1273fae1 | 27-Oct-2024 |
Peiwei Hu |
Fix multiple wrong checks of EVP_PKEY_set1_encoded_public_key Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/op
Fix multiple wrong checks of EVP_PKEY_set1_encoded_public_key Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
show more ...
|
1a93be1e | 27-Oct-2024 |
Peiwei Hu |
apps/lib/apps.c: fix the wrong check in check_cert_attributes Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/op
apps/lib/apps.c: fix the wrong check in check_cert_attributes Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
show more ...
|
e1318686 | 23-Sep-2023 |
Kai Pastor |
Mark OPENSSL_armcap_P .hidden in arm asm Fixes #25601 Fixes #22414 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by
Mark OPENSSL_armcap_P .hidden in arm asm Fixes #25601 Fixes #22414 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22181)
show more ...
|
2de7e1d6 | 19-Nov-2024 |
Neil Horman |
Fix SSL_write_[ex|ex2] on blocking quic streams When writing to a blocking quic stream, we sometimes get duplicate transmitted data. This occurs when a call to quic_write_blocking has t
Fix SSL_write_[ex|ex2] on blocking quic streams When writing to a blocking quic stream, we sometimes get duplicate transmitted data. This occurs when a call to quic_write_blocking has to wait for space to become available in the ring buffer. When we do a wait, the call sets *written to the value returned in args.total_written as filled out by the calls to block_until_pred->quic_write_again. However, the value there is based on the amount we requested, which is only the remaining data that we didn't append in xso_sstream_write. So if we call quic_write_blocking with a buffer of length X, and initially append Y bytes, and write the remainig X-Y bytes via a block_until_pred call, then *written will return with the value X-Y, even though we wrote the full X bytes to the ring buffer. Fix it by recording the initial amount appended into *written, and then add the args.total_written value if we have to wait on more space Fixes openssl/project#924 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26023)
show more ...
|
93bfe97c | 19-Nov-2024 |
Tomas Mraz |
sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start() In case of memory allocation failure this could happen. Reviewed-by: Neil Horman <nhorman@openssl.org> Revi
sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start() In case of memory allocation failure this could happen. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25994)
show more ...
|
0c64b1ca | 16-Nov-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
add new keytype test for EVP_PKEY_Q_keygen Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
add new keytype test for EVP_PKEY_Q_keygen Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25972)
show more ...
|
47a80fd2 | 18-Nov-2024 |
Tomas Mraz |
pkeyutl.c: Avoid freeing pkey at multiple places Also fixes a leak of pkey in error case for -verifyrecover. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dal
pkeyutl.c: Avoid freeing pkey at multiple places Also fixes a leak of pkey in error case for -verifyrecover. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25987)
show more ...
|
6f2c97d5 | 17-Nov-2024 |
spectre <137953859+Fare-spec@users.noreply.github.com> |
README.md: Fix typo. Change 'the are' to 'there are' This pull request fixes a typo in the documentation. The phrase "the are" has been corrected to "there are". CLA: trivial
README.md: Fix typo. Change 'the are' to 'there are' This pull request fixes a typo in the documentation. The phrase "the are" has been corrected to "there are". CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25977)
show more ...
|
1a077b38 | 15-Nov-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
s_cb.c: Move the negotiated group output It needs to be always displayed not just with -brief. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openss
s_cb.c: Move the negotiated group output It needs to be always displayed not just with -brief. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25959)
show more ...
|
4c41aa4b | 26-Oct-2024 |
wangcheng |
Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex. 1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_C
Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex. 1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_CTX to the new one. 2. Add implementation of OSSL_FUNC_digest_copyctx_fn function for default providers. 3. Modify EVP_MD_CTX_copy_ex: When the fetched digest is the same in in and out contexts, use the copy function to copy the members in EVP_MD_CTX if the OSSL_FUNC_digest_copyctx_fn function exists. Otherwise, use the previous method to copy. 4. Add documentation for OSSL_FUNC_digest_copyctx function in doc/man7/provider-digest.pod. 5. Add testcase. Fixes #25703 Signed-off-by: wangcheng <bangwangnj@163.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25726)
show more ...
|
9ca66fc2 | 09-Jul-2022 |
Dr. David von Oheimb |
x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_CTX_get1_issuer(), etc. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merge
x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_CTX_get1_issuer(), etc. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18762)
show more ...
|
6a3d5b6e | 16-Oct-2024 |
Tomas Mraz |
os-zoo CI: Replace macos-12 run with macos-15 macos-12 runners will be removed in December. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.n
os-zoo CI: Replace macos-12 run with macos-15 macos-12 runners will be removed in December. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25715)
show more ...
|
63b67162 | 14-Oct-2024 |
Neil Horman |
Make ossl_trace_param_values an official api function lots of people may want to print params to a buffer. Make it part of our api Reviewed-by: Matt Caswell <matt@openssl.org>
Make ossl_trace_param_values an official api function lots of people may want to print params to a buffer. Make it part of our api Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
4fec10ea | 06-Oct-2024 |
Neil Horman |
Add QUERY trace points Adds trace messages for method store add/remove and fetch operations Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.o
Add QUERY trace points Adds trace messages for method store add/remove and fetch operations Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
3eed43f8 | 05-Oct-2024 |
Neil Horman |
Add a QUERY trace category Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630) |
11539fd7 | 05-Oct-2024 |
Neil Horman |
Add tracing messages to the provider api Adds tracing messages to the init/teardown/gettable_params/get_params/query/unquery operations for a provider Reviewed-by: Matt Casw
Add tracing messages to the provider api Adds tracing messages to the init/teardown/gettable_params/get_params/query/unquery operations for a provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
193296ea | 04-Oct-2024 |
Neil Horman |
Adding a trace category for PROVIDER calls Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Adding a trace category for PROVIDER calls Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
5c5b8d2d | 13-Nov-2024 |
Dmitry Misharov |
remove ternary from runs-on, security repo is hosted on github.com Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https:/
remove ternary from runs-on, security repo is hosted on github.com Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25939)
show more ...
|
eaf4da97 | 11-Nov-2024 |
Alicja Kario |
man ECDSA_sign(3): fix wrong variable names the parameters in the function definitions use `siglen` not `sig_len`, this fixes the doc text. Signed-off-by: Alicja Kario <hkario@r
man ECDSA_sign(3): fix wrong variable names the parameters in the function definitions use `siglen` not `sig_len`, this fixes the doc text. Signed-off-by: Alicja Kario <hkario@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25927)
show more ...
|
ef39dd05 | 07-Nov-2024 |
Andrew Dinh |
Change "a SSL" to "an SSL" Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25868) |
837f05fc | 11-Oct-2024 |
Tomas Mraz |
test_hashtable_multithread(): Stress it more Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/
test_hashtable_multithread(): Stress it more Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25669)
show more ...
|
9abd6ca6 | 11-Oct-2024 |
Tomas Mraz |
Use test_random() in hashtable mt test for reproducibility Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/op
Use test_random() in hashtable mt test for reproducibility Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25669)
show more ...
|
577ec498 | 07-Oct-2024 |
Dr. David von Oheimb |
Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0 Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged
Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0 Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25631)
show more ...
|
15c6580a | 08-Nov-2024 |
Neil Horman |
Add test for SSL_stream_reset Add a test to the quic_multistream test suite to reset a stream after all data has been received by a given stream, ensuring that we don't crash in the
Add test for SSL_stream_reset Add a test to the quic_multistream test suite to reset a stream after all data has been received by a given stream, ensuring that we don't crash in the reset operation Fixes #25410 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25910)
show more ...
|
bbfffbca | 08-Nov-2024 |
Neil Horman |
Fix SSL_stream_reset for stream objects which have FIN bit set When calling SSL_stream_reset on a QUIC stream object that has received all data that is expected to be sent (i.e. when the
Fix SSL_stream_reset for stream objects which have FIN bit set When calling SSL_stream_reset on a QUIC stream object that has received all data that is expected to be sent (i.e. when the sender has sent a STREAM frame with the FIN bit set), we encounter the following segfault: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7f0bd28 in ossl_quic_sstream_get_final_size (qss=0x0, final_size=0x0) at ssl/quic/quic_sstream.c:273 273 if (!qss->have_final_size) (gdb) bt 0) 0x00007ffff7f0bd28 in ossl_quic_sstream_get_final_size (qss=0x0, final_size=0x0) at ssl/quic/quic_sstream.c:273 1) 0x00007ffff7ef65bf in quic_validate_for_write (xso=0x5555555efcb0, err=0x7fffffffd5e0) at ssl/quic/quic_impl.c:2513 2) 0x00007ffff7ef8ae3 in ossl_quic_stream_reset (ssl=0x5555555efcb0, args=0x0, args_len=0) at ssl/quic/quic_impl.c:3657 3) 0x00007ffff7ebdaa6 in SSL_stream_reset (s=0x5555555efcb0, args=0x0, args_len=0) at ssl/ssl_lib.c:7635 4) 0x0000555555557527 in build_request_set ( req_list=0x55555555ebd0 "neil1.txt neil2.txt neil3.txt neil4.txt neil5.txt neil6.txt neil7.txt neil8.txt neil9.txt neil10.txt neil11.txt neil12.txt neil13.txt neil14.txt neil15.txt neil16.txt neil17.txt neil18.txt neil19.txt "..., ssl=0x5555555b6f80) at demos/guide/quic-hq-interop.c:545 5) 0x00005555555587b2 in main (argc=4, argv=0x7fffffffe568) at demos/guide/quic-hq-interop.c:941 This occurs because: 1) When the stream FIN bit is set, the quic stack frees the underlying stream structures immediately within the QUIC stack and 2) when SSL_stream_reset is called, the call stack indicates we call quic_validate_for_write, which attempts to access the xso->stream->sstream QUIC_SSTREAM object, which was already freed in (1) The fix I think is pretty straightforward. On receipt of a STREAM frame with a FIN bit set, the QUIC stack sets the QUIC_STREAM object state to QUIC_SSTREAM_STATE_DATA_RECVD, which means we can use that state to simply assert that the stream is valid for write, which allows it to be reset properly. Fixes #25410 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25910)
show more ...
|