#
962431d5 |
| 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
#
da9342ed |
| 16-May-2024 |
sashan |
Move stack of compression methods from libssl to OSSL_LIB_CTX The compression methods are now a global variable in libssl. This change moves it into OSSL library context. It is
Move stack of compression methods from libssl to OSSL_LIB_CTX The compression methods are now a global variable in libssl. This change moves it into OSSL library context. It is necessary to eliminate atexit call from libssl. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24414)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
2995be50 |
| 03-Jan-2024 |
Matt Caswell |
Correct ssl_old_test stream handling The ssl_old_test has not been fully converted to the test framework but it still reuses some test framework utilities. Notably it was creating it
Correct ssl_old_test stream handling The ssl_old_test has not been fully converted to the test framework but it still reuses some test framework utilities. Notably it was creating it's own copy of the global bio_err object directly (which is normally created and owned by the test framework). This causes a problem because ever since commit 2fa9044 access to the bio_err object is controlled by a lock. Since ssl_old_test was circumventing the normal creation and destruction of bio_err, the lock was not being created resulting in a crash under certain error conditions. We fix this by creating and destroying the bio_err object using the test framework functions designed for that purpose. Fixes #23184 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23187)
show more ...
|
#
42772df5 |
| 13-Oct-2023 |
Todd Short |
Fix potential NULL deref in ssl_old_test.c Fix #22367 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlanda
Fix potential NULL deref in ssl_old_test.c Fix #22367 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22383)
show more ...
|
#
21f0b80c |
| 11-Sep-2023 |
Bernd Edlinger |
Fix memory leaks in ssl_old_test.c This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when
Fix memory leaks in ssl_old_test.c This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22060)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
8b940b69 |
| 16-Aug-2023 |
Tomas Mraz |
ssl_old_test.c: Check inconsistent values from SSL_get0_alpn_selected() Fixes Coverity 1534838 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@ope
ssl_old_test.c: Check inconsistent values from SSL_get0_alpn_selected() Fixes Coverity 1534838 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21755)
show more ...
|
#
7e3cacac |
| 29-Aug-2022 |
Todd Short |
Update COMP_METHOD size_t-ify the COMP_METHOD structure and functions. Get rid of the non-functional COMP_METHODS and return NULL instead. Reviewed-by: Matt Caswell <matt@openss
Update COMP_METHOD size_t-ify the COMP_METHOD structure and functions. Get rid of the non-functional COMP_METHODS and return NULL instead. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
show more ...
|
#
b2feb9f0 |
| 14-Jun-2022 |
Jiasheng Jiang |
test/ssl_old_test.c: Add check for OPENSSL_malloc As the potential failure of the OPENSSL_malloc(), it should be better to add the check and return error if fails. Signed-of
test/ssl_old_test.c: Add check for OPENSSL_malloc As the potential failure of the OPENSSL_malloc(), it should be better to add the check and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18555)
show more ...
|
#
4f4942a1 |
| 14-Jun-2022 |
Jiasheng Jiang |
test/ssl_old_test.c: Add check for OPENSSL_zalloc As the potential failure of the OPENSSL_zalloc(), it should be better to add the check and return error if fails. Signed-of
test/ssl_old_test.c: Add check for OPENSSL_zalloc As the potential failure of the OPENSSL_zalloc(), it should be better to add the check and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18552)
show more ...
|
#
598bd774 |
| 16-May-2022 |
Bernd Edlinger |
Fix KTLS with BIO_new_connect When a socket connection is done using BIO_new_connect, the ktls_enable is done too early, and fails with ENOTCONN. Therefore the KLTS ioctl will fail l
Fix KTLS with BIO_new_connect When a socket connection is done using BIO_new_connect, the ktls_enable is done too early, and fails with ENOTCONN. Therefore the KLTS ioctl will fail later with ENOPROTOOPT. Fix that by doing the ktls_enable after the connection succeeded, not when the socket is created as that will always fail. One example where this happens is doit_localhost in test/ssl_old_test.c, and therefore, contrary to the expectation the -client_ktls option did never enable the client KTLS connection, but this was not noticed, because there was no diagnostic output, and it was only visible with strace output. Also enhanced the ssl_old_test -client_ktls/-server_ktls options together with -v option to print a summary line if and how KTLS was negotiated in server and client. While I am already there adjusted the usage info of the -s_cert, -s_key commands, and allow -time to print the timings of ktls connections. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18318)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
d71151ae |
| 23-Feb-2022 |
Nicola Tuveri |
[ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas
[ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17763)
show more ...
|
#
8fff986d |
| 14-Jan-2022 |
Bernd Edlinger |
Cleanup record length checks for KTLS In some corner cases the check for packets which exceed the allowed record length was missing when KTLS is initially enabled, when some unpr
Cleanup record length checks for KTLS In some corner cases the check for packets which exceed the allowed record length was missing when KTLS is initially enabled, when some unprocessed packets are still pending. Add at least some tests for KTLS, since we have currently not very much test coverage for KTLS. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17504)
show more ...
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
2ff286c2 |
| 21-Jun-2021 |
Dr. David von Oheimb |
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
8c590a21 |
| 26-Oct-2021 |
Jiasheng Jiang |
test/ssl_old_test.c: Do NULL pointer check before its use In openssl-3.0.0 and system provided, it is not reasonable to check null pointer after use. The order was accidentally reversed.
test/ssl_old_test.c: Do NULL pointer check before its use In openssl-3.0.0 and system provided, it is not reasonable to check null pointer after use. The order was accidentally reversed. Therefore, it is better to correct it. CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16915)
show more ...
|
#
34563be5 |
| 12-Oct-2021 |
Peiwei Hu |
test/ssl_old_test.c: Fix potential leak Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/168
test/ssl_old_test.c: Fix potential leak Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16806)
show more ...
|
#
fd009d76 |
| 31-May-2021 |
Pauli |
test: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
a763ca11 |
| 14-Jan-2021 |
Matt Caswell |
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provid
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provider. Fixes #13767 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|