| c0088b99 | 17-Jun-2024 |
Tomas Mraz |
Add CHANGES.md entry for the EC/DSA nonce generation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavski
Add CHANGES.md entry for the EC/DSA nonce generation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24660)
(cherry picked from commit 72bff68f6acc4f420e283bcc77db76eb1917d7bf)
show more ...
|
| f7252d73 | 17-Jun-2024 |
Neil Horman |
Some minor nit corrections in the thread code for rcu
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.or
Some minor nit corrections in the thread code for rcu
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24630)
(cherry picked from commit d38d2642287ef9a22f20e662a19c217c227043a6)
show more ...
|
| fa495604 | 28-May-2024 |
Frederik Wedel-Heinen |
Fix handling of max_fragment_length extension for PSK
A psk session was assumed to be a resumption which failed a check
when parsing the max_fragment_length extension hello from the clie
Fix handling of max_fragment_length extension for PSK
A psk session was assumed to be a resumption which failed a check
when parsing the max_fragment_length extension hello from the client.
Relevant code from PR#18130 which was a suggested fix to the issue
was cherry-picked.
Fixes #18121
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24513)
show more ...
|
| 6a3579e1 | 15-May-2024 |
Rajeev Ranjan |
CMP: add support for requesting cert template using genm/genp
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from ht
CMP: add support for requesting cert template using genm/genp
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24409)
show more ...
|
| e2a4d68a | 17-Jun-2024 |
Daniel McCarney |
docs: fix SSL_CTX_set_tlsext_ticket_key_cb typos
* "shortcuts the TLS" -> "shortcuts the TLS handshake"
* "don't occur" -> "doesn't occur"
* "storing client certificate" -> "storing
docs: fix SSL_CTX_set_tlsext_ticket_key_cb typos
* "shortcuts the TLS" -> "shortcuts the TLS handshake"
* "don't occur" -> "doesn't occur"
* "storing client certificate" -> "storing the client certificate"
* "an all other" -> "and all other"
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24674)
show more ...
|
| d5412c94 | 06-Apr-2024 |
Et7f3 |
ossl_store.pod: Correct the example of OSSL_STORE API usage
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o
ossl_store.pod: Correct the example of OSSL_STORE API usage
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24056)
show more ...
|
| f159d861 | 17-Jun-2024 |
Jaime Hablutzel |
Fix typo in openssl-verification-options documentation.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by:
Fix typo in openssl-verification-options documentation.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24662)
show more ...
|
| 5aec3f4a | 25-Apr-2024 |
Dr. David von Oheimb |
CMP app: fix combination of -certout and -chainout with equal filename argument
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by
CMP app: fix combination of -certout and -chainout with equal filename argument
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24267)
show more ...
|
| f4b4a185 | 27-May-2024 |
Viktor Dukhovni |
MVP demo TLS server
- No concurrency, one client-at-a-time
- Blocking
- No client certs
- Fixed chain and key file names
- Minimal support for session resumption
Rev
MVP demo TLS server
- No concurrency, one client-at-a-time
- Blocking
- No client certs
- Fixed chain and key file names
- Minimal support for session resumption
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24505)
show more ...
|
| 7301759a | 22-May-2024 |
sashan |
fix potential memory leak in PKCS12_add_key_ex()
function must make sure memorry allocated for `p8`
gets freed in error path. Issue reported by LuMingYinDetect
Fixes #24453
fix potential memory leak in PKCS12_add_key_ex()
function must make sure memorry allocated for `p8`
gets freed in error path. Issue reported by LuMingYinDetect
Fixes #24453
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24456)
show more ...
|
| 929fcc57 | 06-Jun-2024 |
Randall S. Becker |
Remove configuration targets and related documentation for Guardian builds.
The intermediate configuration items to support Guardian builds are left
in place as a convenience for users w
Remove configuration targets and related documentation for Guardian builds.
The intermediate configuration items to support Guardian builds are left
in place as a convenience for users who want to set up configurations
for Guardian on their own.
Fixes: #22175
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24579)
show more ...
|
| 58301e24 | 01-Jun-2024 |
Jonathan M. Wilbur |
Add support for targetingInformation X.509v3 extension
Support for the targetingInformation X.509v3 extension defined in ITU-T
Recommendation X.509 (2019), Section 17.1.2.2. This extensi
Add support for targetingInformation X.509v3 extension
Support for the targetingInformation X.509v3 extension defined in ITU-T
Recommendation X.509 (2019), Section 17.1.2.2. This extension is used
in attribute certificates.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22206)
show more ...
|
| 40948c4c | 11-Mar-2024 |
Dr. David von Oheimb |
OSSL_CMP_{validate_msg,CTX_new}.pod: add warning notes on OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openss
OSSL_CMP_{validate_msg,CTX_new}.pod: add warning notes on OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23814)
show more ...
|
| b893ceef | 11-Mar-2024 |
Dr. David von Oheimb |
OSSL_CMP_validate_msg(): fix check such that OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR becomes usable again
Fixes #23706
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-b
OSSL_CMP_validate_msg(): fix check such that OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR becomes usable again
Fixes #23706
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23814)
show more ...
|
| f8acb534 | 06-Mar-2024 |
Dr. David von Oheimb |
80-test_cmp_http_data/test_connection.csv: disable localhost test as not supported on some hosts
Fixes #22870
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horma
80-test_cmp_http_data/test_connection.csv: disable localhost test as not supported on some hosts
Fixes #22870
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23756)
show more ...
|
| 6e01d311 | 05-Jun-2024 |
Richard Levitte |
Configure: make absolutedir() use rel2abs() on Windows too
perl's realpath() seems to be buggy on Windows, so we turn to rel2abs()
there as well.
Fixes #23593
Reviewed-
Configure: make absolutedir() use rel2abs() on Windows too
perl's realpath() seems to be buggy on Windows, so we turn to rel2abs()
there as well.
Fixes #23593
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24569)
show more ...
|
| 1977c00f | 05-Jun-2024 |
Amir Mohammadi |
Fix memory leak in quic_trace.c
Fixes #24340
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/opens
Fix memory leak in quic_trace.c
Fixes #24340
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24568)
show more ...
|
| d4700c0b | 23-May-2024 |
Ruslan Baratov |
[Docs] Notes about freeing objects
- Free objects returned from PEM read
- Free objects returned from d2i_*
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz
[Docs] Notes about freeing objects
- Free objects returned from PEM read
- Free objects returned from d2i_*
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24478)
show more ...
|
| 14054018 | 11-Apr-2024 |
Tomas Mraz |
test/prov_config_test.c: Cleanup and fix potential leaks
Fixes #24106
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewe
test/prov_config_test.c: Cleanup and fix potential leaks
Fixes #24106
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24107)
show more ...
|
| 417dad1e | 30-May-2024 |
Dmitry Misharov |
add static analysis workflow for on-premise Coverity Connect
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/opens
add static analysis workflow for on-premise Coverity Connect
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24534)
show more ...
|
| a9fa07f4 | 05-Jun-2024 |
Richard Levitte |
Drop the old PGP key fingerprint
All public releases have the information of the new PGP key in
doc/fingerprints.txt, so it is finally time to drop the old.
Reviewed-by: Kurt Ro
Drop the old PGP key fingerprint
All public releases have the information of the new PGP key in
doc/fingerprints.txt, so it is finally time to drop the old.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24563)
show more ...
|
| 5bbdbce8 | 12-Apr-2024 |
shridhar kalavagunta |
Fix memory leak on error in crypto/conf/conf_mod.c
Fixes #24111
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from htt
Fix memory leak on error in crypto/conf/conf_mod.c
Fixes #24111
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24119)
show more ...
|
| 23b6ef48 | 21-Nov-2023 |
Watson Ladd |
Allow group methods to customize initialization for speed
This commit also adds an implementation for P256 that avoids some
expensive initialization of Montgomery arithmetic structures i
Allow group methods to customize initialization for speed
This commit also adds an implementation for P256 that avoids some
expensive initialization of Montgomery arithmetic structures in favor
of precomputation. Since ECC groups are not always cached by higher
layers this brings significant savings to TLS handshakes.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22746)
show more ...
|
| 0e2567d7 | 22-May-2024 |
Randall S. Becker |
Disable 70-test_quic_multistream.t when building with PUT threads.
The test recipe includes a TEST_skip when OpenSSL is built with _PUT_MODEL_
based on design assumptions for QUIC and in
Disable 70-test_quic_multistream.t when building with PUT threads.
The test recipe includes a TEST_skip when OpenSSL is built with _PUT_MODEL_
based on design assumptions for QUIC and incompatibility with PUT wrapper
methods.
Fixes: #24442
Fixes: #24431
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24468)
show more ...
|
| ae20c423 | 03-Jun-2024 |
Tomas Mraz |
Update CHANGES.md and NEWS.md for the upcoming release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/o
Update CHANGES.md and NEWS.md for the upcoming release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24549)
(cherry picked from commit 6152b08631568551f155f9d8219298f55aef5d94)
show more ...
|
