- Mar 12, 2025
-
-
openssl-machine authored
Reviewed-by:
Neil Horman <nhorman@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> Release: yes
-
openssl-machine authored
Reviewed-by:
-
openssl-machine authored
Reviewed-by:
-
- Mar 11, 2025
-
-
Neil Horman authored
Reviewed-by:
Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27026)
-
- Mar 10, 2025
-
-
Michael Schroeder authored
Signature schemes like Ed25519 or ML-DSA use "pure" signing, i.e. they directly sign the tbs data instead of signing a digest. This is already supported in the X509 code, but not in CMS. This commit adds support for such schemes to CMS. This is a minimalistic set of changes, based in the work done by David von Oheimb. Reviewed-by:
Tomas Mraz <tomas@openssl.org> Reviewed-by:
-
- Mar 09, 2025
-
-
Viktor Dukhovni authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Paul Dale <ppzgs1@gmail.com> Reviewed-by:
-
Viktor Dukhovni authored
- The default sigalg list now puts ML-DSA-65 first, then ML-DSA-87 and then ML-DSA-44. (87 vs. 44 Subject to bikeshedding). - The mintls and maxtls versions are now taken into account for both built-in and provided algorithms. - Some algorithms have a separate TLSv1.2-specific name for future reporting via openssl-list(1). - ML-DSA aside, any new provided algorithms go at the end of the default list (backwards-compatible inclusion). - The built-in algorithms now also have min/max DTLS versions. Though the provider TLS-SIGALG capability was extended to also report the DTLS version range, the minimum supported DTLS is 1.3, which we don't yet have, so it is not yet possible to add DTLS sigalgs via a provider - The TLS 1.3 brainpool sigalgs got their correct IANA names, with the legacy names as purported TLS 1.2 alternatives, but since these are for TLS 1.3 and up those names are for matching only, the reported value will still be the 1.3 name. Reviewed-by:
-
Neil Horman authored
It may occur that the qrx we allocate in port_default_packet handler to do AEAD validation isn't the one the channel ultimately uses (like if we turn off address validation). In that event, we need to ensure that anything we have on that qrx isn't returned to its free list to avoid early freeing when we free the qrx at the end of port_default_packet_handler, while those frames are still pending on the channel qrx Reviewed-by:
-
Neil Horman authored
Uncovered during testing for openssl/project#1130 Reviewed-by:
-
- Mar 08, 2025
-
-
Neil Horman authored
With the addition of larger client hellos, stemming from the use of larger PQC key shares, it may happen that we get a client hello accross multiple datagrams. Normally this is not a problem as port_default_packet_handler allocates a qrx and initializes its initial secret immediately. But if server address validation is disabled, then the channel creates the qrx in port_bind_channel itself, without initial secrets. As a result, we validate the first datagram in port_default_packet_handler, but the subsequent datagrams containing the remaining client hello fragments fail decode. Fix it by ensuring that we add the initial secret in port_bind_channel if we don't give it a preconfigured qrx Fixes openssl/project#1131 Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
- Mar 05, 2025
-
-
RSA-1977 authored
CLA: trivial Reviewed-by:
-
Neil Horman authored
Windows XP doesn't support setting socket handles to be non-inheritable, but the rio_notifier attempts to do so. WSASocketA will there return an error when the NO_INHERIT flag is set. In that case, just retry the call without the flag. Fixes #26943 Reviewed-by:
-
Bernd Edlinger authored
The current retirement code for rcu qp's has a race condition, which can cause use-after-free errors, but only if more than 3 QPs are allocated, which is not the default configuration. This fixes an oversight in commit 5949918f ("Rework and simplify RCU code") Reviewed-by:
-
Bernd Edlinger authored
Make CRYPTO_atomic_add consistent with CRYPTO_atomic_load_int and set the reader_idx under write_lock since there is no CRYPTO_atomic_store_int. Reviewed-by:
-
Andrew Dinh authored
- Apply doc nits suggested by Viktor from https://github.com/openssl/openssl/pull/26762 - Update CHANGES.md & NEWS.md saying there is now support for QUIC server - Added copyright header in: test/radix/quic_ops.c Reviewed-by:
-
daum3ns authored
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE) CLA: trivial Reviewed-by:
-
- Mar 04, 2025
-
-
Ivan Stanković authored
The way we're currently handling SAN URIs does not allow for userinfo, meaning the name constraint check on such URIs will fail. Fix this by skipping over the userinfo component: authority = [ userinfo "@" ] host [ ":" port ] (per RFC 3986). Reviewed-by:David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by:
-
Tomas Mraz authored
And drop the rest. The ubuntu-20.04 CI runners are discontinued. Reviewed-by:
-
Matt Caswell authored
AIX (at least for 7.1) defines some macros for "events" and "revents" which interferes with our own use of these names. Fixes #24236 Reviewed-by:
-
Tomas Mraz authored
Fixes #26945 Reviewed-by:
-
Dr. David von Oheimb authored
Reviewed-by:
-
Pauli authored
The FIPS providers that support ECX (3.0.x & maybe 3.1.x) do not support ECX KEM so there is little point to testing these algorithms under FIPS. Consequently, they are being tested only with the default provider. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
The evppkey_rsa.txt data were only tested against the default provider. Change this so that they are tested against the FIPS provider too. Also add the RSA KEM tests. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- Mar 03, 2025
-
-
Bartel Artem authored
Reviewed-by:
-
14MM4CH1N3 authored
This updates the openssl documentation link to the one currently in use, and removes the standards.txt section as that URL leads to the normal documentation page and there is no "standards" page in the openssl documentation site. CLA: trivial Reviewed-by:
-
Andrew Dinh authored
Also specify whether server or client preference Reviewed-by:
-
Andrew Dinh authored
Reviewed-by:
-
Ondrej Moris authored
Signed-off-by:
Ondrej Moris <omoris@redhat.com> Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by:
-
Dmitry Misharov authored
We use the coreutils format since 3.4.0. Reviewed-by:
-
Jakub Zelenka authored
Reviewed-by:
-
Jean-Frederic Clere authored
Reviewed-by:
-
Tomas Mraz authored
When displaying distinguished names the control characters are escaped by default. Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
- Mar 02, 2025
-
-
Neil Horman authored
The quic_multistream_test occasionally fails script_84, specifically failing on: OP_CHECK2(check_write_buf_stat, 0, 0) which fails due to the send stream buffer not reading zero after data is sent on the stream However, the send stream is culled of pending data, not after the stream is sent, but rather only after the peer sends an ack confirming that the data has been received. There is no guarantee that ACK will be sent immediately, so occasionally timing discrepancies result in the test not getting that ack by the time we check the send stream buffer. We couldmodify the script to wait longer, or repeatedly tick the quic stack to wait for that ack to be collected, but since its perfectly valid for that data to live in the ring buffer for a period, and that any true erroneous keeping of that data beyond its ack point would manifest as any number of other duplicate transmissions, it seems more sane to just remove the check. Fixes openssl/project#1117 Reviewed-by:
-
- Mar 01, 2025
-
-
Matt Caswell authored
We move ssl_err.c out of libssl and into libcrypto. This file is entirely self contained and is used to load error strings into the libcrypto error tables. By moving this file into libcrypto, libssl can be unloaded safely without having dangling references to this error information. Fixes #26672 Reviewed-by:
-
