| 80b0a33b | 11-Sep-2024 |
Jonathan M. Wilbur |
test: the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope
test: the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
| 044b9583 | 11-Sep-2024 |
Jonathan M. Wilbur |
doc: the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/open
doc: the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
| cccdf410 | 11-Sep-2024 |
Jonathan M. Wilbur |
feat: support the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope
feat: support the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
| ba6f115c | 11-Nov-2024 |
Tomas Mraz |
txp_generate_stream_frames(): Set stream id in header early enough
Otherwise we will calculate an incorrect header
size for higher stream ids and won't fit the
frame into the packet.
txp_generate_stream_frames(): Set stream id in header early enough
Otherwise we will calculate an incorrect header
size for higher stream ids and won't fit the
frame into the packet.
Fixes #25417
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25928)
show more ...
|
| dd73b45e | 27-Oct-2023 |
Dr. David von Oheimb |
APPS/load_key_certs_crls(): refactor to clean up the code a little and add clarifying comments
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.or
APPS/load_key_certs_crls(): refactor to clean up the code a little and add clarifying comments
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/22528)
show more ...
|
| 012353bd | 30-Oct-2024 |
Dr. David von Oheimb |
openssl-pkeyutl.pod.in: improve description of -rawin and -digest options
Fixes #25827
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.o
openssl-pkeyutl.pod.in: improve description of -rawin and -digest options
Fixes #25827
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25831)
show more ...
|
| 26a826c2 | 29-Oct-2024 |
Dr. David von Oheimb |
openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor
openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25831)
show more ...
|
| abad748d | 07-Nov-2024 |
Dr. David von Oheimb |
APPS/pkeyutl: add missing high-level check for -verifyrecover being usable only with RSA
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
APPS/pkeyutl: add missing high-level check for -verifyrecover being usable only with RSA
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)
show more ...
|
| fe07cbf9 | 07-Nov-2024 |
Dr. David von Oheimb |
APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input
Fixed #25898
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy
APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input
Fixed #25898
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)
show more ...
|
| b10cfd93 | 06-Nov-2024 |
Matt Caswell |
Add a test for setting TLSv1.2 ciphersuites on a QUIC object
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github
Add a test for setting TLSv1.2 ciphersuites on a QUIC object
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25886)
show more ...
|
| 40237bf9 | 06-Nov-2024 |
Matt Caswell |
Don't complain with "no cipher match" for QUIC objects
Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will
return the error "no cipher match" if no TLSv1.2 (or
Don't complain with "no cipher match" for QUIC objects
Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will
return the error "no cipher match" if no TLSv1.2 (or below) ciphers are enabled
after calling them. However this is normal behaviour for QUIC objects which do
not support TLSv1.2 ciphers. Therefore we should suppress that error in this
case.
Fixes #25878
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25886)
show more ...
|
| e5452641 | 05-Nov-2024 |
Matt Caswell |
Add a test for the new_session_cb from a QUIC object
Setting a new_session_cb should work for a QUIC object just as it does
with a normal TLS object.
Reviewed-by: Viktor Dukhovn
Add a test for the new_session_cb from a QUIC object
Setting a new_session_cb should work for a QUIC object just as it does
with a normal TLS object.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)
show more ...
|
| dc84829c | 05-Nov-2024 |
Matt Caswell |
Make sure we use the correct SSL object when making a callback
When processing a callback within libssl that applies to TLS the original
SSL object may have been created for TLS directly
Make sure we use the correct SSL object when making a callback
When processing a callback within libssl that applies to TLS the original
SSL object may have been created for TLS directly, or for QUIC. When making
the callback we must make sure that we use the correct SSL object. In the
case of QUIC we must not use the internal only SSL object.
Fixes #25788
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)
show more ...
|
| f88c2f2d | 04-Nov-2024 |
Matt Caswell |
Keep hold of a reference to the user SSL in QUIC
In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference
to the original SSL object as created by the user. We should
Keep hold of a reference to the user SSL in QUIC
In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference
to the original SSL object as created by the user. We should keep a
reference to it.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)
show more ...
|
| 2aaef033 | 01-Nov-2023 |
Vladimirs Ambrosovs |
Bugfixes for params to legacy control translations for EC parameters
param->ctrl translation: Fix fix_ecdh_cofactor()
In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function s
Bugfixes for params to legacy control translations for EC parameters
param->ctrl translation: Fix fix_ecdh_cofactor()
In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should
return value in ctx->p1
param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl
return
Since some of the ctrl operations may return 0 as valid value
(e.g. ecdh_cofactor value 0 is valid setting), before colling
POST_PARAMS_TO_CTRL, we need to check return value for 0 as well
otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails
without a chance to fix the return value
param->ctrl translation: Set ecdh_cofactor default action_type GET
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22587)
show more ...
|
| 85a52f72 | 28-Oct-2024 |
oleg.hoefling |
Adjust naming authority formatting when printing out admission extension
Indent namingAuthority section with two spaces to match the parent
node.
Signed-off-by: oleg.hoefling <o
Adjust naming authority formatting when printing out admission extension
Indent namingAuthority section with two spaces to match the parent
node.
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25814)
show more ...
|
| fa856b0c | 05-Nov-2024 |
Niels Dossche |
Fix memory leak on failure in copy_issuer()
When sk_GENERAL_NAME_reserve() fails, ialt is not freed.
Add the freeing operation in the common error path.
Reviewed-by: Tom Cosgrov
Fix memory leak on failure in copy_issuer()
When sk_GENERAL_NAME_reserve() fails, ialt is not freed.
Add the freeing operation in the common error path.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25876)
show more ...
|
| 83b62d41 | 05-Nov-2024 |
Niels Dossche |
Remove unnecessary sk_GENERAL_NAME_free() calls on NULL
There are several calls to sk_GENERAL_NAME_free() where the argument is
actually NULL, there are not necessary.
Reviewed-
Remove unnecessary sk_GENERAL_NAME_free() calls on NULL
There are several calls to sk_GENERAL_NAME_free() where the argument is
actually NULL, there are not necessary.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25877)
show more ...
|
| e899361b | 02-Nov-2024 |
Celeste Liu |
x509: add a newline after printing Full Name
We forget it in 58301e24f66aa74b13b85a171dd14e6088c35662.
Fixes #25853
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cos
x509: add a newline after printing Full Name
We forget it in 58301e24f66aa74b13b85a171dd14e6088c35662.
Fixes #25853
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25854)
show more ...
|
| 0b234a23 | 01-Nov-2024 |
Tomas Mraz |
interop-tests.yml: Update to Fedora 40 and fix provisioning breakage
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Mat
interop-tests.yml: Update to Fedora 40 and fix provisioning breakage
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25847)
show more ...
|
| ccaa754b | 04-Nov-2024 |
ArtSin |
Fix uses of `EVP_PKEY_Q_keygen` with `size_t` variadic argument
Fix cases where `int` argument was passed instead of `size_t`.
CLA: trivial
Reviewed-by: Richard Levitte <le
Fix uses of `EVP_PKEY_Q_keygen` with `size_t` variadic argument
Fix cases where `int` argument was passed instead of `size_t`.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25857)
show more ...
|
| d1669a14 | 04-Nov-2024 |
Matt Caswell |
Fix the default_md example in the ca docs
We should not have an example showing the default_md as md5.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz
Fix the default_md example in the ca docs
We should not have an example showing the default_md as md5.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25856)
show more ...
|
| b9881e8e | 29-Oct-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
Document extensibility of -groups parameter via providers
Also add brainpool curves
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org
Document extensibility of -groups parameter via providers
Also add brainpool curves
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25821)
show more ...
|
| 8f4cd8e3 | 29-Oct-2024 |
Gábor Tóthvári |
Remove two unused union members from struct x509_object_st.
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h
Remove two unused union members from struct x509_object_st.
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25826)
show more ...
|
| a590a7e3 | 31-Oct-2024 |
Todd Short |
Use correct alerts for some cert comp errors
Fixes #25471
Signed-off-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas
Use correct alerts for some cert comp errors
Fixes #25471
Signed-off-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25845)
show more ...
|
