openssl - OpenGrok history log for /openssl

Revision (<<< Hide revision tags) (Show revision tags >>>)	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
9f3a7ca2	30-Jan-2024	Shakti Shah	SSL_add_dir_cert_subjects_to_stack(): Documented return values In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions returning int have undocumented return values. SSL_add_dir_cert_subjects_to_stack(): Documented return values In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions returning int have undocumented return values. Fixes #23171 Signed-off-by: Shakti Shah <shaktishah33@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23433) show more ... doc/man3/SSL_load_client_CA_file.pod
c5e097de	29-Jan-2024	Job Snijders	Add Content Type OID for id-ct-rpkiSignedPrefixList References: draft-ietf-sidrops-rpki-prefixlist Title: "A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastruc Add Content Type OID for id-ct-rpkiSignedPrefixList References: draft-ietf-sidrops-rpki-prefixlist Title: "A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)" OID assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23426) show more ... crypto/objects/obj_dat.h crypto/objects/obj_mac.num crypto/objects/obj_xref.h crypto/objects/objects.txt fuzz/oids.txt include/openssl/obj_mac.h
5c846d32	08-Feb-2024	Tomas Mraz	apps/x509.c: No warning reading from stdin if redirected Fixes #22893 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Rev apps/x509.c: No warning reading from stdin if redirected Fixes #22893 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23526) show more ... apps/x509.c include/internal/e_os.h
37cd49f5	14-Mar-2024	Neil Horman	Fix ASLR to be smaller during asan/tsan/ubsan runs Recently asan/tsan/ubsan runs have been failing randomly. It appears that a recent runner update may have led to the Address Space Lay Fix ASLR to be smaller during asan/tsan/ubsan runs Recently asan/tsan/ubsan runs have been failing randomly. It appears that a recent runner update may have led to the Address Space Layout Randomization setting in the linux kernel of ubuntu-latest runner getting set to too high a value (it defaults to 30). Such a setting leads to the possibility that a given application will have memory mapped to an address space that the sanitizer code typically uses to do its job. Lowering this value allows a/t/ubsan to work consistently again Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23842) show more ... .github/workflows/ci.yml .github/workflows/fuzz-checker.yml .github/workflows/run-checker-daily.yml .github/workflows/run-checker-merge.yml
f08be096	13-Mar-2024	Frederik Wedel-Heinen	Avoid a memcpy in dtls_get_reassembled_message() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/open Avoid a memcpy in dtls_get_reassembled_message() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23828) show more ... ssl/statem/statem_dtls.c
c91f0ca9	12-Mar-2024	Vladimirs Ambrosovs	Fix dasync_rsa_decrypt to call EVP_PKEY_meth_get_decrypt Signed-off-by: Vladimirs Ambrosovs <rodriguez.twister@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-b Fix dasync_rsa_decrypt to call EVP_PKEY_meth_get_decrypt Signed-off-by: Vladimirs Ambrosovs <rodriguez.twister@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23825) show more ... engines/e_dasync.c
3cb07553	05-Mar-2024	Joachim Vandersmissen	Implement KAT for KBKDF with KMAC128 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23745) include/openssl/self_test.h providers/fips/self_test_data.inc
39202836	11-Mar-2024	sharad3001 <46183881+sharad3001@users.noreply.github.com>	Update tls13ccstest.c, removal of deadcode tst has been already checked for invalid value in the start of the function with switch statement. Checked again here, so removed deadcode Update tls13ccstest.c, removal of deadcode tst has been already checked for invalid value in the start of the function with switch statement. Checked again here, so removed deadcode CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23813) show more ... test/tls13ccstest.c
7649b554	14-Feb-2024	Frederik Wedel-Heinen	Add fuzzing for DTLS Update the fuzz corpora submodule with the DTLS fuzz corpus. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merg Add fuzzing for DTLS Update the fuzz corpora submodule with the DTLS fuzz corpus. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23585) show more ... fuzz/build.info fuzz/corpora fuzz/dtlsclient.c fuzz/dtlsserver.c test/recipes/99-test_fuzz_dtlsclient.t test/recipes/99-test_fuzz_dtlsserver.t
cf842248	20-Dec-2023	James Muir	s_server: test ocsp with "-cert_chain" Add a test to exercise the use of s_server with "-cert_chain" to construct an ocsp request. This new functionality was added in PR #22192. s_server: test ocsp with "-cert_chain" Add a test to exercise the use of s_server with "-cert_chain" to construct an ocsp request. This new functionality was added in PR #22192. Testing: make V=1 TESTS='test_ocsp_cert_chain' test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23101) show more ... test/ocsp-tests/ca.cnf test/ocsp-tests/index.txt test/ocsp-tests/index.txt.attr test/ocsp-tests/intermediate-cert.pem test/ocsp-tests/intermediate-csr.pem test/ocsp-tests/intermediate-key.pem test/ocsp-tests/mk-ocsp-cert-chain.sh test/ocsp-tests/ocsp.pem test/ocsp-tests/root-cert.pem test/ocsp-tests/root-key.pem test/ocsp-tests/server-cert.pem test/ocsp-tests/server-csr.pem test/ocsp-tests/server-key.pem test/ocsp-tests/server.pem test/recipes/82-test_ocsp_cert_chain.t
7f8aba2f	08-Mar-2024	Alexandr Nedvedicky	Limit the number of http headers when receiving the http response Change introduces a default limit on HTTP headers we expect to receive from server to 256. If limit is exceeded http cli Limit the number of http headers when receiving the http response Change introduces a default limit on HTTP headers we expect to receive from server to 256. If limit is exceeded http client library indicates HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default. Setting limit to 0 implies no limit (current behavior). Fixes #22264 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23781) show more ... CHANGES.md crypto/err/openssl.txt crypto/http/http_client.c crypto/http/http_err.c doc/man3/OSSL_HTTP_REQ_CTX.pod include/crypto/httperr.h include/openssl/http.h include/openssl/httperr.h test/http_test.c util/libcrypto.num
bc930bed	06-Mar-2024	Jiasheng Jiang	Add check for xor_get_aid() Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference. For example, "algor" could be NULL if the allocation of X509_AL Add check for xor_get_aid() Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference. For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL. Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23764) show more ... test/tls-provider.c
7ceb7708	08-Feb-2024	olszomal	Improve the documentation on -cert_chain and -status_verbose options Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://git Improve the documentation on -cert_chain and -status_verbose options Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22192) show more ... doc/man1/openssl-s_server.pod.in
d6aafeb1	05-Jan-2024	olszomal	Use the untrusted certificate chain to create a valid certificate ID for OCSP_request Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged Use the untrusted certificate chain to create a valid certificate ID for OCSP_request Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22192) show more ... apps/s_server.c
52a75f40	10-Mar-2024	谭九鼎 <109224573@qq.com>	Doc: fix style CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> ( Doc: fix style CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23805) show more ... doc/man1/openssl-mac.pod.in
8211ca45	04-Mar-2024	Jiasheng Jiang	PKCS7: Remove one of the duplicate checks There are two consecutive identical checks "if (i <= 0)". We can remove one of them to make the code clear. CLA: trivial Signe PKCS7: Remove one of the duplicate checks There are two consecutive identical checks "if (i <= 0)". We can remove one of them to make the code clear. CLA: trivial Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23741) show more ... crypto/pkcs7/pk7_smime.c
1f03d33e	05-Mar-2024	Aarni Koskela	Add reformatting commit to .git-blame-ignore-revs CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from Add reformatting commit to .git-blame-ignore-revs CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23748) show more ... .git-blame-ignore-revs
5df34ca7	27-Feb-2024	slontis	Make the generated params_idx.c file deterministic if run multiple times. Fixes #23672 There are many name/value pairs currently that have duplicate names e.g. 'CAP Make the generated params_idx.c file deterministic if run multiple times. Fixes #23672 There are many name/value pairs currently that have duplicate names e.g. 'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls", 'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls", Stripping the .pm file down to just the above entries and running multiple times gives different results for the produce_decoder. On multiple runs any iterations over the unordered hash table keys using foreach my $name (keys %params) results in a different order on multiple runs. Because of this the mapping from the hash 'value' back to the 'key' will be different. Note that the code also uses another mechanism in places that uses "name1" => "value" "name2" => "*name1" Rather than fix all the strings the change done was to sort the keys. If we were to chose to fix the strings then the perl code should be changed to detect duplicates. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23688) show more ... util/perl/OpenSSL/paramnames.pm
85453988	01-Mar-2024	Alexandr Nedvedicky	FAQ.md should be removed the page the link refers to does not exist. Anyone objects to delete file? Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <ma FAQ.md should be removed the page the link refers to does not exist. Anyone objects to delete file? Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23719) show more ... FAQ.md
d60b3750	04-Mar-2024	slontis	Fix BIO_get_new_index() to return an error when it is exhausted. Fixes #23655 BIO_get_new_index() returns a range of 129..255. It is set to BIO_TYPE_START (128) initially a Fix BIO_get_new_index() to return an error when it is exhausted. Fixes #23655 BIO_get_new_index() returns a range of 129..255. It is set to BIO_TYPE_START (128) initially and is incremented on each call. >= 256 is reserved for the class type flags (BIO_TYPE_DESCRIPTOR) so it should error if it reaches the upper bound. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23732) show more ... CHANGES.md crypto/bio/bio_lib.c crypto/bio/bio_meth.c doc/man3/BIO_find_type.pod doc/man3/BIO_meth_new.pod include/openssl/bio.h.in test/bio_meth_test.c test/build.info test/recipes/61-test_bio_meth.t
53a87286	08-Mar-2024	Neil Horman	Bring SSL_group_to_name docs in line with API definition docs say the SSL object in this function is const, but the api doesn't qualify it as such. Adjust the docs to match the definiti Bring SSL_group_to_name docs in line with API definition docs say the SSL object in this function is const, but the api doesn't qualify it as such. Adjust the docs to match the definition Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23785) show more ... doc/man3/SSL_group_to_name.pod
bf7ae259	14-Feb-2024	Hugo Landau	Add CHANGES Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584) CHANGES.md
7b4436a7	14-Feb-2024	Hugo Landau	QUIC MULTISTREAM TEST: Test write buffer statistics queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/o QUIC MULTISTREAM TEST: Test write buffer statistics queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584) show more ... test/quic_multistream_test.c
b317583f	14-Feb-2024	Hugo Landau	QUIC: Add stream write buffer queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23 QUIC: Add stream write buffer queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584) show more ... doc/man3/SSL_get_value_uint.pod include/openssl/ssl.h.in ssl/quic/quic_impl.c util/other.syms
a24f29bb	28-Feb-2024	Bernd Edlinger	Try to fix intermittent CI failures in sslapitest Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@ Try to fix intermittent CI failures in sslapitest Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23705) show more ... test/tls-provider.c
1...<<41 42 43 44 454647 48 49 50 >>...1443