History log of /openssl/ (Results 1 – 25 of 31721)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
56233ba829-Aug-2022 Juergen Christ

apps/speed.c: Wait for generated children

In multi-mode, speed fork()s off several children but does not wait for them.
On Linux, this leads to wrong accounting information of getrusage

apps/speed.c: Wait for generated children

In multi-mode, speed fork()s off several children but does not wait for them.
On Linux, this leads to wrong accounting information of getrusage used by
tools to extract running time and page faults.

Wait for every children and check the return code and termination signal.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19093)

show more ...

d9aca2dd27-Aug-2022 Stefanos Harhalakis

Fix man page to indicate SHA256 MAC for PKCS12

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas

Fix man page to indicate SHA256 MAC for PKCS12

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19079)

show more ...

723844d324-Aug-2022 Matt Caswell

Test that we ignore a bad record version in a plaintext TLSv1.3 record

The RFC requires us to ignore this field in plaintext records - so even
if it is set incorrectly we should tolerate

Test that we ignore a bad record version in a plaintext TLSv1.3 record

The RFC requires us to ignore this field in plaintext records - so even
if it is set incorrectly we should tolerate it.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19058)

show more ...

2093428824-Aug-2022 Matt Caswell

Tolerate a bad record version in TLSv1.3 plaintext records

When a server responds to a second TLSv1.3 ClientHello it is required to
set the legacy_record_version to 0x0303 (TLSv1.2). The

Tolerate a bad record version in TLSv1.3 plaintext records

When a server responds to a second TLSv1.3 ClientHello it is required to
set the legacy_record_version to 0x0303 (TLSv1.2). The client is required
to ignore that field even if it is wrong. The recent changes to the read
record layer in PR #18132 made the record layer stricter and it was
checking that the legacy_record_version was the correct value. This
caused connection failures when talking to buggy servers that set the
wrong legacy_record_version value.

We make us more tolerant again.

Fixes #19051

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19058)

show more ...

6347b86705-May-2022 Tomas Mraz

Add design requirements for QUIC packet demuxer

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/open

Add design requirements for QUIC packet demuxer

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18249)

show more ...

Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15
5639ee7912-Apr-2021 Dr. David von Oheimb

ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE

Fixes #6251

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed

ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE

Fixes #6251

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14833)

show more ...

555dd93924-May-2022 Daniel Fiala

Convert serverinfo in SSL_CTX_use_serverinfo() to v2.

Fixes openssl#18183.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fr

Convert serverinfo in SSL_CTX_use_serverinfo() to v2.

Fixes openssl#18183.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18614)

show more ...

3c1f8fb124-Aug-2022 Pauli

Add missing ')' to command help

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19049)

200d952124-Aug-2022 Matt Caswell

Drop the optimisation level for ppc64le cross-compile

The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems
buggy and causes a seg fault in sslapitest. This doesn't im

Drop the optimisation level for ppc64le cross-compile

The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems
buggy and causes a seg fault in sslapitest. This doesn't impact any other
CI cross compile platforms and does not seem to impact the gcc 10.3.0 cross
compiler.

We just drop the optimisation level on that platform.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19056)

show more ...

4d32f53315-Aug-2022 Hugo Landau

Updates for OSSL_TIME changes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1867

Updates for OSSL_TIME changes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18676)

show more ...

fa4e92a728-Jun-2022 Hugo Landau

QUIC ACK Manager, Statistics Manager and Congestion Control API

This is the initial implementation of the ACK Manager for OpenSSL's QUIC
support, with supporting design documentation and

QUIC ACK Manager, Statistics Manager and Congestion Control API

This is the initial implementation of the ACK Manager for OpenSSL's QUIC
support, with supporting design documentation and tests.

Because the ACK Manager also depends on the Statistics Manager, it is
also implemented here. The Statistics Manager is quite simple, so this
does not amount to a large amount of extra code.

Because the ACK Manager depends on a congestion controller, it adds a
no-op congestion controller, which uses the previously workshopped
congestion control API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18676)

show more ...

7af110f901-Aug-2022 Dr. David von Oheimb

CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by

CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)

show more ...

aeadd29801-Aug-2022 Dr. David von Oheimb

CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David vo

CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)

show more ...

293ab82001-Aug-2022 Dr. David von Oheimb

CRMF: make create_popo_signature() check that pubkey and pkey match

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David

CRMF: make create_popo_signature() check that pubkey and pkey match

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18930)

show more ...

c0f6792b01-Aug-2022 Dr. David von Oheimb

add missing CRMF API function OSSL_CRMF_CERTTEMPLATE_get0_publicKey()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Davi

add missing CRMF API function OSSL_CRMF_CERTTEMPLATE_get0_publicKey()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18930)

show more ...

aaabe58001-Aug-2022 Dr. David von Oheimb

X509: clean up doc and implementation of X509{,_REQ}_check_private_key()

Also constify X509_REQ_get0_pubkey() and X509_REQ_check_private_key().

Reviewed-by: Tomas Mraz <tomas@openss

X509: clean up doc and implementation of X509{,_REQ}_check_private_key()

Also constify X509_REQ_get0_pubkey() and X509_REQ_check_private_key().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18930)

show more ...

ba9e372101-Aug-2022 Dr. David von Oheimb

x509_att.c: improve error checking and reporting and coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Ohei

x509_att.c: improve error checking and reporting and coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)

show more ...

47dc828c01-Aug-2022 Dr. David von Oheimb

add missing doc of X509_REQ_get_extensions() and X509_REQ_add_extensions{,_nid}()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by

add missing doc of X509_REQ_get_extensions() and X509_REQ_add_extensions{,_nid}()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)

show more ...

e128eaa001-Aug-2022 Dr. David von Oheimb

X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by

X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)

show more ...

bf16ee4f22-Aug-2022 Richard Levitte

util/wrap.pl.in: If the subprocess died with a signal, let's re-signal it

A simple 'kill' of the same signal on our own process should do it.
This will allow the shell that this is runni

util/wrap.pl.in: If the subprocess died with a signal, let's re-signal it

A simple 'kill' of the same signal on our own process should do it.
This will allow the shell that this is running under to catch it
properly, and output something if it usually does that.

Fixes #19041

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19042)

show more ...

e921882d23-Aug-2022 Matt Caswell

Fix the return type for the rlayer_skip_early_data callback

There was a copy & paste error in the definition of the
rlayer_skip_early_data callback. The return type is supposed to
be

Fix the return type for the rlayer_skip_early_data callback

There was a copy & paste error in the definition of the
rlayer_skip_early_data callback. The return type is supposed to
be "int" but it was defined as a pointer type. This was causing
test failures on some platforms.

Fixes #19037

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19048)

show more ...

35bcac1319-Aug-2022 Tomas Mraz

rl->enc_ctx must be non-NULL and cipher must be set

Otherwise ssl3_cipher() cannot work properly.

Fixes Coverity CID 1509401

Reviewed-by: Paul Dale <pauli@openssl.org>

rl->enc_ctx must be non-NULL and cipher must be set

Otherwise ssl3_cipher() cannot work properly.

Fixes Coverity CID 1509401

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19027)

show more ...

7b7ad9e519-Aug-2022 Tomas Mraz

Do not use RLAYERfatal on NULL RLAYER

or on record layer that is to be freed anyway.

Fixes Coverity CID 1509402, 1509403

Reviewed-by: Paul Dale <pauli@openssl.org>
Revi

Do not use RLAYERfatal on NULL RLAYER

or on record layer that is to be freed anyway.

Fixes Coverity CID 1509402, 1509403

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19027)

show more ...

eb7a5cc322-Aug-2022 Pauli

Coverity 1508532: out of bounds access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Coverity 1508532: out of bounds access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19033)

show more ...

52f6169928-Jun-2022 Dr. David von Oheimb

OSSL_HTTP_REQ_CTX_nbio: add support for partial content-type string matching

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David

OSSL_HTTP_REQ_CTX_nbio: add support for partial content-type string matching

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18675)

show more ...

12345678910>>...1269