Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
036f8e7 Matt Caswell20 May 2021, 13:30:20 UTCPrepare for release of 3.0 alpha 17 Reviewed-by: Richard Levitte <levitte@openssl.org>20 May 2021, 13:30:20 UTC
a6b76eb Matt Caswell20 May 2021, 13:30:19 UTCmake update Reviewed-by: Richard Levitte <levitte@openssl.org>20 May 2021, 13:30:19 UTC
0789c7d Matt Caswell20 May 2021, 13:22:33 UTCUpdate copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)20 May 2021, 13:22:33 UTC
f33c04b Richard Levitte15 May 2021, 05:45:31 UTCEVP: Modify EVP_PKEY_export() to handle legacy EVP_PKEYs We use a fake EVP_KEYMGMT import function with the newly modified EVP_PKEY_ASN1_METHOD export_to function to pass the exported OSSL_PARAM array directly to the EVP_PKEY_export() callback instead of exporting to an actual provided key and then getting the OSSL_PARAM array from there, just to throw away that key again. Fixes #15290 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)20 May 2021, 11:57:36 UTC
bed7437 Richard Levitte15 May 2021, 05:43:06 UTCModify EVP_PKEY_ASN1_METHOD's export_to function to take an importer We previously took an EVP_KEYMGMT pointer, but now found it necessary to use a different import function in some cases. Since that's the only thing we use from EVP_KEYMGMT, we might as well pass the import function directly, allowing for some flexibility in how export_to is used. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)20 May 2021, 11:57:22 UTC
0e5a4da Richard Levitte15 May 2021, 06:14:49 UTCtest/evp_extra_test2.c: Try EVP_PKEY_export() with a legacy RSA key Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)20 May 2021, 11:57:22 UTC
d5e0823 Matt Caswell20 May 2021, 09:47:47 UTCRefer to the migration guide rather than the wiki in our announcements We now have a migration guide which should be the definitive source of information for upgrading from a previous version of OpenSSL. Fixes #15186 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15373)20 May 2021, 10:58:29 UTC
9e7a641 Matt Caswell17 May 2021, 16:40:56 UTCCreate symlinks when installing man pages In 1.1.1 when installing the man pages we created symlinks to the base page for all functions described on the page. We need to continue doing this. Fixes #14846 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15312)20 May 2021, 09:28:06 UTC
e0113b7 Pauli18 May 2021, 08:45:31 UTCapp: add a -store_loaders option to list. Fixes #15307 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15323)20 May 2021, 08:57:44 UTC
4edb29b Richard Levitte19 May 2021, 04:07:30 UTCComplete 'no-sock' guards in apps/ocsp.c Modern compilers complain about variable being set but otherwise not used. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15339)20 May 2021, 08:51:52 UTC
b195677 Matt Caswell12 May 2021, 08:44:20 UTCUpdate documentation for global properties mirroring Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)20 May 2021, 08:35:41 UTC
b1c053a Matt Caswell11 May 2021, 15:50:27 UTCEnsure mirroring of properties works for subsequent updates If the global properties are updated after a provider with a child libctx has already started we need to make sure those updates are mirrored in that child. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)20 May 2021, 08:35:41 UTC
366bf9a Matt Caswell11 May 2021, 15:49:45 UTCDocumentation updates for mirroring of global properties Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)20 May 2021, 08:35:41 UTC
18cb5c3 Matt Caswell11 May 2021, 10:44:43 UTCTest that properties are mirrored as we expect Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)20 May 2021, 08:32:42 UTC
447588b Matt Caswell07 May 2021, 16:59:47 UTCAdd a callback for providers to know about global properties changes Where a child libctx is in use it needs to know what the current global properties are. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)20 May 2021, 08:32:40 UTC
ad8570a Matt Caswell07 May 2021, 16:13:05 UTCAdd a test for converting a property list to a string Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)20 May 2021, 08:29:30 UTC
e2ed740 Matt Caswell07 May 2021, 15:42:53 UTCImplement the ability to convert a PROPERTY_LIST to a string We have the ability to parse a string into a PROPERTY_LIST already. Now we have the ability to go the other way. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)20 May 2021, 08:28:38 UTC
87e4e9c Pauli18 May 2021, 10:27:35 UTCtodo: remove TODO(3.0) from the sources. Almost all were notes about wanting to deprecate CTRLs/utility functions. Fixes #15325 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15328)20 May 2021, 08:00:22 UTC
0050db7 Shane Lontis17 May 2021, 08:21:19 UTCTest d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully. This confirms that another merge has addressed this issue. Fixes #14996 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15303)20 May 2021, 07:52:57 UTC
e3884ec Pauli20 May 2021, 03:51:59 UTCRevert "ARM assembly pack: translate bit-sliced AES implementation to AArch64" This reverts commit da51566b256e0c0536d5b986e676863b0526bf5e. Fixes #15321 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15364)20 May 2021, 07:51:30 UTC
b7140b0 Shane Lontis28 March 2021, 07:22:40 UTCAdd migration guide for 3.0 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710)20 May 2021, 07:44:08 UTC
6e49531 Benjamin Kaduk09 April 2021, 01:41:46 UTCUpdate SSL_new_session_ticket() manual for triggered send Document the recently added functionality. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)19 May 2021, 21:56:08 UTC
a0bbcb4 Benjamin Kaduk09 April 2021, 00:09:18 UTCTest new SSL_new_session_ticket() functionality Now that we can become "in init" directly after the call, test the various scenarios where explicit SSL_do_handshake() calls can come into play. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)19 May 2021, 21:56:08 UTC
7c73fef Benjamin Kaduk02 April 2021, 17:04:24 UTCLet SSL_new_session_ticket() enter init immediately The initial implementation always deferred the generation of the requested ticket(s) until the next application write, but this is not a great fit for what it actually does, architecturally wise. A request to send a session ticket means entering back into the handshake state machine (or "in init", as it's known in the implementation). The state machine transition is not something that only occurs at an application-data write, and in general could occur at any time. The only constraint is that we can't enter "init" while in the middle of writing application data. In such cases we will need to wait until the next TLS record boundary to enter the state machine, as is currently done. However, there is no reason why we cannot enter the handshake state machine immediately in SSL_new_session_ticket() if there are no application writes pending. Doing so provides a cleaner API surface to the application, as then calling SSL_do_handshake() suffices to drive the actual ticket generation. In the previous state of affairs a dummy zero-length SSL_write() would be needed to trigger the ticket generation, which is a logical mismatch in the type of operation being performed. This commit should only change whether SSL_do_handshake() vs zero-length SSL_write() is needed to immediately generate a ticket after the SSL_new_session_ticket() call -- the default behavior is still to defer the actual write until there is other application data to write, unless the application requests otherwise. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)19 May 2021, 21:56:08 UTC
e34e91d Dr. David von Oheimb04 March 2021, 20:18:45 UTCdanetest.c: Improve code formatting Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)19 May 2021, 18:15:26 UTC
d6bf19a Dr. David von Oheimb04 March 2021, 20:18:09 UTCX509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)19 May 2021, 18:15:26 UTC
558f2a0 Dr. David von Oheimb04 March 2021, 20:17:31 UTCX509 build_chain(): Fix two potential memory leaks on issuer variable This also removes an inadequate guard: if (num == ctx->num_untrusted) Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)19 May 2021, 18:15:26 UTC
fc48b5c Dr. David von Oheimb04 March 2021, 16:35:46 UTCX509 build_chain(): Make the variable 'curr' local to the loop body This increases readability and maintainability. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)19 May 2021, 18:14:55 UTC
e2abc68 Dr. David von Oheimb04 March 2021, 09:59:18 UTCX509 build_chain(): Rename variable 'depth' to 'max_depth' This should increase readability and maintainability. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)19 May 2021, 18:14:55 UTC
aaa584c Dr. David von Oheimb04 March 2021, 09:56:27 UTCX509 build_chain(): Restrict scope of 'self_signed' variable This should increase readability and maintainability. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)19 May 2021, 18:14:55 UTC
da750b1 Richard Levitte18 May 2021, 16:22:57 UTCMake apps/progs.pl not look at apps/progs.c apps/progs.pl will have apps/progs.c as output, and on some systems, the output file of a program is locked against reading. Unfortunately, apps/progs.c is also part of the sources that make up apps/openssl, so it's necessary to mark that file in a way that makes progs.pl skip over it. Fortunately, this is easily done with a special attribute in apps/build.info and a simple adaptation of apps/progs.pl. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15332)19 May 2021, 17:04:06 UTC
dd05c79 Richard Levitte18 May 2021, 16:21:51 UTCbuild.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15332)19 May 2021, 17:03:16 UTC
b41ebb9 Tomas Mraz18 May 2021, 13:23:04 UTCspeed: Document the deficiencies of the command Fixes #7032 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15330)19 May 2021, 14:03:28 UTC
cf6cba9 Dr. David von Oheimb19 May 2021, 13:03:15 UTC80-test_cms.t: Disable new tests for binary input in Windows This is a quick workaround for #15347. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15351)19 May 2021, 13:03:30 UTC
25fad2e Dr. David von Oheimb18 May 2021, 09:30:01 UTCapps/list: Remove obsolete -missing-help option Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)19 May 2021, 12:13:12 UTC
e34307b Dr. David von Oheimb18 May 2021, 09:23:13 UTCfind-doc-nits -c: Fix handling in case expected helpstr is not found Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)19 May 2021, 12:13:12 UTC
5bac37c Dr. David von Oheimb18 May 2021, 09:18:26 UTCunix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)19 May 2021, 12:13:12 UTC
cad4f3f Jake Cooke18 May 2021, 08:50:54 UTCAdd bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15316)19 May 2021, 12:12:19 UTC
bf991b2 Richard Levitte17 May 2021, 20:58:27 UTCMake sure to include "crypto/ctype.h" to get ossl_isdigit() Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)19 May 2021, 10:41:34 UTC
d2f5321 Richard Levitte17 May 2021, 19:38:51 UTCMake sure to include "internal/numbers.h" to get SIZE_MAX Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)19 May 2021, 10:41:34 UTC
857cbe1 Richard Levitte17 May 2021, 18:20:35 UTCFix crypto/bio/b_sock.c for VMS Current VMS C-RTL does not have <sys/select.h>. <sys/socket.h> is a good enough replacement to get fd_set. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)19 May 2021, 10:41:34 UTC
fea5590 Richard Levitte17 May 2021, 13:16:58 UTCFix include/internal/sockets.h for VMS It needs to include <openssl/opensslconf.h> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)19 May 2021, 10:41:34 UTC
ac2aa13 Richard Levitte17 May 2021, 13:15:44 UTCFix include/openssl/e_os2.h for VMS It would try to define OPENSSL_SYS_VMS if that macro is defined. That's just not right. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)19 May 2021, 10:41:34 UTC
bba402e Richard Levitte18 May 2021, 12:12:51 UTCTweak apps/build.info for VMS A bit of quoting is all that's needed, and it doesn't hurt other platforms. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:34 UTC
31be74d Richard Levitte17 May 2021, 21:40:32 UTCVMS need to build DSO with name shortening, because of provider code We have pretty long symbol names, so they need to be shortened to fit in the linker's 31 character limit on symbols. Symbol name shortening with the VMS C compiler works in such a way that a symbol name that's longer than 31 characters is mangled into its first original 22 characters, followed by a dollar sign and the 32-bit CRC of the original symbol name in hexadecimal. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:34 UTC
8ba3a15 Richard Levitte17 May 2021, 19:40:24 UTCConfigurations/descrip.mms.tmpl: Add another inclusion hack crypto/ec/curve448/ has a series of inclusions that throws VMS C off, so we compensate for it the same way as we have done before. Fixes #14247 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:34 UTC
0cbb6f6 Richard Levitte17 May 2021, 14:56:28 UTCConfigurations/descrip.mms.tmpl: Change strategy for include directories Instead of what we used to do, put all include directories in a number of DCL variables and generate the /INCLUDE qualifier value on the command line, we instead generate VMS C specific header files with include directory pragmas, to be used with the VMS C's /FIRST_INCLUDE qualifier. This also shortens the command line, the size of which is limited. VMS C needs to have those include directories specified in a Unix form, to be able to safely merge #include paths with them when searching through them. Fixes #14247 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:34 UTC
cfc73c2 Richard Levitte17 May 2021, 16:21:45 UTCThrown away all special descrip.mms variables Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:34 UTC
0c1428f Richard Levitte17 May 2021, 15:20:58 UTCFix configdata.pm.in's "use lib" for VMS `use lib` needs Unix formatted paths. For VMS, it means that we must make sure to convert paths, and we may as well generalise it. In this case, we need to adapt the functions sourcedir() and sourcefile() Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:34 UTC
a1181fb Richard Levitte17 May 2021, 13:13:41 UTCFix The VMS variant of platform->staticname() It was looking in the wrong place in %unified_info to determine if the library would be installed or not. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:17 UTC
a2625c0 Richard Levitte17 May 2021, 13:04:42 UTCFix OpenSSL::fallback for VMS VMS unpackers will typically convert any period ('.') in directory names to underscores, since the period is a path separator on VMS, just like '/' is a path separator on Unix. Our fallback mechanism needs to account for that. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:17 UTC
2211905 Richard Levitte17 May 2021, 12:53:48 UTCConfigurations/descrip.mms.tmpl: Diverse updates Get it back in sync with the other templates, and correct a few syntax errors that have crept in. Fixes #14247 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:17 UTC
58ad786 Richard Levitte17 May 2021, 12:44:01 UTCTurn off VMS C's info about unsupported pragmas VMS C can be notoriously informative about certain things, such as unsupported pragmas. The case here is that it doesn't support "#pragma once", and since we use those quite a lot, that's a lot of repeated information. We simply turn that warning off. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)19 May 2021, 10:31:16 UTC
2660b7c Richard Levitte17 May 2021, 12:33:16 UTCRework how a build file (Makefile, ...) is produced The memory footprint of how we produced the Makefile was quite... important, because we have all the processing in one perl snippet, and generate the details of the build file by appending to the "magic" variable $OUT. The result is that this variable gets to hold the majority of the build file text, and depending on memory reallocation strategies for strings, the heap may hold multiple (possibly not just a few) copies of this string, almost all of them "freed" but still taking up space. This has resulted in memory exhaustion. We therefore change strategy, and generate the build file in two phases, where the first phase generates the full template using small perl snippets for each detail, and the second phase processes this template. This is much kinder to process memory. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15310)19 May 2021, 08:13:02 UTC
da51dc5 Richard Levitte17 May 2021, 12:25:12 UTCMove some OpenSSL perl utility functions to OpenSSL::Util quotify1() and quotify_l() were in OpenSSL::Template, but should be more widely usable. configdata.pm.in's out_item() is also more widely useful and is therefore moved to OpenSSL::Util as well, and renamed to dump_data(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15310)19 May 2021, 08:13:02 UTC
8a734d3 Dr. David von Oheimb03 May 2021, 19:58:02 UTCCMS_get0_SignerInfos(): Prevent spurious error on cms_get0_signed() failure Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)19 May 2021, 07:23:41 UTC
1b96cc7 Dr. David von Oheimb28 September 2020, 06:29:59 UTCapps/cms.c: Simplify make_receipt_request() and load_content_info(() Also improve adherence to code formatting rules. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)19 May 2021, 07:23:30 UTC
6b83d03 Dr. David von Oheimb23 September 2020, 08:19:50 UTCapps/cms.c: Make -sign and -verify handle binary input Fixes #8940 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)19 May 2021, 07:23:30 UTC
7c701c5 Dr. David von Oheimb23 September 2020, 08:17:58 UTCMake SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)19 May 2021, 07:23:30 UTC
1842387 Dr. David von Oheimb23 September 2020, 08:11:53 UTCbio_lib: Add BIO_get_line, correct doc of BIO_gets Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)19 May 2021, 07:23:30 UTC
c4fca3f Pauli19 May 2021, 03:15:14 UTCfips: remove unnecessary commas to get CI working Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15337)19 May 2021, 03:15:14 UTC
753f1f2 Tomas Mraz17 May 2021, 17:00:13 UTCAvoid failing label removal if label is not there Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15309)19 May 2021, 03:08:27 UTC
a51ccd5 Tomas Mraz17 May 2021, 10:20:54 UTCSeparate FIPS checksum and labelling into different workflows Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15309)19 May 2021, 03:08:27 UTC
47c88d4 Rich Salz17 May 2021, 16:03:19 UTCRemove "openssl ifdef" handling Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15311)19 May 2021, 00:36:01 UTC
e53ad1d Rich Salz17 May 2021, 15:46:58 UTCRemove '=for openssl ifdef' No longer needed after rewrite of cmd-nits Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15311)19 May 2021, 00:34:43 UTC
40692ed Matt Caswell15 May 2021, 09:27:09 UTCBetter error messages if there are no encoders/decoders/store loaders If you don't have the base or default providers loaded and therefore there are no encoders/decoders or store loaders then the error messages can be cryptic. We provide better hints about how to fix the problem. Fixes #13798 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15306)18 May 2021, 14:30:25 UTC
9be5f9a Dr. David von Oheimb17 May 2021, 11:24:20 UTCMove ossl_sleep() to e_os.h and use it in apps Fixes #15304 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15308)18 May 2021, 12:49:33 UTC
78c44e4 Dr. David von Oheimb17 May 2021, 09:38:01 UTCDOC: Fix nits found by improved find-doc-nits -c Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)18 May 2021, 11:02:41 UTC
4a14ae9 Dr. David von Oheimb17 May 2021, 06:48:55 UTCci.yml: Add cmd-nits to the doc-nits CI run Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)18 May 2021, 11:02:23 UTC
8a28134 Dr. David von Oheimb17 May 2021, 06:31:50 UTCopenssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)18 May 2021, 11:02:23 UTC
f2431fe Dr. David von Oheimb16 May 2021, 17:03:50 UTCfind-doc-nits: Make -c option (cmd-nits) independent of app build and execution Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)18 May 2021, 11:02:23 UTC
80a4ac5 Dr. David von Oheimb12 May 2021, 12:15:31 UTCapps/s_server: Add -proxy and -no_proxy options Strongly related to feature request #6965 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)18 May 2021, 09:08:10 UTC
88d9698 Dr. David von Oheimb12 May 2021, 11:58:52 UTCapps/ocsp: Add -proxy and -no_proxy options Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)18 May 2021, 09:08:10 UTC
7d72dc7 Rich Salz12 May 2021, 15:45:37 UTCAdd -quiet flag to genpkey Picking up late suggestions to PR #6909 by Philip Prindeville <philipp@redfish-solutions.com>. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15249)18 May 2021, 07:20:26 UTC
a94d62a Pauli17 May 2021, 08:16:28 UTCapps: use else if when checking for headers in the http server code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)18 May 2021, 03:24:41 UTC
4547a71 Pauli17 May 2021, 02:18:53 UTCseal: make EVP_SealInit() library context aware Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)18 May 2021, 03:24:41 UTC
678d0db Pauli16 May 2021, 23:45:33 UTChmac: fix coverity 1484888 negative integer to size_t conversion More theoretical than real but easy and cheap to check for. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)18 May 2021, 03:24:41 UTC
84c5ad2 Pauli16 May 2021, 23:42:42 UTCkeymgmt: fix coverity 1484886 unchecked return value Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)18 May 2021, 03:24:41 UTC
3c18459 Pauli16 May 2021, 23:38:29 UTCevp: fix coverity 1484885 negative integer to size_t conversion Theoretically, the IV length can come back negative which would explode. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)18 May 2021, 03:24:41 UTC
634da87 Pauli16 May 2021, 23:33:10 UTCprovider: fix coverity 1484884: uninitialised lock use This actually fixes a more subtle problem that wasn't detected which could cause memory leaks. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)18 May 2021, 03:24:41 UTC
cef71eb Pauli16 May 2021, 23:26:48 UTCapps: clean up the http server code Clean up some of the null checking in the http server code. This also "fixes" the false positive from coverity CID 1484883. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)18 May 2021, 03:24:41 UTC
c9cddf0 Pauli17 May 2021, 00:08:13 UTCtest: conditionally exclude unused code for no-tls1.2 build Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15301)18 May 2021, 02:12:26 UTC
a227ff3 Matt Caswell14 May 2021, 14:33:40 UTCFix a use-after-free in the child provider code If the child provider context data gets cleaned up before all usage of providers has finished then a use-after-free can occur. We change the priority of this data so that it gets freed later. Fixes #15284 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15286)17 May 2021, 09:36:03 UTC
55373bf Rich Salz06 May 2021, 16:56:35 UTCAdd SSL_OP_ALLOW_CLIENT_RENEGOTIATION Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)17 May 2021, 08:53:30 UTC
d7970dd Petr Gotthard15 May 2021, 21:29:34 UTCFix pointer passed to provider_unquery_operation Walking through the `map` modifies the pointer passed to the `unquery` operation. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15295)17 May 2021, 00:22:27 UTC
f5680cd Matt Caswell14 May 2021, 13:00:22 UTCAdd a CHANGES entry for fully pluggable groups Fixes #12283 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15282)16 May 2021, 23:54:30 UTC
f2ceefc Shane Lontis13 May 2021, 03:02:38 UTCAdd doc for ERR_clear_last_mark(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15258)16 May 2021, 23:32:58 UTC
00b8706 Shane Lontis13 May 2021, 08:03:42 UTCFix OSSL_DECODER_new_for_pkey() selection parameter documentation Fixes #14518 EVP_PKEY_fromdata() already defines this value so we link to this documentation, 0 is also added as a possible input value. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15260)16 May 2021, 23:29:29 UTC
a1f6387 Shane Lontis13 May 2021, 08:49:52 UTCFix compiler error when using config option 'enable-acvp-tests' Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15264)16 May 2021, 23:24:36 UTC
b422ba3 Richard Levitte14 May 2021, 10:26:21 UTCAdapt 80-test_cmp_http.t and its data for random accept ports Fixes #14694 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15281)16 May 2021, 10:07:14 UTC
a12da5d Richard Levitte14 May 2021, 10:25:11 UTCAPPS: Make the cmp Mock server output the accept address and port Fixes #14694 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15281)16 May 2021, 10:07:14 UTC
e2daf6f Pauli16 May 2021, 00:23:54 UTCci: remove the checksum CI script This script introduces a security vulnerability where the OpenSSL github repository can be modified which opens a window for an attacker. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reported-by: Nikita Stupin16 May 2021, 00:23:54 UTC
6dc56df Benjamin Kaduk17 March 2021, 05:03:36 UTCAdd extensive test coverage for SSL_get_negotiated_group() This is nearly comprehensive, but we cannot exercise the functionality for PSK-only TLS 1.3 resumption, since openssl talking to openssl will always negotiate psk_dhe_ke. Exercise both the TLS 1.3 and 1.2 cases, for initial handshakes and resumptions, and for ECDHE and FFDHE. Since RFC 7919 named groups (for FFDHE) are only supported for TLS 1.3, the TLS 1.2 versions of those scenarios expect to get NID_undef since the key exchange was not performed using a named group. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)15 May 2021, 22:09:07 UTC
f89d3d6 Benjamin Kaduk17 March 2021, 03:13:47 UTCmove group lists out of test_key_exchange() in preparation for reuse Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)15 May 2021, 22:09:07 UTC
75d4852 Benjamin Kaduk16 March 2021, 23:10:04 UTCExtend SSL_get_negotiated_group() tests for TLS 1.2 We don't implement RFC 7919 named groups for TLS 1.2, so we can only test the ECDHE case for non-TLS-1.3. Interestingly, though the test_key_exchange() routine claimed to be exercising ffdhe2048 with TLS 1.2, the configured ciphers were incompatible with DHE key exchange, so we ended up just using RSA key transport and not doing an ephemeral key exchange at all. Reconfigure the tests to actually exercise ephemeral key exchange for both the EC and FF cases (even though we don't use the named group information for the finite-field case). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)15 May 2021, 22:09:07 UTC
c22ad9b Benjamin Kaduk16 March 2021, 20:42:00 UTCRegenerate testsid.pem Convert this file to the new format, that includes the kex_group integer value. This is needed in order for the round-trip conversion test to return the same value as the initial input. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)15 May 2021, 22:09:07 UTC
aa6bd21 Benjamin Kaduk16 March 2021, 14:47:09 UTCPromote SSL_get_negotiated_group() for non-TLSv1.3 It can be useful to know what group was used for the handshake's key exchange process even on non-TLS 1.3 connections. Allow this API, new in OpenSSL 3.0.0, to be used on other TLS versions as well. Since pre-TLS-1.3 key exchange occurs only on full handshakes, this necessitates adding a field to the SSL_SESSION object to carry the group information across resumptions. The key exchange group in the SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake uses the "psk_ke" key-exchange mode, so also track whether a fresh key exchange was done for TLS 1.3. Since the new field is optional in the ASN.1 sense, there is no need to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility churn). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)15 May 2021, 22:09:07 UTC
a8457b4 Richard Levitte14 May 2021, 05:23:51 UTCASN1: Fix i2d_provided() return value i2d_provided() - which is the internal provider data function for i2d_KeyParams(), i2d_PrivateKey(), i2d_PublicKey() - didn't treat the returned length from OSSL_ENCODER_to_data() quite as well as it should have. A simple added flag that records the state of |*pp| before calling OSSL_ENCODER_to_data() fixes the problem. Fixes #14655 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15277)15 May 2021, 20:16:31 UTC
5228271 Matt Caswell13 May 2021, 14:52:19 UTCLoad the default provider into the p_test provider later Loading it earlier causes some of the later testing to pass when it should fail and masked a bug. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15270)15 May 2021, 09:33:52 UTC
36a89c0 Matt Caswell13 May 2021, 14:35:42 UTCInit the child providers immediately on creation of the child libctx We were deferring the initial creation of the child providers until the first fetch. This is a carry over from an earlier iteration of the child lib ctx development and is no longer necessary. In fact we need to init the child providers immediately otherwise not all providers quite init correctly. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15270)15 May 2021, 09:33:42 UTC
back to top