History log of /openssl/ (Results 4226 – 4250 of 36054)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
e9809f8a19-Sep-2022 Tomas Mraz

Fix error return values from BIO_ctrl_(w)pending()

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.o

Fix error return values from BIO_ctrl_(w)pending()

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19240)

show more ...


crypto/bio/bio_lib.c
doc/man3/BIO_ctrl.pod
538ee4e019-Jul-2022 Pauli

Add design document for the QUIC connection ID cache.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/open

Add design document for the QUIC connection ID cache.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18824)

show more ...


doc/designs/quic-design/connection-id-cache.md
4efc969825-Jul-2022 Pauli

update overview with a note about many to one connection ID cache

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

update overview with a note about many to one connection ID cache

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18824)

show more ...


doc/designs/quic-design/quic-overview.md
8e90a12a23-Sep-2022 Hugo Landau

Fix BIO_dgram_pair stochastic test failure

Fixes #19267.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github

Fix BIO_dgram_pair stochastic test failure

Fixes #19267.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19268)

show more ...


test/bio_dgram_test.c
678b489a21-Sep-2022 Daniel Fiala

Clear incorrectly reported errors in d2i_CMS_ContentInfo

Fixes openssl#19003

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged f

Clear incorrectly reported errors in d2i_CMS_ContentInfo

Fixes openssl#19003

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19255)

show more ...


crypto/cms/cms_lib.c
test/cmsapitest.c
78c44b0526-Aug-2022 slontis

Add HPKE DHKEM provider support for EC, X25519 and X448.

The code is derived from @sftcd's work in PR #17172.
This PR puts the DHKEM algorithms into the provider layer as
KEM algorit

Add HPKE DHKEM provider support for EC, X25519 and X448.

The code is derived from @sftcd's work in PR #17172.
This PR puts the DHKEM algorithms into the provider layer as
KEM algorithms for EC and ECX.

This PR only implements the DHKEM component of HPKE as specified in
RFC 9180.

crypto/hpke/hpke_util.c has been added for fuctions that will
be shared between DHKEM and HPKE.

API's for EVP_PKEY_auth_encapsulate_init() and EVP_PKEY_auth_decapsulate_init()
have been added to support authenticated encapsulation. auth_init() functions
were chosen rather that a EVP_PKEY_KEM_set_auth() interface to support
future algorithms that could possibly need different init functions.

Internal code has been refactored, so that it can be shared between the DHKEM
and other systems. Since DHKEM operates on low level keys it needs to be
able to do low level ECDH and ECXDH calls without converting the keys
back into EVP_PKEY/EVP_PKEY_CTX form. See ossl_ecx_compute_key(),
ossl_ec_public_from_private()

DHKEM requires API's to derive a key using a seed (IKM). This did not sit
well inside the DHKEM itself as dispatch functions. This functionality
fits better inside the EC and ECX keymanagers keygen, since
they are just variations of keygen where the private key is generated
in a different manner. This should mainly be used for testing purposes.
See ossl_ec_generate_key_dhkem().
It supports this by allowing a settable param to be passed to keygen
(See OSSL_PKEY_PARAM_DHKEM_IKM).
The keygen calls code within ec and ecx dhkem implementation to handle this.
See ossl_ecx_dhkem_derive_private() and ossl_ec_dhkem_derive_private().
These 2 functions are also used by the EC/ECX DHKEM implementations to generate
the sender ephemeral keys.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19068)

show more ...


crypto/build.info
crypto/ec/build.info
crypto/ec/ec_key.c
crypto/ec/ecx_key.c
crypto/evp/evp_local.h
crypto/evp/kem.c
crypto/hpke/build.info
crypto/hpke/hpke_util.c
doc/build.info
doc/man3/EVP_PKEY_decapsulate.pod
doc/man3/EVP_PKEY_encapsulate.pod
doc/man7/EVP_KEM-EC.pod
doc/man7/EVP_KEM-X25519.pod
doc/man7/EVP_PKEY-EC.pod
doc/man7/EVP_PKEY-X25519.pod
doc/man7/OSSL_PROVIDER-default.pod
doc/man7/provider-kem.pod
include/crypto/ec.h
include/crypto/ecx.h
include/crypto/hpke.h
include/openssl/core_dispatch.h
include/openssl/core_names.h
include/openssl/evp.h
providers/defltprov.c
providers/implementations/exchange/ecx_exch.c
providers/implementations/include/prov/ecx.h
providers/implementations/include/prov/implementations.h
providers/implementations/kem/build.info
providers/implementations/kem/ec_kem.c
providers/implementations/kem/eckem.h
providers/implementations/kem/ecx_kem.c
providers/implementations/kem/kem_util.c
providers/implementations/keymgmt/ec_kmgmt.c
providers/implementations/keymgmt/ecx_kmgmt.c
test/build.info
test/dhkem_test.inc
test/evp_pkey_dhkem_test.c
test/recipes/30-test_evp_pkey_dhkem.t
util/libcrypto.num
257cade419-Sep-2022 olszomal

OSSL_PROVIDER_set_default_search_path() return value

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by:

OSSL_PROVIDER_set_default_search_path() return value

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19239)

show more ...


doc/man3/OSSL_PROVIDER.pod
b88ce46e31-May-2022 Hugo Landau

BIO_s_dgram_pair

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18442)


crypto/bio/bio_err.c
crypto/bio/bss_dgram_pair.c
crypto/bio/build.info
crypto/err/openssl.txt
doc/build.info
doc/man3/BIO_s_dgram_pair.pod
doc/man3/BIO_sendmmsg.pod
include/openssl/bio.h.in
include/openssl/bioerr.h
test/bio_dgram_test.c
test/build.info
test/threadstest.c
util/libcrypto.num
util/other.syms
a29ad91223-Jun-2022 Matt Caswell

Add additional messages to the DTLS dropped records test

Ensure we are testing a handshake that includes a HelloVerifyRequest and
what happens if we drop it.

Reviewed-by: Tomas

Add additional messages to the DTLS dropped records test

Ensure we are testing a handshake that includes a HelloVerifyRequest and
what happens if we drop it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18654)

show more ...


test/dtlstest.c
81926c9123-Jun-2022 Matt Caswell

Correctly handle a retransmitted ClientHello

If we receive a ClientHello and send back a HelloVerifyRequest, we need
to be able to handle the scenario where the HelloVerifyRequest gets l

Correctly handle a retransmitted ClientHello

If we receive a ClientHello and send back a HelloVerifyRequest, we need
to be able to handle the scenario where the HelloVerifyRequest gets lost
and we receive another ClientHello with the message sequence number set to
0.

Fixes #18635

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18654)

show more ...


ssl/statem/statem_dtls.c
0ff9813720-Sep-2022 Hugo Landau

Add deferred datagram limit to QUIC Record Layer RX

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/ope

Add deferred datagram limit to QUIC Record Layer RX

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19251)

show more ...


include/internal/quic_demux.h
include/internal/quic_record_rx.h
ssl/quic/quic_record_rx.c
test/quic_record_test.c
82d46d1418-Sep-2022 Pauli

Coverity 1515415: NULL dereference

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/192

Coverity 1515415: NULL dereference

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19236)

show more ...


test/helpers/ssltestlib.c
1cef040919-Sep-2022 Pauli

Remove unnecessary define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)


test/build.info
c91f972c19-Sep-2022 Pauli

Runtime detect FIPS RNG usage in test

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Runtime detect FIPS RNG usage in test

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)

show more ...


test/drbgtest.c
3fd255ac19-Sep-2022 Pauli

Remove FIPS condition on IV gen test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Remove FIPS condition on IV gen test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)

show more ...


test/aesgcmtest.c
919adfcf19-Sep-2022 Pauli

Remove FIPS condition on SM2 test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Remove FIPS condition on SM2 test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)

show more ...


test/evp_extra_test.c
200d844706-Jul-2021 Dr. David von Oheimb

APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too

Also add related references to FR #15725.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>

APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too

Also add related references to FR #15725.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)

show more ...


apps/ca.c
apps/cmp.c
apps/include/apps.h
apps/lib/apps.c
apps/req.c
apps/x509.c
doc/man1/openssl-ca.pod.in
doc/man1/openssl-req.pod.in
doc/man1/openssl-x509.pod.in
51024f7507-Jul-2021 Dr. David von Oheimb

apps/x509.c: Remove legacy call to OBJ_create()

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.vo

apps/x509.c: Remove legacy call to OBJ_create()

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)

show more ...


apps/x509.c
630d312118-Sep-2022 Daniel Fiala

Check that sk_SSL_CIPHER_value returns non-NULL value.

Fixes openssl#19162.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

Check that sk_SSL_CIPHER_value returns non-NULL value.

Fixes openssl#19162.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19233)

show more ...


apps/ciphers.c
4689fe1b18-Sep-2022 Patrik Sevallius

Always use FORMAT_BINARY for infile

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hla

Always use FORMAT_BINARY for infile

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19234)

show more ...


apps/mac.c
054189bf18-Sep-2022 Patrik Sevallius

Update documentation, standard input is expected to be in binary format too

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openss

Update documentation, standard input is expected to be in binary format too

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19234)

show more ...


doc/man1/openssl-mac.pod.in
67ec6d2b12-Aug-2022 Matt Caswell

Use an enum for the return value from a construction function

Construction return values are no longer boolean but can return 3 different
values, so we use an enum to represent them.

Use an enum for the return value from a construction function

Construction return values are no longer boolean but can return 3 different
values, so we use an enum to represent them.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)

show more ...


ssl/statem/statem.c
ssl/statem/statem.h
ssl/statem/statem_clnt.c
ssl/statem/statem_dtls.c
ssl/statem/statem_lib.c
ssl/statem/statem_local.h
ssl/statem/statem_srvr.c
3e93c5fe12-Aug-2022 Matt Caswell

If a ticket key callback returns 0 in TLSv1.3 don't send a ticket

If we can't construct the ticket don't send one. This requires a change
to the TLS state machine to be able to a handle

If a ticket key callback returns 0 in TLSv1.3 don't send a ticket

If we can't construct the ticket don't send one. This requires a change
to the TLS state machine to be able to a handle a construction function
deciding not to send a message after all.

Fixes #18977

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)

show more ...


ssl/statem/statem.c
ssl/statem/statem_srvr.c
3b7a324112-Aug-2022 Matt Caswell

Test a 0 return from the ticket key callback

A 0 return from a ticket key callback should indicate that crypto parameters
are not currently available and that the handshake should contin

Test a 0 return from the ticket key callback

A 0 return from a ticket key callback should indicate that crypto parameters
are not currently available and that the handshake should continue without
generating/using the ticket.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)

show more ...


test/sslapitest.c
9b25f52a14-Sep-2022 Tomas Mraz

Fix detection of ktls support in cross-compile environment on Linux

Fixes #19212

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>

Fix detection of ktls support in cross-compile environment on Linux

Fixes #19212

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19213)

show more ...


Configure

1...<<161162163164165166167168169170>>...1443