- Nov 12, 2024
-
-
Tomas Mraz authored
Otherwise we will calculate an incorrect header size for higher stream ids and won't fit the frame into the packet. Fixes #25417 Reviewed-by:
Saša Nedvědický <sashan@openssl.org> Reviewed-by:
Neil Horman <nhorman@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25928)
-
Dr. David von Oheimb authored
Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
Tomas Mraz <tomas@openssl.org> Reviewed-by:
Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/22528)
-
- Nov 09, 2024
-
-
Dr. David von Oheimb authored
Fixes #25827 Reviewed-by:
-
Dr. David von Oheimb authored
openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc. Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25903)
-
Dr. David von Oheimb authored
Fixed #25898 Reviewed-by:
-
- Nov 08, 2024
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will return the error "no cipher match" if no TLSv1.2 (or below) ciphers are enabled after calling them. However this is normal behaviour for QUIC objects which do not support TLSv1.2 ciphers. Therefore we should suppress that error in this case. Fixes #25878 Reviewed-by:
-
- Nov 07, 2024
-
-
Matt Caswell authored
Setting a new_session_cb should work for a QUIC object just as it does with a normal TLS object. Reviewed-by:
-
Matt Caswell authored
When processing a callback within libssl that applies to TLS the original SSL object may have been created for TLS directly, or for QUIC. When making the callback we must make sure that we use the correct SSL object. In the case of QUIC we must not use the internal only SSL object. Fixes #25788 Reviewed-by:
-
Matt Caswell authored
In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference to the original SSL object as created by the user. We should keep a reference to it. Reviewed-by:
-
Vladimirs Ambrosovs authored
param->ctrl translation: Fix fix_ecdh_cofactor() In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should return value in ctx->p1 param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl return Since some of the ctrl operations may return 0 as valid value (e.g. ecdh_cofactor value 0 is valid setting), before colling POST_PARAMS_TO_CTRL, we need to check return value for 0 as well otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails without a chance to fix the return value param->ctrl translation: Set ecdh_cofactor default action_type GET Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
oleg.hoefling authored
Indent namingAuthority section with two spaces to match the parent node. Signed-off-by:
oleg.hoefling <oleg.hoefling@gmail.com> Reviewed-by:
-
Niels Dossche authored
When sk_GENERAL_NAME_reserve() fails, ialt is not freed. Add the freeing operation in the common error path. Reviewed-by:
Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by:
-
- Nov 05, 2024
-
-
Niels Dossche authored
There are several calls to sk_GENERAL_NAME_free() where the argument is actually NULL, there are not necessary. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Celeste Liu authored
We forget it in 58301e24 . Fixes #25853 CLA: trivial Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
ArtSin authored
Fix cases where `int` argument was passed instead of `size_t`. CLA: trivial Reviewed-by:
-
Matt Caswell authored
We should not have an example showing the default_md as md5. Reviewed-by:
-
- Nov 04, 2024
-
-
Michael Baentsch authored
Also add brainpool curves Reviewed-by:
-
Gábor Tóthvári authored
CLA: trivial Reviewed-by:
-
Todd Short authored
Fixes #25471 Signed-off-by:
Todd Short <todd.short@me.com> Reviewed-by:
-
Frederik Wedel-Heinen authored
Fixes #25790 Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
Mohammed Alhabib authored
Fixed the benchmarking for the evp aead interface for ccm, gcm, ocb, and siv, where decryption fails when executing `openssl speed -evp aes-128-ccm -decrypt` and `openssl speed -evp aes-128-gcm -decrypt`. Related issues are [24686](https://github.com/openssl/openssl/issues/24686) and [24250](https://github.com/openssl/openssl/issues/24250 ). Now both encryption and decryption, with or without AAD, executes correctly without issues. Reviewed-by:
-
Aditya authored
Update `CHANGES.md` and `NEWS.md`; remove `no-des` guard from req, cms, and smime apps Update MAN pages for default cipher; fix styling by removing braces around single statements Reviewed-by:
-
- Nov 01, 2024
-
-
Zheyu Shen authored
Original documented sample command causes error. PEM recipient cert argument needs to go last. CLA: trivial Reviewed-by:
-
- Oct 31, 2024
-
-
Tomas Mraz authored
Although this cannot really happen check for 0 block size to avoid division by 0. Fixes Coverity 1633936 Reviewed-by:
Paul Dale <ppzgs1@gmail.com> Reviewed-by:
-
- Oct 30, 2024
-
-
Niels Dossche authored
ctx->propq is a duplicated string, but the error code does not free the duplicated string's memory. If e.g. EVP_CIPHER_fetch() fails then we can leak the string's memory. Reviewed-by:
-
Aditya authored
Reviewed-by:
-
Aditya authored
Reviewed-by:
-
Neil Horman authored
Now that libcrypto supports the user of SSLKEYLOGFILE, the interop demo attempts to open the same file based on the same env variable. The hq-interop-demo code can just be removed, and it fixes the open failure when both libcrypto and hq-interop attempt to open and write the same file, which is causing the nightly failure Reviewed-by:
-
Richard Levitte authored
Look at the end result instead of the file name it's stored in Reviewed-by:
-
Michael Baentsch authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- Oct 28, 2024
-
-
Tomas Mraz authored
Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
Matt Caswell authored
Some environments using musl are reported to have the hwprobe.h include file but not have the __NR_riscv_hwprobe define. Fixes #25772 Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
