summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Replace CONFIG_NOWAIT env var with -w optionRich Salz2021-08-203-8/+11
| | | | | | | | And document the -w option Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16325)
* Set KERNEL_BITS, add CONFIG_NOWAITRich Salz2021-08-191-5/+5
| | | | | | | | | | Avoid perl "undefined variable in regexp" message. Not all uses were changed because I wasn't sure. Add support for CONFIG_NOWAIT environment variable. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16325)
* Minor doc enhancements to INSTALL.mdRich Salz2021-08-191-14/+23
| | | | | | | | | | | Describe current relationship between config and Configure. Put the environment variable list in alphabetical order. Add description of KERNEL_BITS. Add new variable CONFIG_NOWAIT. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16325)
* util/add-depends.pl: Rebuild the build file after reconfigurationRichard Levitte2021-08-191-2/+5
| | | | | | | | | | Reconfiguration is assumed if any dependency (.d) file is older than configdata.pm. Fixes #16364 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16365)
* util/add-depends.pl: Only add dependencies on existing or generated headersRichard Levitte2021-08-191-36/+67
| | | | | | | | | | | | Headers that fulfill neither of those conditions are skipped. This avoids build breaks when development has removed a previously existing header. Fixes #16360 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16361)
* Fix state name abbreviationTodd Short2021-08-193-28/+28
| | | | | | | | | | | | | | The TRSCV state abbrev was used for two states: * TLS_ST_CR_CERT_VRFY * TLS_ST_SW_CERT_VRFY The second one is wrong because it's a write operation. The state for TLS_ST_SW_CERT_VRFY should be "TWSCV" Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16327)
* Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negativeRichard Levitte2021-08-181-0/+31
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16334)
* EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminatedRichard Levitte2021-08-182-12/+22
| | | | | | | | A check is added to fail this function if the string buffer isn't large enough to accomodate a terminating NUL byte. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16334)
* doc: remove errant blank line to appease doc-nitsPauli2021-08-181-1/+0
| | | | | | | Fixes #16328 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/16330)
* pkcs12: check for zero length digest to avoid division by zeroPauli2021-08-181-1/+1
| | | | | | | | Fixes #16331 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/16332)
* Fix CTS cipher decrypt so that the updated IV is returned correctly.Shane Lontis2021-08-182-3/+27
| | | | | | | Adding KRB5 test vector 'NextIV' values to evp_test data for AES CTS indicated that the CTS decrypt functions incorrectly returned the wrong IV. The returned IV should match the value returned by the encrypt methods. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16286)
* Change CTS CS3 (Kerberos) so that it accepts a 16 byte input blockShane Lontis2021-08-182-4/+33
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16286)
* Add support for camellia cbc cts modeShane Lontis2021-08-1810-10/+276
| | | | | | | Fixes #16276 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16286)
* Refactor cipher aes_cts code so that it can be used by other 128bit ciphersShane Lontis2021-08-185-109/+110
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16286)
* Correct UTF8 params documentation furtherRichard Levitte2021-08-171-3/+8
| | | | | | | | The latest change misdocumented OSSL_PARAM_get_utf8_string(), that change should have been for OSSL_PARAM_set_utf8_string(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16318)
* Test EVP Cipher updating the context's IVIngo Franzki2021-08-161-0/+108
| | | | | | | | | | | | | | | | Ensure that an EVP_CipherUpdate operation updates the context's IV for AES CBC, CFB, OFB, and CTR. An application can get the updated IV via EVP_CIPHER_CTX_iv(). The s390x implementation of the CFB and OFB ciphers in e_aes.c did not update the IV in the context, but only within its s390x specific context data. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16291)
* s390x: AES OFB/CFB: Maintain running IV from cipher contextIngo Franzki2021-08-161-0/+12
| | | | | | | | | | | | | | | | Copy the current IV from the cipher context into the kmo/kmf param before the operation, and copy the modified IV back to the context afterwards. Without this, an application that obtains the running IV from the context would still get the original IV, but not the updated one. This implementation in e_aes.c now matches the code in cipher_aes_hw_s390x.inc that is used for the provider implementation. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16291)
* Fix potential double-freeTodd Short2021-08-161-1/+1
| | | | | | | | | | | | The `sk` variable is assigned to `s->session->peer_chain`. If `ssl3_digest_cached_records()` were to fail, then `sk` would still be non-NULL, and subsequently freed on the error return. When the session is freed, it will then attempt to free `s->session->peer_chain`, resulting in a double-free (of `sk`). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16309)
* Multiple fixes for getting pub key from legacy DH PKEYTomas Mraz2021-08-162-11/+46
| | | | | | | | | | There were multiple issues with getting OSSL_PKEY_PARAM_PUB_KEY from a legacy EVP_PKEY DH and DHX keys. Fixes #16247 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16253)
* Correct documentation errors in regards to UTF8 paramsTomas Mraz2021-08-136-16/+20
| | | | | | | | | | | | | | | | | This fixes numerous bugs in documentation in regards to UTF8 params and their sizes. The returned size should always be without the terminating NUL byte. On the other hand on the requestor side the size of the buffer should include the NUL byte if it expects it being included in the returned string. Also make this clear in the EVP_PKEY_get_group_name() documentation which uses utf8 string params under the hood. Fixes #16287 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16296)
* Add documentation about the multilib postfix and libdirTomas Mraz2021-08-132-2/+16
| | | | | | | Fixes #16244 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16281)
* Allow small RSA exponents in the default providerShane Lontis2021-08-132-24/+18
| | | | | | | | Fixes #16255 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16285)
* Disclaimer about the default provider activation added to configDmitry Belyavskiy2021-08-123-0/+25
| | | | | | | | Fixes #16249 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16280)
* genpkey: -quiet doesn't take an argumentPauli2021-08-121-1/+1
| | | | | | | Fixes #16238 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16240)
* Sort SSL_OP names in documentationTodd Short2021-08-111-147/+146
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16236)
* Add missing SSL_OP flagsTodd Short2021-08-111-7/+25
| | | | | | | | Add missing SSL_OP flags. Correct the list of flags set by SSL_OP_ALL. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16236)
* EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settableTomas Mraz2021-08-111-1/+3
| | | | | | | | | | If key length is different from the existing key length and it is not a settable parameter, raise an error. Fixes #16277 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16279)
* dsatest: Properly detect failure in generate/sign/verifyTomas Mraz2021-08-111-3/+5
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16268)
* Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 genTomas Mraz2021-08-111-3/+7
| | | | | | | | Fixes #16261 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16268)
* aes_v8_xts_encrypt is present only on 64bit arm buildsTomas Mraz2021-08-111-1/+1
| | | | | | | Fixes #16273 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16275)
* Omitted signature_algorithms extension alerts updatedDmitry Belyavskiy2021-08-111-2/+2
| | | | | | | Fixes #15484 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16217)
* MacOS: Add an include of <CommonCrypto/CommonCryptoError.h>David Bohman2021-08-111-0/+1
| | | | | | | | | | | | | The include is added before <CommonCrypto/CommonRandom.h>, as required by older releases of the macOS developer tools. Fixes #16248 CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16258)
* doc: remove errant claim that these are not FIPS okayPauli2021-08-081-2/+0
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16239)
* doc: Fix ECX FIPS documentationPauli2021-08-081-4/+4
| | | | | | | | | | Both Ed448 and Ed25519 were omitted from the signature list. X448 and X25519 were flagged as not FIPS valid which wasn't correct. Fixes #16234 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16239)
* Avoid freeing the conf lhashes in X509_V3_EXT*_add_confTomas Mraz2021-08-061-0/+5
| | | | | | | Fixes #16226 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16227)
* Fix CMP app TLS connection not respecting vpm options like -crl_checkDr. David von Oheimb2021-08-061-5/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16225)
* Fix test case for a2i_IPADDRESSAmir Mohammadi2021-08-061-2/+3
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16201)
* Test case for a2i_IPADDRESSChristian Heimes2021-08-061-0/+54
| | | | | | | | | | | | | Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores trailing data. See: https://github.com/openssl/openssl/issues/12649 See: https://bugs.python.org/issue41556 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16201)
* Fix ipv4_from_asc behavior on invalid Ip addressesAmir Mohammadi2021-08-061-2/+6
| | | | | | | | | sscanf() call in ipv4_from_asc does not check that the string is terminated immediately after the last digit. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16201)
* X509_STORE_CTX_get_error: Fix some minor documentation issuesTomas Mraz2021-08-061-6/+3
| | | | | | | | Original PR by Eric Valcik (https://github.com/openssl/openssl/pull/12302) Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16219)
* Fix VS2019 compile error C4703: potentially uninitialized local pointer ↵Kelvin Lee2021-08-061-2/+2
| | | | | | | | | | | | | | variable used. encode_key2text.c(689): error C4703: potentially uninitialized local pointer variable 'modulus_label' used encode_key2text.c(691): error C4703: potentially uninitialized local pointer variable 'exponent_label' used CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12845)
* cms: Fix handling of -rctform optionTomas Mraz2021-08-051-8/+4
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16216)
* cms: Do not try to check binary format on stdinTomas Mraz2021-08-051-0/+2
| | | | | | | | Fixes #16195 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16216)
* req: Avoid segfault when -modulus is usedTomas Mraz2021-08-052-3/+8
| | | | | | | | Fixes #16196 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16215)
* [doc/man3] documentation: BN_cmp manpage updatesBilly Brumley2021-08-051-18/+23
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16214)
* test: add -macopt hexkey: to dgst command testsPauli2021-08-051-1/+16
| | | | | | | | Comparison checksum generated using 1.1.1f. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16212)
* ctrls: add missing control string translation for key -> priv for HMACPauli2021-08-051-1/+1
| | | | | | | | Fixes #16200 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16212)
* evp_test: add TLS 1.3 KDF test suitePauli2021-08-051-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
* test: add test cases for TLS 1.3 KDFPauli2021-08-051-0/+4937
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
* update doc/build.infoPauli2021-08-051-0/+6
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
View Lorry Controller Status