History log of /openssl/ (Results 51 – 75 of 36072)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
21f6c3b422-Oct-2024 Tomas Mraz

Adjustments for the on schedule workflows

Run them all after 02:00 UTC.
Add possibility to run them on workflow_dispatch.
Add branch 3.4 to the coveralls.yml.
Remove the branches

Adjustments for the on schedule workflows

Run them all after 02:00 UTC.
Add possibility to run them on workflow_dispatch.
Add branch 3.4 to the coveralls.yml.
Remove the branches from os-zoo.yml as it is
possible to run on them manually from workflow_dispatch.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25765)

show more ...

0abbd3e511-Nov-2024 Holger Dengler

Fix memleaks in cmd_RecordPadding()

Free the internal copy of parameter `value` on each early
exit.

Fixes #25906

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Fix memleaks in cmd_RecordPadding()

Free the internal copy of parameter `value` on each early
exit.

Fixes #25906

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25926)

show more ...

1f7d2a2812-Sep-2024 Jonathan M. Wilbur

feat: define and use ossl_bio_print_hex

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

feat: define and use ossl_bio_print_hex

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)

show more ...

80b0a33b11-Sep-2024 Jonathan M. Wilbur

test: the attributeDescriptor X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope

test: the attributeDescriptor X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)

show more ...

044b958311-Sep-2024 Jonathan M. Wilbur

doc: the attributeDescriptor X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/open

doc: the attributeDescriptor X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)

show more ...

cccdf41011-Sep-2024 Jonathan M. Wilbur

feat: support the attributeDescriptor X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

feat: support the attributeDescriptor X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)

show more ...

ba6f115c11-Nov-2024 Tomas Mraz

txp_generate_stream_frames(): Set stream id in header early enough

Otherwise we will calculate an incorrect header
size for higher stream ids and won't fit the
frame into the packet.

txp_generate_stream_frames(): Set stream id in header early enough

Otherwise we will calculate an incorrect header
size for higher stream ids and won't fit the
frame into the packet.

Fixes #25417

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25928)

show more ...

dd73b45e27-Oct-2023 Dr. David von Oheimb

APPS/load_key_certs_crls(): refactor to clean up the code a little and add clarifying comments

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.or

APPS/load_key_certs_crls(): refactor to clean up the code a little and add clarifying comments

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/22528)

show more ...

012353bd30-Oct-2024 Dr. David von Oheimb

openssl-pkeyutl.pod.in: improve description of -rawin and -digest options

Fixes #25827

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.o

openssl-pkeyutl.pod.in: improve description of -rawin and -digest options

Fixes #25827

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25831)

show more ...

26a826c229-Oct-2024 Dr. David von Oheimb

openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor

openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25831)

show more ...

abad748d07-Nov-2024 Dr. David von Oheimb

APPS/pkeyutl: add missing high-level check for -verifyrecover being usable only with RSA

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>

APPS/pkeyutl: add missing high-level check for -verifyrecover being usable only with RSA

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)

show more ...

fe07cbf907-Nov-2024 Dr. David von Oheimb

APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input

Fixed #25898

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy

APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input

Fixed #25898

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)

show more ...

b10cfd9306-Nov-2024 Matt Caswell

Add a test for setting TLSv1.2 ciphersuites on a QUIC object

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github

Add a test for setting TLSv1.2 ciphersuites on a QUIC object

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25886)

show more ...

40237bf906-Nov-2024 Matt Caswell

Don't complain with "no cipher match" for QUIC objects

Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will
return the error "no cipher match" if no TLSv1.2 (or

Don't complain with "no cipher match" for QUIC objects

Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will
return the error "no cipher match" if no TLSv1.2 (or below) ciphers are enabled
after calling them. However this is normal behaviour for QUIC objects which do
not support TLSv1.2 ciphers. Therefore we should suppress that error in this
case.

Fixes #25878

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25886)

show more ...

e545264105-Nov-2024 Matt Caswell

Add a test for the new_session_cb from a QUIC object

Setting a new_session_cb should work for a QUIC object just as it does
with a normal TLS object.

Reviewed-by: Viktor Dukhovn

Add a test for the new_session_cb from a QUIC object

Setting a new_session_cb should work for a QUIC object just as it does
with a normal TLS object.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)

show more ...

dc84829c05-Nov-2024 Matt Caswell

Make sure we use the correct SSL object when making a callback

When processing a callback within libssl that applies to TLS the original
SSL object may have been created for TLS directly

Make sure we use the correct SSL object when making a callback

When processing a callback within libssl that applies to TLS the original
SSL object may have been created for TLS directly, or for QUIC. When making
the callback we must make sure that we use the correct SSL object. In the
case of QUIC we must not use the internal only SSL object.

Fixes #25788

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)

show more ...

f88c2f2d04-Nov-2024 Matt Caswell

Keep hold of a reference to the user SSL in QUIC

In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference
to the original SSL object as created by the user. We should

Keep hold of a reference to the user SSL in QUIC

In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference
to the original SSL object as created by the user. We should keep a
reference to it.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)

show more ...

2aaef03301-Nov-2023 Vladimirs Ambrosovs

Bugfixes for params to legacy control translations for EC parameters

param->ctrl translation: Fix fix_ecdh_cofactor()

In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function s

Bugfixes for params to legacy control translations for EC parameters

param->ctrl translation: Fix fix_ecdh_cofactor()

In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should
return value in ctx->p1

param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl
return

Since some of the ctrl operations may return 0 as valid value
(e.g. ecdh_cofactor value 0 is valid setting), before colling
POST_PARAMS_TO_CTRL, we need to check return value for 0 as well
otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails
without a chance to fix the return value

param->ctrl translation: Set ecdh_cofactor default action_type GET

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22587)

show more ...

85a52f7228-Oct-2024 oleg.hoefling

Adjust naming authority formatting when printing out admission extension

Indent namingAuthority section with two spaces to match the parent
node.

Signed-off-by: oleg.hoefling <o

Adjust naming authority formatting when printing out admission extension

Indent namingAuthority section with two spaces to match the parent
node.

Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25814)

show more ...

fa856b0c05-Nov-2024 Niels Dossche

Fix memory leak on failure in copy_issuer()

When sk_GENERAL_NAME_reserve() fails, ialt is not freed.
Add the freeing operation in the common error path.

Reviewed-by: Tom Cosgrov

Fix memory leak on failure in copy_issuer()

When sk_GENERAL_NAME_reserve() fails, ialt is not freed.
Add the freeing operation in the common error path.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25876)

show more ...

83b62d4105-Nov-2024 Niels Dossche

Remove unnecessary sk_GENERAL_NAME_free() calls on NULL

There are several calls to sk_GENERAL_NAME_free() where the argument is
actually NULL, there are not necessary.

Reviewed-

Remove unnecessary sk_GENERAL_NAME_free() calls on NULL

There are several calls to sk_GENERAL_NAME_free() where the argument is
actually NULL, there are not necessary.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25877)

show more ...

e899361b02-Nov-2024 Celeste Liu

x509: add a newline after printing Full Name

We forget it in 58301e24f66aa74b13b85a171dd14e6088c35662.

Fixes #25853

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cos

x509: add a newline after printing Full Name

We forget it in 58301e24f66aa74b13b85a171dd14e6088c35662.

Fixes #25853

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25854)

show more ...

0b234a2301-Nov-2024 Tomas Mraz

interop-tests.yml: Update to Fedora 40 and fix provisioning breakage

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Mat

interop-tests.yml: Update to Fedora 40 and fix provisioning breakage

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25847)

show more ...

ccaa754b04-Nov-2024 ArtSin

Fix uses of `EVP_PKEY_Q_keygen` with `size_t` variadic argument

Fix cases where `int` argument was passed instead of `size_t`.

CLA: trivial

Reviewed-by: Richard Levitte <le

Fix uses of `EVP_PKEY_Q_keygen` with `size_t` variadic argument

Fix cases where `int` argument was passed instead of `size_t`.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25857)

show more ...

d1669a1404-Nov-2024 Matt Caswell

Fix the default_md example in the ca docs

We should not have an example showing the default_md as md5.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz

Fix the default_md example in the ca docs

We should not have an example showing the default_md as md5.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25856)

show more ...

12345678910>>...1443