56233ba8 | 29-Aug-2022 |
Juergen Christ |
apps/speed.c: Wait for generated children In multi-mode, speed fork()s off several children but does not wait for them. On Linux, this leads to wrong accounting information of getrusage
apps/speed.c: Wait for generated children In multi-mode, speed fork()s off several children but does not wait for them. On Linux, this leads to wrong accounting information of getrusage used by tools to extract running time and page faults. Wait for every children and check the return code and termination signal. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19093)
show more ...
|
d9aca2dd | 27-Aug-2022 |
Stefanos Harhalakis |
Fix man page to indicate SHA256 MAC for PKCS12 CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas
Fix man page to indicate SHA256 MAC for PKCS12 CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19079)
show more ...
|
723844d3 | 24-Aug-2022 |
Matt Caswell |
Test that we ignore a bad record version in a plaintext TLSv1.3 record The RFC requires us to ignore this field in plaintext records - so even if it is set incorrectly we should tolerate
Test that we ignore a bad record version in a plaintext TLSv1.3 record The RFC requires us to ignore this field in plaintext records - so even if it is set incorrectly we should tolerate it. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19058)
show more ...
|
20934288 | 24-Aug-2022 |
Matt Caswell |
Tolerate a bad record version in TLSv1.3 plaintext records When a server responds to a second TLSv1.3 ClientHello it is required to set the legacy_record_version to 0x0303 (TLSv1.2). The
Tolerate a bad record version in TLSv1.3 plaintext records When a server responds to a second TLSv1.3 ClientHello it is required to set the legacy_record_version to 0x0303 (TLSv1.2). The client is required to ignore that field even if it is wrong. The recent changes to the read record layer in PR #18132 made the record layer stricter and it was checking that the legacy_record_version was the correct value. This caused connection failures when talking to buggy servers that set the wrong legacy_record_version value. We make us more tolerant again. Fixes #19051 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19058)
show more ...
|
6347b867 | 05-May-2022 |
Tomas Mraz |
Add design requirements for QUIC packet demuxer Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/open
Add design requirements for QUIC packet demuxer Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18249)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
5639ee79 | 12-Apr-2021 |
Dr. David von Oheimb |
ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE Fixes #6251 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed
ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE Fixes #6251 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14833)
show more ...
|
555dd939 | 24-May-2022 |
Daniel Fiala |
Convert serverinfo in SSL_CTX_use_serverinfo() to v2. Fixes openssl#18183. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged fr
Convert serverinfo in SSL_CTX_use_serverinfo() to v2. Fixes openssl#18183. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18614)
show more ...
|
3c1f8fb1 | 24-Aug-2022 |
Pauli |
Add missing ')' to command help Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19049) |
200d9521 | 24-Aug-2022 |
Matt Caswell |
Drop the optimisation level for ppc64le cross-compile The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems buggy and causes a seg fault in sslapitest. This doesn't im
Drop the optimisation level for ppc64le cross-compile The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems buggy and causes a seg fault in sslapitest. This doesn't impact any other CI cross compile platforms and does not seem to impact the gcc 10.3.0 cross compiler. We just drop the optimisation level on that platform. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19056)
show more ...
|
4d32f533 | 15-Aug-2022 |
Hugo Landau |
Updates for OSSL_TIME changes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1867
Updates for OSSL_TIME changes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18676)
show more ...
|
fa4e92a7 | 28-Jun-2022 |
Hugo Landau |
QUIC ACK Manager, Statistics Manager and Congestion Control API This is the initial implementation of the ACK Manager for OpenSSL's QUIC support, with supporting design documentation and
QUIC ACK Manager, Statistics Manager and Congestion Control API This is the initial implementation of the ACK Manager for OpenSSL's QUIC support, with supporting design documentation and tests. Because the ACK Manager also depends on the Statistics Manager, it is also implemented here. The Statistics Manager is quite simple, so this does not amount to a large amount of extra code. Because the ACK Manager depends on a congestion controller, it adds a no-op congestion controller, which uses the previously workshopped congestion control API. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18676)
show more ...
|
7af110f9 | 01-Aug-2022 |
Dr. David von Oheimb |
CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by
CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18929)
show more ...
|
aeadd298 | 01-Aug-2022 |
Dr. David von Oheimb |
CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David vo
CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18929)
show more ...
|
293ab820 | 01-Aug-2022 |
Dr. David von Oheimb |
CRMF: make create_popo_signature() check that pubkey and pkey match Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David
CRMF: make create_popo_signature() check that pubkey and pkey match Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18930)
show more ...
|
c0f6792b | 01-Aug-2022 |
Dr. David von Oheimb |
add missing CRMF API function OSSL_CRMF_CERTTEMPLATE_get0_publicKey() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Davi
add missing CRMF API function OSSL_CRMF_CERTTEMPLATE_get0_publicKey() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18930)
show more ...
|
aaabe580 | 01-Aug-2022 |
Dr. David von Oheimb |
X509: clean up doc and implementation of X509{,_REQ}_check_private_key() Also constify X509_REQ_get0_pubkey() and X509_REQ_check_private_key(). Reviewed-by: Tomas Mraz <tomas@openss
X509: clean up doc and implementation of X509{,_REQ}_check_private_key() Also constify X509_REQ_get0_pubkey() and X509_REQ_check_private_key(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18930)
show more ...
|
ba9e3721 | 01-Aug-2022 |
Dr. David von Oheimb |
x509_att.c: improve error checking and reporting and coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Ohei
x509_att.c: improve error checking and reporting and coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18931)
show more ...
|
47dc828c | 01-Aug-2022 |
Dr. David von Oheimb |
add missing doc of X509_REQ_get_extensions() and X509_REQ_add_extensions{,_nid}() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by
add missing doc of X509_REQ_get_extensions() and X509_REQ_add_extensions{,_nid}() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18931)
show more ...
|
e128eaa0 | 01-Aug-2022 |
Dr. David von Oheimb |
X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by
X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18931)
show more ...
|
bf16ee4f | 22-Aug-2022 |
Richard Levitte |
util/wrap.pl.in: If the subprocess died with a signal, let's re-signal it A simple 'kill' of the same signal on our own process should do it. This will allow the shell that this is runni
util/wrap.pl.in: If the subprocess died with a signal, let's re-signal it A simple 'kill' of the same signal on our own process should do it. This will allow the shell that this is running under to catch it properly, and output something if it usually does that. Fixes #19041 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19042)
show more ...
|
e921882d | 23-Aug-2022 |
Matt Caswell |
Fix the return type for the rlayer_skip_early_data callback There was a copy & paste error in the definition of the rlayer_skip_early_data callback. The return type is supposed to be
Fix the return type for the rlayer_skip_early_data callback There was a copy & paste error in the definition of the rlayer_skip_early_data callback. The return type is supposed to be "int" but it was defined as a pointer type. This was causing test failures on some platforms. Fixes #19037 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19048)
show more ...
|
35bcac13 | 19-Aug-2022 |
Tomas Mraz |
rl->enc_ctx must be non-NULL and cipher must be set Otherwise ssl3_cipher() cannot work properly. Fixes Coverity CID 1509401 Reviewed-by: Paul Dale <pauli@openssl.org>
rl->enc_ctx must be non-NULL and cipher must be set Otherwise ssl3_cipher() cannot work properly. Fixes Coverity CID 1509401 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19027)
show more ...
|
7b7ad9e5 | 19-Aug-2022 |
Tomas Mraz |
Do not use RLAYERfatal on NULL RLAYER or on record layer that is to be freed anyway. Fixes Coverity CID 1509402, 1509403 Reviewed-by: Paul Dale <pauli@openssl.org> Revi
Do not use RLAYERfatal on NULL RLAYER or on record layer that is to be freed anyway. Fixes Coverity CID 1509402, 1509403 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19027)
show more ...
|
eb7a5cc3 | 22-Aug-2022 |
Pauli |
Coverity 1508532: out of bounds access Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Coverity 1508532: out of bounds access Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19033)
show more ...
|
52f61699 | 28-Jun-2022 |
Dr. David von Oheimb |
OSSL_HTTP_REQ_CTX_nbio: add support for partial content-type string matching Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David
OSSL_HTTP_REQ_CTX_nbio: add support for partial content-type string matching Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18675)
show more ...
|