| 47dc828c | 01-Aug-2022 |
Dr. David von Oheimb |
add missing doc of X509_REQ_get_extensions() and X509_REQ_add_extensions{,_nid}()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by
add missing doc of X509_REQ_get_extensions() and X509_REQ_add_extensions{,_nid}()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)
show more ...
|
| e128eaa0 | 01-Aug-2022 |
Dr. David von Oheimb |
X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by
X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)
show more ...
|
| bf16ee4f | 22-Aug-2022 |
Richard Levitte |
util/wrap.pl.in: If the subprocess died with a signal, let's re-signal it
A simple 'kill' of the same signal on our own process should do it.
This will allow the shell that this is runni
util/wrap.pl.in: If the subprocess died with a signal, let's re-signal it
A simple 'kill' of the same signal on our own process should do it.
This will allow the shell that this is running under to catch it
properly, and output something if it usually does that.
Fixes #19041
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19042)
show more ...
|
| e921882d | 23-Aug-2022 |
Matt Caswell |
Fix the return type for the rlayer_skip_early_data callback
There was a copy & paste error in the definition of the
rlayer_skip_early_data callback. The return type is supposed to
be
Fix the return type for the rlayer_skip_early_data callback
There was a copy & paste error in the definition of the
rlayer_skip_early_data callback. The return type is supposed to
be "int" but it was defined as a pointer type. This was causing
test failures on some platforms.
Fixes #19037
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19048)
show more ...
|
| 35bcac13 | 19-Aug-2022 |
Tomas Mraz |
rl->enc_ctx must be non-NULL and cipher must be set
Otherwise ssl3_cipher() cannot work properly.
Fixes Coverity CID 1509401
Reviewed-by: Paul Dale <pauli@openssl.org>
rl->enc_ctx must be non-NULL and cipher must be set
Otherwise ssl3_cipher() cannot work properly.
Fixes Coverity CID 1509401
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19027)
show more ...
|
| 7b7ad9e5 | 19-Aug-2022 |
Tomas Mraz |
Do not use RLAYERfatal on NULL RLAYER
or on record layer that is to be freed anyway.
Fixes Coverity CID 1509402, 1509403
Reviewed-by: Paul Dale <pauli@openssl.org>
Revi
Do not use RLAYERfatal on NULL RLAYER
or on record layer that is to be freed anyway.
Fixes Coverity CID 1509402, 1509403
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19027)
show more ...
|
| eb7a5cc3 | 22-Aug-2022 |
Pauli |
Coverity 1508532: out of bounds access
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull
Coverity 1508532: out of bounds access
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19033)
show more ...
|
| 52f61699 | 28-Jun-2022 |
Dr. David von Oheimb |
OSSL_HTTP_REQ_CTX_nbio: add support for partial content-type string matching
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David
OSSL_HTTP_REQ_CTX_nbio: add support for partial content-type string matching
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18675)
show more ...
|
| db302550 | 28-Jun-2022 |
Dr. David von Oheimb |
app_http_tls_cb() and tls_error_hint(): code cleanup
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.o
app_http_tls_cb() and tls_error_hint(): code cleanup
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18675)
show more ...
|
| d040a1b9 | 11-May-2021 |
Dr. David von Oheimb |
Makefile: Generate crypto objects only as far as needed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <
Makefile: Generate crypto objects only as far as needed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15224)
show more ...
|
| 0e55c3ab | 11-May-2021 |
Dr. David von Oheimb |
Makefile: Call mknum.pl on 'make ordinals' only if needed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb
Makefile: Call mknum.pl on 'make ordinals' only if needed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15224)
show more ...
|
| 08ae9fa6 | 18-Jul-2022 |
K1 |
Support decode SM2 parameters
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18819) |
| c92c3dfb | 16-Aug-2022 |
Ryan Kelley |
Moving notify check after the no time check
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.c
Moving notify check after the no time check
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19007)
show more ...
|
| c63e8637 | 21-Dec-2021 |
Dmitry Belyavskiy |
openssl speed fails in FIPS mode
...because it uses md5 for HMAC tests. Skip md5 in case of its
unavailability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim
openssl speed fails in FIPS mode
...because it uses md5 for HMAC tests. Skip md5 in case of its
unavailability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17331)
show more ...
|
| 4c100990 | 20-Aug-2022 |
Tobias Nießen |
Fix typo in migration guide
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19032) |
| 83529f07 | 19-Aug-2022 |
Tomas Mraz |
Always automatically add -DPEDANTIC with enable-ubsan
To avoid reports like: #19028
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(
Always automatically add -DPEDANTIC with enable-ubsan
To avoid reports like: #19028
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19029)
show more ...
|
| a148f864 | 22-Aug-2022 |
Todd Short |
Fix doc-nits
PR #19031 updated options that that were listed as commands, these
options were already in openssl-list.pod.in, so they are redundant
in openssl.pod.
Reviewed-b
Fix doc-nits
PR #19031 updated options that that were listed as commands, these
options were already in openssl-list.pod.in, so they are redundant
in openssl.pod.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19044)
show more ...
|
| b134300a | 30-Aug-2021 |
Tianjia Zhang |
evp: Use functions instead of direct structure field references
AES and chacha20poly1305 also have some codes that directly reference
the fields in the EVP_CIPHER_CTX structure, such as
evp: Use functions instead of direct structure field references
AES and chacha20poly1305 also have some codes that directly reference
the fields in the EVP_CIPHER_CTX structure, such as 'ctx->buf' and
'ctx->encrypt', in order to make the code style uniform, use the
corresponding interface API instead of direct field references.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16465)
show more ...
|
| e6b1c22b | 30-Aug-2021 |
Tianjia Zhang |
evp: Simplify ARIA aead cipher definition
Remove fixed macro variables, only keep the cipher mode name and
key length.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.
evp: Simplify ARIA aead cipher definition
Remove fixed macro variables, only keep the cipher mode name and
key length.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16465)
show more ...
|
| a9389c0b | 29-Jul-2022 |
Piotr Kubaj |
Add BSD-armv4 target based on linux-armv4
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Add BSD-armv4 target based on linux-armv4
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18910)
show more ...
|
| 63b94b3f | 19-Aug-2022 |
Jeff Croxell |
Clarify dashes are required for openssl list command
Fixes #19013
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Clarify dashes are required for openssl list command
Fixes #19013
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19031)
show more ...
|
| 6a925505 | 18-Aug-2022 |
Todd Short |
Update gitignore
Add test/timing_load_creds
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.or
Update gitignore
Add test/timing_load_creds
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19021)
show more ...
|
| e0c4e43e | 01-Aug-2022 |
Hugo Landau |
BIO_sendmmsg/BIO_recvmmsg (API only)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/189
BIO_sendmmsg/BIO_recvmmsg (API only)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18923)
show more ...
|
| 709d4be7 | 15-Aug-2022 |
Pauli |
Limit the size of various MAXCHUNK definitions
The current code has issues when sizeof(long) <> sizeof(size_t). The two
types are assumed to be interchangeable and them being different
Limit the size of various MAXCHUNK definitions
The current code has issues when sizeof(long) <> sizeof(size_t). The two
types are assumed to be interchangeable and them being different will
cause crashes and endless loops.
This fix limits the maximum chunk size for many of the symmetric ciphers
to 2^30 bytes. This chunk size limits the amount of data that will
be encrypted/decrypted in one lump. The code internally handles block
of data later than the chunk limit, so this will present no difference
to the caller. Any loss of efficiency due to limiting the chunking to
1Gbyte rather than more should be insignificant.
Fixes Coverity issues:
1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533,
1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 &
1508571 - 1508582.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18997)
show more ...
|
| e8a557dc | 16-Aug-2022 |
Pauli |
Coverity: misuses of time_t
Coverity 1508506:
Fixes a bug in the cookie code which would have caused problems for
ten minutes before and after the lower 32 bits of time_
Coverity: misuses of time_t
Coverity 1508506:
Fixes a bug in the cookie code which would have caused problems for
ten minutes before and after the lower 32 bits of time_t rolled over.
Coverity 1508534 & 1508540:
Avoid problems when the lower 32 bits of time_t roll over by delaying
the cast to integer until after the time delta has been computed.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19004)
show more ...
|
