Neil Horman [Mon, 16 Jun 2025 22:46:58 +0000 (18:46 -0400)]
Add a target to generate local coverage reports
Add a target to allow developers to generate coverage reports for a
build like coveralls does. This will let us identify rarely used
branches when doing development, so that we can optimize them.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Neil Horman [Mon, 16 Jun 2025 21:35:07 +0000 (17:35 -0400)]
Add branch coverage to our coveralls run
Coveralls is capable of reporting not only covered lines in a build, but
also the number of times a given branch was taken vs. not taken. This
will help us identify locations where we might make better use of the
openssl_likely and openssl_unlikely macros to optimize branch prediction
when building openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Neil Horman [Mon, 16 Jun 2025 20:33:22 +0000 (16:33 -0400)]
Add pgo build type
One of the ways we can optimize our builds is with profile guided
optimization. This entails doing several things:
1) Building with --coverage
2) Running an application against the openssl library from step (1) to
generate profile data
3) rebuilding openssl using the input profile from step (2) to optimize
the build.
This new build configuration will let developers use the profiled data
to see what type of optimizations might be possible, as well as giving
end users the ability to squeeze a bit more performance out of openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Tomas Mraz [Thu, 19 Jun 2025 08:59:10 +0000 (10:59 +0200)]
Add strlen to symbols allowed on Windows
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27854)
Ingo Franzki [Fri, 6 Jun 2025 09:19:57 +0000 (11:19 +0200)]
CI: Remove -Wno-stringop-overflow for s390x builds
Since https://github.com/openssl/openssl/commit/9a788281d91f698d6a229d588b9cb36987549669
it should now build warning-free on s390x, so remove the '-Wno-stringop-overflow'
build option for s390x builds.
If newly added code causes -Wstringop-overflow warnings again, it should
be noted in the CI runs and the newly added code should be fixed accordingly.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27803)
Viktor Dukhovni [Fri, 11 Apr 2025 14:35:57 +0000 (00:35 +1000)]
Report errors in ML-KEM pkey hash
When on import the public key hash of a private key fails to match the
public part, add an appropriate message to the error stack. Previously,
the just failed to parse, without a reason.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27352)
Jessica Clarke [Sat, 14 Jun 2025 21:53:40 +0000 (22:53 +0100)]
armv*-mont.pl: Correct a carry flag comment
On Arm, C is a true carry flag, unlike x86 where CF is a borrow flag for
subtraction. That is, for subtraction, it is set if Rn + ~Rm + 1 carries
in unsigned arithmetic, and so for subtracting 0, i.e. adding ~0 + 1, it
always sets the carry flag. Correct the comment to document what this is
actually doing.
CLA: trivial
Fixes: d1671f4f1a39 ("bn/asm/armv4-mont.pl: add NEON code path.") Fixes: 10646160125a ("Optimize RSA on armv8") Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27826)
sashan [Wed, 11 Jun 2025 06:23:38 +0000 (08:23 +0200)]
ossl_rio_poll_builder_add_fd(): Fixup pfds after reallocation
Local variable `pfds` used in `ossl_rio_poll_builder_add_fd()` must be consistent
with `rpb->pfd_heap`. The function maintains array of SSL objects for SSL_poll(3ossl).
It works with no issues until we need to reallocate `rbp->pfd_heap` in `rpb_ensure_alloc()`.
After `rpb_ensure_alloc()` returns we must update local variable `pfds` with `rpb->pfd_heap`
not doing so makes function to write to dead buffer.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27804)
JiashengJiang [Mon, 12 May 2025 13:59:02 +0000 (09:59 -0400)]
test/helpers/quictestlib.c: Use goto instead of return to avoid memory leak
When TEST_ptr(*cssl) fails, bdata should be freed to avoid memory leak.
Fixes: a55b689 ("Use reported short conn id len in qtestlib") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27599)
Return an error when update or final is used after the context has
already been finalized. Flag 'iimp' (intermediate-input-message-part)
must be 1 to allow an update or final call. If iimp is 0, then the
context has already been finalized.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27781)
Bartel Artem [Wed, 11 Jun 2025 03:58:31 +0000 (06:58 +0300)]
return NULL if gctx allocation fails.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27795)
Bartel Artem [Tue, 10 Jun 2025 10:11:41 +0000 (13:11 +0300)]
check gctx for NULL before cleanup.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27795)
Matt Caswell [Wed, 11 Jun 2025 08:50:16 +0000 (09:50 +0100)]
Allow our *_gen_cleanup functions to tolerate a NULL ctx
Our *_gen_cleanup functions are essentially "free" functions. Our
free functions tolerate NULL being passed. We are being inconsistent with
our *_gen_cleanup functions. Some of them tolerate NULL and others do not.
We should consistently tolerate NULL.
See also #27795
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27807)
sashan [Tue, 3 Jun 2025 13:12:48 +0000 (15:12 +0200)]
Document transition from ANSI-C towards C-99
The existing NOTES-ANSI.md are renamed to NOTES-C99.md and updated
accordingly. INSTALL.md lists C-99 compiler instead of ANSI-C now.
Also moving from ANSI-C to C-99 warrants updates to NEWS.md and
CHANGES.md.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27751)
Ingo Franzki [Wed, 28 May 2025 06:55:49 +0000 (08:55 +0200)]
Silence -Wstringop-overflow warnings with gcc 14 on s390x
Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several
-Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c
and test/params_api_test.c.
Add explicit length checks to let the compiler know that it won't overrun
the buffer. This also silences the warnings.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27710)
Viktor Dukhovni [Tue, 13 May 2025 15:23:25 +0000 (01:23 +1000)]
Allow keygen after dup of minimal PKEY ctx
It should be possible to repeatedly duplicate a PKEY CTX created via
EVP_PKEY_CTX_new_from_name() that has not yet been assigned an
"operation" (e.g. via EVP_PKEY_CTX_keygen_init()), and then perform
keygen_init() and keygen() on the duplicated copies.
When the operation is not yet set, all that's needed is to not try to
use the key if one isn't set yet.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27662)
Daniel Van Geest [Fri, 28 Mar 2025 10:40:32 +0000 (10:40 +0000)]
Fix SHAKE AlgorithmIdentifier encodings
NIST CSOR specifies that the id-shake128 and id-shake256
algorithm identifiers, like the SHA-3 ones, do not carry
any parameters.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27190)
yexiaochuan [Sat, 31 May 2025 09:47:58 +0000 (17:47 +0800)]
fix: add parsing check in TLS compress_certificate extension handler
The tls_parse_compress_certificate function was missing validation
for trailing bytes after parsing the algorithm list, violating
RFC8446 section 4.2 which requires sending a decode_error alert
for unparseable messages.
This commit adds a check for remaining bytes in the packet after
the while loop and sends SSL_AD_DECODE_ERROR if any trailing
bytes are found.
Fixes #27717
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27733)
crypto/evp/ctrl_params_translate.c: prevent clashes of generic names NONE, GET, SET
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27773)
Pauli [Thu, 5 Jun 2025 03:28:37 +0000 (13:28 +1000)]
rand: add argument error checking to EVP_RAND_nonce()
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Thu, 5 Jun 2025 02:02:52 +0000 (12:02 +1000)]
rand: document the EVP_RAND_nonce() return correctly
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Wed, 4 Jun 2025 23:50:59 +0000 (09:50 +1000)]
rand: produce correct return from EVP_RAND_nonce
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Wed, 4 Jun 2025 23:50:34 +0000 (09:50 +1000)]
rand: fix memory overrun bug
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Wed, 4 Jun 2025 23:50:20 +0000 (09:50 +1000)]
rand: add unit test exhibiting memory overrun
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Neil Horman [Thu, 5 Jun 2025 12:54:56 +0000 (08:54 -0400)]
Add a test to confirm that we can repeatedly create and destroy keys
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27775)
Neil Horman [Thu, 5 Jun 2025 12:25:52 +0000 (08:25 -0400)]
Allow for reuse of thread_local keys in threads_none
If openssl is configured with no-threads, the implementation has a hard
limit of 256 LIB_CTX values, as each LIB_CTX allocates a thread local
key, and we never reuse them (like libc does when using
pthread_key_create/destroy.
Improve the situation by allowing for marking freed keys as unsued and
searching for an available key when allocating
Fixes #27757
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27775)
Yaroslav Lelkin [Thu, 5 Jun 2025 05:50:43 +0000 (10:50 +0500)]
Fix NIST ACVP server URLs in SLH-DSA test files
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27770)
Neil Horman [Wed, 4 Jun 2025 19:48:45 +0000 (15:48 -0400)]
Remove _strlen31
This function is old and fairly broken. Code archeology in our git tree
hasn't revealed why it was creted (though it may have possibly been to
support older win32 systems that couldn't do 64 bit integers properly,
like windows 95/98).
There seems to be no good reason to keep it around, and given that it
has potentially serious side effects, lets just remove it.
Fixes #27761
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27763)
Neil Horman [Fri, 6 Jun 2025 00:57:35 +0000 (20:57 -0400)]
Fix use of IO::Socket::IP on windows 2025
Apparently IO::Socket::IP has several odd behaviors on windows 2025,
notably indicating that AF_INET6 isn't a supported family when it
clearly is.
Follow the pattern in determinig the haveIPV6 variable in Proxy.pm, and
record if we determine IPv6 availablity with the IP class or the INET6
class and use the same method when testing port binding
Fixes project/#1213
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27780)
Neil Horman [Tue, 3 Jun 2025 20:02:15 +0000 (16:02 -0400)]
Test randomly selected client port for availabilty in sslrecords test
Encountered this error in a pr today:
https://github.com/openssl/openssl/actions/runs/15418713146/job/43387767612
===
Proxy started on port [::1]:56662
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:59189
Server responds on [::1]:59189
Engine "ossltest" set. C0774F02907F0000:error:80000062:system library:BIO_bind:Address already in use:crypto/bio/bio_sock2.c:240:calling bind() C0774F02907F0000:error:10000075:BIO routines:BIO_bind:unable to bind socket:crypto/bio/bio_sock2.c:242:
connect:errno=98
===
Its occuring because we randomly select a port to use for our client
connection in the sslrecords test. Thats usually fine, but sometimes,
we get unlucky and pick a port thats already in use. This presents as
random failures in our CI on this test.
So lets try harden ourselves against it. When creating the client
connection, test the randomly selected port by trying to bind to it via
a call to IO::Socket::IP->new(). If that fails, try a different port
number, until we get one that works. If it works, use that port in the
assignment for the clients local port value.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27752)
Viktor Dukhovni [Sun, 1 Jun 2025 02:47:15 +0000 (12:47 +1000)]
Split arguments taking quotes into account
CA.pl supports interpolating multiple arguments into the executed
commands. Previously these were evaluated by a shell, which supported
quoting of values that contain whitespace, backslashes, ...
With a shell no longer used (avoid command injection), backwards
compatibility requires some similar functionality. The code now handles
double and single-quoted strings (shell-style word splitting), but not
parameter expansion ($foo remains unexpanded) or command substitution
(`cmd` and $(cmd) remain unexpanded).
On Windows system(@LIST) does not correctly preserve argv, do our
own quoting instead and use system(<$quoted_cmd>).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27432)
Viktor Dukhovni [Fri, 18 Apr 2025 04:18:09 +0000 (14:18 +1000)]
Avoid shell commandline processing in CA.pl
The CA.pl script used to build single-string string commandlines to pass
to a shell via `system(command_string)`. That was fragile and not a best
practice.
This PR replaces `system(command_string)` with `system { executable } @argv`,
which avoids the shell whenever possible (at least Unix-like systems and
Windows). The only question mark is whether some sort of quoting is
needed for VMS to preserve the case of commandline arguments even when
processes are spawned directly, rather than via the shell.
Unfortunately, given the way that some environment variables and
command-line options are used to construct the commands to run,
the result is still brittle. The CA.pl utility really should
be replaced with something better.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27432)
Matt Caswell [Mon, 2 Jun 2025 14:45:06 +0000 (15:45 +0100)]
Add a CHANGES.md entry regarding no_renegotiation alert
Highight the bug being fixed for DTLS users
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Clarify what happens in the event that a no_renegotiation alert is
received.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Matt Caswell [Fri, 9 May 2025 09:28:16 +0000 (10:28 +0100)]
Test that a no_renegotiation alert is handled correctly
If we receive a no_renegotiation alert we should abort the connection. We
add a test for this.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Matt Caswell [Fri, 9 May 2025 08:58:15 +0000 (09:58 +0100)]
Fix DTLS handling when receiving a no_renegotiation alert
no_renegotiation is a warning alert sent from the server when it is not
prepared to accept a renegotiation attempt. In TLS we abort the connection
when we receive one of these - which is a reasonable response. However,
in DTLS we incorrectly ignore this and keep trying to renegotiate.
We bring the DTLS handling of a no_renegotiation alert into line with
how TLS handles this. In versions prior to 3.2 handling of a warning
alert in DTLS was mishandled resulting in a failure of the connection,
which ends up being the right thing to do "by accident" in the case of
"no_renegotiation". From 3.2 this mishandling was fixed, but exposed this
latent bug.
Fixes #27419
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Dmitry Misharov [Tue, 3 Jun 2025 11:04:57 +0000 (13:04 +0200)]
ci: remove windows-2019 runner images
According to https://github.com/actions/runner-images/issues/12045
The Windows 2019 Actions runner image will begin deprecation on
2025-06-01 and will be fully unsupported by 2025-06-30. Jobs using
the windows-2019 YAML workflow label should be updated to
windows-2022, windows-2025 or windows-latest.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27749)
Matt Caswell [Thu, 29 May 2025 11:52:35 +0000 (12:52 +0100)]
Ensure client read app data secret change occurs after write for QUIC
We don't want read secrets to be issue before write for QUIC, because
we want to avoid the situation where we want to ack something we've read
but we don't have the write secret yet.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
Matt Caswell [Thu, 29 May 2025 11:31:33 +0000 (12:31 +0100)]
Implement explicit storing of the server_finished_hash
tls13_change_cipher_state was storing the server_finished_hash as a
side effect of its operation. This decision is better made by the state
machine which actually knows what state we are in.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
Matt Caswell [Thu, 29 May 2025 11:16:14 +0000 (12:16 +0100)]
Ensure client read handshake secret change occurs after write for QUIC
We don't want read secrets to be issue before write for QUIC, because
we want to avoid the situation where we want to ack something we've read
but we don't have the write secret yet.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
Matt Caswell [Thu, 29 May 2025 10:59:25 +0000 (11:59 +0100)]
Implement explicit storing of the handshake_traffic_hash
tls13_change_cipher_state was storing the handshake_traffic_hash as a
side effect of its operation. This decision is better made by the state
machine which actually knows what state we are in.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
sashan [Tue, 20 May 2025 01:22:24 +0000 (03:22 +0200)]
- drop s/-ansi/-std=c99
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27659)
initial implementation of http/1.0 server to benchmark OpenSSL QUIC
stack. The server currently replies with HTTP 200 OK only. It provides
text/plain response body.
It only accepts GET request with any URI. Any other requests will
make server to drop stream/connection.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27508)
Daniel Frink [Thu, 29 May 2025 00:23:39 +0000 (19:23 -0500)]
Add generated cipher implementation files to gitignore
A commit was merged recently which change ciphercommon.c and
cipher_chacha20_poly1305.c to be generated files. The corresponding
.c files were not added to the gitignore, so this commit adds them
to avoid them being erroneously tracked in the future.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27715)
Cleanup - this constant and functions are no longer in use
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27716)
Norbert Pocs [Wed, 28 May 2025 20:12:06 +0000 (22:12 +0200)]
sslapitest: Add failing test for quic double free
The double free happened on the EVP_MD object, when we used external
quic implementation. This test makes the yield secret callback fail, to
make the kdfdigest free path happen.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27713)
Norbert Pocs [Wed, 28 May 2025 14:28:54 +0000 (16:28 +0200)]
quic_tls.c: Precede double free on EVP_MD variable
When external quic implementation is used, the variable is not used and
double free happens whe the yield_secret_cb fails.
Resolves: #27504
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27713)
Richard Levitte [Thu, 9 Nov 2023 09:42:25 +0000 (10:42 +0100)]
[design] Functions for explicitly fetched signature algorithms
This design goes into more details what was outlined in the design for
[fetching composite (PKEY) algorithms and using them].
It also changes what functionality will be used for this. The design for
signature was originally to add modified initializers for DigestSign and
DigestVerify, but recent OTC discussions redirected us to have a closer look
at EVP_PKEY_sign() and EVP_PKEY_verify().
[fetching composite (PKEY) algorithms and using them]:
./fetching-composite-algorithms.md
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22672)
projects / thirdparty / openssl.git / log
