Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
cae118f Matt Caswell07 January 2021, 13:48:10 UTCPrepare for release of 3.0 alpha 10 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>07 January 2021, 13:48:10 UTC
bd0c712 Matt Caswell07 January 2021, 13:38:50 UTCUpdate copyright year Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13800)07 January 2021, 13:38:50 UTC
e260bee Matt Caswell04 January 2021, 17:29:35 UTCOnly perform special TLS handling if TLS has been configured Skip over special TLS steps for stream ciphers if we haven't been configured for TLS. Fixes #12528 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13774)06 January 2021, 11:08:35 UTC
7c0e98a David CARLIER04 January 2021, 16:42:47 UTCMac M1 setting change proposal. Running tests takes very long with the current setting while it takes a lot shorter time with this change. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13771)06 January 2021, 10:06:32 UTC
7fd1ca7 John Baldwin21 November 2020, 01:45:48 UTCSupport session information on FreeBSD. FreeBSD's /dev/crypto does not provide a CIOCGSESSINFO ioctl, but it does provide other ioctls that can be used to provide similar functionality. First, FreeBSD's /dev/crypto defines a CIOCGESSION2 ioctl which accepts a 'struct session2_op'. This structure extends 'struct session_op' with a 'crid' member which can be used to either request an individual driver by id, or a class of drivers via flags. To determine if the available drivers for a given algorithm are accelerated or not, use CIOCGESSION2 to first attempt to create an accelerated (hardware) session. If that fails, fall back to attempting a software session. In addition, when requesting a new cipher session, use the current setting of the 'use_softdrivers' flag to determine the value assigned to 'crid' when invoking CIOCGSESSION2. Finally, use the returned 'crid' value from CIOCGSESSION2 to look up the name of the associated driver via the CIOCFINDDEV ioctl. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13468)05 January 2021, 23:16:16 UTC
b39c215 John Baldwin21 November 2020, 01:07:35 UTCUse CRIOGET to fetch a crypto descriptor when present. FreeBSD's current /dev/crypto implementation requires that consumers clone a separate file descriptor via the CRIOGET ioctl that can then be used with other ioctls such as CIOCGSESSION. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13468)05 January 2021, 23:16:16 UTC
3497cc8 bazmoz27 December 2020, 16:35:14 UTCUpdated SSL_CTX_new doc Fixes #13703 Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13741)05 January 2021, 18:09:11 UTC
b043c41 Etienne Millon04 January 2021, 10:33:55 UTC28-seclevel.cnf.in: fix typo in algo name CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13768)05 January 2021, 15:44:09 UTC
b2d1465 Etienne Millon04 January 2021, 10:28:36 UTCEVP_SIGNATURE-ED25519.pod: fix typo in algo name CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13768)05 January 2021, 15:44:09 UTC
2c61a67 Nirbheek Chauhan08 July 2020, 17:53:04 UTCwin-onecore: Build with /APPCONTAINER for UWP compat When targeting the win-onecore configuration, we must link with /APPCONTAINER which is a requirement for submitting apps to the Windows Store. Without this, the Windows App Certificate Kit will reject the app: https://docs.microsoft.com/en-us/cpp/build/reference/appcontainer-windows-store-app Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12400)04 January 2021, 12:01:55 UTC
ce11192 Nirbheek Chauhan08 July 2020, 17:40:34 UTCcrypto/win: Don't use disallowed APIs on UWP CreateFiber and ConvertThreadToFiber are not allowed in Windows Store (Universal Windows Platform) apps since they have been replaced by their Ex variants which have a new dwFlags parameter. This flag allows the fiber to do floating-point arithmetic in the fiber on x86, which would silently cause corruption otherwise since the floating-point state is not switched by default. Switch to these "new" APIs which were added in Vista. See: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfiberex#parameters Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12400)04 January 2021, 12:01:44 UTC
38b57c4 Dr. David von Oheimb01 January 2021, 19:43:46 UTCUpdate copyright years of auto-generated headers (make update) Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13764)04 January 2021, 06:15:24 UTC
ea08f8b Matt Caswell23 December 2020, 11:35:54 UTCAdd a test for the new CRYPTO_atomic_* functions Also tests the older CRYPTO_atomic_add() which was without a test Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13733)31 December 2020, 12:14:38 UTC
49fff26 Matt Caswell23 December 2020, 11:15:03 UTCAdd documentation for CRYPTO_atomic_or and CRYPTO_atomic_load Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13733)31 December 2020, 12:14:38 UTC
db6bcc8 Matt Caswell22 December 2020, 17:44:07 UTCOptimise OPENSSL_init_crypto If everything has already been initialised we can check this with a single test at the beginning of OPENSSL_init_crypto() and therefore reduce the amount of time spent in this function. Since this is called via very many codepaths this should have significant performance benefits. Partially fixes #13725 and #13578 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13733)31 December 2020, 12:14:38 UTC
d5e742d Matt Caswell22 December 2020, 17:43:07 UTCAdd some more CRYPTO_atomic functions We add an implementation for CRYPTO_atomic_or() and CRYPTO_atomic_load() Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13733)31 December 2020, 12:14:38 UTC
30af356 Matt Caswell23 December 2020, 16:30:36 UTCDon't call EVP_CIPHER_CTX_block_size() to find the block size The EVP lib was calling EVP_CIPHER_CTX_block_size(), which in turn calls EVP_CIPHER_block_size() in order to find the block_size in every EVP_EncryptUpdate() call. This adds a surprising amount of overhead when using speed to test aes-128-cbc. Since we're in the EVP lib itself, we can just directly access this value. To test performance I ran the command: openssl speed -evp aes-128-cbc -bytes 16 -seconds 30 For the before and after, I ran this twice and discarded the first result to "warm up" my machine. Before: aes-128-cbc 716949.71k After: aes-128-cbc 742807.11k This represents a performance improvement of about 4% Partially fixes #13407 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13734)30 December 2020, 08:32:14 UTC
ae03114 Matt Caswell22 December 2020, 15:16:51 UTCOptimise OPENSSL_init_crypto to not need a lock when loading config Most of the time we don't have any explicit settings when loading a config file. Therefore we optimise things so that we don't need to use a lock in that instance. Partially addresses performance issues in #13725 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13731)24 December 2020, 11:36:40 UTC
38f7931 Matt Caswell22 December 2020, 11:36:30 UTCCache Digest constants EVP_CIPHER already caches certain constants so that we don't have to query the provider every time. We do the same thing with EVP_MD constants. Without this we can get performance issues, e.g. running "speed" with small blocks of data to digest can spend a long time in EVP_MD_size(), which should be quick. Partialy fixes #13578 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13730)23 December 2020, 20:12:18 UTC
ae69da0 Matt Caswell22 December 2020, 11:54:16 UTCMove the caching of cipher constants into evp_cipher_from_dispatch Previously we cached the cipher constants in EVP_CIPHER_fetch(). However, this means we do the caching every time we call that function, even if the core has previusly fetched the cipher and cached it already. This means we can end up re-caching the constants even though they are already present. This also means we could be updating these constants from multiple threads at the same time. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13730)23 December 2020, 20:12:18 UTC
fdf05eb Dmitry Belyavskiy22 December 2020, 08:40:46 UTCFix doc-nits for list command Bug was introduced in #13669 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13728)23 December 2020, 10:15:12 UTC
128d25b Dmitry Belyavskiy21 December 2020, 13:23:17 UTCFetch provided algorithm once per benchmark Partially fixes #13578 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13721)23 December 2020, 10:10:16 UTC
c4b2c53 Ingo Schwarze04 June 2020, 22:30:00 UTCFix NULL pointer access caused by X509_ATTRIBUTE_create() When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This bug was found while working on LibreSSL documentation. Reviewed-by: Theo Buehler <tb@openbsd.org> CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12052)21 December 2020, 14:25:59 UTC
7a7ed5f jwalch15 December 2020, 20:00:11 UTCRestore v2i_AUTHORITY_INFO_ACCESS() behavior Fixes #13636 Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13683)21 December 2020, 13:38:37 UTC
3a1ee3c Richard Levitte17 December 2020, 20:37:15 UTCDrop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)20 December 2020, 11:19:42 UTC
e3577ad Richard Levitte18 December 2020, 14:39:50 UTCGitHub CI: Separate no-deprecated job from minimal job Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13706)19 December 2020, 16:02:12 UTC
6ed4022 Richard Levitte18 December 2020, 12:17:33 UTCFix 'no-deprecated' Some of the handling of no-deprecated stuff wasn't quite complete, or even plain wrong. This restores i2d_PublicKey() to be able to handle EVP_PKEYs with legacy internal keys. This also refactors the DSA key tests in test/evp_extra_test.c to use EVP functionality entirely. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13706)19 December 2020, 16:02:12 UTC
a5f2782 Petr Gotthard17 December 2020, 19:13:00 UTCFix OSSL_PARAM creation in OSSL_STORE_open_ex The params[0].data is set to a non-NULL value, but params[0].data_size is always zero. This confuses get_string_internal, which creates 1 byte string with uninitialized content. When OSSL_PARAM_construct_utf8_string is used, the data_size is set correctly. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13699)19 December 2020, 10:33:21 UTC
5faec14 Richard Levitte18 December 2020, 07:59:02 UTCTEST: Fix test/endecode_test.c for 'no-legacy' This adds an additional check that the legacy provider is available when wanting to add tests for protected PVK, since that depends on the availability of RC4. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13705)19 December 2020, 09:59:12 UTC
f3f2dd9 Richard Levitte17 December 2020, 21:01:46 UTCmake update Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/13701)17 December 2020, 21:07:57 UTC
8175476 Richard Levitte17 December 2020, 20:55:07 UTCGitHub CI: Add 'check-update' and 'check-docs' 'check-update' runs a 'make update' to check that it wasn't forgotten. 'check-docs' runs 'make doc-nits'. We have that as a separate job to make it more prominent. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/13701)17 December 2020, 21:06:38 UTC
ea78081 Pauli21 October 2020, 22:18:38 UTCdsa: add additional deprecated functions to CHANGES entry. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13638)17 December 2020, 20:09:54 UTC
52c8535 Pauli20 October 2020, 03:32:57 UTCdsa: provider and library deprecation changes Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13638)17 December 2020, 20:09:54 UTC
4742254 Pauli20 October 2020, 03:32:26 UTCdsa: apps deprecation changes Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13638)17 December 2020, 20:09:54 UTC
575b36e Pauli20 October 2020, 03:32:08 UTCdsa: fuzzer deprecation changes Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13638)17 December 2020, 20:09:54 UTC
d6fff34 Pauli20 October 2020, 03:31:43 UTCdsa: documentation deprecation changes Fixes #13121 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13638)17 December 2020, 20:09:54 UTC
b36d6a5 Dr. David von Oheimb12 November 2020, 20:27:37 UTCapps/cmp.c: Correct -keyform option range w.r.t engine Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13690)17 December 2020, 20:06:10 UTC
f6d3359 Dr. David von Oheimb16 December 2020, 12:35:27 UTCapps/cmp.c: Fix bug on -path option introduced in commit 3c9d6266ed85 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13690)17 December 2020, 20:06:10 UTC
74cd923 Richard Levitte16 December 2020, 16:01:06 UTCEVP: Fix memory leak in EVP_PKEY_CTX_dup() In most error cases, EVP_PKEY_CTX_dup() would only free the EVP_PKEY_CTX without freeing the duplicated contents. Fixes #13503 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)17 December 2020, 11:02:08 UTC
390f9ba Richard Levitte16 December 2020, 14:15:06 UTCCORE: Separate OSSL_PROVIDER activation from OSSL_PROVIDER reference This introduces a separate activation counter, and the function ossl_provider_deactivate() for provider deactivation. Something to be noted is that if the reference count goes down to zero, we don't care if the activation count is non-zero (i.e. someone forgot to call ossl_provider_deactivate()). Since there are no more references to the provider, it doesn't matter. The important thing is that deactivation doesn't remove the provider as long as there are references to it, for example because there are live methods associated with that provider, but still makes the provider unavailable to create new methods from. Fixes #13503 Fixes #12157 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)17 December 2020, 11:02:08 UTC
6963979 Richard Levitte11 December 2020, 10:01:09 UTCDECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)17 December 2020, 11:02:08 UTC
e77c13f Richard Levitte10 December 2020, 13:00:05 UTCMSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key So far, the MSBLOB and PVK writers could only handle EVP_PKEYs with legacy internal keys. Specially to be able to compile the loader_attic engine, we use the C macro OPENSSL_NO_PROVIDER_CODE to avoid building the provider specific things when we don't need them. The alternative is to suck half of crypto/evp/ into loader_attic, and that's just not feasible. Fixes #13503 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)17 December 2020, 11:02:08 UTC
054cde1 Richard Levitte10 December 2020, 17:33:16 UTCDECODER EVP_PKEY: Don't store all the EVP_KEYMGMTs OSSL_DECODER_CTX_new_by_EVP_PKEY() would keep copies of all the EVP_KEYMGMTs it finds. This turns out to be fragile in certain circumstances, so we switch to fetch the appropriate EVP_KEYMGMT when it's time to construct an EVP_PKEY from the decoded data instead. This has the added benefit that we now actually use the property query string that was given by the caller for these fetches. Fixes #13503 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)17 December 2020, 11:02:08 UTC
4159ebc Tomas Mraz16 December 2020, 08:39:31 UTCGithub CI: run also on repository pushes Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13686)17 December 2020, 10:26:22 UTC
a2e145f Richard Levitte02 December 2020, 17:30:55 UTCAdd necessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC When OpenSSL is configured with 'no-dh', 'no-dsa' and 'no-ec' combined, some static functions have no use, which the compiler may complain about. We therefore add extra guards to silence it. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)16 December 2020, 10:56:38 UTC
c2403f3 Richard Levitte02 December 2020, 17:27:03 UTCDrop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC The apps, the CMS library and the X.509 library are primarly affected. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)16 December 2020, 10:56:38 UTC
565b339 Richard Levitte01 December 2020, 18:21:04 UTCEVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled ('no-ec' not configured). However, that makes it impossible to use these functions with an engine or a provider that happens to implement EC_KEY. This change solves that problem by shuffling these functions to more appropriate places. Partially fixes #13550 squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available By consequence, there are a number of places where we can remove the check of OPENSSL_NO_EC. This requires some re-arrangements of internal tables to translate between numeric identities and names. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)16 December 2020, 10:56:38 UTC
c829c23 Richard Levitte01 December 2020, 18:11:59 UTCEVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled ('no-dsa' not configured). However, that makes it impossible to use these functions with an engine or a provider that happens to implement DH. This change solves that problem by shuffling these functions to more appropriate places. By consequence, there are a number of places where we can remove the check of OPENSSL_NO_DH. This requires some re-arrangements of internal tables to translate between numeric identities and names. Partially fixes #13550 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)16 December 2020, 10:55:39 UTC
d33ab07 Richard Levitte01 December 2020, 18:09:39 UTCEVP_PKEY & DSA: move dsa_ctrl.c to be included only on libcrypto These functions aren't used by the FIPS module, so there's no reason to include it there. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)16 December 2020, 10:54:48 UTC
0cc0164 Richard Levitte09 December 2020, 10:54:56 UTCPROV: Add MSBLOB and PVK encoders This allows 15-test_rsa.t to succeed, and provides the same OSSL_ENCODER support for these formats as for all other formats supported in OpenSSL. Fixes #13379 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13645)15 December 2020, 13:27:37 UTC
2984445 Richard Levitte09 December 2020, 10:30:10 UTCTEST: Fix test/recipes/15-test_rsa.t Perl strings should be compared with 'eq', not '=='. This only generates a perl warning, so wasn't immediately noticed. Also, remove the check of disabled 'dsa'. That never made reak sense. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13645)15 December 2020, 13:27:23 UTC
542b848 Richard Levitte09 December 2020, 10:28:35 UTCAPPS: Correct the output structure for public keys in 'openssl rsa' 'openssl rsa' would output a PKCS#1 structure when asked for a SubjectPublicKeyInfo and vice versa. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13645)15 December 2020, 13:27:23 UTC
021410e Rich Salz28 November 2020, 21:12:58 UTCCheck non-option arguments Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)15 December 2020, 10:47:17 UTC
c678f68 Pauli12 December 2020, 11:38:17 UTCtest: document the random test ordering env variable Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13672)15 December 2020, 10:03:07 UTC
a21a1c2 Pauli12 December 2020, 11:25:40 UTCtest: print OPENSSL_TEST_RAND_ORDER=x when a randomised test fails. The previous message "random seed x" is a lot less descriptive. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13672)15 December 2020, 10:03:07 UTC
2f06c34 Rich Salz11 December 2020, 19:18:46 UTCDocument OCSP_REQ_CTX_i2d. Based on comments from David von Oheimb. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13620)15 December 2020, 09:36:59 UTC
ecef17c Rich Salz05 December 2020, 15:42:18 UTCDeprecate OCSP_REQ_CTX_set1_req Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13620)15 December 2020, 09:36:59 UTC
249d559 Dmitry Belyavskiy12 December 2020, 05:23:20 UTCSkip tests depending on deprecated list -*-commands options Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)15 December 2020, 03:39:58 UTC
a08489e Dmitry Belyavskiy11 December 2020, 05:15:04 UTCDocumenting the options deprecating in CHANGES.md Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)15 December 2020, 03:39:58 UTC
8ce7579 Dmitry Belyavskiy11 December 2020, 05:13:41 UTCDocumenting the options deprecating Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)15 December 2020, 03:39:58 UTC
a61fba5 Dmitry Belyavskiy11 December 2020, 02:15:09 UTCSkip unavailable digests and ciphers in -*-commands Fixes #13594 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)15 December 2020, 03:39:58 UTC
cb75a15 Dmitry Belyavskiy11 December 2020, 00:31:30 UTCDeprecate -cipher-commands and -digest-commands options Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)15 December 2020, 03:39:58 UTC
908465b Dmitry Belyavskiy11 December 2020, 00:23:02 UTCOPENSSL_NO_GOST has nothing to do with low-level algos Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)15 December 2020, 03:39:58 UTC
52c6c12 Sebastian Andrzej Siewior05 July 2020, 18:52:39 UTCConfigurations: PowerPC is big endian Define B_ENDIAN on PowerPC because it is a big endian architecture. With this change the BN* related tests pass. Fixes: #12199 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12371)14 December 2020, 08:56:03 UTC
3dafbd4 Shane Lontis09 December 2020, 02:32:47 UTCChange AES-CTS modes CS2 and CS3 to also be inside the fips module. The initial thought was that only CS1 mode (the NIST variant) was allowed. The lab has asked if these other modes should be included. The algorithm form indicates that these are able to be validated. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13639)14 December 2020, 03:46:49 UTC
ac7750b Shane Lontis25 November 2020, 05:21:52 UTCFix Segfault in EVP_PKEY_CTX_dup when the ctx has an undefined operation. Fixes #12438 Note: This worked in 1.1.1 so just returning an error is not valid. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13505)14 December 2020, 01:30:40 UTC
c739222 Matt Caswell09 December 2020, 16:26:29 UTCFix no-threads Make OPENSSL_fork_prepare() et al always available even in a no-threads build. These functions are no-ops anyway so this shouldn't make any difference. This fixes an issue where the symbol_presence test fails in a no-threads build. This is because these functions have not been marked in libcrypto.num as being dependent on thread support. Enclosing the declarations of the functions in the header with an appropriate guard does not help because we never define OPENSSL_NO_THREADS (we define the opposite OPENSSL_THREADS). This confuses the scripts which only consider OPENSSL_NO_* guards. The simplest solution is to just make them always available. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13647)14 December 2020, 00:45:27 UTC
4694915 Ankita Shetty09 December 2020, 20:56:51 UTCopenssl.pod: Fix openSSL options doc Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13651)13 December 2020, 11:47:14 UTC
2e1bc08 Richard Levitte09 December 2020, 16:50:20 UTCRemove unnecessary guards around MSBLOB and PVK readers and writers The OPENSSL_NO_RC4 guard remain around protected PVK tests in test/endecoder_test.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13648)13 December 2020, 09:27:31 UTC
a158f8c Richard Levitte09 December 2020, 16:30:01 UTCPEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4' All these functions are usable with RSA keys, there's no reason why they should be unaccessible when DSA or RC4 are disabled. When DSA is disabled, it's not possible to use these functions for DSA EVP_PKEYs. That's fine, and supported. When RC4 is disabled, it's not possible to use these functions to write encrypted PVK output. That doesn't even depend on the definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible via EVP, something that isn't known when building libcrypto. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13648)13 December 2020, 09:27:31 UTC
e841938 Richard Levitte11 December 2020, 15:25:13 UTCBuilding: Fix the library file names for MSVC builds to include multilib In OpenSSL 1.1.1, VC-WIN64I and VC-WIN64A have a 'multilib' attribute set, which affect the names of the produced libcrypto and libssl DLLs. This restores that for OpenSSL 3.0. Fixes #13659 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13670)12 December 2020, 23:26:29 UTC
68e9125 Richard Levitte07 December 2020, 11:28:57 UTCDOCS: Improve documentation of the EVP_PKEY type This type was previously described in a note, which is hard to find unless you already know where to look. This change makes the description more prominent, and allows indexing by adding it in the NAMES section. The EVP_PKEY description is altered to conceptually allow an EVP_PKEY to contain a private key without a corresponding public key. This is related to an OTC vote: https://mta.openssl.org/pipermail/openssl-project/2020-December/002474.html The description of EVP_PKEY for MAC purposes is amended to fit. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13629)12 December 2020, 23:24:39 UTC
a791482 Pauli11 December 2020, 00:23:19 UTCparams: add integer conversion test cases. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13663)12 December 2020, 11:43:07 UTC
e9c5e64 Pauli11 December 2020, 00:21:44 UTCparams: allow more variations in integer conversions. Allow any sized integer to be converted to any other size integer via the helpers. Support for converting reals to/from integers remains restricted. Fixes: #13429 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13663)12 December 2020, 11:43:07 UTC
19ad83f Richard Levitte01 December 2020, 09:42:53 UTCDOCS: Update OSSL_DECODER_CTX_new_by_EVP_PKEY.pod to match declarations Fixes #13441 We're also starting on a glossary, doc/man7/openssl-glossary.pod, where terms we use should be explained. There's no need to explain terms as essays, but at least a few quick lines, and possibly a reference to some external documentation. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13581)11 December 2020, 17:49:42 UTC
05fa5fd Matt Caswell09 December 2020, 10:40:56 UTCFix some typos in EVP_PKEY-DH.pod A missing newline messes up how the code sample is rendered. Also a few miscellaneous typos are fixed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13643)11 December 2020, 11:10:56 UTC
730bee5 Matt Caswell02 December 2020, 13:19:52 UTCSkip cms tests using RC2 if no legacy provider Fixes #12510 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:34 UTC
abec331 Matt Caswell02 December 2020, 13:16:33 UTCDon't run a legacy specific PKCS12 test if no legacy provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:34 UTC
8891a12 Matt Caswell02 December 2020, 13:09:28 UTCDon't use the legacy provider in test_store if its not available If we don't have the legacy provider then we avoid having to use it. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:34 UTC
d5e8d26 Matt Caswell02 December 2020, 13:01:54 UTCDon't load the legacy provider in test_evp_libctx unnecessarily We don't need the legacy provider, so don't load it. This avoids problems in a no-legacy build Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:22 UTC
f213020 Matt Caswell02 December 2020, 12:56:16 UTCDon't load the legacy provider if not available in test_enc_more If the legacy provider isn't available then we shouldn't attempt to load or use it. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:22 UTC
81959b2 Matt Caswell02 December 2020, 12:45:47 UTCSkip testing ciphers in the legacy provider if no legacy test_enc should not test ciphers that are not available due to a lack of the legacy provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:22 UTC
39e3dae Matt Caswell02 December 2020, 12:28:31 UTCDon't load the legacy provider in endecoder_legacy_test In spite of the name the endecoder_legacy_test does not need the legacy provider. Therefore we avoid loading it so that no-legacy builds still run the test successfully. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:22 UTC
49da54b Matt Caswell02 December 2020, 12:23:37 UTCDon't use legacy provider if not available in test_ssl_old If we've been configured with no-legacy then we should not attempt to load the legacy provider. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:22 UTC
5ae54db Matt Caswell02 December 2020, 12:03:31 UTCFix sslapitest.c if built with no-legacy We skip a test that uses the no-legacy option. Unfortuantely there is no OPENSSL_NO_LEGACY to test, so we just check whether we were successful in loading the legacy provider - and if not we skip the test. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:22 UTC
3a43b30 Matt Caswell02 December 2020, 11:56:31 UTCSkip evp_test cases where we need the legacy prov and its not available Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13595)11 December 2020, 10:56:22 UTC
a67c701 Matt Caswell03 December 2020, 15:23:00 UTCDon't use no-asm in the Github CIs no-asm has proven to be too slow, therefore we don't use it in the Github CI builds and instead rely on it being covered by run-checker. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13607)11 December 2020, 10:54:40 UTC
acd3e54 Shane Lontis23 November 2020, 04:55:48 UTCAdd fips self tests for all included kdf Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13480)11 December 2020, 00:59:32 UTC
f059155 Shane Lontis20 November 2020, 09:14:14 UTCAdd validate method to ECX keymanager Fixes #11619 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13459)11 December 2020, 00:53:19 UTC
1a683b8 Dr. David von Oheimb07 December 2020, 18:37:46 UTCapps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances This includes a general correction in the code (now using the X509V3_CTX_REPLACE flag) and adding a prominent clarification in the documentation: If multiple entries are processed for the same extension name, later entries override earlier ones with the same name. This is due to an RFC 5280 requirement - the intro of its section 4.2 says: A certificate MUST NOT include more than one instance of a particular extension. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
98ba251 Dr. David von Oheimb07 December 2020, 17:25:10 UTCopenssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
8ca661a Dr. David von Oheimb07 December 2020, 16:45:09 UTCv2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
f902716 Dr. David von Oheimb07 December 2020, 12:28:39 UTCX509V3_EXT_add_nconf_sk(): Improve description and use of 'sk' arg, which may be NULL Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
374f72c Dr. David von Oheimb07 December 2020, 12:25:34 UTCopenssl-ca.pod.in: Clarify the -extensions/-crlexts options vs. x509_extensions/crl_extensions Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
9c3a52f Dr. David von Oheimb04 December 2020, 11:42:24 UTCapps/x509.c: Factor out common aspects of X509 signing Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
6c9515b Dr. David von Oheimb04 December 2020, 10:09:29 UTCapps/{req,x509,ca}.c: Cleanup: move shared X509{,_REQ,_CRL} code to apps/lib/apps.c Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
d858e74 Dr. David von Oheimb04 December 2020, 10:01:08 UTCapps/{req,x509,ca}.c: Clean up code setting X.509 cert version v3 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
e9701a0 Dr. David von Oheimb04 December 2020, 08:26:25 UTCx509v3_config.pod: Clarify semantics of subjectKeyIdentifier and authorityKeyIdentifier Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
7c051ec Dr. David von Oheimb03 December 2020, 16:09:20 UTCapps/req.c: Improve diagnostics on multiple/overriding X.509 extensions defined via -reqext option Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)10 December 2020, 14:19:55 UTC
bca7ad6 Dr. David von Oheimb26 September 2020, 13:21:48 UTCUse adapted test_get_libctx() for simpler test setup and better error reporting Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13001)10 December 2020, 10:01:26 UTC
back to top