2hexstr_sep() Fixes #23363 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23404)01 March 2024, 09:50:01 UTC
2d70cc9 Michael09 February 2024, 22:45:00 UTCImprove documentation of standard IANA cipher suite names. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23539)25 February 2024, 10:13:07 UTC
eadd8c4 Job Snijders21 February 2024, 21:26:50 UTCAdd appropriate lower bound checks for GeneralizedTime and UTCTime ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8 impose specific constraints on how GeneralizedTime and UTCTime can be encoded in BER/CER/DER. Following from these constraints a minimum length can be derived. Checking the length in this context can potentially help prevent applications from interpreting an invalid GeneralizedTime as a valid UTCTime. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23483)25 February 2024, 08:17:41 UTC
5d70f11 Martin Oliveira09 February 2024, 21:31:27 UTCapps/engine: add EC to list of capabilities openssl engine -c wasn't showing if an engine implemented EC cla: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23538)25 February 2024, 08:10:13 UTC
aba6219 Hamilton Chapman21 February 2024, 13:47:19 UTCEnsure `$(MAKE)` commands and `CFLAGS` are appropriately quoted in the Makefile. If a user's `make` command came from a path that contained a space then both the `$(MAKE)` variable (and parts of the generated `CFLAGS`, when building for iOS) would not be properly quoted and the build would fail. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23663)25 February 2024, 07:57:16 UTC
11adf9a Tom Cosgrove21 February 2024, 09:11:20 UTCApply the AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 Performance improvements range from 18% to 32%. Change-Id: Ifb89eeac3c0625a582a25ff07cf7f9c9ec8f5ba6 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23651)22 February 2024, 15:07:02 UTC
1afb326 响马17 February 2024, 22:57:57 UTCchachap10-ppc.pl: Fix truncated relocation Fix error: relocation truncated to fit: R_PPC64_REL14 (stub) against symbol `ChaCha20_ctr32_vsx_8x' CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23618)22 February 2024, 12:11:24 UTC
f4ed6ee Michael Baentsch19 February 2024, 05:41:35 UTCSSL_set1_groups_list(): Fix memory corruption with 40 groups and more Fixes #23624 The calculation of the size for gid_arr reallocation was wrong. A multiplication by gid_arr array item size was missing. Testcase is added. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23625)22 February 2024, 11:48:21 UTC
db51157 MrRurikov21 February 2024, 08:11:34 UTCs_cb.c: Add missing return value checks Return value of function 'SSL_CTX_ctrl', that is called from SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(), is not checked, but it is usually checked for this function. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23647) (cherry picked from commit 6f794b461c6e16c8afb996ee190e084cbbddb6b8)22 February 2024, 11:45:59 UTC
9dc2269 Tomas Mraz20 February 2024, 17:42:24 UTCMinor wording fixes related to no-atexit Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23642) (cherry picked from commit 66e6f72c3e4221580a7f456ddeaa5027f0bbb8b7)22 February 2024, 09:37:13 UTC
4a6f70c Matt Caswell20 February 2024, 15:11:26 UTCDon't print excessively long ASN1 items in fuzzer Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively long. This fixes a false positive encountered by OSS-Fuzz. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23640)21 February 2024, 16:45:33 UTC
ffc853b Ijtaba Hussain09 June 2023, 06:04:53 UTCExtended SSL_SESSION functions using time_t Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21206)21 February 2024, 09:28:17 UTC
709637c Frederik Wedel-Heinen16 February 2024, 10:44:01 UTCFuture proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23611)20 February 2024, 10:07:01 UTC
5e5c256 Bernd Ritter17 February 2024, 18:15:14 UTCCorrect the defined name of the parameter "micalg" in the documentation The EVP_DigestInit(3) manual page contains wrong name for the define macro for the OSSL_DIGEST_PARAM_MICALG param. Fixes #23580 CLA: trivial Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23615)20 February 2024, 08:08:56 UTC
a768a79 Hugo Landau14 February 2024, 10:06:45 UTCMinor updates Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
8c09d69 Hugo Landau12 February 2024, 11:31:18 UTCFix warning Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
5fd1f46 Hugo Landau12 February 2024, 10:06:23 UTCJSON_ENC: Ensure ossl_json_flush() really flushes the BIO Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
e825599 Hugo Landau12 February 2024, 09:50:59 UTCQUIC CHANNEL: Defer QLOG instantiation until first event Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
6f09c80 Hugo Landau12 February 2024, 09:50:42 UTCQUIC TXP: Allow QLOG instance retrieval via callback Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
9f2349a Hugo Landau12 February 2024, 09:49:58 UTCQUIC QTX: Allow QLOG instance retrieval via callback Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
410270d Hugo Landau12 February 2024, 09:49:32 UTCQUIC FIFD: Allow QLOG instance retrieval via callback Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
4a2e39d Hugo Landau09 February 2024, 14:22:51 UTCAdd entry to CHANGES.md Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
9d90b65 Hugo Landau09 February 2024, 14:08:52 UTCQUIC MULTISTREAM TEST: Test explicit event handling mode Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
965f68f Hugo Landau09 February 2024, 12:52:49 UTCQUIC APL: Add implementation of SSL_VALUE_EVENT_HANDLING_MODE Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
8c13e08 Hugo Landau09 February 2024, 12:52:33 UTCQUIC: Add API for SSL_VALUE_EVENT_HANDLING_MODE Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
40c4570 Hugo Landau09 February 2024, 12:52:09 UTCQUIC: Add docs for SSL_VALUE_EVENT_HANDLING_MODE Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535)19 February 2024, 09:15:46 UTC
e5313f2 Shakti Shah13 February 2024, 19:03:19 UTCOpenSSL License is applied for some source files, change to Apache 2 The following files include/openssl/hpke.h crypto/hpke/hpke.c crypto/ec/asm/ecp_sm2p256-armv8.pl crypto/chacha/asm/chacha-loongarch64.pl still seem to be released under the OpenSSL License instead of the Apache 2 license. Fixes #23570 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23576)19 February 2024, 09:06:04 UTC
c3e8d67 Marcel Gosmann14 February 2024, 10:35:47 UTCFixed Visual Studio 2008 compiler errors CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23586)16 February 2024, 15:34:29 UTC
715a74a Frederik Wedel-Heinen13 February 2024, 12:21:52 UTCRemoves record_queue struct which is no longer useful. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23571)16 February 2024, 15:33:14 UTC
28c7f52 Hugo Landau14 February 2024, 08:08:01 UTCQUIC: Test that SSL_ctrl, SSL_set_mode are routed correctly on QSSOs Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23581)16 February 2024, 15:15:38 UTC
5c16e9d Hugo Landau14 February 2024, 08:04:12 UTCQUIC: Fix SSL_ctrl operation for QSSOs Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23581)16 February 2024, 15:15:38 UTC
cf57c3e Neil Horman16 December 2023, 20:32:48 UTCCheck for NULL cleanup function before using it in encoder_process encoder_process assumes a cleanup function has been set in the currently in-use encoder during processing, which can lead to segfaults if said function hasn't been set Add a NULL check for this condition, returning -1 if it is not set Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23069)16 February 2024, 13:34:11 UTC
d597b46 Hugo Landau13 February 2024, 11:33:08 UTCAdd CHANGES: Fixed SSL_export_keying_material for QUIC. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23567) (cherry picked from commit a2ccaa666545c4c8dd501e6739d88b4e4d9199be)14 February 2024, 17:16:51 UTC
12c0d72 Hugo Landau13 February 2024, 11:29:53 UTCFix SSL_export_keying_material for QUIC Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23567) (cherry picked from commit 498d4e4c4f4a1e220cfa64cfcc76174e2f656fd0)14 February 2024, 17:14:52 UTC
5327309 Neil Horman08 February 2024, 14:17:44 UTCSkip shlibload tests if no-atexit is configured the shared library load tests fail if no-atexit is configured. The entire test suite relies on atexit handling to indicate an at exit handler has run, by producing a file that the test recipe then reads. With no-atexit that never happens, and the test fails If no-atexit is specified, skip all the tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23523)14 February 2024, 17:05:44 UTC
4f6133f Shakti Shah10 February 2024, 19:39:10 UTCKDF_CTX_new API has incorrect signature (const should not be there) https://www.openssl.org/docs/man3.1/man3/EVP_KDF_CTX.html The pages for 3.0/3.1/master seem to have the following EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); which does not match with the actual header which is EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); Fixes #23532 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23541)14 February 2024, 08:48:09 UTC
39fe3e5 Dimitri Papadopoulos12 February 2024, 20:22:30 UTCFix the grammar as suggsted in the review Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23545)14 February 2024, 08:36:11 UTC
f7241ed Dimitri Papadopoulos11 February 2024, 17:14:30 UTCFix new typos found by codespell Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23545)14 February 2024, 08:36:11 UTC
back to top