summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright yearMatt Caswell2020-06-0453-53/+53
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12043)
* ossl_shim: const cast the param arguments to avoid errorsPauli2020-06-031-2/+4
| | | | | | | [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12022)
* Fix a buffer overflow in drbg_ctr_generateBernd Edlinger2020-06-031-3/+5
| | | | | | | | | | | | | | This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12016)
* Update manpage to fix examples, other minor tweaksRich Salz2020-06-034-21/+19
| | | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11347)
* Cleanup cert config files for testsRich Salz2020-06-0315-345/+198
| | | | | | | | | | Merge test/P[12]ss.cnf into one config file Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf Remove Netscape cert extensions, add keyUsage comment from some cnf files Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11347)
* ossl_shim: include core_names.h to resolve undeclared symbolsPauli2020-06-031-0/+1
| | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/12018)
* TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()Richard Levitte2020-06-021-0/+35
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11855)
* PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERsRichard Levitte2020-06-021-35/+82
| | | | | | | | | | | PEM_write_bio_PKCS8PrivateKey(), i2d_PKCS8PrivateKey_bio(), PEM_write_PKCS8PrivateKey(), and i2d_PKCS8PrivateKey_fp() are affected by this. Fixes #11845 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11855)
* fix a docs typoJack O'Connor2020-06-021-1/+1
| | | | | | | | | | Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11988)
* Prevent extended tests run unexpectedly in appveyorBernd Edlinger2020-06-021-1/+2
| | | | | | | | | | | Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11981)
* Move EC_METHOD to internal-onlyBilly Brumley2020-06-0218-163/+177
| | | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11928)
* APPS: Remove make_config_name, use CONF_get1_default_config_file insteadRichard Levitte2020-06-024-36/+26
| | | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11983)
* Remove getenv(OPENSSL_FIPS) in openssl commandBernd Edlinger2020-06-011-5/+0
| | | | | | | This is left over from the past. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11995)
* Revert the check for NaN in %f formatBernd Edlinger2020-06-012-36/+1
| | | | | | | | | Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12003)
* undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locationsTim Hudson2020-06-019-29/+11
| | | | | | | | The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12001)
* Make BIO_do_connect() and friends handle multiple IP addressesDr. David von Oheimb2020-06-011-1/+10
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11971)
* add FFDH to speed commandHubert Kario2020-06-011-5/+320
| | | | | | | | | | | | | | | the openssl speed command could not benchmark FFDH speed, but it could benchmark ECDH, making comparisons between the two hard this commit adds this feature fixes #9475 Signed-off-by: Hubert Kario <hubert@kario.pl> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10887)
* bio printf: Avoid using rounding errors in range checkBernd Edlinger2020-05-292-1/+41
| | | | | | | | | | | | | | | | | | There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11955)
* DOCS: add openssl-core_names.h(7)Richard Levitte2020-05-291-0/+49
| | | | | | | | | | | | A CAVEATS section is present in this manual. That section name is borrowed from OpenBSD, where mdoc(7) explains it like this: CAVEATS Common misuses and misunderstandings should be explained in this section. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11963)
* DOCS: add openssl-core_numbers.h(7)Richard Levitte2020-05-292-1/+56
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11963)
* EVP_EncryptInit.pod: fix examplePatrick Steuer2020-05-281-1/+1
| | | | | | | | Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11976)
* RSA: Do not set NULL OAEP labelsBenjamin Kaduk2020-05-281-1/+2
| | | | | | | | | | | | | | | | | | | | | As of the previous commit, when a zero-length (string) parameter is present in the parameters passed to a provider for a given operation, we will produce an object corresponding to that zero-length parameter, indicating to the underlying cryptographic operation that the parameter was passed. However, rsa_cms_decrypt() was relying on the previous behavior, and unconditionally tried to call EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label was used (and thus the relevant local variable was still NULL). In the new setup that distinguishes present-but-empty and absent more clearly, it is an error to attempt to set a NULL parameter, even if it is zero-length. Exercise more caution when setting parameters, and do not call EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a label provided. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11920)
* params: do not ignore zero-length stringsBenjamin Kaduk2020-05-281-4/+3
| | | | | | | | | | | | | | | Prior to this commit, if a string (or octet string) parameter was present but indicated it was zero-length, we would return success but with a NULL output value. This can be problematic in cases where there is a protocol-level distinction between parameter-absent and parameter-present-but-zero-length, which is uncommon but can happen. Since OPENSSL_malloc() returns NULL for zero-length allocation requests, make a dummy allocation for this case, to give a signal that the string parameter does exist but has zero length. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11920)
* test HKDF with empty IKMBenjamin Kaduk2020-05-281-0/+42
| | | | | | | | | Add an extra EVP test that provides empty input key material. It currently fails, since we lose the information about "key present but zero length" as we deserialize parameters in the provider. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11920)
* Add a test for fetching EVP_PKEY style algs without a providerMatt Caswell2020-05-281-0/+42
| | | | | | | | | Following on from the previous commit, add a test to check that we fail to create an EVP_PKEY_CTX if an algorithm is not available in any provider, *unless* it is an algorithm that has no provider support. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11826)
* Fail if we fail to fetch the EVP_KEYMGMTMatt Caswell2020-05-282-4/+49
| | | | | | | | | | | | | | | | | | | | If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy. This is because some algorithms (such as MACs and KDFs used via an old style EVP_PKEY) have not been transferred to providers. Unfortunately this means that you cannot stop some algorithms from being used by not loading the provider. For example if you wanted to prevent RSA from being used, you might expect to just not load any providers that make it available. Unfortunately that doesn't work because we simply fall back to legacy if we fail to fetch the EVP_KEYMGMT. Instead we should fail *unless* the key type is one of those legacy key types that we have not transferred. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11826)
* Update gost-engine commit to match the API changesDmitry Belyavskiy2020-05-281-0/+0
| | | | | | | [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11970)
* util/mkpod2html.pl: Fix unbalanced quotesRichard Levitte2020-05-281-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11969)
* Fix errtest for older compilersShane Lontis2020-05-281-2/+6
| | | | | | | | | Some older compilers use "unknown function" if they dont support __func, so the test using ERR_PUT_error needed to compensate for this when comparing against the expected value. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11967)
* ossl_shim: use the correct ticket key call back.Pauli2020-05-283-17/+12
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11966)
* fips: add AES OFB mode ciphers to FIPS provider.Pauli2020-05-272-24/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11908)
* fips: add AES CFB mode ciphers to FIPS provider.Pauli2020-05-272-24/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11908)
* Avoid undefined behavior with unaligned accessesBernd Edlinger2020-05-2712-72/+147
| | | | | | | | | Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/6074)
* Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to ↵Dr. David von Oheimb2020-05-2712-22/+55
| | | | | | | EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11953)
* crypto/cms: add CAdES-BES signed attributes validationFdaSilvaYY2020-05-2719-150/+462
| | | | | | | | | | | | | | | | for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8098)
* PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEPRichard Levitte2020-05-273-12/+14
| | | | | | | Fixes #11904 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11959)
* doc: fix trace category namesDr. Matthias St. Pierre2020-05-272-4/+4
| | | | | | | | The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged into a single `CONF` category (see bc362b9b7202 and 71849dff56d6). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11806)
* Clean up some doc nitsRich Salz2020-05-272-8/+5
| | | | | | | | | Mostly "No items in =over/=back list" Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11902)
* Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and ↵Dr. David von Oheimb2020-05-265-22/+35
| | | | | | | | | document it Fixes #11870 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11894)
* Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()Dr. David von Oheimb2020-05-2612-20/+20
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11894)
* PROV: Fix RSA-OAEP memory leakRichard Levitte2020-05-261-0/+1
| | | | | | | The OAEP label wasn't freed when the operation context was freed. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11927)
* Update core_names.h fields and document most fields.Shane Lontis2020-05-2641-472/+1375
| | | | | | | | | | | | | | | Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
* Fix ERR_print_errors so that it matches the documented format in ↵Shane Lontis2020-05-267-37/+271
| | | | | | | | | | | | | | | | | | | doc/man3/ERR_error_string.pod Fixes #11743 The ouput format had 2 issues that caused it not to match the expected documented format: (1) At some point the thread id printing was changed to use the OPENSSL_hex2str method which puts ':' between hex bytes. An internal function that skips the seperator has been added. (2) The error code no longer exists. So this was completely removed from the string. It is now replaced by :: As an example: 00:77:6E:52:14:7F:00:00:error:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Is now: 00776E52147F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135: Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11789)
* ossl_shim: add deprecation guards around the -use-ticket-callback option.Pauli2020-05-263-0/+15
| | | | | | | | | | | The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated build. [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11944)
* Coverity 1463830: Resource leaks (RESOURCE_LEAK)Pauli2020-05-251-0/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11941)
* Update the gost-engine submoduleDmitry Belyavskiy2020-05-251-0/+0
| | | | | | | | Fixes #11949 [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11951)
* Fix omissions in providers/common/der/build.infoRichard Levitte2020-05-251-27/+55
| | | | | | | | | | | | | Dependencies on generated files must be declared explicitly. When refactoring the DER code in providers/common/der, a few of those dependency declaration were omitted, which may lead to build errors in a parallel build. Some cleanup and extensive used of build.info variables is done while at it, to avoid unnecessary repetition. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11906)
* Drop special case of time interval calculation for VMSTomas Mraz2020-05-251-34/+0
| | | | | | | | | | | The existing special case code is broken and it is not needed anymore as times() and _SC_CLK_TCK should be supported on the supported VMS versions. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11905)
* Revert "Guard use of struct tms with #ifdef __TMS"Tomas Mraz2020-05-251-16/+3
| | | | | | | | | | | | | | | The __TMS might be necessary on VMS however there is no such define on glibc even though the times() function is fully supported. Fixes #11903 This reverts commit db71d315479762eefbf2bcda8be3b44b1867133f. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11905)
* Fix auto-gen names in .gitignoreRich Salz2020-05-251-4/+4
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11916)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 06:20:02 +0100