| 553a4e00 | 06-Mar-2023 |
Hugo Landau |
QUIC: Add support for datagram injection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2
QUIC: Add support for datagram injection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20451)
show more ...
|
| fc110280 | 16-Mar-2023 |
Tomas Mraz |
Add simple interoperability test with Cloudflare quiche
This is an external test which requires recursive checkout
of the cloudflare-quiche submodule.
We simply run a client aga
Add simple interoperability test with Cloudflare quiche
This is an external test which requires recursive checkout
of the cloudflare-quiche submodule.
We simply run a client against the example quiche-server
serving HTTP/0.9 requests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20527)
show more ...
|
| c6d14bfd | 10-Mar-2023 |
VeronikaNguyen |
Added `CERTIFICATE_VERIFY_MAX_LENGTH` constant
- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539
(2 bytes for the algorithm identifier + 2 bytes of signature length
+ 65535 bytes o
Added `CERTIFICATE_VERIFY_MAX_LENGTH` constant
- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539
(2 bytes for the algorithm identifier + 2 bytes of signature length
+ 65535 bytes of signature)
- Changed `SSL3_RT_MAX_PLAIN_LENGTH` to `CERTIFICATE_VERIFY_MAX_LENGTH`
in `statem_srvr.c` and `statem_clnt.c`
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20486)
show more ...
|
| c77fb9af | 17-Mar-2023 |
Milan Broz |
Add Argon2 KDF demo.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom
Add Argon2 KDF demo.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20531)
show more ...
|
| 6f792f4d | 10-Mar-2023 |
FdaSilvaYY |
cmp: fix --strict-warnings windows builds
remove unneeded const qualifier to keep method declaration
and definition in sync.
Reviewed-by: David von Oheimb <david.von.oheimb@siem
cmp: fix --strict-warnings windows builds
remove unneeded const qualifier to keep method declaration
and definition in sync.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20436)
show more ...
|
| f42d6b7a | 10-Mar-2023 |
FdaSilvaYY |
nit: tidy-up code, and fix a typo.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://g
nit: tidy-up code, and fix a typo.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20436)
show more ...
|
| 4b738c1a | 20-Mar-2023 |
Richard Levitte |
providers/implementations/kdfs/argon2.c: Don't use UINT64_C
With less than C99 compilers, this macro isn't guaranteed to exist, and
the value passed to it is 32 bits, so explicitly endin
providers/implementations/kdfs/argon2.c: Don't use UINT64_C
With less than C99 compilers, this macro isn't guaranteed to exist, and
the value passed to it is 32 bits, so explicitly ending it with 'UL' is
correct in all cases. We simply leave it to the compiler to extend it
appropriately for uint64_t.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20547)
show more ...
|
| 41c3c713 | 17-Mar-2023 |
Čestmír Kalina |
thread: remove remnants of ossl_crypto_mem_barrier
Commit ac21c1780a63a8d9a3a6217eb52fe0d188fa7655 VMS knows POSIX threads too!
removed ossl_crypto_mem_barrier for POSIX systems.
thread: remove remnants of ossl_crypto_mem_barrier
Commit ac21c1780a63a8d9a3a6217eb52fe0d188fa7655 VMS knows POSIX threads too!
removed ossl_crypto_mem_barrier for POSIX systems.
Remove it for Win32 and other architectures as well.
Resolves issue #19506 Unable to build under bcc32c environment (Embarcadero
clang compiler).
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20538)
show more ...
|
| fdfa63df | 12-Mar-2023 |
zhangzhilei |
enable hardware acceleration for sm4-ccm
benchmark data test on KunPeng920
before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
enable hardware acceleration for sm4-ccm
benchmark data test on KunPeng920
before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CCM 20401.16k 33739.97k 40476.08k 42326.70k 43373.91k 43220.99k
after:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CCM 8050.11k 13011.29k 15407.10k 16147.80k 16378.54k 16449.76k
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20499)
show more ...
|
| 6ec3d312 | 19-Mar-2023 |
Pauli |
Avoid freeing context on error
Freeing the allocated KDF context seems wrong when derive errors.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <t
Avoid freeing context on error
Freeing the allocated KDF context seems wrong when derive errors.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20528)
show more ...
|
| 7c45b7cb | 17-Mar-2023 |
Pauli |
Coverity 1522032: use after free
Fix use after free error.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from
Coverity 1522032: use after free
Fix use after free error.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20528)
show more ...
|
| c9c99018 | 28-Feb-2023 |
JAVAID Mohammad-Habib |
cmp_msg.c: free memory of certStatus before goto err
CLA: trivial
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(M
cmp_msg.c: free memory of certStatus before goto err
CLA: trivial
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20406)
show more ...
|
| e9460bb4 | 16-Mar-2023 |
Everton Constantino |
Update documentation to reflect new Windows on Arm configurations
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi
Update documentation to reflect new Windows on Arm configurations
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20525)
show more ...
|
| d293ebde | 16-Mar-2023 |
Matt Caswell |
Fix some Windows issues in the quic_reactor
An incorrect macro name was being used for Windows detection which meant
we were going down a codepath not intended for Windows and thus faili
Fix some Windows issues in the quic_reactor
An incorrect macro name was being used for Windows detection which meant
we were going down a codepath not intended for Windows and thus failing.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
show more ...
|
| 0c593328 | 13-Mar-2023 |
Matt Caswell |
Add a simple QUIC test for blocking mode
We create "real" sockets for blocking mode so that we can block on them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul D
Add a simple QUIC test for blocking mode
We create "real" sockets for blocking mode so that we can block on them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
show more ...
|
| c2212dc1 | 13-Mar-2023 |
Matt Caswell |
Make sure the QRX and QTX are associated with a libctx
If a libctx has been associated with the channel, it must be passed down
to the QRX and QTX.
Reviewed-by: Tomas Mraz <toma
Make sure the QRX and QTX are associated with a libctx
If a libctx has been associated with the channel, it must be passed down
to the QRX and QTX.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
show more ...
|
| 4e15b448 | 13-Mar-2023 |
Matt Caswell |
Fix seg fault when calling SSL_shutdown() for a QUIC connection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com
Fix seg fault when calling SSL_shutdown() for a QUIC connection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
show more ...
|
| 560470b5 | 13-Mar-2023 |
Matt Caswell |
Fix SSL_has_pending() for QUIC connections
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull
Fix SSL_has_pending() for QUIC connections
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
show more ...
|
| 44a1ac5d | 10-Mar-2023 |
Matt Caswell |
Provide better errors for some QUIC failures
For example if would be helpful if we got more useful information if the
caller forgot to set the peer address.
Reviewed-by: Tomas M
Provide better errors for some QUIC failures
For example if would be helpful if we got more useful information if the
caller forgot to set the peer address.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
show more ...
|
| f8ffab0d | 10-Mar-2023 |
Matt Caswell |
Defer unknown QUIC ctrls to the SSL object for TLS
If the QUIC oject receives a ctrl it does not recognise, the chances are
it is intended for the underlying SSL object - so we forward u
Defer unknown QUIC ctrls to the SSL object for TLS
If the QUIC oject receives a ctrl it does not recognise, the chances are
it is intended for the underlying SSL object - so we forward unknown ctrls
there.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
show more ...
|
| 8b399c5e | 12-Feb-2023 |
Mike Gilbert |
Fix Configure test for -mips in CFLAGS
We want to add -mips2 or -mips3 only if the user hasn't already
specified a mips version in CFLAGS. The existing test was a
double-negative.
Fix Configure test for -mips in CFLAGS
We want to add -mips2 or -mips3 only if the user hasn't already
specified a mips version in CFLAGS. The existing test was a
double-negative.
CLA: trivial
Fixes: https://github.com/openssl/openssl/issues/20214
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20273)
show more ...
|
| 6678b086 | 08-Mar-2023 |
Pauli |
doc: note the default iteration count for PBKDF2 in the enc command
Fixes #20466
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
doc: note the default iteration count for PBKDF2 in the enc command
Fixes #20466
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20471)
show more ...
|
| dc43f080 | 08-Mar-2023 |
Pauli |
Include the default iteration count in the help for the enc command
The only way to discover this otherwise is looking at the code.
Fixes #20466
Reviewed-by: Tomas Mraz <to
Include the default iteration count in the help for the enc command
The only way to discover this otherwise is looking at the code.
Fixes #20466
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20471)
show more ...
|
| 6821acbf | 17-Mar-2023 |
Tomas Mraz |
Add sanity test for OSSL_sleep()
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgro
Add sanity test for OSSL_sleep()
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20533)
show more ...
|
| bea92b8c | 17-Mar-2023 |
Tomas Mraz |
sleep.c: Limit the sleep time instead of sleeping for days or even years
As the sleep() call is interruptible, it is not even a good idea to call
it in a loop if the caller uses some rid
sleep.c: Limit the sleep time instead of sleeping for days or even years
As the sleep() call is interruptible, it is not even a good idea to call
it in a loop if the caller uses some ridiculously large value as an
infinity just waiting for an interrupt.
Fixes #20524
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20533)
show more ...
|
