b147b9da | 15-Jun-2022 |
Jiasheng Jiang |
test/v3nametest.c: Add check for OPENSSL_malloc As the potential failure of the OPENSSL_malloc(), it should be better to add the check and return error if fails. Signed-off-
test/v3nametest.c: Add check for OPENSSL_malloc As the potential failure of the OPENSSL_malloc(), it should be better to add the check and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18573)
show more ...
|
5203a8df | 17-Jun-2022 |
Jiasheng Jiang |
test/evp_test.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Sign
test/evp_test.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18592)
show more ...
|
ce8822b7 | 17-Jun-2022 |
Dmitry Belyavskiy |
Improve diagnostics on setting groups - If keymgmmt is not available, it's not an error but the error message persists in stack - when setting groups, it's worth saying which group
Improve diagnostics on setting groups - If keymgmmt is not available, it's not an error but the error message persists in stack - when setting groups, it's worth saying which group is not available Fixes #18585 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18591)
show more ...
|
386ab7f1 | 17-Jun-2022 |
Lutz Jaenicke |
Add test cases for verification of time stamping certificates Test makes sure, that both time stamping certificate according to rfc3161 (no requirements for keyUsage extension) and accor
Add test cases for verification of time stamping certificates Test makes sure, that both time stamping certificate according to rfc3161 (no requirements for keyUsage extension) and according to CAB forum (keyUsage extension must be digitalSignature and be set critical) are accepted. Misuse cases as stated in CAB forum are rejected, only exeption is a missing "critial" flag on keyUsage. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18597)
show more ...
|
a6a2dd9f | 17-Jun-2022 |
Jiasheng Jiang |
apps/s_server.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Sign
apps/s_server.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18595)
show more ...
|
e163969d | 17-Jun-2022 |
Jiasheng Jiang |
crypto/x509/by_store.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails.
crypto/x509/by_store.c: Add check for OPENSSL_strdup As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18593)
show more ...
|
9f40251d | 11-May-2022 |
Pauli |
doc: document the new internal time API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
doc: document the new internal time API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18274)
show more ...
|
d6bfdf67 | 10-May-2022 |
Pauli |
ssl: expose the get time function internally Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/
ssl: expose the get time function internally Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18274)
show more ...
|
f0a49358 | 14-Nov-2021 |
Pauli |
test: add priority queue unit test Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18274) |
68a6152d | 12-Nov-2021 |
Pauli |
doc: priority queue documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18274) |
4bb1fdf7 | 12-Nov-2021 |
Pauli |
build.info changes for priority queue Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18
build.info changes for priority queue Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18274)
show more ...
|
c8003ad5 | 12-Nov-2021 |
Pauli |
add priority queue implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18274) |
b80395ef | 29-Apr-2022 |
Hugo Landau |
Add dgram API discussion Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18210) |
de85a9de | 20-Jun-2022 |
Matt Caswell |
Update CHANGES.md and NEWS.md for new release Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes |
87eee750 | 13-Jun-2022 |
Tomas Mraz |
c_rehash: Drop the issuer_name_hash= prefix from the CRL hash Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> |
ce60b137 | 29-May-2022 |
Daniel Fiala |
Fix file operations in c_rehash. CVE-2022-2068 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> |
c6010d1a | 20-Jun-2022 |
Richard Levitte |
providers/implementations/exchange/kdf_exch.c: fix unavailable SIZE_MAX SIZE_MAX is used in a recent fix of this file, but without including internal/numbers.h, so that macro ends up not
providers/implementations/exchange/kdf_exch.c: fix unavailable SIZE_MAX SIZE_MAX is used in a recent fix of this file, but without including internal/numbers.h, so that macro ends up not existing on some platforms, resulting in build failures. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18605)
show more ...
|
8547cd67 | 15-Jun-2022 |
Jiasheng Jiang |
crypto/asn1/a_time.c: Add check for OPENSSL_malloc As the potential failure of the OPENSSL_malloc(), timestamp_tm could be NULL and be used in ASN1_TIME_to_tm() without check. Th
crypto/asn1/a_time.c: Add check for OPENSSL_malloc As the potential failure of the OPENSSL_malloc(), timestamp_tm could be NULL and be used in ASN1_TIME_to_tm() without check. Therefore, it should be better to check the return value of OPENSSL_malloc() and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18575)
show more ...
|
93ed4b5f | 14-Jun-2022 |
Randall S. Becker |
Clarify use of EGD for HPNS in rand/rand_egd.c comments. Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by:
Clarify use of EGD for HPNS in rand/rand_egd.c comments. Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18566)
show more ...
|
0edcbacc | 15-Jun-2022 |
Fraser Tweedale |
Fix documentation of BIO_FLAGS_BASE64_NO_NL Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated `BIO_f_base64(3)` to improve the documentation of the `BIO_FLAGS_BASE64_NO_NL` fla
Fix documentation of BIO_FLAGS_BASE64_NO_NL Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated `BIO_f_base64(3)` to improve the documentation of the `BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text states that when this flag is used, all newlines in the input are ignored. This is incorrect, as the following program proves: ```c unsigned char *in_buf = "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n"; int main(int argc, char **argv) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) return 1; BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL); int in_len = strlen(in_buf); BIO *in = BIO_new_mem_buf(in_buf, in_len); if (in == NULL) return 2; in = BIO_push(b64, in); unsigned char *out_buf = calloc(in_len, sizeof(unsigned char)); if (out_buf == NULL) return 3; size_t out_len; int r = BIO_read_ex(in, out_buf, in_len, &out_len); printf("rv = %d\n", r); printf("decoded = %s\n", out_buf); return 0; } ``` Update the text of `BIO_f_base64(3)` to clarify that when the flag is set, the data must be all on one line (with or without a trailing newline character). Signed-off-by: Fraser Tweedale <ftweedal@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18568)
show more ...
|
909d590f | 15-Jun-2022 |
Daniel Fiala |
Remove debug and other outdated build targets. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.or
Remove debug and other outdated build targets. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18571)
show more ...
|
55b7fa26 | 14-Jun-2022 |
Hartmut Holzgraefe |
Have set_dateopt() return 1 on success to make -dateopt work Fixes #18553 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
Have set_dateopt() return 1 on success to make -dateopt work Fixes #18553 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18554) (cherry picked from commit 67e1b558e67a3bee1f20f8a9e067211b440404f8)
show more ...
|
e3ba938b | 10-Jun-2022 |
Richard Levitte |
test/recipes/*.t: setup() doesn't play well with spaces in the argument The argument translates into a directory name, and there are platforms that don't allow spaces (at least not easil
test/recipes/*.t: setup() doesn't play well with spaces in the argument The argument translates into a directory name, and there are platforms that don't allow spaces (at least not easily), which makes the test fail. This modifies it to conform a bit better to the usual form for that arg. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18531)
show more ...
|
809526a0 | 07-Jun-2022 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
Fix for OSSL_PARAM sample code referencing OSSL_PARAM_UTF8_PTR Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz
Fix for OSSL_PARAM sample code referencing OSSL_PARAM_UTF8_PTR Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18490)
show more ...
|
6d702ceb | 09-Jun-2022 |
Tomas Mraz |
Add an extra reduction step to RSAZ mod_exp implementations Inspired by BoringSSL fix by David Benjamin. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pau
Add an extra reduction step to RSAZ mod_exp implementations Inspired by BoringSSL fix by David Benjamin. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18510)
show more ...
|