| 7b1829fa | 25-Apr-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
updated to oqs-provider 0.6.0
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2426
updated to oqs-provider 0.6.0
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24261)
show more ...
|
| f4fcc21f | 22-Mar-2024 |
Tomas Mraz |
82-test_ocsp_cert_chain.t: kill -HUP the server after client quits
This ensures even if the connection for some reason
fails, the server will terminate and the test won't get
stuck.
82-test_ocsp_cert_chain.t: kill -HUP the server after client quits
This ensures even if the connection for some reason
fails, the server will terminate and the test won't get
stuck.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23857)
show more ...
|
| 7054412e | 15-Mar-2024 |
Tomas Mraz |
82-test_ocsp_cert_chain.t: Terminate the server after 1 connection
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://
82-test_ocsp_cert_chain.t: Terminate the server after 1 connection
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23857)
show more ...
|
| 933f57df | 13-Mar-2024 |
Neil Horman |
Raise an error on syscall failure in tls_retry_write_records
Record the errno when we get a syscall failure in
tls_retry_write_records
Reviewed-by: Matt Caswell <matt@openssl.or
Raise an error on syscall failure in tls_retry_write_records
Record the errno when we get a syscall failure in
tls_retry_write_records
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23723)
show more ...
|
| 3dcd8513 | 01-Mar-2024 |
Neil Horman |
Make a failure in ktls_sendfile a syscall error
a failure in ktls_sendfile results in an error in ERR_LIB_SSL, but its
really a syscall error, since ktls_sendfile just maps to a call to
Make a failure in ktls_sendfile a syscall error
a failure in ktls_sendfile results in an error in ERR_LIB_SSL, but its
really a syscall error, since ktls_sendfile just maps to a call to the
sendfile syscall. Encode it as such
Fixes #23722
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23723)
show more ...
|
| 30590529 | 25-Apr-2024 |
Neil Horman |
Fix coverity 1596617
Somehow a double free slipped into conf_mod.c, remove it
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed
Fix coverity 1596617
Somehow a double free slipped into conf_mod.c, remove it
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24263)
show more ...
|
| badda783 | 25-Apr-2024 |
Neil Horman |
Fix coverity-1596616
Need to add a null check prior to derefencing pointer for free
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Re
Fix coverity-1596616
Need to add a null check prior to derefencing pointer for free
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24263)
show more ...
|
| bde66e82 | 24-Apr-2024 |
Takehiko Yokota |
Add an Apple privacy info file for OpenSSL
Added PrivacyInfo.xcprivacy to os-dep/Apple/ dir.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.
Add an Apple privacy info file for OpenSSL
Added PrivacyInfo.xcprivacy to os-dep/Apple/ dir.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24260)
show more ...
|
| 48e3cf25 | 22-Mar-2024 |
Jiasheng Jiang |
ssl/statem: Replace size_t with int and add the checks
Replace the type of variables with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Moreover, add the che
ssl/statem: Replace size_t with int and add the checks
Replace the type of variables with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Moreover, add the checks to avoid integer overflow.
Fixes: 6594189 ("Merge early_data_info extension into early_data")
Fixes: 9368f86 ("Add TLSv1.3 client side external PSK support")
Fixes: 1053a6e ("Implement Server side of PSK extension parsing")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23937)
show more ...
|
| 6d018570 | 15-Apr-2024 |
Viktor Dukhovni |
Avoid duplicate default CApath lookups
Fixes #21067
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.co
Avoid duplicate default CApath lookups
Fixes #21067
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24140)
show more ...
|
| 15d6114d | 19-Apr-2024 |
Dimitri John Ledkov |
hkdf: when HMAC key is all zeros, still set a valid key length
By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS
hkdf: when HMAC key is all zeros, still set a valid key length
By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS 140-3
requirements.
Also reading RFC8448 and RFC5869, this seems to be strictly correct
too.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24204)
show more ...
|
| 5d218b0e | 22-Apr-2024 |
hrtarsia <89439116+hrtarsia@users.noreply.github.com> |
Fix grammar in srp_verifier.txt
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl
Fix grammar in srp_verifier.txt
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24237)
show more ...
|
| 7c305197 | 22-Apr-2024 |
Merreck <40280583+AndrewNic@users.noreply.github.com> |
sha512.c: Grammar Fixes and Spell Checks in Implementation Notes
Added commas for sentence openers in Implementation Notes. Fixed
spelling of "reasons" section of the notes.
CLA
sha512.c: Grammar Fixes and Spell Checks in Implementation Notes
Added commas for sentence openers in Implementation Notes. Fixed
spelling of "reasons" section of the notes.
CLA: trivial
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24241)
show more ...
|
| c81b7b05 | 22-Apr-2024 |
hrtarsia <89439116+hrtarsia@users.noreply.github.com> |
Fix grammar in certificates.txt
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope
Fix grammar in certificates.txt
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24238)
show more ...
|
| 599bc929 | 16-Feb-2024 |
Tomas Mraz |
Update perl-actions/install-with-cpanm version in CI
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from http
Update perl-actions/install-with-cpanm version in CI
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/23613)
show more ...
|
| f892397c | 02-Oct-2023 |
Damian Hobson-Garcia |
Add Attribute Certificate suport comments to CHANGES and NEWS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.c
Add Attribute Certificate suport comments to CHANGES and NEWS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| 11cd18c6 | 27-Feb-2024 |
Damian Hobson-Garcia |
x509_acert: Add more parsing and printing tests
These have been extracted from the boucycastle test code.
Make sure that these certificates can be safely and correctly parsed
and pri
x509_acert: Add more parsing and printing tests
These have been extracted from the boucycastle test code.
Make sure that these certificates can be safely and correctly parsed
and printed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| dab96a4f | 03-Jun-2021 |
Damian Hobson-Garcia |
x509_acert: Load attributes from config file section
Several of the attribute values defined for use by attribute certificates
use multi-valued data in an ASN.1 SEQUENCE. Allow reading o
x509_acert: Load attributes from config file section
Several of the attribute values defined for use by attribute certificates
use multi-valued data in an ASN.1 SEQUENCE. Allow reading of these values
from a configuration file, similar to how generic X.509 extensions are
handled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| d10b020e | 04-Apr-2023 |
Damian Hobson-Garcia |
fuzz: Add attribute certificate fuzz test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/p
fuzz: Add attribute certificate fuzz test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| f90d97ca | 05-Apr-2024 |
Damian Hobson-Garcia |
x509_acert: Add simple API tests
Add a some simple API tests for reading, printing, signing
and verifying attribute certificates.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
x509_acert: Add simple API tests
Add a some simple API tests for reading, printing, signing
and verifying attribute certificates.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| 0e8020a4 | 08-Jun-2021 |
Damian Hobson-Garcia |
Add IETFAttrSyntax type support
The IETFAtrrSyntax type is used for the values of several attributes
defined in RFC 5755 for use with attribute certificates.
Specifically this type i
Add IETFAttrSyntax type support
The IETFAtrrSyntax type is used for the values of several attributes
defined in RFC 5755 for use with attribute certificates.
Specifically this type is used with the "Charging Identity" and
"Group" attributes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| 1eeec94f | 30-Jun-2023 |
Damian Hobson-Garcia |
x509_acert: Add and retrieve certificate extensions
Add API to manage attribute certificate extensions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhor
x509_acert: Add and retrieve certificate extensions
Add API to manage attribute certificate extensions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| b97fb22f | 30-Jun-2023 |
Damian Hobson-Garcia |
x509_acert: Add API to sign and verify attribute certificates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.c
x509_acert: Add API to sign and verify attribute certificates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| 62960b87 | 30-Jun-2023 |
Damian Hobson-Garcia |
x509_acert: Add, remove and get attribute certificate attributes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://githu
x509_acert: Add, remove and get attribute certificate attributes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
| 6b167313 | 30-Jun-2023 |
Damian Hobson-Garcia |
Attribute certificate printing functions
Add functions to print an attribute certificate. Several
attribute value types defined by the RFC 5755 specification
are multi-field values
Attribute certificate printing functions
Add functions to print an attribute certificate. Several
attribute value types defined by the RFC 5755 specification
are multi-field values (i.e ASN1_SEQUENCE rather than an ASN1_STRING
or similar format). Currently those values are printed using
`ASN1_item_print`. A more user-friendly output mechanism (maybe
similar to the i2r_ functions used for X509 extensions) could be
added in future.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|
