mirror of
https://github.com/openssl/openssl.git
synced 2025-12-20 01:22:19 +08:00
master
179 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bob Beck
|
2fab90bb5e |
4.0-POST-CLANG-FORMAT-WEBKIT
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> (Merged from https://github.com/openssl/openssl/pull/29242) |
||
Norbert Pocs
|
b792cf3cb3 |
Remove ssl_evp_md_fetch()
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/29305) |
||
|
Norbert Pocs
|
b2ff25627a |
Refactor ssl_evp_cipher_fetch()
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/29305) |
||
|
Norbert Pocs
|
7a8075206b |
ssl/: Remove ENGINEs
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> (Merged from https://github.com/openssl/openssl/pull/29305) |
||
martin
|
c5c8b44f0f |
Fixed non-compliant handling of missing stapled OCSP responses
Some checks failed
GitHub CI / check_update (push) Has been cancelled
GitHub CI / check_docs (push) Has been cancelled
GitHub CI / check-c99 (push) Has been cancelled
GitHub CI / basic_gcc (push) Has been cancelled
GitHub CI / basic_clang (push) Has been cancelled
GitHub CI / linux-arm64 (push) Has been cancelled
GitHub CI / linux-x86 (push) Has been cancelled
GitHub CI / freebsd-x86_64 (push) Has been cancelled
GitHub CI / minimal (push) Has been cancelled
GitHub CI / no-deprecated (push) Has been cancelled
GitHub CI / no-shared-ubuntu (push) Has been cancelled
GitHub CI / no-shared-macos (push) Has been cancelled
GitHub CI / non-caching (push) Has been cancelled
GitHub CI / address_ub_sanitizer (push) Has been cancelled
GitHub CI / fuzz_tests (push) Has been cancelled
GitHub CI / memory_sanitizer (push) Has been cancelled
GitHub CI / threads_sanitizer (push) Has been cancelled
GitHub CI / enable_non-default_options (push) Has been cancelled
GitHub CI / full_featured (push) Has been cancelled
GitHub CI / no-legacy (push) Has been cancelled
GitHub CI / legacy (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (push) Has been cancelled
GitHub CI / external-tests-misc (push) Has been cancelled
GitHub CI / external-tests-oqs-provider (push) Has been cancelled
GitHub CI / external-tests-pkcs11-provider (push) Has been cancelled
GitHub CI / external-tests-pyca (3.9) (push) Has been cancelled
Compiler Zoo CI / gcc (gcc-10) (push) Has been cancelled
Compiler Zoo CI / gcc (gcc-11) (push) Has been cancelled
Compiler Zoo CI / gcc (gcc-12) (push) Has been cancelled
Compiler Zoo CI / gcc (gcc-13) (push) Has been cancelled
Compiler Zoo CI / gcc (gcc-14) (push) Has been cancelled
Compiler Zoo CI / gcc (gcc-9) (push) Has been cancelled
Compiler Zoo CI / clang (clang-11) (push) Has been cancelled
Compiler Zoo CI / clang (clang-12) (push) Has been cancelled
Compiler Zoo CI / clang (clang-13) (push) Has been cancelled
Compiler Zoo CI / clang (clang-14) (push) Has been cancelled
Compiler Zoo CI / clang (clang-15) (push) Has been cancelled
Compiler Zoo CI / clang (clang-16) (push) Has been cancelled
Compiler Zoo CI / clang (clang-17) (push) Has been cancelled
Compiler Zoo CI / clang (clang-18) (push) Has been cancelled
Compiler Zoo CI / clang (clang-19) (push) Has been cancelled
Compiler Zoo CI / clang (clang-20) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=al… (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Has been cancelled
Perl-minimal-checker CI / perl-minimal-checker (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_inlineasm opensslcapsname:riscvcap qemucpu:rv64,zbb=true,zbkb=true,zknh=true,zksh=true target:-march=rv64gc_zbb_zbkb_zknh_zksh linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zbb opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zbb=true,zvbb=false,zvkb=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zvkb_zvbc opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zvbb=true,zvbc=true,zvkg=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zvkg opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zvkg=true,zvbb=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zvkned opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zvkned=true,zvbb=false,zvkb=false,zvkg=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zba_zbb_zbc_zbs_zbkb_zbkc_zbkx_zknd_zkne_zknh_zksed_zksh_zkr_zkt_v_zvbb_zvbc_zvkb_zvkg_zvkned_zvknha_zvknhb_zvksed_zvksh opensslcapsname:riscvca… (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zbb_zbc_zbkb_zknd_zkne opensslcapsname:riscvcap qemucpu:rv64,zbb=true,zbc=true,zbkb=true,zknd=true,zkne=true target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zbc opensslcapsname:riscvcap qemucpu:rv64,zbc=true,zbb=false,zbkb=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zbc_zbb opensslcapsname:riscvcap qemucpu:rv64,zbc=true,zbb=true,zbkb=false target:linux64-riscv64]) (push) Has been cancelled
Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelled
Run-checker CI / run-checker (no-cmp) (push) Has been cancelled
Run-checker CI / run-checker (no-cms) (push) Has been cancelled
Run-checker CI / run-checker (no-default-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-dgram) (push) Has been cancelled
Run-checker CI / run-checker (no-dh) (push) Has been cancelled
Run-checker CI / run-checker (no-dtls) (push) Has been cancelled
Run-checker CI / run-checker (no-ec) (push) Has been cancelled
Run-checker CI / run-checker (no-ecx) (push) Has been cancelled
Run-checker CI / run-checker (no-http) (push) Has been cancelled
Run-checker CI / run-checker (no-legacy) (push) Has been cancelled
Run-checker CI / run-checker (no-ml-dsa) (push) Has been cancelled
Run-checker CI / run-checker (no-ml-kem) (push) Has been cancelled
Run-checker CI / run-checker (no-quic) (push) Has been cancelled
Run-checker CI / run-checker (no-sm2) (push) Has been cancelled
Run-checker CI / run-checker (no-sock) (push) Has been cancelled
Run-checker CI / run-checker (no-stdio) (push) Has been cancelled
Run-checker CI / run-checker (no-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-threads) (push) Has been cancelled
Run-checker CI / run-checker (no-tls) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelled
Run-checker CI / run-checker (no-ui) (push) Has been cancelled
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-pie) (push) Has been cancelled
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelled
Run-checker merge / run-checker (no-dso) (push) Has been cancelled
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelled
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Has been cancelled
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelled
Run-checker merge / run-checker (no-err) (push) Has been cancelled
Run-checker merge / run-checker (no-filenames) (push) Has been cancelled
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (no-module) (push) Has been cancelled
Run-checker merge / run-checker (no-ocsp) (push) Has been cancelled
Run-checker merge / run-checker (no-pinshared) (push) Has been cancelled
Run-checker merge / run-checker (no-srp) (push) Has been cancelled
Run-checker merge / run-checker (no-srtp) (push) Has been cancelled
Run-checker merge / run-checker (no-ts) (push) Has been cancelled
Run-checker merge / jitter (push) Has been cancelled
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelled
Windows GitHub CI / shared (map[arch:amd64 config:enable-lms enable-fips no-thread-pool no-quic os:windows-2025 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:amd64 config:enable-lms enable-fips os:windows-2022 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:x86 config:--strict-warnings no-fips enable-lms os:windows-2022 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars32.bat]) (push) Has been cancelled
Windows GitHub CI / plain (push) Has been cancelled
Windows GitHub CI / minimal (push) Has been cancelled
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Has been cancelled
Windows Compression GitHub CI / zstd (push) Has been cancelled
Windows Compression GitHub CI / brotli (push) Has been cancelled
If the OCSP response was not present for a certificate the server
created a non-conforming empty CertificateStatus extension
instead of not sending the extension at all.
Fixes #28902
Fixes
|
||
Richard Levitte
|
96459b12aa |
Rename SSL_CERT_LOOKUP.nid to pkey_nid
Hopefully, this will help further clarify the intent of this SSL_CERT_LOOKUP field to future developer. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/29027) |
||
|
martin
|
b1b4b154fd |
Add support for TLS 1.3 OCSP multi-stapling for server certs
Co-authored-by: Michael Krueger Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20945) |
||
Michael Baentsch
|
51ce5499f9 |
Introduce SSL_OP_SERVER_PREFERENCE to replace SSL_OP_CIPHER_SERVER_PREFERENCE misnomer
Some checks failed
GitHub CI / check_update (push) Has been cancelled
GitHub CI / check_docs (push) Has been cancelled
GitHub CI / check-c99 (push) Has been cancelled
GitHub CI / basic_gcc (push) Has been cancelled
GitHub CI / basic_clang (push) Has been cancelled
GitHub CI / linux-arm64 (push) Has been cancelled
GitHub CI / freebsd-x86_64 (push) Has been cancelled
GitHub CI / minimal (push) Has been cancelled
GitHub CI / no-deprecated (push) Has been cancelled
GitHub CI / no-shared-ubuntu (push) Has been cancelled
GitHub CI / no-shared-macos (macos-13) (push) Has been cancelled
GitHub CI / no-shared-macos (macos-14) (push) Has been cancelled
GitHub CI / non-caching (push) Has been cancelled
GitHub CI / address_ub_sanitizer (push) Has been cancelled
GitHub CI / fuzz_tests (push) Has been cancelled
GitHub CI / memory_sanitizer (push) Has been cancelled
GitHub CI / threads_sanitizer (push) Has been cancelled
GitHub CI / enable_non-default_options (push) Has been cancelled
GitHub CI / full_featured (push) Has been cancelled
GitHub CI / no-legacy (push) Has been cancelled
GitHub CI / legacy (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Has been cancelled
GitHub CI / external-tests-misc (push) Has been cancelled
GitHub CI / external-tests-oqs-provider (push) Has been cancelled
GitHub CI / external-tests-pkcs11-provider (push) Has been cancelled
GitHub CI / external-tests-pyca (3.9) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Has been cancelled
CIFuzz / Fuzzing (push) Has been cancelled
Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelled
Run-checker CI / run-checker (no-cmp) (push) Has been cancelled
Run-checker CI / run-checker (no-cms) (push) Has been cancelled
Run-checker CI / run-checker (no-default-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-dgram) (push) Has been cancelled
Run-checker CI / run-checker (no-dh) (push) Has been cancelled
Run-checker CI / run-checker (no-dtls) (push) Has been cancelled
Run-checker CI / run-checker (no-ec) (push) Has been cancelled
Run-checker CI / run-checker (no-ecx) (push) Has been cancelled
Run-checker CI / run-checker (no-http) (push) Has been cancelled
Run-checker CI / run-checker (no-legacy) (push) Has been cancelled
Run-checker CI / run-checker (no-ml-dsa) (push) Has been cancelled
Run-checker CI / run-checker (no-ml-kem) (push) Has been cancelled
Run-checker CI / run-checker (no-quic) (push) Has been cancelled
Run-checker CI / run-checker (no-sock) (push) Has been cancelled
Run-checker CI / run-checker (no-ssl-trace) (push) Has been cancelled
Run-checker CI / run-checker (no-stdio) (push) Has been cancelled
Run-checker CI / run-checker (no-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-threads) (push) Has been cancelled
Run-checker CI / run-checker (no-tls) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelled
Run-checker CI / run-checker (no-ui) (push) Has been cancelled
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-pie) (push) Has been cancelled
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelled
Run-checker merge / run-checker (no-dso) (push) Has been cancelled
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelled
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Has been cancelled
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelled
Run-checker merge / run-checker (no-err) (push) Has been cancelled
Run-checker merge / run-checker (no-filenames) (push) Has been cancelled
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (no-module) (push) Has been cancelled
Run-checker merge / run-checker (no-ocsp) (push) Has been cancelled
Run-checker merge / run-checker (no-pinshared) (push) Has been cancelled
Run-checker merge / run-checker (no-srp) (push) Has been cancelled
Run-checker merge / run-checker (no-srtp) (push) Has been cancelled
Run-checker merge / run-checker (no-ts) (push) Has been cancelled
Run-checker merge / jitter (push) Has been cancelled
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2025]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2025]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2022]) (push) Has been cancelled
Windows GitHub CI / plain (windows-2022) (push) Has been cancelled
Windows GitHub CI / minimal (windows-2022) (push) Has been cancelled
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Has been cancelled
Windows Compression GitHub CI / zstd (push) Has been cancelled
Windows Compression GitHub CI / brotli (push) Has been cancelled
Trigger docs.openssl.org deployment / trigger (push) Has been cancelled
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27981) |
||
Sergey Kandaurov
|
403ba31a02 |
Preserve connection custom extensions in SSL_set_SSL_CTX()
The SSL_set_SSL_CTX() function is used to switch SSL contexts for the given SSL object. If contexts differ, this includes updating a cert structure with custom extensions from the new context. This however overwrites connection custom extensions previously set on top of inherited from the old context. The fix is to preserve connection custom extensions using a newly introduced flag SSL_EXT_FLAG_CONN in custom_ext_copy_conn(). Similar to custom_ext_copy(), it is a no-op if there are no custom extensions to copy. The only such consumer is ossl_quic_tls_configure() used to set the "quic_transport_parameters" extension. Before this change, context switch resulted in transport parameters not being sent due to the missing extension. Initially reported at https://github.com/nginx/nginx/issues/711 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27706) |
||
Matt Caswell
|
c7f9c4d7d1 |
Implement explicit storing of the server_finished_hash
tls13_change_cipher_state was storing the server_finished_hash as a side effect of its operation. This decision is better made by the state machine which actually knows what state we are in. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27732) |
||
|
Matt Caswell
|
4579a18cf5 |
Implement explicit storing of the handshake_traffic_hash
tls13_change_cipher_state was storing the handshake_traffic_hash as a side effect of its operation. This decision is better made by the state machine which actually knows what state we are in. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27732) |
||
Viktor Dukhovni
|
a5f98e6da5 |
Fix sigalg corner cases
- Tolerate RSA PKCS#1 *certificate* signatures when the peer sigals include RSA PSS with the same digest. Now that we're more strict about not sending sigalgs that are out of protocol range, when the client supports TLS 1.3 only, we might refuse to return an RSA PKCS#1-signed cert. - Don't send TLS 1.3 sigalgs when requesting client certs from a TLS 1.2 client. Fixes: #1144 Fixes: #25277 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27166) |
||
|
Matt Caswell
|
207cd5bb97 |
Fix the use of CCM ciphersuites with QUIC TLS API
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091) |
||
openssl-machine
|
0c679f5566 |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes |
||
|
Viktor Dukhovni
|
bcff020c36 |
Refactor sigalg handling
- The default sigalg list now puts ML-DSA-65 first, then ML-DSA-87 and then ML-DSA-44. (87 vs. 44 Subject to bikeshedding). - The mintls and maxtls versions are now taken into account for both built-in and provided algorithms. - Some algorithms have a separate TLSv1.2-specific name for future reporting via openssl-list(1). - ML-DSA aside, any new provided algorithms go at the end of the default list (backwards-compatible inclusion). - The built-in algorithms now also have min/max DTLS versions. Though the provider TLS-SIGALG capability was extended to also report the DTLS version range, the minimum supported DTLS is 1.3, which we don't yet have, so it is not yet possible to add DTLS sigalgs via a provider - The TLS 1.3 brainpool sigalgs got their correct IANA names, with the legacy names as purported TLS 1.2 alternatives, but since these are for TLS 1.3 and up those names are for matching only, the reported value will still be the 1.3 name. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26975) |
||
|
Viktor Dukhovni
|
63a70d63e2 |
Add hybrid ML-KEM based groups to default TLS groups
- send two key shares by default - trim down the list of default groups The default TLS group list setting is now: ?*X25519MLKEM768 / ?*X25519:?secp256r1 / ?X448:?secp384r1:?secp521r1 / ?ffdhe2048:?ffdhe3072 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26801) |
||
Cheng Zhang
|
1b3f27f920 |
Add the SSL_NO_EOED internal macro
The TLS EndOfEarlyData message is not applicable in some scenarios (e.g., QUIC). This adds a macro to handle this message. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26552) |
||
Neil Horman
|
e732f4456a |
Remove SSL_TOKEN_STORE_HANDLE type
Replace it with SSL_TOKEN_STORE and make the structure opaque in the public api Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517) |
||
|
Neil Horman
|
b1828dc23a |
Add public api to create token cache for QUIC NEW_TOKENS
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517) |
||
|
Neil Horman
|
7502df20bc |
rename new_pending_ssl to new_pending_conn
Make it clear its only announcing connections, not streams Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26361) |
||
|
Neil Horman
|
a607146904 |
Add a callback to announce newly created ssl waiting acceptance
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26361) |
||
Hugo Landau
|
db590923c1 |
QUIC APL: Refine domain flag handling
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971) |
||
|
Hugo Landau
|
50c7796267 |
QUIC APL: Add support for configuring domain flags
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971) |
||
|
Hugo Landau
|
907759818e |
QUIC APL: Add QUIC Domain SSL Object: Basic Definitions
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971) |
||
|
Hugo Landau
|
bf55326752 |
libssl: Move SSL object unwrapping macros to separate header
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23334) |
||
|
Hugo Landau
|
e0ffd21e22 |
QUIC APL: Introduce QUIC listener SSL object type (QLSO)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23334) |
||
|
Viktor Dukhovni
|
4b1c73d2dd |
ML-KEM hybrids for TLS
- When used as KEMs in TLS the ECDHE algorithms are NOT subjected to
HPKE Extract/Expand key derivation. Instead the TLS HKDF is used
as usual.
- Consequently these KEMs are just the usual ECDHE key exchange
operations, be it with the encap ECDH private key unavoidably
ephemeral.
- A new "MLX" KEM provider is added that supports four hybrids of EC/ECX
DH with ML-KEM:
* ML-KEM-768 + X25519
* ML-KEM-1024 + X448
* P-256 + ML-KEM-768
* P-384 + ML-KEM-1024
- Support listing of implemented TLS groups.
The SSL_CTX_get0_implemented_groups() function and new
`openssl list -tls-groups` and `openssl list -all-tls-groups`
commands make it possible to determine which groups are
implemented by the SSL library for a particular TLS version
or range of versions matching an SSL_CTX.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26220)
|
||
|
Matt Caswell
|
c21e213b97 |
Enable the quic-tls API to work, even in the case of no-quic
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26683) |
||
|
Matt Caswell
|
3cf15554f2 |
Add an API for other QUIC stacks to use our TLS implementation
We provide some callbacks for third party QUIC stacks to use in order to be able to reuse the OpenSSL TLS implementation in that stack. This is essentially a thin wrapper around the same API that OpenSSL's own QUIC stack uses in order to integrate TLS. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26683) |
||
Dave Kelsey
|
d69c014608 |
Add support for multiple key shares
Some checks are pending
GitHub CI / check_update (push) Waiting to run
GitHub CI / check_docs (push) Waiting to run
GitHub CI / check-ansi (push) Waiting to run
GitHub CI / basic_gcc (push) Waiting to run
GitHub CI / basic_clang (push) Waiting to run
GitHub CI / linux-arm64 (push) Waiting to run
GitHub CI / freebsd-x86_64 (push) Waiting to run
GitHub CI / minimal (push) Waiting to run
GitHub CI / no-deprecated (push) Waiting to run
GitHub CI / no-shared-ubuntu (push) Waiting to run
GitHub CI / no-shared-macos (macos-13) (push) Waiting to run
GitHub CI / no-shared-macos (macos-14) (push) Waiting to run
GitHub CI / non-caching (push) Waiting to run
GitHub CI / address_ub_sanitizer (push) Waiting to run
GitHub CI / fuzz_tests (push) Waiting to run
GitHub CI / memory_sanitizer (push) Waiting to run
GitHub CI / threads_sanitizer (push) Waiting to run
GitHub CI / enable_non-default_options (push) Waiting to run
GitHub CI / full_featured (push) Waiting to run
GitHub CI / no-legacy (push) Waiting to run
GitHub CI / legacy (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run
GitHub CI / external-tests-misc (push) Waiting to run
GitHub CI / external-tests-providers (push) Waiting to run
GitHub CI / external-tests-pyca (3.9, 1.51.0) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-10 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-6.0 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-7 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-8 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-9 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-7 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-8 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-20.04]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu libs:libc6-dev-ppc64el-cross target:-O2 linux-ppc64le]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run
Trigger docs.openssl.org deployment / trigger (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run
CIFuzz / Fuzzing (push) Waiting to run
Run-checker CI / run-checker (enable-ssl-trace) (push) Waiting to run
Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run
Run-checker CI / run-checker (no-cmp) (push) Waiting to run
Run-checker CI / run-checker (no-cms) (push) Waiting to run
Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run
Run-checker CI / run-checker (no-dgram) (push) Waiting to run
Run-checker CI / run-checker (no-dh) (push) Waiting to run
Run-checker CI / run-checker (no-dtls) (push) Waiting to run
Run-checker CI / run-checker (no-ec) (push) Waiting to run
Run-checker CI / run-checker (no-ecx) (push) Waiting to run
Run-checker CI / run-checker (no-http) (push) Waiting to run
Run-checker CI / run-checker (no-legacy) (push) Waiting to run
Run-checker CI / run-checker (no-quic) (push) Waiting to run
Run-checker CI / run-checker (no-sock) (push) Waiting to run
Run-checker CI / run-checker (no-stdio) (push) Waiting to run
Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run
Run-checker CI / run-checker (no-threads) (push) Waiting to run
Run-checker CI / run-checker (no-tls) (push) Waiting to run
Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run
Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run
Run-checker CI / run-checker (no-ui) (push) Waiting to run
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run
Run-checker merge / run-checker (enable-pie) (push) Waiting to run
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run
Run-checker merge / run-checker (enable-zlib) (push) Waiting to run
Run-checker merge / run-checker (no-dso) (push) Waiting to run
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run
Run-checker merge / run-checker (no-err) (push) Waiting to run
Run-checker merge / run-checker (no-filenames) (push) Waiting to run
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run
Run-checker merge / run-checker (no-module) (push) Waiting to run
Run-checker merge / run-checker (no-ocsp) (push) Waiting to run
Run-checker merge / run-checker (no-pinshared) (push) Waiting to run
Run-checker merge / run-checker (no-srp) (push) Waiting to run
Run-checker merge / run-checker (no-srtp) (push) Waiting to run
Run-checker merge / run-checker (no-ts) (push) Waiting to run
Run-checker merge / jitter (push) Waiting to run
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Waiting to run
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Waiting to run
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Waiting to run
Windows GitHub CI / plain (windows-2022) (push) Waiting to run
Windows GitHub CI / minimal (windows-2019) (push) Waiting to run
Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run
Windows Compression GitHub CI / zstd (push) Waiting to run
Windows Compression GitHub CI / brotli (push) Waiting to run
This PR is the implementation of concluded discussion that occurred in a draft PR #25605. This changes were mainly authored by @martinschmatz with some contribution from myself. It addresses issue #21633 This extends the group list definition to support a more complex definition while still retaining backward compatibility with the simple form of colon separated groups. Details of the agreed format and expected behaviour can be found in #25605 and in the documentation changes. Signed-off-by: Dave Kelsey <d_kelsey@uk.ibm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26445) |
||
Andrew Dinh
|
ef39dd058b |
Change "a SSL" to "an SSL"
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25868) |
||
|
Matt Caswell
|
f88c2f2d17 |
Keep hold of a reference to the user SSL in QUIC
In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference to the original SSL object as created by the user. We should keep a reference to it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25874) |
||
|
Neil Horman
|
5b29c71aa4 |
updating comments in test recipie
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25297) |
||
|
Neil Horman
|
6f7273a9b0 |
Convert keylogging in response to comments
1) Convert failures in keylog setup to trace messages for a warning-like mechanism 2) Convert sslkeylogfile_cb to be a flag used to determine making a direct call to the internal logging function Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25297) |
||
|
Neil Horman
|
4a69a6d171 |
Add sslkeylog config option and implementation
Add a config option for sslkeylog (disabled by default) When enabled, SSL_CTX_new[_ex] becomes sensitive to the SSLKEYLOGFILE environment variable. It records keylog callback messages to the file specified in the environment variable according to the format specified in https://www.ietf.org/archive/id/draft-thomson-tls-keylogfile-00.html Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25297) |
||
Frederik Wedel-Heinen
|
2478d3b7f5 |
Cleanup of unused functions and macros in ssl_local.h
Some checks are pending
GitHub CI / check_update (push) Waiting to run
GitHub CI / check_docs (push) Waiting to run
GitHub CI / check-ansi (push) Waiting to run
GitHub CI / basic_gcc (push) Waiting to run
GitHub CI / basic_clang (push) Waiting to run
GitHub CI / self-hosted (freebsd-13.2) (push) Waiting to run
GitHub CI / self-hosted (ubuntu-arm64-22.04) (push) Waiting to run
GitHub CI / minimal (push) Waiting to run
GitHub CI / no-deprecated (push) Waiting to run
GitHub CI / no-shared-ubuntu (push) Waiting to run
GitHub CI / no-shared-macos (macos-13) (push) Waiting to run
GitHub CI / no-shared-macos (macos-14) (push) Waiting to run
GitHub CI / non-caching (push) Waiting to run
GitHub CI / address_ub_sanitizer (push) Waiting to run
GitHub CI / fuzz_tests (push) Waiting to run
GitHub CI / memory_sanitizer (push) Waiting to run
GitHub CI / threads_sanitizer (push) Waiting to run
GitHub CI / enable_non-default_options (push) Waiting to run
GitHub CI / full_featured (push) Waiting to run
GitHub CI / no-legacy (push) Waiting to run
GitHub CI / legacy (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run
GitHub CI / external-tests (push) Waiting to run
GitHub CI / external-test-pyca (3.9, 1.51.0) (push) Waiting to run
GitHub CI / external-test-cf-quiche (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-10 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-6.0 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-7 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-8 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-9 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-7 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-8 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-20.04]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu libs:libc6-dev-ppc64el-cross target:-O2 linux-ppc64le]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run
Trigger docs.openssl.org deployment / trigger (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++-clang name:AFL]) (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:clang-12 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-… (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:clang-12 config:enable-fuzz-libfuzzer enable-asan enable-ubsan install:libfuzzer-12-dev libs:--with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer linker:clang++-12 name:libFu… (push) Waiting to run
CIFuzz / Fuzzing (push) Waiting to run
Run-checker CI / run-checker (enable-ssl-trace) (push) Waiting to run
Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run
Run-checker CI / run-checker (no-cmp) (push) Waiting to run
Run-checker CI / run-checker (no-cms) (push) Waiting to run
Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run
Run-checker CI / run-checker (no-dgram) (push) Waiting to run
Run-checker CI / run-checker (no-dh) (push) Waiting to run
Run-checker CI / run-checker (no-dtls) (push) Waiting to run
Run-checker CI / run-checker (no-ec) (push) Waiting to run
Run-checker CI / run-checker (no-ecx) (push) Waiting to run
Run-checker CI / run-checker (no-http) (push) Waiting to run
Run-checker CI / run-checker (no-legacy) (push) Waiting to run
Run-checker CI / run-checker (no-quic) (push) Waiting to run
Run-checker CI / run-checker (no-sock) (push) Waiting to run
Run-checker CI / run-checker (no-stdio) (push) Waiting to run
Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run
Run-checker CI / run-checker (no-threads) (push) Waiting to run
Run-checker CI / run-checker (no-tls) (push) Waiting to run
Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run
Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run
Run-checker CI / run-checker (no-ui) (push) Waiting to run
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT) (push) Waiting to run
Run-checker merge / run-checker (enable-pie) (push) Waiting to run
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment) (push) Waiting to run
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run
Run-checker merge / run-checker (enable-zlib) (push) Waiting to run
Run-checker merge / run-checker (no-ct) (push) Waiting to run
Run-checker merge / run-checker (no-dso) (push) Waiting to run
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run
Run-checker merge / run-checker (no-ec2m) (push) Waiting to run
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run
Run-checker merge / run-checker (no-err) (push) Waiting to run
Run-checker merge / run-checker (no-filenames) (push) Waiting to run
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run
Run-checker merge / run-checker (no-module) (push) Waiting to run
Run-checker merge / run-checker (no-ocsp) (push) Waiting to run
Run-checker merge / run-checker (no-pinshared) (push) Waiting to run
Run-checker merge / run-checker (no-srp) (push) Waiting to run
Run-checker merge / run-checker (no-srtp) (push) Waiting to run
Run-checker merge / run-checker (no-ts) (push) Waiting to run
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Waiting to run
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Waiting to run
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Waiting to run
Windows GitHub CI / plain (windows-2022) (push) Waiting to run
Windows GitHub CI / minimal (windows-2019) (push) Waiting to run
Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run
Windows Compression GitHub CI / zstd (push) Waiting to run
Windows Compression GitHub CI / brotli (push) Waiting to run
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24648) |
||
FdaSilvaYY
|
2bb83824bb |
ssl: rework "e_os.h" inclusions
- Remove e_os.h include from "ssl_local.h" - Added e_os.h into the files that need it now. - Move e_os.h to be the very first include Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14344) |
||
|
Michael Baentsch
|
38a7183102 |
adds TLS signature algorithms list feature
Some checks are pending
GitHub CI / check_update (push) Waiting to run
GitHub CI / check_docs (push) Waiting to run
GitHub CI / check-ansi (push) Waiting to run
GitHub CI / basic_gcc (push) Waiting to run
GitHub CI / basic_clang (push) Waiting to run
GitHub CI / self-hosted (freebsd-13.2) (push) Waiting to run
GitHub CI / self-hosted (ubuntu-arm64-22.04) (push) Waiting to run
GitHub CI / minimal (push) Waiting to run
GitHub CI / no-deprecated (push) Waiting to run
GitHub CI / no-shared-ubuntu (push) Waiting to run
GitHub CI / no-shared-macos (macos-13) (push) Waiting to run
GitHub CI / no-shared-macos (macos-14) (push) Waiting to run
GitHub CI / non-caching (push) Waiting to run
GitHub CI / address_ub_sanitizer (push) Waiting to run
GitHub CI / fuzz_tests (push) Waiting to run
GitHub CI / memory_sanitizer (push) Waiting to run
GitHub CI / threads_sanitizer (push) Waiting to run
GitHub CI / enable_non-default_options (push) Waiting to run
GitHub CI / full_featured (push) Waiting to run
GitHub CI / no-legacy (push) Waiting to run
GitHub CI / legacy (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run
GitHub CI / external-tests (push) Waiting to run
GitHub CI / external-test-pyca (3.9, 1.51.0) (push) Waiting to run
GitHub CI / external-test-cf-quiche (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-10 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-6.0 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-7 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-8 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:clang-9 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-7 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-8 distro:ubuntu-20.04]) (push) Waiting to run
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-20.04]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu libs:libc6-dev-ppc64el-cross target:-O2 linux-ppc64le]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run
Trigger docs.openssl.org deployment / trigger (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++-clang name:AFL]) (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:clang-12 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-… (push) Waiting to run
Fuzz-checker CI / fuzz-checker (map[cc:clang-12 config:enable-fuzz-libfuzzer enable-asan enable-ubsan install:libfuzzer-12-dev libs:--with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer linker:clang++-12 name:libFu… (push) Waiting to run
CIFuzz / Fuzzing (push) Waiting to run
Run-checker CI / run-checker (enable-ssl-trace) (push) Waiting to run
Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run
Run-checker CI / run-checker (no-cmp) (push) Waiting to run
Run-checker CI / run-checker (no-cms) (push) Waiting to run
Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run
Run-checker CI / run-checker (no-dgram) (push) Waiting to run
Run-checker CI / run-checker (no-dh) (push) Waiting to run
Run-checker CI / run-checker (no-dtls) (push) Waiting to run
Run-checker CI / run-checker (no-ec) (push) Waiting to run
Run-checker CI / run-checker (no-ecx) (push) Waiting to run
Run-checker CI / run-checker (no-http) (push) Waiting to run
Run-checker CI / run-checker (no-legacy) (push) Waiting to run
Run-checker CI / run-checker (no-quic) (push) Waiting to run
Run-checker CI / run-checker (no-sock) (push) Waiting to run
Run-checker CI / run-checker (no-stdio) (push) Waiting to run
Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run
Run-checker CI / run-checker (no-threads) (push) Waiting to run
Run-checker CI / run-checker (no-tls) (push) Waiting to run
Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run
Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run
Run-checker CI / run-checker (no-ui) (push) Waiting to run
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT) (push) Waiting to run
Run-checker merge / run-checker (enable-pie) (push) Waiting to run
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment) (push) Waiting to run
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run
Run-checker merge / run-checker (enable-zlib) (push) Waiting to run
Run-checker merge / run-checker (no-ct) (push) Waiting to run
Run-checker merge / run-checker (no-dso) (push) Waiting to run
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run
Run-checker merge / run-checker (no-ec2m) (push) Waiting to run
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run
Run-checker merge / run-checker (no-err) (push) Waiting to run
Run-checker merge / run-checker (no-filenames) (push) Waiting to run
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run
Run-checker merge / run-checker (no-module) (push) Waiting to run
Run-checker merge / run-checker (no-ocsp) (push) Waiting to run
Run-checker merge / run-checker (no-pinshared) (push) Waiting to run
Run-checker merge / run-checker (no-srp) (push) Waiting to run
Run-checker merge / run-checker (no-srtp) (push) Waiting to run
Run-checker merge / run-checker (no-ts) (push) Waiting to run
Windows GitHub CI / shared (windows-2019, map[arch:win32 config:--strict-warnings no-fips]) (push) Waiting to run
Windows GitHub CI / shared (windows-2019, map[arch:win64 config:enable-fips]) (push) Waiting to run
Windows GitHub CI / shared (windows-2022, map[arch:win32 config:--strict-warnings no-fips]) (push) Waiting to run
Windows GitHub CI / shared (windows-2022, map[arch:win64 config:enable-fips]) (push) Waiting to run
Windows GitHub CI / plain (windows-2019) (push) Waiting to run
Windows GitHub CI / plain (windows-2022) (push) Waiting to run
Windows GitHub CI / minimal (windows-2019) (push) Waiting to run
Windows GitHub CI / minimal (windows-2022) (push) Waiting to run
Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run
Windows Compression GitHub CI / zstd (push) Waiting to run
Windows Compression GitHub CI / brotli (push) Waiting to run
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24821) |
||
Stephen Farrell
|
21dfb97596 |
Extend TLSv1.3 record layer padding API calls
Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages and application data messages. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24796) |
||
erbsland-dev
|
89c9c3b857 |
Extend mask of ssl_method_st to 64-bit
Fixes #23260: The bit count for `SSL_OP_*` flags has exceeded 32 bits, making it impossible to handle newer flags and protocol extensions with the existing 32-bit variables. This commit extends the `mask` field in the `ssl_method_st` structure to 64-bit, aligning them with the previously extended 64-bit `options` field. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24692) |
||
Robert Schulze
|
af82623d32 |
Incorporate more review feedback
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24673) |
||
|
Robert Schulze
|
8d934a7592 |
Incorporate review feedback
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24673) |
||
sashan
|
da9342ed5e |
Move stack of compression methods from libssl to OSSL_LIB_CTX
The compression methods are now a global variable in libssl. This change moves it into OSSL library context. It is necessary to eliminate atexit call from libssl. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24414) |
||
Rajeev Ranjan
|
b6a5e80167 |
Add support for integrity-only cipher suites for TLS v1.3
- add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC only to tls 1.3 - tls13_enc.c: extend function to add MAC only - ssl_local.h: add ssl_cipher_get_evp_md_mac() - s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS - ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it - tls13secretstest.c: add dummy test function - Configure: add integrity-only-ciphers option - document the new ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22903) |
||
|
Frederik Wedel-Heinen
|
125719ba11 |
Remove SSL_ENC_FLAG_EXPLICIT_IV which is only set and never read.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24036) |
||
Tomas Mraz
|
21819f78b0 |
Make conf_diagnostics apply also to the SSL conf errors
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24275) |
||
|
Richard Levitte
|
b646179229 |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit
|
||
Alex Bozarth
|
4169d58c85 |
Allow provider sigalgs in SignatureAlgorithms conf
Though support for provider-based signature algorithms was added in
|
||
|
Hugo Landau
|
de60b122b2 |
QLOG: Editorial fixes (QLOG is spelled 'qlog')
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22037) |
||
|
Hugo Landau
|
fb1a0bb97a |
QLOG: Wire title-setting code to QUIC_CHANNEL and SSL_CTX
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22037) |