https://github.com/openssl/openssl
- HEAD
- refs/heads/OpenSSL-engine-0_9_6-stable
- refs/heads/OpenSSL-fips-0_9_7-stable
- refs/heads/OpenSSL-fips-0_9_8-stable
- refs/heads/OpenSSL-fips-1_2-stable
- refs/heads/OpenSSL-fips-2_0-dev
- refs/heads/OpenSSL-fips-2_0-stable
- refs/heads/OpenSSL-fips2-0_9_7-stable
- refs/heads/OpenSSL_0_9_6-stable
- refs/heads/OpenSSL_0_9_7-stable
- refs/heads/OpenSSL_0_9_8-stable
- refs/heads/OpenSSL_0_9_8fg-stable
- refs/heads/OpenSSL_1_0_0-stable
- refs/heads/OpenSSL_1_0_1-stable
- refs/heads/OpenSSL_1_0_2-stable
- refs/heads/OpenSSL_1_1_0-stable
- refs/heads/OpenSSL_1_1_1-stable
- refs/heads/SSLeay
- refs/heads/feature/dtls-1.3
- refs/heads/feature/ech
- refs/heads/feature/quic-server
- refs/heads/master
- refs/heads/openssl-3.0
- refs/heads/openssl-3.1
- refs/heads/openssl-3.2
- refs/heads/openssl-3.3
- refs/heads/tls1.3-draft-18
- refs/heads/tls1.3-draft-19
- refs/tags/AFTER_COMPAQ_PATCH
- refs/tags/BEFORE_COMPAQ_PATCH
- refs/tags/BEFORE_engine
- refs/tags/BEN_FIPS_TEST_1
- refs/tags/BEN_FIPS_TEST_2
- refs/tags/BEN_FIPS_TEST_3
- refs/tags/BEN_FIPS_TEST_4
- refs/tags/BEN_FIPS_TEST_5
- refs/tags/BEN_FIPS_TEST_6
- refs/tags/BEN_FIPS_TEST_7
- refs/tags/BEN_FIPS_TEST_8
- refs/tags/FIPS_098_TEST_1
- refs/tags/FIPS_098_TEST_2
- refs/tags/FIPS_098_TEST_3
- refs/tags/FIPS_098_TEST_4
- refs/tags/FIPS_098_TEST_5
- refs/tags/FIPS_098_TEST_6
- refs/tags/FIPS_098_TEST_7
- refs/tags/FIPS_098_TEST_8
- refs/tags/FIPS_TEST_10
- refs/tags/FIPS_TEST_9
- refs/tags/LEVITTE_after_const
- refs/tags/LEVITTE_before_const
- refs/tags/OpenSSL-engine-0_9_6
- refs/tags/OpenSSL-engine-0_9_6-beta1
- refs/tags/OpenSSL-engine-0_9_6-beta2
- refs/tags/OpenSSL-engine-0_9_6-beta3
- refs/tags/OpenSSL-engine-0_9_6a
- refs/tags/OpenSSL-engine-0_9_6a-beta1
- refs/tags/OpenSSL-engine-0_9_6a-beta2
- refs/tags/OpenSSL-engine-0_9_6a-beta3
- refs/tags/OpenSSL-engine-0_9_6b
- refs/tags/OpenSSL-engine-0_9_6c
- refs/tags/OpenSSL-engine-0_9_6d
- refs/tags/OpenSSL-engine-0_9_6d-beta1
- refs/tags/OpenSSL-engine-0_9_6e
- refs/tags/OpenSSL-engine-0_9_6f
- refs/tags/OpenSSL-engine-0_9_6g
- refs/tags/OpenSSL-engine-0_9_6h
- refs/tags/OpenSSL-engine-0_9_6i
- refs/tags/OpenSSL-engine-0_9_6j
- refs/tags/OpenSSL-engine-0_9_6k
- refs/tags/OpenSSL-engine-0_9_6l
- refs/tags/OpenSSL-engine-0_9_6m
- refs/tags/OpenSSL-fips-1_2_0
- refs/tags/OpenSSL-fips-1_2_1
- refs/tags/OpenSSL-fips-1_2_2
- refs/tags/OpenSSL-fips-1_2_3
- refs/tags/OpenSSL-fips-2_0
- refs/tags/OpenSSL-fips-2_0-pl1
- refs/tags/OpenSSL-fips-2_0-rc1
- refs/tags/OpenSSL-fips-2_0-rc2
- refs/tags/OpenSSL-fips-2_0-rc3
- refs/tags/OpenSSL-fips-2_0-rc4
- refs/tags/OpenSSL-fips-2_0-rc5
- refs/tags/OpenSSL-fips-2_0-rc6
- refs/tags/OpenSSL-fips-2_0-rc7
- refs/tags/OpenSSL-fips-2_0-rc8
- refs/tags/OpenSSL-fips-2_0-rc9
- refs/tags/OpenSSL-fips-2_0_1
- refs/tags/OpenSSL_0_9_1c
- refs/tags/OpenSSL_0_9_2b
- refs/tags/OpenSSL_0_9_3
- refs/tags/OpenSSL_0_9_3a
- refs/tags/OpenSSL_0_9_3beta1
- refs/tags/OpenSSL_0_9_3beta2
- refs/tags/OpenSSL_0_9_4
- refs/tags/OpenSSL_0_9_5
- refs/tags/OpenSSL_0_9_5a
- refs/tags/OpenSSL_0_9_5a-beta1
- refs/tags/OpenSSL_0_9_5a-beta2
- refs/tags/OpenSSL_0_9_5beta1
- refs/tags/OpenSSL_0_9_5beta2
- refs/tags/OpenSSL_0_9_6
- refs/tags/OpenSSL_0_9_6-beta1
- refs/tags/OpenSSL_0_9_6-beta2
- refs/tags/OpenSSL_0_9_6-beta3
- refs/tags/OpenSSL_0_9_6a
- refs/tags/OpenSSL_0_9_6a-beta1
- refs/tags/OpenSSL_0_9_6a-beta2
- refs/tags/OpenSSL_0_9_6a-beta3
- refs/tags/OpenSSL_0_9_6b
- refs/tags/OpenSSL_0_9_6c
- refs/tags/OpenSSL_0_9_6d
- refs/tags/OpenSSL_0_9_6d-beta1
- refs/tags/OpenSSL_0_9_6e
- refs/tags/OpenSSL_0_9_6f
- refs/tags/OpenSSL_0_9_6g
- refs/tags/OpenSSL_0_9_6h
- refs/tags/OpenSSL_0_9_6i
- refs/tags/OpenSSL_0_9_6j
- refs/tags/OpenSSL_0_9_6k
- refs/tags/OpenSSL_0_9_6l
- refs/tags/OpenSSL_0_9_6m
- refs/tags/OpenSSL_0_9_7
- refs/tags/OpenSSL_0_9_7-beta1
- refs/tags/OpenSSL_0_9_7-beta2
- refs/tags/OpenSSL_0_9_7-beta3
- refs/tags/OpenSSL_0_9_7-beta4
- refs/tags/OpenSSL_0_9_7-beta5
- refs/tags/OpenSSL_0_9_7-beta6
- refs/tags/OpenSSL_0_9_7a
- refs/tags/OpenSSL_0_9_7b
- refs/tags/OpenSSL_0_9_7c
- refs/tags/OpenSSL_0_9_7d
- refs/tags/OpenSSL_0_9_7e
- refs/tags/OpenSSL_0_9_7f
- refs/tags/OpenSSL_0_9_7g
- refs/tags/OpenSSL_0_9_7h
- refs/tags/OpenSSL_0_9_7i
- refs/tags/OpenSSL_0_9_7j
- refs/tags/OpenSSL_0_9_7k
- refs/tags/OpenSSL_0_9_7l
- refs/tags/OpenSSL_0_9_7m
- refs/tags/OpenSSL_0_9_8
- refs/tags/OpenSSL_0_9_8-beta1
- refs/tags/OpenSSL_0_9_8-beta2
- refs/tags/OpenSSL_0_9_8-beta3
- refs/tags/OpenSSL_0_9_8-beta4
- refs/tags/OpenSSL_0_9_8-beta5
- refs/tags/OpenSSL_0_9_8-beta6
- refs/tags/OpenSSL_0_9_8a
- refs/tags/OpenSSL_0_9_8b
- refs/tags/OpenSSL_0_9_8c
- refs/tags/OpenSSL_0_9_8d
- refs/tags/OpenSSL_0_9_8e
- refs/tags/OpenSSL_0_9_8f
- refs/tags/OpenSSL_0_9_8g
- refs/tags/OpenSSL_0_9_8h
- refs/tags/OpenSSL_0_9_8i
- refs/tags/OpenSSL_0_9_8j
- refs/tags/OpenSSL_0_9_8k
- refs/tags/OpenSSL_0_9_8l
- refs/tags/OpenSSL_0_9_8m
- refs/tags/OpenSSL_0_9_8m-beta1
- refs/tags/OpenSSL_0_9_8n
- refs/tags/OpenSSL_0_9_8o
- refs/tags/OpenSSL_0_9_8p
- refs/tags/OpenSSL_0_9_8q
- refs/tags/OpenSSL_0_9_8r
- refs/tags/OpenSSL_0_9_8s
- refs/tags/OpenSSL_0_9_8t
- refs/tags/OpenSSL_0_9_8u
- refs/tags/OpenSSL_0_9_8v
- refs/tags/OpenSSL_0_9_8w
- refs/tags/OpenSSL_0_9_8x
- refs/tags/OpenSSL_1_0_0
- refs/tags/OpenSSL_1_0_0-beta1
- refs/tags/OpenSSL_1_0_0-beta2
- refs/tags/OpenSSL_1_0_0-beta3
- refs/tags/OpenSSL_1_0_0-beta4
- refs/tags/OpenSSL_1_0_0-beta5
- refs/tags/OpenSSL_1_0_0a
- refs/tags/OpenSSL_1_0_0b
- refs/tags/OpenSSL_1_0_0c
- refs/tags/OpenSSL_1_0_0d
- refs/tags/OpenSSL_1_0_0e
- refs/tags/OpenSSL_1_0_0f
- refs/tags/OpenSSL_1_0_0g
- refs/tags/OpenSSL_1_0_0h
- refs/tags/OpenSSL_1_0_0i
- refs/tags/OpenSSL_1_0_0j
- refs/tags/OpenSSL_1_0_1
- refs/tags/OpenSSL_1_0_1-beta1
- refs/tags/OpenSSL_1_0_1-beta2
- refs/tags/OpenSSL_1_0_1-beta3
- refs/tags/OpenSSL_1_0_1a
- refs/tags/OpenSSL_1_0_1b
- refs/tags/OpenSSL_1_0_1c
- refs/tags/OpenSSL_FIPS_1_0
- refs/tags/SSLeay_0_8_1b
- refs/tags/SSLeay_0_9_0b
- refs/tags/SSLeay_0_9_1b
- refs/tags/STATE_after_zlib
- refs/tags/STATE_before_zlib
- refs/tags/rsaref
- openssl-3.3.1
- openssl-3.3.0-beta1
- openssl-3.3.0-alpha1
- openssl-3.3.0
- openssl-3.2.2
- openssl-3.2.1
- openssl-3.2.0-beta1
- openssl-3.2.0-alpha2
- openssl-3.2.0-alpha1
- openssl-3.2.0
- openssl-3.1.6
- openssl-3.1.5
- openssl-3.1.4
- openssl-3.1.3
- openssl-3.1.2
- openssl-3.1.1
- openssl-3.1.0-beta1
- openssl-3.1.0-alpha1
- openssl-3.1.0
- openssl-3.0.9
- openssl-3.0.8
- openssl-3.0.7
- openssl-3.0.6
- openssl-3.0.5
- openssl-3.0.4
- openssl-3.0.3
- openssl-3.0.2
- openssl-3.0.14
- openssl-3.0.13
- openssl-3.0.12
- openssl-3.0.11
- openssl-3.0.10
- openssl-3.0.1
- openssl-3.0.0-beta2
- openssl-3.0.0-beta1
- openssl-3.0.0-alpha9
- openssl-3.0.0-alpha8
- openssl-3.0.0-alpha7
- openssl-3.0.0-alpha6
- openssl-3.0.0-alpha5
- openssl-3.0.0-alpha4
- openssl-3.0.0-alpha3
- openssl-3.0.0-alpha2
- openssl-3.0.0-alpha17
- openssl-3.0.0-alpha16
- openssl-3.0.0-alpha15
- openssl-3.0.0-alpha14
- openssl-3.0.0-alpha13
- openssl-3.0.0-alpha12
- openssl-3.0.0-alpha11
- openssl-3.0.0-alpha10
- openssl-3.0.0-alpha1
- openssl-3.0.0
- master-pre-reformat
- master-pre-auto-reformat
- master-post-reformat
- master-post-auto-reformat
- OpenSSL_1_1_1w
- OpenSSL_1_1_1v
- OpenSSL_1_1_1u
- OpenSSL_1_1_1t
- OpenSSL_1_1_1s
- OpenSSL_1_1_1r
- OpenSSL_1_1_1q
- OpenSSL_1_1_1p
- OpenSSL_1_1_1o
- OpenSSL_1_1_1n
- OpenSSL_1_1_1m
- OpenSSL_1_1_1l
- OpenSSL_1_1_1k
- OpenSSL_1_1_1j
- OpenSSL_1_1_1i
- OpenSSL_1_1_1h
- OpenSSL_1_1_1g
- OpenSSL_1_1_1f
- OpenSSL_1_1_1e
- OpenSSL_1_1_1d
- OpenSSL_1_1_1c
- OpenSSL_1_1_1b
- OpenSSL_1_1_1a
- OpenSSL_1_1_1-pre9
- OpenSSL_1_1_1-pre8
- OpenSSL_1_1_1-pre7
- OpenSSL_1_1_1-pre6
- OpenSSL_1_1_1-pre5
- OpenSSL_1_1_1-pre4
- OpenSSL_1_1_1-pre3
- OpenSSL_1_1_1-pre2
- OpenSSL_1_1_1-pre1
- OpenSSL_1_1_1
- OpenSSL_1_1_0l
- OpenSSL_1_1_0k
- OpenSSL_1_1_0j
- OpenSSL_1_1_0i
- OpenSSL_1_1_0h
- OpenSSL_1_1_0g
- OpenSSL_1_1_0f
- OpenSSL_1_1_0e
- OpenSSL_1_1_0d
- OpenSSL_1_1_0c
- OpenSSL_1_1_0b
- OpenSSL_1_1_0a
- OpenSSL_1_1_0-pre6
- OpenSSL_1_1_0-pre5
- OpenSSL_1_1_0-pre4
- OpenSSL_1_1_0-pre3
- OpenSSL_1_1_0-pre2
- OpenSSL_1_1_0-pre1
- OpenSSL_1_1_0
- OpenSSL_1_0_2u
- OpenSSL_1_0_2t
- OpenSSL_1_0_2s
- OpenSSL_1_0_2r
- OpenSSL_1_0_2q
- OpenSSL_1_0_2p
- OpenSSL_1_0_2o
- OpenSSL_1_0_2n
- OpenSSL_1_0_2m
- OpenSSL_1_0_2l
- OpenSSL_1_0_2k
- OpenSSL_1_0_2j
- OpenSSL_1_0_2i
- OpenSSL_1_0_2h
- OpenSSL_1_0_2g
- OpenSSL_1_0_2f
- OpenSSL_1_0_2e
- OpenSSL_1_0_2d
- OpenSSL_1_0_2c
- OpenSSL_1_0_2b
- OpenSSL_1_0_2a
- OpenSSL_1_0_2-pre-reformat
- OpenSSL_1_0_2-pre-auto-reformat
- OpenSSL_1_0_2-post-reformat
- OpenSSL_1_0_2-post-auto-reformat
- OpenSSL_1_0_2-beta3
- OpenSSL_1_0_2-beta2
- OpenSSL_1_0_2-beta1
- OpenSSL_1_0_2
- OpenSSL_1_0_1u
- OpenSSL_1_0_1t
- OpenSSL_1_0_1s
- OpenSSL_1_0_1r
- OpenSSL_1_0_1q
- OpenSSL_1_0_1p
- OpenSSL_1_0_1o
- OpenSSL_1_0_1n
- OpenSSL_1_0_1m
- OpenSSL_1_0_1l
- OpenSSL_1_0_1k
- OpenSSL_1_0_1j
- OpenSSL_1_0_1i
- OpenSSL_1_0_1h
- OpenSSL_1_0_1g
- OpenSSL_1_0_1f
- OpenSSL_1_0_1e
- OpenSSL_1_0_1d
- OpenSSL_1_0_1-pre-reformat
- OpenSSL_1_0_1-pre-auto-reformat
- OpenSSL_1_0_1-post-reformat
- OpenSSL_1_0_1-post-auto-reformat
- OpenSSL_1_0_0t
- OpenSSL_1_0_0s
- OpenSSL_1_0_0r
- OpenSSL_1_0_0q
- OpenSSL_1_0_0p
- OpenSSL_1_0_0o
- OpenSSL_1_0_0n
- OpenSSL_1_0_0m
- OpenSSL_1_0_0l
- OpenSSL_1_0_0k
- OpenSSL_1_0_0-pre-reformat
- OpenSSL_1_0_0-pre-auto-reformat
- OpenSSL_1_0_0-post-reformat
- OpenSSL_1_0_0-post-auto-reformat
- OpenSSL_0_9_8zh
- OpenSSL_0_9_8zg
- OpenSSL_0_9_8zf
- OpenSSL_0_9_8ze
- OpenSSL_0_9_8zd
- OpenSSL_0_9_8zc
- OpenSSL_0_9_8zb
- OpenSSL_0_9_8za
- OpenSSL_0_9_8y
- OpenSSL_0_9_8-pre-reformat
- OpenSSL_0_9_8-pre-auto-reformat
- OpenSSL_0_9_8-post-reformat
- OpenSSL_0_9_8-post-auto-reformat
- OpenSSL-fips-2_0_9
- OpenSSL-fips-2_0_8
- OpenSSL-fips-2_0_7
- OpenSSL-fips-2_0_6
- OpenSSL-fips-2_0_5
- OpenSSL-fips-2_0_4
- OpenSSL-fips-2_0_3
- OpenSSL-fips-2_0_2
- OpenSSL-fips-2_0_16
- OpenSSL-fips-2_0_15
- OpenSSL-fips-2_0_14
- OpenSSL-fips-2_0_13
- OpenSSL-fips-2_0_12
- OpenSSL-fips-2_0_11
- OpenSSL-fips-2_0_10
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| cf28777 | Richard Levitte | 23 November 2023, 13:20:19 UTC | Prepare for release of 3.2.0 Reviewed-by: Hugo Landau <hlandau@openssl.org> Release: yes | 23 November 2023, 13:20:19 UTC |
| 18f5942 | Richard Levitte | 23 November 2023, 13:20:07 UTC | make update Reviewed-by: Hugo Landau <hlandau@openssl.org> Release: yes | 23 November 2023, 13:20:07 UTC |
| 8bee92a | Richard Levitte | 23 November 2023, 13:18:06 UTC | Copyright year updates Reviewed-by: Hugo Landau <hlandau@openssl.org> Release: yes | 23 November 2023, 13:18:06 UTC |
| d330fef | Hugo Landau | 20 November 2023, 15:07:09 UTC | Make CHANGES.md header more appropriate Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22785) | 23 November 2023, 10:51:53 UTC |
| 5e07ea4 | Hugo Landau | 20 November 2023, 14:06:42 UTC | Amend NEWS.md to be more like release notes Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22785) | 23 November 2023, 10:51:53 UTC |
| 5647960 | James Muir | 17 November 2023, 22:58:24 UTC | doc: fix description of mac "block-size" parameter The macro for "block-size" is OSSL_MAC_PARAM_BLOCK_SIZE, and this parameter is not settable. Refer to the "customization string" rather than the "custom value" (in the Blake2 spec, this is called the personalization string). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22763) (cherry picked from commit 1750689767cc922bdbe73358f7256475f0838c67) | 22 November 2023, 09:52:39 UTC |
| 09adcb0 | James Muir | 13 November 2023, 19:28:23 UTC | doc: better description of KECCAK-KMAC XOF KECCAK-KMAC-128 and KECCAK-KMAC-256 are extendable output functions that have been defined because they are convenient for implementing KMAC. Give definitions for them so that users aren't left to figure that out themselves. KECCAK-KMAC-128 is very similar to SHAKE-128, and KECCAK-KMAC-256 is very similar to SHAKE-256. Related to #22619. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22755) (cherry picked from commit f1bea887ef17802a2d83e9289e812c00fd0f0523) | 22 November 2023, 09:49:11 UTC |
| fb61722 | Matt Caswell | 10 November 2023, 15:33:21 UTC | Update the provider documentation Make the documentation match reality. Add lots of missing algorithms. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22694) (cherry picked from commit ae14f38cc990f65e5982109d0ef419123285c60f) | 22 November 2023, 09:45:30 UTC |
| bcb488d | James Muir | 05 November 2023, 03:06:06 UTC | Update OpenSSL logos Add two new files doc/images/openssl-square.svg doc/images/openssl-square-nontransparent.png and update the existing file doc/images/openssl.svg The "square" versions of the logo write "Open" and "SSL" on separate lines, so that less horizontal space is used. The png file (nontransparent, white background) can be used to update the profile picture for the OpenSSL organization on GitHub. For the existing logo, openssl.svg, the subtitle "Cryptography and SSL/TLS Toolkit" has been dropped and the text-elements have been converted to paths (so they are no longer dependent on what fonts the renderer provides). The svg files were provided by Anton A. Part of https://github.com/openssl/project/issues/262 Reviewed-by: Anton Arapov <anton@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22626) (cherry picked from commit 339e5cb0be8e57372548401a998d2e5145cfc7eb) | 22 November 2023, 09:38:41 UTC |
| 1ad7f4b | Bernd Edlinger | 14 November 2023, 01:42:42 UTC | Fix possible memleak in PKCS7_add0_attrib_signing_time When PKCS7_add_signed_attribute fails, the ASN1_TIME object may be leaked when it was not passed in as input parameter. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22772) (cherry picked from commit 7d52539f00144cb410c4e9d8da0b9574c0badb19) | 22 November 2023, 08:50:03 UTC |
| 54e1786 | Bernd Edlinger | 20 November 2023, 09:05:49 UTC | Fix a possible use-after-free in custom_exts_free This may happen when ssl_cert_dup calls custom_exts_copy, where a possible memory allocation error causes custom_exts_free to be called twice: once in the error handling of custom_exts_copy and a second time in the error handling of ssl_cert_dup. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22772) (cherry picked from commit bc0773bbbd4d3ace6957385f1f22a5cda25dc94f) | 22 November 2023, 08:36:28 UTC |
| 757d649 | Bernd Edlinger | 17 November 2023, 06:12:42 UTC | Fix a possible memleak in CMS_sign_receipt When an error happens after cms_encode_Receipt the ASN1_OCTET_STRING object "os" may be leaked. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22758) (cherry picked from commit 3e3aadd51cae1fbfb512cf4a0999d16c6a2888bd) | 22 November 2023, 08:32:49 UTC |
| f06d408 | Bernd Edlinger | 15 November 2023, 19:32:59 UTC | Fix a possible memleak in PKCS7_add_attrib_smimecap When PKCS7_add_signed_attribute fails, the ASN1_STRING object may be leaked. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22744) (cherry picked from commit ed3d2771278cfa1c355b40c681f5acc8404156c6) | 22 November 2023, 08:27:50 UTC |
| 7f943d4 | Bernd Edlinger | 15 November 2023, 18:46:17 UTC | Fix a possible memory leak in dane_tlsa_add Several error cases leak either the X509 object or the pkey or the danetls_record object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22743) (cherry picked from commit e4a94bcc77f3fda0f185e62a73a66d9b9b9388f5) | 22 November 2023, 08:20:35 UTC |
| 667f974 | Anders Jansson | 18 November 2023, 22:40:33 UTC | Fix typo in variable name Fix spelling $cppfags2 => $cppflags2 in file Configurations/windows-makefile.tmpl CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22771) (cherry picked from commit 6d552a532754f6ee66d6cc604655deaeb5425b16) | 21 November 2023, 13:02:09 UTC |
| 2bb8394 | Matt Caswell | 09 November 2023, 14:45:33 UTC | Move freeing of an old record layer to dtls1_clear_sent_buffer When we are clearing the sent messages queue we should ensure we free any old write record layers that are no longer in use. Previously this logic was in dtls1_hm_fragment_free() - but this can end up freeing the current record layer under certain error conditions. Fixes #22664 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22679) (cherry picked from commit a091bc6022b23c0b1caf1c7acbb1f15bdf290816) | 21 November 2023, 12:12:15 UTC |
| 1ea038b | Neil Horman | 09 November 2023, 13:13:58 UTC | zero data in hm_fragment on alloc if we allocate a new hm_frament in dtls1_buffer_message with dtls1_hm_fragment_new, the returned fragment contains uninitalized data in the msg_header field. If an error then occurs, and we free the fragment, dtls_hm_fragment_free interrogates the msg_header field (which is garbage), and potentially references undefined values, or worse, accidentally references available memory that is not owned, leading to various corruptions. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22679) (cherry picked from commit e59ed0bfeece9db433809af2cebbe271a402d59b) | 21 November 2023, 12:12:15 UTC |
| 3b86698 | Neil Horman | 31 October 2023, 15:54:03 UTC | augment quic demos to support ipv4/6 connections Because the quicserver utility supports expressly listening in ipv4/6 mode, its possible/likely that the server will listen on an ipv4 address, while the clients will connect via ipv6, leading to connection failures. Augment quic demo clients to afford them the same -6 option that the server has so that connection family can be co-ordinated Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22577) (cherry picked from commit 5091aadc223315ce115ee12f62df2af173bf5efb) | 21 November 2023, 12:07:00 UTC |
| 9a7a076 | dependabot[bot] | 15 November 2023, 10:14:21 UTC | Bump actions/github-script from 6 to 7 Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22730) (cherry picked from commit 5f6b08e218974d4fbbd77ffedc2d94a08a194cc2) | 15 November 2023, 10:38:22 UTC |
| 50a536a | Viktor Szakats | 27 August 2021, 12:22:15 UTC | Configure: do not check for an absolute prefix in cross-builds The check is always made according to the host platform's rules, which may not be true for true when the target platform is different, e.g. when cross-building for Windows on a Linux machine. So skip this check when used together with the `--cross-compile-prefix=` option. Fixes https://github.com/openssl/openssl/issues/9520 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22723) (cherry picked from commit 4ea752997df83c2a694fdb157aab07908303fc90) | 15 November 2023, 10:11:00 UTC |
| 2aba954 | Matt Caswell | 13 November 2023, 11:27:54 UTC | Correct tag len check when determining how much space we have in the pkt If the available space is equal to the tag length then we have no available space for plaintext data. Fixes #22699 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22715) (cherry picked from commit 46376fcf4b6d11ec417c2a530475037d4d09fcbf) | 15 November 2023, 10:07:16 UTC |
| 50c5676 | Matt Caswell | 13 November 2023, 14:39:53 UTC | Add some additional tests for the new fc "consumed" params Check that the "consumed" parameter is working as expected. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22718) (cherry picked from commit aa6ac60728207ba18779d7cbe71893c066bcbc28) | 15 November 2023, 10:04:04 UTC |
| 915ec62 | Matt Caswell | 13 November 2023, 14:16:57 UTC | Keep track of connection credit as we add stream data If a single packet contains data from multiple streams we need to keep track of the cummulative connection level credit consumed across all of the streams. Once the connection level credit has been consumed we must stop adding stream data. Fixes #22706 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22718) (cherry picked from commit e57bf6b3bfa2f0b18e5cad7fd3c5fdd7c51516b9) | 15 November 2023, 10:04:02 UTC |
| 1b83adc | Matthias St. Pierre | 04 November 2023, 23:18:08 UTC | README: add link to OpenSSL 3.2 manual pages Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/22625) (cherry picked from commit 4f0172c543dd0f5582d52185bfe2c132faee9c8e) | 15 November 2023, 07:37:42 UTC |
| 4391906 | Tomas Mraz | 10 November 2023, 16:28:16 UTC | Rearrange some CI jobs Those less useful should be in daily or on-push runs. Those more likely triggering CI failure that do not take too much time should be in main on pull request CI. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22693) (cherry picked from commit 456b32ba4f85000d168230b8cc5f58571699ed63) | 14 November 2023, 12:59:09 UTC |
| e3c3875 | Randall S. Becker | 10 November 2023, 20:24:22 UTC | Correct 50-nonstop.conf to support QUIC tests under SPT threading models. This fix also separates the FLOSS from SPT configurations which should not have been conflated in the 3.0 series. Related-to: #22588 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22697) | 14 November 2023, 10:05:12 UTC |
| 7dc833c | James Muir | 03 November 2023, 17:15:04 UTC | cms demos: print signingTime attributes Add a makefile for the cms demos, and add a routine to cms_ver.c to print any signingTime attributes from the CMS_ContentInfo object. This provides an example that could be extended if an application wants to examine the purported signing times. Part of #8026 Testing: $ cd demos/cms $ make test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22618) (cherry picked from commit 9257a89b6f25dfa5aeee7114baec8ea992fcf5e5) | 14 November 2023, 07:22:36 UTC |
| 0ef3e13 | Neil Horman | 10 November 2023, 20:31:23 UTC | Force Nonstop to use fcntl(F_GETFL) in BIO_sock_nbio In tracking down a hang, we found that nonstop platforms were falling into the if #ifdef FIONBIO clause in the implementation of BIO_sock_nbio. While the platform defines this macro, sockets set with this continued to operate in blocking mode. Given that the platform also support O_NONBLOCK, adjust the ifdef to have the nonstop platform use that method to ensure that sockets enter blocking mode Related-To #22588 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22696) (cherry picked from commit f63e1b48ac893dd6110452e70ed08f191547cd89) | 14 November 2023, 06:44:06 UTC |
| aa95fb1 | Tomas Mraz | 08 November 2023, 09:22:54 UTC | Properly limit the variable output size for BLAKE2 The upper limit of the output size is the default output size of the algorithm. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22661) | 13 November 2023, 11:29:28 UTC |
| 26997d6 | Alexey Fofanov | 18 October 2023, 11:23:22 UTC | apps/list.c: Check the result of inserting a provider into provider's stack Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22492) (cherry picked from commit 15b83e04a5e125ab873ace1e474790a4a5b44647) | 10 November 2023, 10:33:32 UTC |
| 0fdf6e0 | Bernd Edlinger | 06 November 2023, 09:44:27 UTC | Fix a possible memory leak of ssl->s3.tmp.psk Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22637) (cherry picked from commit a2b1ab6100d5f0fb50b61d241471eea087415632) | 09 November 2023, 16:35:54 UTC |
| fc0dce3 | Matt Caswell | 08 November 2023, 10:15:25 UTC | After a stream has implicit length don't add more stream related frames Once we have decided that a stream has an implicit length then we should treat the packet as full and not try to add any more stream related frames to the packet. Fixes #22658 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22662) (cherry picked from commit 7fe3010471a3263b2469ae35589357089050ce62) | 09 November 2023, 12:33:18 UTC |
| 4ee71b4 | Tomas Mraz | 07 November 2023, 14:22:00 UTC | Add CHANGES.md and NEWS.md entry for CVE-2023-5678 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22647) | 08 November 2023, 16:35:05 UTC |
| 2d0d3ed | Tomas Mraz | 07 November 2023, 14:14:34 UTC | Sync CHANGES.md and NEWS.md with 3.1 branch Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22647) | 08 November 2023, 16:35:05 UTC |
| 68ed191 | Hugo Landau | 03 November 2023, 15:13:51 UTC | QUIC TXP: Handle padding correctly for ACK_ONLY archetype Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22615) (cherry picked from commit e1c15a8abeb87a387cc7c64a424ca5f282b00632) | 08 November 2023, 15:09:56 UTC |
| ab3b836 | Hugo Landau | 03 November 2023, 14:53:10 UTC | QUIC TXP: Fix use of implicit-length STREAM frames in presence of PATH_REPSONSE frames Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22615) (cherry picked from commit 3bef14c5367b4e2d7aded4f80e78e8f19b74f710) | 08 November 2023, 15:09:55 UTC |
| d025b22 | Neil Horman | 03 November 2023, 16:56:40 UTC | add locking around fake_now fake_now in the quictestlib is read/written by potentially many threads, and as such should have a surrounding lock to prevent WAR/RAW errors as caught by tsan: 2023-11-03T16:27:23.7184999Z ================== 2023-11-03T16:27:23.7185290Z WARNING: ThreadSanitizer: data race (pid=18754) 2023-11-03T16:27:23.7185720Z Read of size 8 at 0x558f6f9fe970 by main thread: 2023-11-03T16:27:23.7186726Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7187665Z #1 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7188567Z #2 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7189561Z #3 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190294Z #4 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190720Z 2023-11-03T16:27:23.7190902Z Previous write of size 8 at 0x558f6f9fe970 by thread T1: 2023-11-03T16:27:23.7191607Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aecf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7192505Z #1 run_server_thread quictestlib.c (quicapitest+0x14b1d6) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193361Z #2 thread_run quictestlib.c (quicapitest+0x14cadf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193848Z 2023-11-03T16:27:23.7194220Z Location is global 'fake_now.0' of size 8 at 0x558f6f9fe970 (quicapitest+0x1af4970) 2023-11-03T16:27:23.7194636Z 2023-11-03T16:27:23.7194816Z Thread T1 (tid=18760, running) created by main thread at: 2023-11-03T16:27:23.7195465Z #0 pthread_create <null> (quicapitest+0xca12d) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7196317Z #1 qtest_create_quic_connection_ex <null> (quicapitest+0x14adcb) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7197214Z #2 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198111Z #3 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198940Z #4 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7199661Z #5 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7200083Z 2023-11-03T16:27:23.7200862Z SUMMARY: ThreadSanitizer: data race (/home/runner/work/openssl/openssl/test/quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) in qtest_create_quic_connection_ex Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22616) (cherry picked from commit 11179b3e8de8cd566af1215093db793ac3ed0f91) | 08 November 2023, 14:56:38 UTC |
| b4cf49c | Neil Horman | 03 November 2023, 16:12:38 UTC | Correct order of ossl_condvar_signal in quic_multistream_test quic_multistream test was issuing a signal on a condvar after dropping the corresponding mutex, not before, leading to potential race conditions in the reading of the associated data Fixes #22588 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22616) (cherry picked from commit 22b482a8b6f0c0e422c9b926c26d906ac6909106) | 08 November 2023, 14:56:35 UTC |
| 2f563dc | Pauli | 06 November 2023, 20:44:49 UTC | Add unit test for #22644 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22646) (cherry picked from commit 0efcf1384fd320a6235e90d7b078ad89ea504d16) | 08 November 2023, 11:09:37 UTC |
| f5f4bc3 | Pauli | 06 November 2023, 20:32:18 UTC | Fix bug in priority queue remove function The short circuit in the remove function when the element is the last in the heap, failed to add the removed slot back to the freelist. Fixes #22644 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22646) (cherry picked from commit a03108778044cc0d428ce38084ef6f318446fbe3) | 08 November 2023, 11:09:35 UTC |
| 2e40770 | Matthias St. Pierre | 25 October 2023, 09:05:58 UTC | apps/rehash.c: avoid printf format warning [-Wformat] The `aarch64-linux-android33-clang` cross-compiler (v14.0.6) complains twice about an unsupported '%n' format specifier, preventing a successful `--strict-warnings` build: error: '%n' specifier not supported on this platform [-Werror,-Wformat] BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d", This is a false positive, because BIO_snprintf() implements its own format parsing (which is implemented in the _dopr() function). This commit fixes the problem by rewriting the code to dispense with the dubious '%n' format specifier. As a side-effect, the code becomes a little bit more comprehensible and self-explaining. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22511) (cherry picked from commit ec0d22fe1571508c08b714715cfdb6ac60c53f78) | 08 November 2023, 09:28:56 UTC |
| 9f9dc85 | Bernd Edlinger | 06 November 2023, 10:03:05 UTC | Fix a possible memory leak in custom_ext_add Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22638) (cherry picked from commit 668a144f0a6dcfb9f904043c29372cbf19856c39) | 08 November 2023, 08:20:22 UTC |
| 0f96c6e | James Muir | 29 October 2023, 19:24:08 UTC | quic http3 demo: minor updates -update run command to include LD_LIBRARY_PATH -suggest installing libnghttp3-dev on Ubuntu -drop "-f" from clean recipe (it is already included in $(RM)) Part of https://github.com/openssl/project/issues/253 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22623) (cherry picked from commit 22fa1602da91af2194997e0576582bb4f0cdd7e0) | 08 November 2023, 00:13:17 UTC |
| 076d475 | Dmitry Belyavskiy | 06 November 2023, 09:53:46 UTC | Use proper KDF SS parameter name Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22636) (cherry picked from commit 1c6a37975495dd633847ff0c07747fae272d5e4d) | 07 November 2023, 12:09:37 UTC |
| 6061fd5 | Richard Levitte | 20 October 2023, 07:24:01 UTC | Fix conflicts between DH check flags and FFC check flags There are comments in include/openssl/dh.h and include/internal/ffc.h that they must be aligned with each other, and yet, clashes have been introduced. The simplest fix is to move the offending FFC flags out of the way, as they are indeed internal and shouldn't affect any public interface, apart from those that are aligned with the DH flags, which are public. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22453) (cherry picked from commit bc224e7edf87bbb353d51e9cb5c5999af8828856) | 06 November 2023, 07:55:47 UTC |
| d73028b | Richard Levitte | 20 October 2023, 07:18:19 UTC | Make DH_check_pub_key() and DH_generate_key() safer yet We already check for an excessively large P in DH_generate_key(), but not in DH_check_pub_key(), and none of them check for an excessively large Q. This change adds all the missing excessive size checks of P and Q. It's to be noted that behaviours surrounding excessively sized P and Q differ. DH_check() raises an error on the excessively sized P, but only sets a flag for the excessively sized Q. This behaviour is mimicked in DH_check_pub_key(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22453) (cherry picked from commit ec061bf8ff2add8050599058557178c03295bcc0) | 06 November 2023, 07:55:43 UTC |
| 61a468b | Matt Caswell | 02 November 2023, 16:25:27 UTC | Correctly track the original length when generating a stream frame txp_generate_stream_frames() plans chunks of data to send via the function txp_plan_stream_chunk(). That function may clamp the amount in the chunk due to flow control, even though there is more available to send. We should take this into account when deciding whether or not to try serializing the next chunk. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22601) (cherry picked from commit e718b248f94fa41562b740482813716a2ff13db5) | 06 November 2023, 07:51:50 UTC |
| 1ee0a9d | Tomas Mraz | 03 November 2023, 07:57:21 UTC | tparam_on_enc_ext(): Remove dead code in cleanup Fixes Coverity 1548382 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22606) (cherry picked from commit 3150dbe7cb71de1ee7040c6fdeb254c88e775b7c) | 06 November 2023, 07:50:57 UTC |
| e2c6a1d | Tomas Mraz | 03 November 2023, 07:52:43 UTC | ossl_quic_new(): Avoid dereferencing NULL qc during cleanup Fixes Coverity 1548383 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22606) (cherry picked from commit 0e2e4b3e69d4012f47b6908c2d8a13ec4e2d40e0) | 06 November 2023, 07:50:55 UTC |
| b4081e6 | Michael Hinz | 03 November 2023, 13:17:39 UTC | Fix documentation regarding KMAC sizes As per recommendation by jfinkhaeuser, this documents the defaults for KMAC-128 as 32 and for KMAC-256 as 64. The code already accomodates for these values, so no changes are needed there. Fixes #22381 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22614) (cherry picked from commit 56d1ab3b6c7468ce0f534f09e305a539101f9c3d) | 06 November 2023, 07:49:42 UTC |
| 478d14c | Tomas Mraz | 02 November 2023, 16:19:38 UTC | ossl_qrl_enc_level_set_provide_secret(): Avoid leaking keyslot in error condition Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22600) (cherry picked from commit 0c2aabbaeacf1cc9864daaed11fae755fe7bc025) | 06 November 2023, 07:47:38 UTC |
| 57fc999 | Tomas Mraz | 01 November 2023, 17:39:32 UTC | Add negative test for key length change Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22590) (cherry picked from commit 1aa08644ecd4005c0f55276b2e8dabd8a2a758f0) | 03 November 2023, 12:37:22 UTC |
| de46fe6 | Tomas Mraz | 01 November 2023, 17:14:09 UTC | Add negative test for iv length change Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22590) (cherry picked from commit 82750a0826cd4728f40df9ef31b3294d83aaafe0) | 03 November 2023, 12:37:22 UTC |
| e7cb211 | Tomas Mraz | 01 November 2023, 15:54:58 UTC | update/final: Return error if key is not set Also make sure the key is not set if the key length is changed on the context after the key was set previously. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22590) (cherry picked from commit 3a95d1e41abf2e8eb0f6f07003bac844950bfaae) | 03 November 2023, 12:37:21 UTC |
| 6941eb4 | Tomas Mraz | 01 November 2023, 13:00:22 UTC | When changing IV length invalidate previously set IV Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22590) (cherry picked from commit eddbb78f4e5196eee33b2fd3d6adeabb69d52eb7) | 03 November 2023, 12:37:19 UTC |
| 173dca8 | Pauli | 02 November 2023, 01:26:50 UTC | rand uniform: fix likely usage @mspncp noted that the condition should have been likely not unlikely. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22593) (cherry picked from commit b90662b4b0a6c7b6979a96581388ace7c217b470) | 03 November 2023, 10:20:57 UTC |
| 5d726f9 | Matt Caswell | 01 November 2023, 16:15:24 UTC | Add support for streams to the quic-client fuzzer Enable the quic-client fuzzer to accept and create new streams Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22592) (cherry picked from commit 3fa274ca815335e198cf36a1062c59a9f4c00510) | 03 November 2023, 10:00:32 UTC |
| 8dd7ee8 | Matt Caswell | 01 November 2023, 15:25:24 UTC | Call SSL_write() in the quic-client-fuzzer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22592) (cherry picked from commit d3dcf88cc5dead2ecaf29714f40cba586d6188ca) | 03 November 2023, 10:00:32 UTC |
| 2a4f8da | Stephen Farrell | 16 October 2023, 20:04:06 UTC | Add additional internal HPKE hardening checks resulting from code audit. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22493) (cherry picked from commit a1c0306895bf6cf28056aaf9cd22cb3b65d4bb0a) | 03 November 2023, 08:10:50 UTC |
| 96e58e3 | Hugo Landau | 26 October 2023, 11:47:58 UTC | TLS: Fix use of an uninitialized value Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22523) (cherry picked from commit f62fec64049959cee6b80043cd697d0e7357a24a) | 02 November 2023, 13:23:23 UTC |
| bcff823 | Hugo Landau | 26 October 2023, 10:39:06 UTC | QUIC: Test missing/malformed/duplicate/etc. transport parameters Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22523) (cherry picked from commit 8cb4a47dbb7fb5249c4ab9511d8f2e2f1cc4b445) | 02 November 2023, 13:23:23 UTC |
| 0561c3c | Hugo Landau | 26 October 2023, 10:37:21 UTC | QUIC QTEST_FAULT: Allow deleted TLS extension to be output Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22523) (cherry picked from commit 1d8a399f7bdbe9798cea9dc28bb6ee321f0f24f7) | 02 November 2023, 13:23:22 UTC |
| cecc05c | Hugo Landau | 26 October 2023, 10:36:51 UTC | QUIC WIRE: Refuse integer transport params with trailing body bytes Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22523) (cherry picked from commit 05937a70a14520a70e830af63aba4283ac6f3878) | 02 November 2023, 13:23:21 UTC |
| 3c7c486 | Hugo Landau | 26 October 2023, 10:36:31 UTC | QUIC CHANNEL: Set reason string for missing tparams extension Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22523) (cherry picked from commit f94cacb70b677462ecca79314a3d9714f8c0faba) | 02 November 2023, 13:23:19 UTC |
| b45d053 | Tomas Mraz | 31 October 2023, 14:11:30 UTC | ossl_quic_new(): Fix a leak found by error injection Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22572) (cherry picked from commit 55936eee86ce31e80fa49d11757f61fe9e20821e) | 02 November 2023, 13:19:57 UTC |
| 28932ab | Neil Horman | 30 October 2023, 17:47:05 UTC | Fix quicserver binding when duplicate entries exist In testing the quic demos, I found that the quicserver refused to start for me, indicating an inability to bind a socket to listen on The problem turned out to be that getaddrinfo on my system was returning multiple entries, due to the fact that /etc/host maps the localhost host name to both ipv4 (127.0.0.1) and ipv6 (::1), but returns the latter as an ipv4 mapped address (specifying family == AF_INET) It seems like the proper fix would be to modify the /etc/hosts file to not make that mapping, and indeed that works. However, since several distribution ship with this setup, it seems like it is worthwhile to manage it in the server code. its also that some other application may be bound to a given address/port leading to failure, which I think could be considered erroneous, as any failure for the full addrinfo list in quicserver would lead to a complete failure Fix this by modifying the create_dgram_bio function to count the number of sockets is successfully binds/listens on, skipping any failures, and only exit the application if the number of bound sockets is zero. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22559) (cherry picked from commit fe26b6b4961b1d5a560b52463923f6fb014f5068) | 02 November 2023, 11:28:24 UTC |
| 676f6e2 | наб | 31 October 2023, 19:36:59 UTC | CHANGES.md: document BLAKE2b's "size"-setting support Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22583) (cherry picked from commit 19641b48afb57b48c8d67b44d3ed7054ee2c6bab) | 02 November 2023, 09:32:49 UTC |
| d6b7545 | Hugo Landau | 31 October 2023, 16:47:55 UTC | QUIC SSTREAM: Fix bug in ossl_quic_sstream_is_totally_acked ossl_quic_sstream_is_totally_acked would return 0 if no data had been appended to the stream yet. Fixed and added tests. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22580) (cherry picked from commit 115ee28263c28c78a34ce4e40a9e4be8361deee6) | 02 November 2023, 08:49:28 UTC |
| 21f1c2d | Bernd Edlinger | 01 November 2023, 07:05:30 UTC | Fix a possible memory leak in load_builtin_compressions Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22585) (cherry picked from commit daf26c2d7a4d29ec1040fc0d5d4215cfc2dcf4a7) | 02 November 2023, 08:17:54 UTC |
| 6198e73 | Matt Caswell | 30 October 2023, 12:39:37 UTC | Update the OpenSSL Guide tutorials with changes to the demos The demo code has changed to accept the hostname/port on the command line. We update the tutorials to keep in sync with the demo code. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22552) (cherry picked from commit 9e973eb297c8127dcaefe97619ddcd5067d12f37) | 02 November 2023, 08:16:26 UTC |
| f7f40db | Matt Caswell | 30 October 2023, 12:17:30 UTC | Update the README with information about how to run the QUIC demos Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22552) (cherry picked from commit cb8107b632661d2ae538961424768f0ed074fcf6) | 02 November 2023, 08:16:26 UTC |
| 3b60efa | Matt Caswell | 30 October 2023, 12:04:40 UTC | Update the QUIC demos to accept hostname/port on the command line Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22552) (cherry picked from commit 420037c82c4b2bfea952cbe00730930844969438) | 02 November 2023, 08:16:25 UTC |
| 70de526 | Matt Caswell | 30 October 2023, 11:22:24 UTC | Extend the README to describe how to run the TLS demos We also supply some test certificates for use with the demos. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22552) (cherry picked from commit a2b824730ef12cda4e018f5f7cde2ab52a4d255c) | 02 November 2023, 08:16:24 UTC |
| 151af35 | Matt Caswell | 30 October 2023, 11:22:00 UTC | Amend the TLS demos to accept hostname/port as an argument Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22552) (cherry picked from commit 2ec4e73c0188425890329ae7f0372c66fb0c1234) | 02 November 2023, 08:16:23 UTC |
| 6aa921f | Hugo Landau | 31 October 2023, 16:11:43 UTC | QUIC MULTISTREAM TEST: Ensure frames are only injected into correct packet types Although the previous commit is enough to fix the immediate cause of the stochastic failure on Windows, this is a more resilient fix; make sure we only inject a given frame into the correct packet type for our various injection functions. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22578) (cherry picked from commit 660718ee5bafce9c5ca7604801a59f53df28f202) | 02 November 2023, 08:12:21 UTC |
| 6366192 | Hugo Landau | 31 October 2023, 15:58:21 UTC | QUIC MULTISTREAM TEST: Fix script 38 stochastic failure on Windows The QUIC fault injector frame injection functionality injects injected frames on whatever EL we happen to be using to generate a packet in. This means we sometimes inject the frame into a packet type it is not allowed to be in, causing a different error code to be generated. Fix this by making sure the connection is fully established before trying to generate the frame in question. Fixes #22348. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22578) (cherry picked from commit a6eb287a667ccbc241c59b23b151672e450bda4b) | 02 November 2023, 08:12:20 UTC |
| 4febab7 | Matt Caswell | 31 October 2023, 16:24:44 UTC | Don't create an ack frame if one isn't wanted for this pn_space The txp->want_ack value has different bit values for different pn_space values. Make sure we take that into account when we read it. Fixes #22568 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22579) (cherry picked from commit d13488b93690121bd50c97599760a19ead6bcd1f) | 01 November 2023, 18:07:43 UTC |
| 0d4a866 | James Muir | 26 October 2023, 21:50:45 UTC | quic ddd demos: update makefile and demo sources Update makefile and fix some signedness issues in the demo sources. Drop stray "\n" in the host-port format string that prevented ddd-01 from working (this was also noticed by Neil H). Also, determine the length of the message we are sending and send that many bytes (rather than send sizeof the buffer storing the message). These changes are part of https://github.com/openssl/project/issues/253 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22542) (cherry picked from commit d1338fcf12672ef4a3d417f5dd03e342710ee5b3) | 01 November 2023, 15:39:12 UTC |
| 97750ca | James Muir | 27 October 2023, 16:46:30 UTC | quic docs: update ddd README.md Minor edits (expand MVP acronym, suggest how to install "libuv") These changes are part of https://github.com/openssl/project/issues/253 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22543) (cherry picked from commit bcc04ab287d59e4f680c1a5eb768c19c5f74bea5) | 01 November 2023, 15:38:18 UTC |
| 96040e5 | Hugo Landau | 30 October 2023, 20:19:46 UTC | QUIC APL: Optimise write buffer sizes automatically Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22569) (cherry picked from commit b119f8b892ea1dc5ee75f01a4632e7bc2b67323b) | 01 November 2023, 15:36:22 UTC |
| 18a431b | Hugo Landau | 30 October 2023, 19:36:49 UTC | QUIC TXP: Fix drainage calculation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22569) (cherry picked from commit 266528965f716be809a6e15bb5adfa659b56f9bb) | 01 November 2023, 15:36:21 UTC |
| bb8ecea | Matt Caswell | 30 October 2023, 16:30:35 UTC | Stop the quicserver if the handshake or receiving the request fails Previously we entered an infinite loop if these things failed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22557) (cherry picked from commit ddf84fc47e3a01047e2a4001289143cc689eed84) | 01 November 2023, 11:12:11 UTC |
| 7a78528 | Pauli | 31 October 2023, 21:52:00 UTC | rand uniform: add comments outlining the algorithm Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22499) (cherry picked from commit dfb26e03c26b9234d04cb9fcaf6391d6bfb44dc4) | 01 November 2023, 11:07:16 UTC |
| 2bdf45d | Pauli | 28 October 2023, 09:49:08 UTC | Add test case for uniform random generators Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22499) (cherry picked from commit d05e0e40d712b9246c6e9db5b579fcce69dafa98) | 01 November 2023, 11:07:15 UTC |
| 3fe56ba | Pauli | 25 October 2023, 06:48:43 UTC | rand: implement an unbiased random integer from a range Refer: https://github.com/apple/swift/pull/39143 for a description of the algorithm. It is optimal in the sense of having: * no divisions * minimal number of blocks of random bits from the generator Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22499) (cherry picked from commit 55755fbf42ec073e86651065c5cce6f64662c9e6) | 01 November 2023, 11:07:13 UTC |
| b4a33ba | Matt Caswell | 30 October 2023, 16:53:30 UTC | Don't error if s_client receives exactly BUFSIZZ data We should accept that many bytes without failing Fixes #22551 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22558) (cherry picked from commit 74ff15e1a1987686812c465ee3200bc25efa0e8f) | 01 November 2023, 10:20:50 UTC |
| e99c771 | Matt Caswell | 27 October 2023, 11:22:11 UTC | Check for NULL when freeing the QUIC_TLS object Free functions are expected to be tolerant of a NULL pointer being passed. Fixes the problem in https://github.com/openssl/openssl/pull/21668#issuecomment-1782718328 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22536) (cherry picked from commit 8d13d9e7305643c28c69c57df798b553b78c2876) | 31 October 2023, 11:40:47 UTC |
| f205958 | Tomas Mraz | 26 October 2023, 07:59:22 UTC | evp_test.c: There are now 3 parameters possible for digests In digest_test_run() there are now 3 parameters possible plus the sentinel value. In reality we will never use all three at once but Coverity rightfully complains that it is possible to overflow the params array. Fixes Coverity 1548054 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22521) (cherry picked from commit 497a7810bcee48781aa12d4db870f6a565bd0592) | 30 October 2023, 10:00:54 UTC |
| e401723 | Hugo Landau | 27 October 2023, 09:21:46 UTC | QUIC CHANNEL: Make ping deadline and idle deadline calculation consistent Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22533) (cherry picked from commit 758e9b537ac59680b4eaed77a81f5399cb38c0ae) | 30 October 2023, 08:08:25 UTC |
| 9d67bd5 | Matt Caswell | 27 October 2023, 15:11:57 UTC | If the loss detection timer has fired we may not have lost packets We calculate the delay from the point that a packet arrives until it will be counted as lost based on rtt info. Looking at all the packets we can then calculate the earliest time that a packet will be counted as lost. When that timer fires the latest rtt info may have changed and therefore the packet may no longer be counted as lost yet. We should not assume that just because the ackm timeout has fired that there will definitely be lost packets. Fixes #22538 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22541) (cherry picked from commit 10dfd796c9c25dd78aa88cf84629a0418b8f0866) | 30 October 2023, 08:02:20 UTC |
| f770578 | James Muir | 25 October 2023, 00:08:54 UTC | free oaep label-octet-string on error When successful, ossl_X509_ALGOR_from_nid() returns a pointer to an X509_ALGOR object. Inside ossl_X509_ALGOR_from_nid(), X509_ALGOR_set0() is called, and this passes ownership of the ASN1 object "los" (label octet string) to the X509_ALGOR object. When ossl_X509_ALGOR_from_nid() fails, ownership has not been passed on and we need to free "los". Change the scope of "los" and ensure it is freed on failure (on success, set it to NULL so it is not freed inside the function). Fixes #22336 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22495) (cherry picked from commit 83efd7170bfa48a3263fcf8c771a6029646e8ad2) | 30 October 2023, 07:59:42 UTC |
| caa16b9 | Kurt Roeckx | 27 October 2023, 08:17:02 UTC | Update to latest fuzz corpora Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22531) (cherry picked from commit 87bed01bdbd827904816130e92e2f8945ba9b99b) | 30 October 2023, 07:58:27 UTC |
| 0564778 | Matt Caswell | 25 October 2023, 12:10:59 UTC | Add a separate README for the guide demos Point users at the actual guide, and also explain about LD_LIBRARY_PATH Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22505) (cherry picked from commit ada33e98f53ab02dc4d6e8259c9e9edb6cd5c90c) | 30 October 2023, 07:55:45 UTC |
| a214e06 | Matt Caswell | 25 October 2023, 11:57:12 UTC | Add a reference for HTTP/3 We also add reference for ALPN ids Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22505) (cherry picked from commit f666599f8dae9a892c28765cfbfe561fff52e213) | 30 October 2023, 07:55:45 UTC |
| 5e3735b | Matt Caswell | 25 October 2023, 11:48:31 UTC | Add a reference to the demos subfolder Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22505) (cherry picked from commit 899c910e3480e80dc1e6740217de86af39ac606e) | 30 October 2023, 07:55:44 UTC |
| 7380e6b | Matt Caswell | 25 October 2023, 11:46:33 UTC | Update to the demos README file Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22505) (cherry picked from commit aefb529422dc029efecd5d9a192b9ffa600fc5db) | 30 October 2023, 07:55:43 UTC |
| a904462 | Matt Caswell | 25 October 2023, 11:31:19 UTC | Update README-QUIC.md We move some of the "why QUIC" content into the guide and just provide a summary in README-QUIC.md. We also clarify how to use s_client with QUIC. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22505) (cherry picked from commit 355fd1f45b707d2b066d6dff555dd53928e55627) | 30 October 2023, 07:55:41 UTC |
| 4da702b | Matt Caswell | 25 October 2023, 10:10:51 UTC | Refresh the README.md file Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22505) (cherry picked from commit 0181a1a49c6a63a0b23eb15558336660f5833002) | 30 October 2023, 07:55:39 UTC |
| d9aa640 | Dr. David von Oheimb | 21 October 2023, 07:57:09 UTC | EVP_PKEY_get_size.pod and provider-keymgmt.pod: document their relation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22459) (cherry picked from commit 09298141592c579504966f1907a44cb95f37cc6e) | 26 October 2023, 15:05:06 UTC |
| 51f4115 | Dr. David von Oheimb | 20 October 2023, 18:51:17 UTC | EVP_PKEY_get_{bits,security_bits,size}(): add missing error queue entry on failure Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22459) (cherry picked from commit ae643b32f91affe61dd411a58b76c8a44cbd7f50) | 26 October 2023, 15:05:03 UTC |
