pbe: sort stack before using find

There is no lock for the sort. This is no worse than the
existing code which sorted silently without a lock.

Reviewed-by: Tomas Mraz <tomas@op

pbe: sort stack before using find

There is no lock for the sort. This is no worse than the
existing code which sorted silently without a lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)

show more ...

asn1: sort stacks before using find

a_strnid.c doesn't have a lock for the sort. This is no worse than the
existing code which sorted silently without a lock.

Reviewed-by: Toma

asn1: sort stacks before using find

a_strnid.c doesn't have a lock for the sort. This is no worse than the
existing code which sorted silently without a lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)

show more ...

build_wincrypt_test.c: Fix compilation with MSVC

Fixes issue https://github.com/openssl/openssl/issues/20805

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz

build_wincrypt_test.c: Fix compilation with MSVC

Fixes issue https://github.com/openssl/openssl/issues/20805

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20806)

show more ...

Avoid generating RSA keys with p < q

We swap p and q in that case except when ACVP tests are being run.

Fixes #20823

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Re

Avoid generating RSA keys with p < q

We swap p and q in that case except when ACVP tests are being run.

Fixes #20823

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20833)

show more ...

fix md5 bug on aarch64 big-endian plantform.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@ope

fix md5 bug on aarch64 big-endian plantform.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20829)

show more ...

Improve documentation of -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3 options

Fixes #19014

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Revie

Improve documentation of -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3 options

Fixes #19014

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20834)

show more ...

dependabot: update config to include CLA: trivial, set branches etc

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://

dependabot: update config to include CLA: trivial, set branches etc

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20775)

show more ...

http proxy handling: Use ossl_safe_getenv() instead of getenv()

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged f

http proxy handling: Use ossl_safe_getenv() instead of getenv()

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20810)

show more ...

ASN1_OCTET_STRING_new() calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https

ASN1_OCTET_STRING_new() calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20838)

show more ...

x509: sort stacks prior to searching

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20782)

stack: fix searching when the stack isn't sorted.

More specifically, don't sort the stack when searching when it isn't sorted.
This avoids a race condition.

Fixes #20135

stack: fix searching when the stack isn't sorted.

More specifically, don't sort the stack when searching when it isn't sorted.
This avoids a race condition.

Fixes #20135

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20782)

show more ...

fix aes-xts bug on aarch64 big-endian env.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@open

fix aes-xts bug on aarch64 big-endian env.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20797)

show more ...

APPS/cmp: prevent HTTP client failure on -rspin option with too few filenames

The logic for handling inconsistent use of -rspin etc., -port, -server,
and -use_mock_srv options proved fau

APPS/cmp: prevent HTTP client failure on -rspin option with too few filenames

The logic for handling inconsistent use of -rspin etc., -port, -server,
and -use_mock_srv options proved faulty. This is fixed here, updating and
correcting also the documentation and diagnostics of the involved options.

In particular, the case that -rspin (or -rspout. reqin, -reqout) does not
provide enough message file names was not properly described and handled.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20295)

show more ...

Update the SSL_rstate_string*() return value for QUIC

We make these APIs work more like the TLS versions do.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau

Update the SSL_rstate_string*() return value for QUIC

We make these APIs work more like the TLS versions do.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)

show more ...

Correct the SSL_rstate_string*() APIs to match reality

The docs mentioned a "RD"/"read done" state that could be returned.
In practice that never happened, so update the docs to match

Correct the SSL_rstate_string*() APIs to match reality

The docs mentioned a "RD"/"read done" state that could be returned.
In practice that never happened, so update the docs to match
reality.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)

show more ...

Ensure that the SSL_rstate_string*() API works as they used to

We initialise the record layer rstate variable to ensure the
SSL_rstate_string*() APIs return values that are consistent wi

Ensure that the SSL_rstate_string*() API works as they used to

We initialise the record layer rstate variable to ensure the
SSL_rstate_string*() APIs return values that are consistent with
previous versions.

Fixes #20808

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)

show more ...

Add a test for the SSL_rstate_string*() APIs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openss

Add a test for the SSL_rstate_string*() APIs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)

show more ...

APPS: make sure the -CAfile argument can be in DER format

Note that PKCS#12 input is still not supported here-

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas

APPS: make sure the -CAfile argument can be in DER format

Note that PKCS#12 input is still not supported here-

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)

show more ...

apps/smime: Point out that the six operations are mutually exclusive and add check

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged

apps/smime: Point out that the six operations are mutually exclusive and add check

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)

show more ...

openssl-ocsp.pod.in: state for options that they are flexible w.r.t. cert input format

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Mer

openssl-ocsp.pod.in: state for options that they are flexible w.r.t. cert input format

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)

show more ...

apps/ocsp: Tweak some places to make clear they refer to *lists* of certs

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from http

apps/ocsp: Tweak some places to make clear they refer to *lists* of certs

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)

show more ...

QUIC Glossary

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20803)

QUIC I/O Architecture Design: Minor updates

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

QUIC I/O Architecture Design: Minor updates

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19770)

show more ...

QUIC I/O Architecture Design: Add block diagram, tweak wording

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/

QUIC I/O Architecture Design: Add block diagram, tweak wording

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19770)

show more ...

QUIC I/O Architecture Design Document

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1977

QUIC I/O Architecture Design Document

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19770)

show more ...