21f6c3b4 | 22-Oct-2024 |
Tomas Mraz |
Adjustments for the on schedule workflows Run them all after 02:00 UTC. Add possibility to run them on workflow_dispatch. Add branch 3.4 to the coveralls.yml. Remove the branches
Adjustments for the on schedule workflows Run them all after 02:00 UTC. Add possibility to run them on workflow_dispatch. Add branch 3.4 to the coveralls.yml. Remove the branches from os-zoo.yml as it is possible to run on them manually from workflow_dispatch. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25765)
show more ...
|
0abbd3e5 | 11-Nov-2024 |
Holger Dengler |
Fix memleaks in cmd_RecordPadding() Free the internal copy of parameter `value` on each early exit. Fixes #25906 Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Fix memleaks in cmd_RecordPadding() Free the internal copy of parameter `value` on each early exit. Fixes #25906 Signed-off-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25926)
show more ...
|
1f7d2a28 | 12-Sep-2024 |
Jonathan M. Wilbur |
feat: define and use ossl_bio_print_hex Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pul
feat: define and use ossl_bio_print_hex Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
80b0a33b | 11-Sep-2024 |
Jonathan M. Wilbur |
test: the attributeDescriptor X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/ope
test: the attributeDescriptor X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
044b9583 | 11-Sep-2024 |
Jonathan M. Wilbur |
doc: the attributeDescriptor X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/open
doc: the attributeDescriptor X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
cccdf410 | 11-Sep-2024 |
Jonathan M. Wilbur |
feat: support the attributeDescriptor X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/ope
feat: support the attributeDescriptor X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
ba6f115c | 11-Nov-2024 |
Tomas Mraz |
txp_generate_stream_frames(): Set stream id in header early enough Otherwise we will calculate an incorrect header size for higher stream ids and won't fit the frame into the packet.
txp_generate_stream_frames(): Set stream id in header early enough Otherwise we will calculate an incorrect header size for higher stream ids and won't fit the frame into the packet. Fixes #25417 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25928)
show more ...
|
dd73b45e | 27-Oct-2023 |
Dr. David von Oheimb |
APPS/load_key_certs_crls(): refactor to clean up the code a little and add clarifying comments Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.or
APPS/load_key_certs_crls(): refactor to clean up the code a little and add clarifying comments Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/22528)
show more ...
|
012353bd | 30-Oct-2024 |
Dr. David von Oheimb |
openssl-pkeyutl.pod.in: improve description of -rawin and -digest options Fixes #25827 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.o
openssl-pkeyutl.pod.in: improve description of -rawin and -digest options Fixes #25827 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25831)
show more ...
|
26a826c2 | 29-Oct-2024 |
Dr. David von Oheimb |
openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor
openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25831)
show more ...
|
abad748d | 07-Nov-2024 |
Dr. David von Oheimb |
APPS/pkeyutl: add missing high-level check for -verifyrecover being usable only with RSA Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
APPS/pkeyutl: add missing high-level check for -verifyrecover being usable only with RSA Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25903)
show more ...
|
fe07cbf9 | 07-Nov-2024 |
Dr. David von Oheimb |
APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input Fixed #25898 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy
APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input Fixed #25898 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25903)
show more ...
|
b10cfd93 | 06-Nov-2024 |
Matt Caswell |
Add a test for setting TLSv1.2 ciphersuites on a QUIC object Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github
Add a test for setting TLSv1.2 ciphersuites on a QUIC object Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25886)
show more ...
|
40237bf9 | 06-Nov-2024 |
Matt Caswell |
Don't complain with "no cipher match" for QUIC objects Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will return the error "no cipher match" if no TLSv1.2 (or
Don't complain with "no cipher match" for QUIC objects Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will return the error "no cipher match" if no TLSv1.2 (or below) ciphers are enabled after calling them. However this is normal behaviour for QUIC objects which do not support TLSv1.2 ciphers. Therefore we should suppress that error in this case. Fixes #25878 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25886)
show more ...
|
e5452641 | 05-Nov-2024 |
Matt Caswell |
Add a test for the new_session_cb from a QUIC object Setting a new_session_cb should work for a QUIC object just as it does with a normal TLS object. Reviewed-by: Viktor Dukhovn
Add a test for the new_session_cb from a QUIC object Setting a new_session_cb should work for a QUIC object just as it does with a normal TLS object. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25874)
show more ...
|
dc84829c | 05-Nov-2024 |
Matt Caswell |
Make sure we use the correct SSL object when making a callback When processing a callback within libssl that applies to TLS the original SSL object may have been created for TLS directly
Make sure we use the correct SSL object when making a callback When processing a callback within libssl that applies to TLS the original SSL object may have been created for TLS directly, or for QUIC. When making the callback we must make sure that we use the correct SSL object. In the case of QUIC we must not use the internal only SSL object. Fixes #25788 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25874)
show more ...
|
f88c2f2d | 04-Nov-2024 |
Matt Caswell |
Keep hold of a reference to the user SSL in QUIC In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference to the original SSL object as created by the user. We should
Keep hold of a reference to the user SSL in QUIC In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference to the original SSL object as created by the user. We should keep a reference to it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25874)
show more ...
|
2aaef033 | 01-Nov-2023 |
Vladimirs Ambrosovs |
Bugfixes for params to legacy control translations for EC parameters param->ctrl translation: Fix fix_ecdh_cofactor() In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function s
Bugfixes for params to legacy control translations for EC parameters param->ctrl translation: Fix fix_ecdh_cofactor() In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should return value in ctx->p1 param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl return Since some of the ctrl operations may return 0 as valid value (e.g. ecdh_cofactor value 0 is valid setting), before colling POST_PARAMS_TO_CTRL, we need to check return value for 0 as well otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails without a chance to fix the return value param->ctrl translation: Set ecdh_cofactor default action_type GET Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22587)
show more ...
|
85a52f72 | 28-Oct-2024 |
oleg.hoefling |
Adjust naming authority formatting when printing out admission extension Indent namingAuthority section with two spaces to match the parent node. Signed-off-by: oleg.hoefling <o
Adjust naming authority formatting when printing out admission extension Indent namingAuthority section with two spaces to match the parent node. Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25814)
show more ...
|
fa856b0c | 05-Nov-2024 |
Niels Dossche |
Fix memory leak on failure in copy_issuer() When sk_GENERAL_NAME_reserve() fails, ialt is not freed. Add the freeing operation in the common error path. Reviewed-by: Tom Cosgrov
Fix memory leak on failure in copy_issuer() When sk_GENERAL_NAME_reserve() fails, ialt is not freed. Add the freeing operation in the common error path. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25876)
show more ...
|
83b62d41 | 05-Nov-2024 |
Niels Dossche |
Remove unnecessary sk_GENERAL_NAME_free() calls on NULL There are several calls to sk_GENERAL_NAME_free() where the argument is actually NULL, there are not necessary. Reviewed-
Remove unnecessary sk_GENERAL_NAME_free() calls on NULL There are several calls to sk_GENERAL_NAME_free() where the argument is actually NULL, there are not necessary. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25877)
show more ...
|
e899361b | 02-Nov-2024 |
Celeste Liu |
x509: add a newline after printing Full Name We forget it in 58301e24f66aa74b13b85a171dd14e6088c35662. Fixes #25853 CLA: trivial Reviewed-by: Tom Cosgrove <tom.cos
x509: add a newline after printing Full Name We forget it in 58301e24f66aa74b13b85a171dd14e6088c35662. Fixes #25853 CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25854)
show more ...
|
0b234a23 | 01-Nov-2024 |
Tomas Mraz |
interop-tests.yml: Update to Fedora 40 and fix provisioning breakage Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Mat
interop-tests.yml: Update to Fedora 40 and fix provisioning breakage Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25847)
show more ...
|
ccaa754b | 04-Nov-2024 |
ArtSin |
Fix uses of `EVP_PKEY_Q_keygen` with `size_t` variadic argument Fix cases where `int` argument was passed instead of `size_t`. CLA: trivial Reviewed-by: Richard Levitte <le
Fix uses of `EVP_PKEY_Q_keygen` with `size_t` variadic argument Fix cases where `int` argument was passed instead of `size_t`. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25857)
show more ...
|
d1669a14 | 04-Nov-2024 |
Matt Caswell |
Fix the default_md example in the ca docs We should not have an example showing the default_md as md5. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz
Fix the default_md example in the ca docs We should not have an example showing the default_md as md5. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25856)
show more ...
|