History log of /openssl/ (Results 26 – 50 of 36072)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
1273fae127-Oct-2024 Peiwei Hu

Fix multiple wrong checks of EVP_PKEY_set1_encoded_public_key

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

Fix multiple wrong checks of EVP_PKEY_set1_encoded_public_key

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)

show more ...

1a93be1e27-Oct-2024 Peiwei Hu

apps/lib/apps.c: fix the wrong check in check_cert_attributes

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

apps/lib/apps.c: fix the wrong check in check_cert_attributes

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)

show more ...

e131868623-Sep-2023 Kai Pastor

Mark OPENSSL_armcap_P .hidden in arm asm

Fixes #25601
Fixes #22414

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by

Mark OPENSSL_armcap_P .hidden in arm asm

Fixes #25601
Fixes #22414

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22181)

show more ...

2de7e1d619-Nov-2024 Neil Horman

Fix SSL_write_[ex|ex2] on blocking quic streams

When writing to a blocking quic stream, we sometimes get duplicate
transmitted data. This occurs when a call to quic_write_blocking has t

Fix SSL_write_[ex|ex2] on blocking quic streams

When writing to a blocking quic stream, we sometimes get duplicate
transmitted data. This occurs when a call to quic_write_blocking has to
wait for space to become available in the ring buffer. When we do a
wait, the call sets *written to the value returned in args.total_written
as filled out by the calls to block_until_pred->quic_write_again.
However, the value there is based on the amount we requested, which is
only the remaining data that we didn't append in xso_sstream_write. So
if we call quic_write_blocking with a buffer of length X, and initially
append Y bytes, and write the remainig X-Y bytes via a block_until_pred
call, then *written will return with the value X-Y, even though we wrote
the full X bytes to the ring buffer.

Fix it by recording the initial amount appended into *written, and then
add the args.total_written value if we have to wait on more space

Fixes openssl/project#924

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26023)

show more ...

93bfe97c19-Nov-2024 Tomas Mraz

sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start()

In case of memory allocation failure this
could happen.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Revi

sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start()

In case of memory allocation failure this
could happen.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25994)

show more ...

0c64b1ca16-Nov-2024 Michael Baentsch <57787676+baentsch@users.noreply.github.com>

add new keytype test for EVP_PKEY_Q_keygen

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>

add new keytype test for EVP_PKEY_Q_keygen

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25972)

show more ...

47a80fd218-Nov-2024 Tomas Mraz

pkeyutl.c: Avoid freeing pkey at multiple places

Also fixes a leak of pkey in error case for -verifyrecover.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dal

pkeyutl.c: Avoid freeing pkey at multiple places

Also fixes a leak of pkey in error case for -verifyrecover.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25987)

show more ...

6f2c97d517-Nov-2024 spectre <137953859+Fare-spec@users.noreply.github.com>

README.md: Fix typo. Change 'the are' to 'there are'

This pull request fixes a typo in the documentation.
The phrase "the are" has been corrected to "there are".

CLA: trivial

README.md: Fix typo. Change 'the are' to 'there are'

This pull request fixes a typo in the documentation.
The phrase "the are" has been corrected to "there are".

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25977)

show more ...

1a077b3815-Nov-2024 Michael Baentsch <57787676+baentsch@users.noreply.github.com>

s_cb.c: Move the negotiated group output

It needs to be always displayed not just with -brief.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openss

s_cb.c: Move the negotiated group output

It needs to be always displayed not just with -brief.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25959)

show more ...

4c41aa4b26-Oct-2024 wangcheng

Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex.

1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_C

Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex.

1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_CTX to the new one.

2. Add implementation of OSSL_FUNC_digest_copyctx_fn function for default providers.

3. Modify EVP_MD_CTX_copy_ex: When the fetched digest is the same in in and out contexts, use the copy function to copy the members in EVP_MD_CTX if the OSSL_FUNC_digest_copyctx_fn function exists. Otherwise, use the previous method to copy.

4. Add documentation for OSSL_FUNC_digest_copyctx function in doc/man7/provider-digest.pod.

5. Add testcase.

Fixes #25703

Signed-off-by: wangcheng <bangwangnj@163.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25726)

show more ...

9ca66fc209-Jul-2022 Dr. David von Oheimb

x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_CTX_get1_issuer(), etc.

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merge

x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_CTX_get1_issuer(), etc.

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18762)

show more ...

6a3d5b6e16-Oct-2024 Tomas Mraz

os-zoo CI: Replace macos-12 run with macos-15

macos-12 runners will be removed in December.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.n

os-zoo CI: Replace macos-12 run with macos-15

macos-12 runners will be removed in December.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25715)

show more ...

63b6716214-Oct-2024 Neil Horman

Make ossl_trace_param_values an official api function

lots of people may want to print params to a buffer. Make it part of
our api

Reviewed-by: Matt Caswell <matt@openssl.org>

Make ossl_trace_param_values an official api function

lots of people may want to print params to a buffer. Make it part of
our api

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)

show more ...

4fec10ea06-Oct-2024 Neil Horman

Add QUERY trace points

Adds trace messages for method store add/remove and fetch operations

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o

Add QUERY trace points

Adds trace messages for method store add/remove and fetch operations

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)

show more ...

3eed43f805-Oct-2024 Neil Horman

Add a QUERY trace category

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)

11539fd705-Oct-2024 Neil Horman

Add tracing messages to the provider api

Adds tracing messages to the
init/teardown/gettable_params/get_params/query/unquery operations for a
provider

Reviewed-by: Matt Casw

Add tracing messages to the provider api

Adds tracing messages to the
init/teardown/gettable_params/get_params/query/unquery operations for a
provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)

show more ...

193296ea04-Oct-2024 Neil Horman

Adding a trace category for PROVIDER calls

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

Adding a trace category for PROVIDER calls

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)

show more ...

5c5b8d2d13-Nov-2024 Dmitry Misharov

remove ternary from runs-on, security repo is hosted on github.com

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

remove ternary from runs-on, security repo is hosted on github.com

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25939)

show more ...

eaf4da9711-Nov-2024 Alicja Kario

man ECDSA_sign(3): fix wrong variable names

the parameters in the function definitions use `siglen` not `sig_len`,
this fixes the doc text.

Signed-off-by: Alicja Kario <hkario@r

man ECDSA_sign(3): fix wrong variable names

the parameters in the function definitions use `siglen` not `sig_len`,
this fixes the doc text.

Signed-off-by: Alicja Kario <hkario@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25927)

show more ...

ef39dd0507-Nov-2024 Andrew Dinh

Change "a SSL" to "an SSL"

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25868)

837f05fc11-Oct-2024 Tomas Mraz

test_hashtable_multithread(): Stress it more

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/

test_hashtable_multithread(): Stress it more

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25669)

show more ...

9abd6ca611-Oct-2024 Tomas Mraz

Use test_random() in hashtable mt test for reproducibility

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/op

Use test_random() in hashtable mt test for reproducibility

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25669)

show more ...

577ec49807-Oct-2024 Dr. David von Oheimb

Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged

Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25631)

show more ...

15c6580a08-Nov-2024 Neil Horman

Add test for SSL_stream_reset

Add a test to the quic_multistream test suite to reset a stream after
all data has been received by a given stream, ensuring that we don't
crash in the

Add test for SSL_stream_reset

Add a test to the quic_multistream test suite to reset a stream after
all data has been received by a given stream, ensuring that we don't
crash in the reset operation

Fixes #25410

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25910)

show more ...

bbfffbca08-Nov-2024 Neil Horman

Fix SSL_stream_reset for stream objects which have FIN bit set

When calling SSL_stream_reset on a QUIC stream object that has received
all data that is expected to be sent (i.e. when the

Fix SSL_stream_reset for stream objects which have FIN bit set

When calling SSL_stream_reset on a QUIC stream object that has received
all data that is expected to be sent (i.e. when the sender has sent a
STREAM frame with the FIN bit set), we encounter the following segfault:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f0bd28 in ossl_quic_sstream_get_final_size (qss=0x0, final_size=0x0) at ssl/quic/quic_sstream.c:273
273 if (!qss->have_final_size)
(gdb) bt
0) 0x00007ffff7f0bd28 in ossl_quic_sstream_get_final_size (qss=0x0, final_size=0x0) at ssl/quic/quic_sstream.c:273
1) 0x00007ffff7ef65bf in quic_validate_for_write (xso=0x5555555efcb0, err=0x7fffffffd5e0) at ssl/quic/quic_impl.c:2513
2) 0x00007ffff7ef8ae3 in ossl_quic_stream_reset (ssl=0x5555555efcb0, args=0x0, args_len=0) at ssl/quic/quic_impl.c:3657
3) 0x00007ffff7ebdaa6 in SSL_stream_reset (s=0x5555555efcb0, args=0x0, args_len=0) at ssl/ssl_lib.c:7635
4) 0x0000555555557527 in build_request_set (
req_list=0x55555555ebd0 "neil1.txt neil2.txt neil3.txt neil4.txt neil5.txt neil6.txt neil7.txt neil8.txt neil9.txt neil10.txt neil11.txt neil12.txt neil13.txt neil14.txt neil15.txt neil16.txt neil17.txt neil18.txt neil19.txt "..., ssl=0x5555555b6f80)
at demos/guide/quic-hq-interop.c:545
5) 0x00005555555587b2 in main (argc=4, argv=0x7fffffffe568) at demos/guide/quic-hq-interop.c:941

This occurs because:
1) When the stream FIN bit is set, the quic stack frees the underlying
stream structures immediately within the QUIC stack
and
2) when SSL_stream_reset is called, the call stack indicates we call
quic_validate_for_write, which attempts to access the
xso->stream->sstream QUIC_SSTREAM object, which was already freed in
(1)

The fix I think is pretty straightforward. On receipt of a STREAM frame
with a FIN bit set, the QUIC stack sets the QUIC_STREAM object state to
QUIC_SSTREAM_STATE_DATA_RECVD, which means we can use that state to
simply assert that the stream is valid for write, which allows it to be
reset properly.

Fixes #25410

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25910)

show more ...

12345678910>>...1443