| 5bf7b79 | Matt Caswell | 29 March 2024, 14:07:20 UTC | Prepare for release of 3.3 beta 1 Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 29 March 2024, 14:07:20 UTC |
| 3d57f54 | Matt Caswell | 29 March 2024, 14:07:20 UTC | make update Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 29 March 2024, 14:07:20 UTC |
| 3764f20 | Matt Caswell | 29 March 2024, 14:05:51 UTC | Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 29 March 2024, 14:05:51 UTC |
| 5a088e1 | Matt Caswell | 28 March 2024, 15:27:52 UTC | Update CHANGES.md and NEWS.md with changes that have occurred since 3.2 Release: yes Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23998) | 29 March 2024, 13:13:06 UTC |
| d2514d5 | Neil Horman | 25 March 2024, 13:18:27 UTC | Fix threadstest wrapping again Stochastic failures in the RCU test on MACOSX are occuring. Due to beta release, disabling this test on MACOSX until post 3.3 release Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23967) (cherry picked from commit 1967539e212c17139dc810096da987c8100b1ba2) | 26 March 2024, 14:43:17 UTC |
| 80819ac | Tomas Mraz | 26 March 2024, 10:53:53 UTC | Update gost-engine submodule to fix the CI Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23773) (cherry picked from commit e7d5d61b66ee5a1d0827b3c92dc4d484fb9c91fe) | 26 March 2024, 14:09:51 UTC |
| 8aa52c1 | Vladimir Kotal | 07 March 2024, 16:00:07 UTC | apps/req,crl: exit with 1 on verification failure Fixes #23771 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23773) (cherry picked from commit 6af739b79ba50bd42ac8934747ab5c8b996f16b6) | 26 March 2024, 14:09:49 UTC |
| 89ffd55 | Viliam Lejčík | 19 February 2024, 20:39:05 UTC | Add NULL check before accessing PKCS7 encrypted algorithm Printing content of an invalid test certificate causes application crash, because of NULL dereference: user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 PKCS7 Encrypted data: Segmentation fault (core dumped) Added test cases for pkcs12 bad certificates Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23632) (cherry picked from commit a4cbffcd8998180b98bb9f7ce6065ed37d079d8b) | 25 March 2024, 17:27:02 UTC |
| 022249e | Jiasheng Jiang | 21 March 2024, 20:22:01 UTC | Replace size_t with int and add the check for the EVP_MD_get_size() Replace the type of "digest_size" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size(). Moreover, add the check for the "digest_size". Fixes: 29ce1066bc ("Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23924) (cherry picked from commit 87e747000fef07c9ec43877bc5e9f2ca34f76a3b) | 25 March 2024, 16:51:45 UTC |
| 22a24b7 | Jiasheng Jiang | 21 March 2024, 19:55:34 UTC | Replace unsigned with int Replace the type of "digest_length" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size(). Otherwise, it may pass the following check and cause the integer overflow error when EVP_MD_get_size() returns negative numbers. Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23922) (cherry picked from commit f13ddaab69def0b453b75a8f2deb80e1f1634f42) | 25 March 2024, 16:46:25 UTC |
| 1256250 | sashan | 22 March 2024, 14:19:53 UTC | fix demos/sslecho/main.c so it builds on OpenBSD too trying to build `demos/sslecho/main.c` shipped by current openssl fails with error as follows: ``` cc -I../../include -g -Wall -c -o main.o main.c main.c:35:24: error: variable has incomplete type 'struct sockaddr_in' struct sockaddr_in addr; ^ main.c:35:12: note: forward declaration of 'struct sockaddr_in' struct sockaddr_in addr; ^ main.c:46:32: error: use of undeclared identifier 'INADDR_ANY' addr.sin_addr.s_addr = INADDR_ANY; ^ main.c:152:24: error: variable has incomplete type 'struct sockaddr_in' struct sockaddr_in addr; ^ main.c:152:12: note: forward declaration of 'struct sockaddr_in' struct sockaddr_in addr; ^ 3 errors generated. gmake: *** [<builtin>: main.o] Error 1 ``` including `netinet/in.h` fixes the build Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23936) (cherry picked from commit 01eaf203856bfbb63051f8ecf56eae2d21132496) | 25 March 2024, 12:50:19 UTC |
| 10ea99b | Randall S. Becker | 21 March 2024, 21:16:11 UTC | Correct OSSL_sleep for NonStop PUT model by introducing sleep(). This fix also removes SPT model support as it was previously deprecated. Upcoming threading models on the platform should be supportable without change to this method. Fixes: #23923 Fixes: #23927 Fixes: #23928 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23926) (cherry picked from commit 4a9e48f727ce7ad924c53a55b301e426d7e43863) | 23 March 2024, 13:58:50 UTC |
| f2de18a | Yavor Georgiev | 05 March 2024, 18:10:03 UTC | Don’t use the recvmmsg dgram method on Android <5 recvmmsg and sendmmsg were only added to Android’s C library in version 5, starting with API Level 21. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23754) (cherry picked from commit 24109dca5a793d58c68a346db5b21746079ec317) | 22 March 2024, 16:00:01 UTC |
| 178ab8d | olszomal | 21 March 2024, 10:10:04 UTC | Fixed a typo and grammar in openssl-ts.pod Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23913) (cherry picked from commit f1c14f1853d2df94e339208eed1df823c2238389) | 22 March 2024, 15:51:14 UTC |
| 708e4ca | Dmitry Misharov | 22 March 2024, 11:01:53 UTC | fix uploading artifacts for paramertrized jobs Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23933) (cherry picked from commit 395ab201a7f99ebe2b1598890c9a43081867d226) | 22 March 2024, 13:34:14 UTC |
| c4e6046 | Neil Horman | 05 March 2024, 19:22:28 UTC | Make counters in rcu/rw threads torture test 64 bit Its possible in some conditions for the rw/rcu torture tests to wrap the counter, leading to false positive failures, make them 64 bits to avoid this Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23724) (cherry picked from commit b50c174ee3b11f916285046d52574ba653745083) | 22 March 2024, 10:07:50 UTC |
| fdef881 | Dmitry Misharov | 01 March 2024, 15:59:07 UTC | Add M1 macOS runner to some workflows Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23724) (cherry picked from commit ada9d8c785cce8e75a88675622dd5ec79e9aa6d7) | 22 March 2024, 10:07:33 UTC |
| daf1f8d | Jakov Smolić | 05 March 2024, 15:43:11 UTC | riscv: Fix remaining asm checks There are additional asm checks which don't check for OPENSSL_CPUID_OBJ causing the build to still fail on riscv [1], so fix them in the same manner as ff279597692f9f19dca5b147944d3d96f2e109f8 [1] https://bugs.gentoo.org/923956 Fixes: https://github.com/openssl/openssl/issues/22871 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23752) | 22 March 2024, 10:02:11 UTC |
| e10aa4b | Matt Hauck | 15 March 2024, 01:25:11 UTC | Update FIPS hmac key documentation The documentation is slightly incorrect about the FIPS hmac key. CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23846) (cherry picked from commit 53ef123f48d402aff7c27f8ec15191cb1cde4105) | 22 March 2024, 09:54:49 UTC |
| 6c23c72 | Hugo Landau | 12 February 2024, 13:17:01 UTC | Move artifact upload code into the shell script Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23551) (cherry picked from commit 9abcf116962e9a117717c751de93846f11da16cd) | 21 March 2024, 17:59:01 UTC |
| 74447f8 | Hugo Landau | 12 February 2024, 11:29:14 UTC | Experimental support for uploading qlog artifacts Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23551) (cherry picked from commit f2db70962cacc2602bc614d51e0610085c99e999) | 21 March 2024, 17:58:59 UTC |
| 0c33b1c | Richard Levitte | 20 March 2024, 12:10:06 UTC | Prepare for 3.3 alpha 2 Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 20 March 2024, 12:10:06 UTC |
| 9010cc0 | Richard Levitte | 20 March 2024, 12:09:34 UTC | Prepare for release of 3.3 alpha 1 Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 20 March 2024, 12:09:34 UTC |
| 529d8e3 | Richard Levitte | 20 March 2024, 12:09:28 UTC | make update Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 20 March 2024, 12:09:28 UTC |
| 0ce7d1f | Richard Levitte | 20 March 2024, 12:07:54 UTC | Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes | 20 March 2024, 12:07:54 UTC |
| dc9bc6c | Matt Caswell | 13 March 2024, 15:19:43 UTC | Fix unbounded memory growth when using no-cached-fetch When OpenSSL has been compiled with no-cached-fetch we do not cache algorithms fetched from a provider. When we export an EVP_PKEY to a provider we cache the details of that export in the operation cache for that EVP_PKEY. Amoung the details we cache is the EVP_KEYMGMT that we used for the export. When we come to reuse the key in the same provider that we have previously exported the key to, we check the operation cache for the cached key data. However because the EVP_KEYMGMT instance was not cached then instance will be different every time and we were not recognising that we had already exported the key to the provider. This causes us to re-export the key to the same provider everytime the key is used. Since this consumes memory we end up with unbounded memory growth. The fix is to be more intelligent about recognising that we have already exported key data to a given provider even if the EVP_KEYMGMT instance is different. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23841) | 15 March 2024, 18:10:49 UTC |
| bc3eb7b | Bernd Edlinger | 10 March 2024, 12:15:55 UTC | Try to fix intermittent CI failures in quic_multistream test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23807) | 15 March 2024, 16:21:35 UTC |
| 707b54b | Alexandr Nedvedicky | 14 March 2024, 08:53:56 UTC | plug potential memory leak in error code path Function `module_add()` may leak stack of modules when it fails to initialize newly added module. Fixes #23835 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23836) | 15 March 2024, 12:42:57 UTC |
| 12f5f26 | Tomas Mraz | 15 March 2024, 10:28:42 UTC | Raise the AFL_MAP_SIZE to accommodate future growth Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23851) | 15 March 2024, 12:37:50 UTC |
| 33f6d61 | Tomas Mraz | 15 March 2024, 10:27:41 UTC | 82-test_ocsp_cert_chain.t: Just ignore unrecognized lines in server output There might be warnings from AFL fuzz checker or other warnings that we do not care about. For success it is just required that cert_status: ocsp response sent: is present. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23851) | 15 March 2024, 12:37:50 UTC |
| 103952d | Alexandr Nedvedicky | 14 March 2024, 09:40:06 UTC | Minor docfix for OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(3) Also removal of duplicate assignment and addition of comment in test/http_test.c Follow up change to PR #23781 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23837) | 15 March 2024, 10:36:25 UTC |
| 13ee569 | Tomas Mraz | 14 March 2024, 17:58:00 UTC | Set AFL_MAP_SIZE to avoid crash in the AFL CI job Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23843) | 15 March 2024, 09:23:45 UTC |
| b7de38e | Tomas Mraz | 14 February 2024, 11:45:15 UTC | Add a test using the bandwidth limit filter Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23588) | 15 March 2024, 09:19:19 UTC |
| 37ffd4a | Tomas Mraz | 05 February 2024, 15:03:15 UTC | Add support for bandwidth limitation in noisydgram BIO filter Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23588) | 15 March 2024, 09:19:19 UTC |
| 45d16a4 | Tomas Mraz | 19 January 2024, 14:06:45 UTC | bio_f_noisy_dgram_filter(): Fix typo Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23588) | 15 March 2024, 09:19:19 UTC |
| 9f3a7ca | Shakti Shah | 30 January 2024, 18:56:32 UTC | SSL_add_dir_cert_subjects_to_stack(): Documented return values In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions returning int have undocumented return values. Fixes #23171 Signed-off-by: Shakti Shah <shaktishah33@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23433) | 15 March 2024, 09:15:03 UTC |
| c5e097d | Job Snijders | 29 January 2024, 20:40:32 UTC | Add Content Type OID for id-ct-rpkiSignedPrefixList References: draft-ietf-sidrops-rpki-prefixlist Title: "A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)" OID assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23426) | 15 March 2024, 08:10:22 UTC |
| 5c846d3 | Tomas Mraz | 08 February 2024, 16:19:19 UTC | apps/x509.c: No warning reading from stdin if redirected Fixes #22893 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23526) | 15 March 2024, 08:07:51 UTC |
| 37cd49f | Neil Horman | 14 March 2024, 16:04:17 UTC | Fix ASLR to be smaller during asan/tsan/ubsan runs Recently asan/tsan/ubsan runs have been failing randomly. It appears that a recent runner update may have led to the Address Space Layout Randomization setting in the linux kernel of ubuntu-latest runner getting set to too high a value (it defaults to 30). Such a setting leads to the possibility that a given application will have memory mapped to an address space that the sanitizer code typically uses to do its job. Lowering this value allows a/t/ubsan to work consistently again Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23842) | 15 March 2024, 07:47:24 UTC |
| f08be09 | Frederik Wedel-Heinen | 13 March 2024, 09:17:37 UTC | Avoid a memcpy in dtls_get_reassembled_message() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23828) | 14 March 2024, 17:19:17 UTC |
| c91f0ca | Vladimirs Ambrosovs | 12 March 2024, 16:23:55 UTC | Fix dasync_rsa_decrypt to call EVP_PKEY_meth_get_decrypt Signed-off-by: Vladimirs Ambrosovs <rodriguez.twister@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23825) | 14 March 2024, 07:49:01 UTC |
| 3cb0755 | Joachim Vandersmissen | 05 March 2024, 01:16:23 UTC | Implement KAT for KBKDF with KMAC128 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23745) | 13 March 2024, 16:04:31 UTC |
| 3920283 | sharad3001 | 11 March 2024, 10:19:01 UTC | Update tls13ccstest.c, removal of deadcode tst has been already checked for invalid value in the start of the function with switch statement. Checked again here, so removed deadcode CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23813) | 13 March 2024, 16:00:48 UTC |
| 7649b55 | Frederik Wedel-Heinen | 14 February 2024, 09:09:55 UTC | Add fuzzing for DTLS Update the fuzz corpora submodule with the DTLS fuzz corpus. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23585) | 12 March 2024, 19:10:40 UTC |
| cf84224 | James Muir | 20 December 2023, 05:15:17 UTC | s_server: test ocsp with "-cert_chain" Add a test to exercise the use of s_server with "-cert_chain" to construct an ocsp request. This new functionality was added in PR #22192. Testing: make V=1 TESTS='test_ocsp_cert_chain' test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23101) | 12 March 2024, 18:54:27 UTC |
| 7f8aba2 | Alexandr Nedvedicky | 08 March 2024, 10:21:18 UTC | Limit the number of http headers when receiving the http response Change introduces a default limit on HTTP headers we expect to receive from server to 256. If limit is exceeded http client library indicates HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default. Setting limit to 0 implies no limit (current behavior). Fixes #22264 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23781) | 12 March 2024, 18:35:41 UTC |
| bc930be | Jiasheng Jiang | 06 March 2024, 16:08:06 UTC | Add check for xor_get_aid() Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference. For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL. Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23764) | 12 March 2024, 18:32:32 UTC |
| 7ceb770 | olszomal | 08 February 2024, 13:30:22 UTC | Improve the documentation on -cert_chain and -status_verbose options Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22192) | 12 March 2024, 13:02:13 UTC |
| d6aafeb | olszomal | 05 January 2024, 12:41:59 UTC | Use the untrusted certificate chain to create a valid certificate ID for OCSP_request Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22192) | 12 March 2024, 13:02:13 UTC |
| 52a75f4 | 谭九鼎 | 10 March 2024, 02:18:05 UTC | Doc: fix style CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23805) | 12 March 2024, 05:44:45 UTC |
| 8211ca4 | Jiasheng Jiang | 04 March 2024, 17:34:02 UTC | PKCS7: Remove one of the duplicate checks There are two consecutive identical checks "if (i <= 0)". We can remove one of them to make the code clear. CLA: trivial Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23741) | 11 March 2024, 14:19:15 UTC |
| 1f03d33 | Aarni Koskela | 05 March 2024, 10:52:34 UTC | Add reformatting commit to .git-blame-ignore-revs CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23748) | 11 March 2024, 12:18:03 UTC |
| 5df34ca | slontis | 27 February 2024, 02:34:49 UTC | Make the generated params_idx.c file deterministic if run multiple times. Fixes #23672 There are many name/value pairs currently that have duplicate names e.g. 'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls", 'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls", Stripping the .pm file down to just the above entries and running multiple times gives different results for the produce_decoder. On multiple runs any iterations over the unordered hash table keys using foreach my $name (keys %params) results in a different order on multiple runs. Because of this the mapping from the hash 'value' back to the 'key' will be different. Note that the code also uses another mechanism in places that uses "name1" => "value" "name2" => "*name1" Rather than fix all the strings the change done was to sort the keys. If we were to chose to fix the strings then the perl code should be changed to detect duplicates. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23688) | 11 March 2024, 12:08:00 UTC |
| 8545398 | Alexandr Nedvedicky | 01 March 2024, 07:25:19 UTC | FAQ.md should be removed the page the link refers to does not exist. Anyone objects to delete file? Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23719) | 11 March 2024, 11:40:25 UTC |
| d60b375 | slontis | 04 March 2024, 02:08:08 UTC | Fix BIO_get_new_index() to return an error when it is exhausted. Fixes #23655 BIO_get_new_index() returns a range of 129..255. It is set to BIO_TYPE_START (128) initially and is incremented on each call. >= 256 is reserved for the class type flags (BIO_TYPE_DESCRIPTOR) so it should error if it reaches the upper bound. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23732) | 11 March 2024, 11:34:25 UTC |
| 53a8728 | Neil Horman | 08 March 2024, 20:06:33 UTC | Bring SSL_group_to_name docs in line with API definition docs say the SSL object in this function is const, but the api doesn't qualify it as such. Adjust the docs to match the definition Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23785) | 10 March 2024, 00:05:23 UTC |
| bf7ae25 | Hugo Landau | 14 February 2024, 09:26:37 UTC | Add CHANGES Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584) | 09 March 2024, 08:56:59 UTC |
| 7b4436a | Hugo Landau | 14 February 2024, 09:09:54 UTC | QUIC MULTISTREAM TEST: Test write buffer statistics queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584) | 09 March 2024, 08:56:59 UTC |
| b317583 | Hugo Landau | 14 February 2024, 08:44:36 UTC | QUIC: Add stream write buffer queries Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23584) | 09 March 2024, 08:56:59 UTC |
| a24f29b | Bernd Edlinger | 28 February 2024, 06:14:08 UTC | Try to fix intermittent CI failures in sslapitest Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23705) | 08 March 2024, 17:23:20 UTC |
| 6d42be3 | Hugo Landau | 15 February 2024, 09:23:56 UTC | QLOG: Fix indentation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598) | 07 March 2024, 23:48:49 UTC |
| 5f02bbd | Hugo Landau | 15 February 2024, 09:14:41 UTC | QUIC: Define error code for stateless reset Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598) | 07 March 2024, 23:48:49 UTC |
| c385583 | Hugo Landau | 15 February 2024, 09:03:26 UTC | QUIC: Add documentation for QUIC error codes Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598) | 07 March 2024, 23:48:49 UTC |
| 4b4b9c9 | Hugo Landau | 15 February 2024, 08:55:36 UTC | QUIC: Uniform changes for QUIC error code definitions rename Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598) | 07 March 2024, 23:48:49 UTC |
| 02f5ab7 | Hugo Landau | 15 February 2024, 08:55:24 UTC | QUIC: Make QUIC transport error codes public Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23598) | 07 March 2024, 23:48:49 UTC |
| 74fd682 | Bernd Edlinger | 23 February 2024, 11:04:38 UTC | Dont run the self-hosted workflows when not available Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23678) | 07 March 2024, 17:27:02 UTC |
| b5e076b | Neil Horman | 05 March 2024, 15:56:35 UTC | Gate setting of ipi_spec_dst on not building for freebsd some variants of FreeBSD (notably Dells OneFS) implement IP_PKTINFO partially, and as such the build breaks for those variants. specifically, it supports IP_PKTINFO, but the in_pktinfo struct has no defined ipi_spec_dst field. Work around this by gating the setting of that variable on not building for FreeBSD Fixes #23739 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23753) | 07 March 2024, 13:14:12 UTC |
| f38d9b7 | Stanislav Zidek | 01 March 2024, 14:33:30 UTC | interop tests: Fedora 39 config, simplify updates Imitating Fedora 39 configuration in openssl.cnf with SECLEVEL lowered to 0 in order to be able to run TLS 1.3 tests with TLS_AES_128_CCM_8_SHA256. In order to make updating smoother, check out specific tag rather than the branch. This way, "old" tests can be fetched until PR pointing to "new" tests is merged, so backwards-incompatible changes can be done when needed. Files specific for openssl upstream moved to separate directory. CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23747) | 07 March 2024, 12:52:43 UTC |
| 6134e8e | Dmitry Belyavskiy | 27 February 2024, 14:22:58 UTC | Fix a memory leak on successful load of CRL Fixes #23693 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23695) | 07 March 2024, 10:03:31 UTC |
| 8d8866a | Hugo Landau | 04 March 2024, 22:56:45 UTC | QUIC QLOG: Fix ANSI Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23744) | 06 March 2024, 20:44:48 UTC |
| 6a11cd5 | Hugo Landau | 04 March 2024, 22:55:51 UTC | QUIC QLOG: Fix use of sprintf Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23744) | 06 March 2024, 20:44:48 UTC |
| e98940d | Hugo Landau | 04 March 2024, 22:49:54 UTC | Enable qlog support by default Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23744) | 06 March 2024, 20:44:48 UTC |
| cd2cdb6 | Tomas Mraz | 14 December 2023, 17:04:58 UTC | Document that unknown groups and sigalgs marked with ? are ignored Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050) | 06 March 2024, 09:42:05 UTC |
| 2b4cea1 | Tomas Mraz | 14 December 2023, 16:47:43 UTC | Add test for ignoring unknown sigalgs and groups marked with ? Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050) | 06 March 2024, 09:42:05 UTC |
| 10f65f7 | Tomas Mraz | 14 December 2023, 16:08:56 UTC | Allow ignoring unknown sigalgs and groups in the configuration Related to #20789 Signature algorithms and groups in the configuration that are preceded with ? character and are unknown to libssl are just ignored. The handling for them is similar to handling of ciphers. I.e., there should be a failure only in case the configuration produces no valid sigalgs or groups. Also ignore duplicate sigalgs and groups as such confiuration errors should not be fatal. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050) | 06 March 2024, 09:42:05 UTC |
| d6d9277 | Dr. David von Oheimb | 04 August 2023, 15:05:20 UTC | apps/cmp: improve -reqin option to read fallback public key from first request message file given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660) | 06 March 2024, 07:49:28 UTC |
| bcd3707 | Dr. David von Oheimb | 04 August 2023, 19:45:07 UTC | crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660) | 06 March 2024, 07:49:28 UTC |
| 904ee65 | Dr. David von Oheimb | 04 August 2023, 09:47:17 UTC | apps/cmp: extend documentation and diagnostics for using -reqin in special situations Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660) | 06 March 2024, 07:49:28 UTC |
| 2fbe23b | Dr. David von Oheimb | 03 August 2023, 14:55:35 UTC | apps/cmp: add -reqout_only option for dumping/saving just the initial CMP request message Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660) | 06 March 2024, 07:49:28 UTC |
| a143e4e | Dr. David von Oheimb | 04 August 2023, 19:54:29 UTC | apps/cmp.c: refactor to fix some coding style nits and more convenient source-level debugging Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660) | 06 March 2024, 07:48:48 UTC |
| 5003aba | Dr. David von Oheimb | 17 January 2024, 17:32:46 UTC | cmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21660) | 06 March 2024, 07:48:48 UTC |
| 5677992 | Neil Horman | 29 February 2024, 17:01:31 UTC | Dump out qlog json if it is malformed We're still seeing periodic failures in qlog from malformed json output, so lets try to catch it. Modify the verify-qlog.py script to, in the event of an exception in json.loads, to replay the entire json file to the console, followed by an exception indicating what line it died trying to parse. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23715) | 02 March 2024, 14:12:54 UTC |
| fbce6eb | pohsingwu | 28 January 2024, 10:18:02 UTC | Implement PCT for EDDSA According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be performed consistent with the intended use of the keys. This commit implements PCT for EDDSA via performing sign and verify operations after key generated. Also use the same pairwise test logic in EVP_PKEY_keygen and EVP_PKEY_pairwise_check for EDDSA in FIPS_MODULE. Add OSSL_SELF_TEST_DESC_PCT_EDDSA to OSSL_PROVIDER-FIPS page. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23408) | 01 March 2024, 10:06:03 UTC |
| c18c301 | Alexandr Nedvedicky | 15 February 2024, 11:07:26 UTC | demos/http3: Use `SSL_write_ex2()` together with `SSL_WRITE_FLAG_CONCLUDE` These calls were introduced by PR #23343. Change also does a minor tweak to Makefile so CFLAGS and LDFLAGS variables from the environment are respected. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23602) | 01 March 2024, 09:56:16 UTC |
| c5cc9c4 | shridhar kalavagunta | 27 January 2024, 03:10:32 UTC | Fix off by one issue in buf2hexstr_sep() Fixes #23363 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23404) | 01 March 2024, 09:50:01 UTC |
| 2d70cc9 | Michael | 09 February 2024, 22:45:00 UTC | Improve documentation of standard IANA cipher suite names. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23539) | 25 February 2024, 10:13:07 UTC |
| eadd8c4 | Job Snijders | 21 February 2024, 21:26:50 UTC | Add appropriate lower bound checks for GeneralizedTime and UTCTime ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8 impose specific constraints on how GeneralizedTime and UTCTime can be encoded in BER/CER/DER. Following from these constraints a minimum length can be derived. Checking the length in this context can potentially help prevent applications from interpreting an invalid GeneralizedTime as a valid UTCTime. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23483) | 25 February 2024, 08:17:41 UTC |
| 5d70f11 | Martin Oliveira | 09 February 2024, 21:31:27 UTC | apps/engine: add EC to list of capabilities openssl engine -c wasn't showing if an engine implemented EC cla: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23538) | 25 February 2024, 08:10:13 UTC |
| aba6219 | Hamilton Chapman | 21 February 2024, 13:47:19 UTC | Ensure `$(MAKE)` commands and `CFLAGS` are appropriately quoted in the Makefile. If a user's `make` command came from a path that contained a space then both the `$(MAKE)` variable (and parts of the generated `CFLAGS`, when building for iOS) would not be properly quoted and the build would fail. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23663) | 25 February 2024, 07:57:16 UTC |
| 11adf9a | Tom Cosgrove | 21 February 2024, 09:11:20 UTC | Apply the AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 Performance improvements range from 18% to 32%. Change-Id: Ifb89eeac3c0625a582a25ff07cf7f9c9ec8f5ba6 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23651) | 22 February 2024, 15:07:02 UTC |
| 1afb326 | 响马 | 17 February 2024, 22:57:57 UTC | chachap10-ppc.pl: Fix truncated relocation Fix error: relocation truncated to fit: R_PPC64_REL14 (stub) against symbol `ChaCha20_ctr32_vsx_8x' CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23618) | 22 February 2024, 12:11:24 UTC |
| f4ed6ee | Michael Baentsch | 19 February 2024, 05:41:35 UTC | SSL_set1_groups_list(): Fix memory corruption with 40 groups and more Fixes #23624 The calculation of the size for gid_arr reallocation was wrong. A multiplication by gid_arr array item size was missing. Testcase is added. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23625) | 22 February 2024, 11:48:21 UTC |
| db51157 | MrRurikov | 21 February 2024, 08:11:34 UTC | s_cb.c: Add missing return value checks Return value of function 'SSL_CTX_ctrl', that is called from SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(), is not checked, but it is usually checked for this function. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23647) (cherry picked from commit 6f794b461c6e16c8afb996ee190e084cbbddb6b8) | 22 February 2024, 11:45:59 UTC |
| 9dc2269 | Tomas Mraz | 20 February 2024, 17:42:24 UTC | Minor wording fixes related to no-atexit Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23642) (cherry picked from commit 66e6f72c3e4221580a7f456ddeaa5027f0bbb8b7) | 22 February 2024, 09:37:13 UTC |
| 4a6f70c | Matt Caswell | 20 February 2024, 15:11:26 UTC | Don't print excessively long ASN1 items in fuzzer Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively long. This fixes a false positive encountered by OSS-Fuzz. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23640) | 21 February 2024, 16:45:33 UTC |
| ffc853b | Ijtaba Hussain | 09 June 2023, 06:04:53 UTC | Extended SSL_SESSION functions using time_t Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21206) | 21 February 2024, 09:28:17 UTC |
| 709637c | Frederik Wedel-Heinen | 16 February 2024, 10:44:01 UTC | Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23611) | 20 February 2024, 10:07:01 UTC |
| 5e5c256 | Bernd Ritter | 17 February 2024, 18:15:14 UTC | Correct the defined name of the parameter "micalg" in the documentation The EVP_DigestInit(3) manual page contains wrong name for the define macro for the OSSL_DIGEST_PARAM_MICALG param. Fixes #23580 CLA: trivial Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23615) | 20 February 2024, 08:08:56 UTC |
| a768a79 | Hugo Landau | 14 February 2024, 10:06:45 UTC | Minor updates Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535) | 19 February 2024, 09:15:46 UTC |
| 8c09d69 | Hugo Landau | 12 February 2024, 11:31:18 UTC | Fix warning Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23535) | 19 February 2024, 09:15:46 UTC |
