summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* fuzz/asn1parse.c: Clean up non-portable code and catch malloc failureDr. David von Oheimb2021-06-151-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15722)
* BIO: prevent crash on NULL BIO for prefix_ctrl() and thus for ↵Dr. David von Oheimb2021-06-151-2/+2
| | | | | | | BIO_set_prefix(), BIO_set_indent(), etc. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15722)
* ASN1: rename asn1_par.c to asn1_parse.c for clarity; simplify asn1_parse2()Dr. David von Oheimb2021-06-152-11/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15722)
* Use getauxval on Android with API level > 18Lars Immisch2021-06-151-0/+9
| | | | | | | | | | | | We received analytics that devices of the device family Oppo A37x are crashing with SIGILL when trying to load libcrypto.so. These crashes were fixed by using the system-supplied getauxval function. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11257)
* Remove "-immedate_renegotiation" optionRich Salz2021-06-155-21/+3
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15415)
* Move AllowClientRenegotiation testsRich Salz2021-06-156-19/+101
| | | | | | | | | Move them from test_renegotiation to renegotiation in ssl_new Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15415)
* remove end of line whitespacePauli2021-06-151-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
* cms: free PKEY_CTXPauli2021-06-151-4/+5
| | | | | | | | Preventing a memory leak. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15731)
* cms: fix coverity 1485981: unchecked return valuePauli2021-06-151-2/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15731)
* apps: move global libctx and property query into their own filePauli2021-06-154-42/+53
| | | | | | | The header has been split out so the functions should be as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* speed: make sure to free any allocated EVP_MAC structuresPauli2021-06-151-12/+16
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* pkcs12: use the app's libctx and property query when searching for algorithmsPauli2021-06-151-1/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* speed: use the app's libctx and property query when searching for algorithmsPauli2021-06-151-5/+10
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* list: use the app's libctx and property query when searching for algorithmsPauli2021-06-151-16/+22
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* kdf: use the app's libctx and property query when searching for algorithmsPauli2021-06-151-1/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* fipsinstall: use the app's libctx and property query when searching for ↵Pauli2021-06-151-1/+1
| | | | | | | algorithms Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* add libctx and property query to fetch functionsPauli2021-06-153-6/+20
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* test: add SPKAC command testPauli2021-06-151-0/+41
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* spkac: document -digest optionPauli2021-06-151-0/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* spkac: allow digests other than MD5 to be used for signingPauli2021-06-151-2/+12
| | | | | | | Fixes #15683 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* Add missing NULL check in OSSL_DECODER_from_bio().Shane Lontis2021-06-151-0/+5
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15733)
* Avoid excessive OSSL_DECODER_do_all_provided callsMatt Caswell2021-06-141-3/+26
| | | | | | | | | | | | OSSL_DECODER_CTX_add_extra was calling OSSL_DECODER_do_all_provided in a loop which was resulting in a large number of calls. Since OSSL_DECODER_do_all_provided is quite "heavy" this was causing performance issues. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15716)
* Add a generic SubjectPublicKeyInfo decoderMatt Caswell2021-06-1411-19/+204
| | | | | | | | | | | | | | | | Previously all the SubjectPublicKeyInfo decoders were specific to a key type. We would iterate over all them until a match was found for the correct key type. Each one would fully decode the key before then testing whether it was a match or not - throwing it away if not. This was very inefficient. Instead we introduce a generic SubjectPublicKeyInfo decoder which figures out what type of key is contained within it, before subsequently passing on the data to a key type specific SubjectPublicKeyInfo decoder. Fixes #15646 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15662)
* Fix DH/DHX named groups to not overwrite the private key length.Shane Lontis2021-06-142-7/+74
| | | | | | | | | | | | | | | | The only reason(s) the DH private key length should be set are: (1) The user sets it during key generation via EVP_PKEY_CTX_set_params using OSSL_PKEY_PARAM_DH_PRIV_LEN. (2) When loading a PKCS3 (DH) key the optional value 'privateValueLength' is set. Now that the named groups contain a value for 'q' there is no reason to automatically overwrite the private key length. Issue detected by @davidmakepeace Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15695)
* When linking to static libssl always link to static libcryptoTomas Mraz2021-06-141-2/+2
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15714)
* Do not duplicate symbols between libcrypto and libssl in static buildsTomas Mraz2021-06-141-7/+8
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15714)
* Add -latomic only for architectures where neededTomas Mraz2021-06-141-11/+10
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15640)
* Avoid duplicating prov_running.o in libdefault and libcryptoTomas Mraz2021-06-141-2/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15704)
* APPS: Remove an unreachable statement in s_client.cRichard Levitte2021-06-131-1/+0
| | | | | | | | | | | A Solaris compiler complains: "apps/s_client.c", line 2994: statement not reached It takes a bit of scrutiny to see that this is true, on all platforms. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15719)
* Add AES consttime code for no-asm configurationsBernd Edlinger2021-06-132-1/+632
| | | | | | | | | | | | | | | This adds optional constant time support for AES when building openssl for no-asm. Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME This is by default enabled. [extended tests] Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10828)
* ci: run the on pull request CIs on push to masterPauli2021-06-122-2/+2
| | | | | | | This will help catch problems caused by merging. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15711)
* d2i_X509: revert calling X509v3_cache_extensions()Dr. David von Oheimb2021-06-121-24/+1
| | | | | | | Fixes #13754 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15705)
* Windows GitHub CI: Introduce --strict-warningsRichard Levitte2021-06-121-8/+9
| | | | | | | | | This involves making a more comprehensive matrix for the different architectures we build for. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15709)
* Windows Github CI: test in Windows 2016 as wellRichard Levitte2021-06-121-3/+16
| | | | | | | | | This brings an older version of MSVC, which may bring some "interesting" failures. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15709)
* Building: Add necessary dependencies for linker scripts and .rc filesRichard Levitte2021-06-111-0/+2
| | | | | | | | These files depend on the data from configdata.pm, so need a dependency on that one to always be properly updated. The same goes for .rc files. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15717)
* Configure: Allow spaces around '=' in all build.info statementsRichard Levitte2021-06-111-16/+16
| | | | | | | | | | This was allowed already for some statements, but not consistently for all. Fixes #15684 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15691)
* Rename OSSL_HTTP_set_request() to OSSL_HTTP_set1_request() for clarityDr. David von Oheimb2021-06-114-32/+32
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15697)
* HTTP client: Fix GET request handling when rctx is reused (keep-alive)Dr. David von Oheimb2021-06-112-24/+27
| | | | | | | This also updates the documentation of OSSL_HTTP_REQ_CTX_set1_req(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15697)
* Add support for ISO 8601 datetime formatWilliam Edmisten2021-06-1116-42/+191
| | | | | | | | | | | | | | Fixes #5430 Added the configuration file option "date_opt" to the openssl applications ca, crl and x509. Added ASN1_TIME_print_ex which supports the new datetime format using the flag ASN1_DTFLGS_ISO8601 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14384)
* Update krb5 module and re-enable pkinit testsRobbie Harwood2021-06-112-1/+1
| | | | | | | | | | pkinit tests were disabled in cd0aca532091de4dfadf2f12b18dd99e9cba7615 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15444)
* Do not depend on the exact exit failure value of dgst appTomas Mraz2021-06-111-15/+15
| | | | | | | | | | | On most platforms the EXIT_FAILURE is 1 but on NonStop platform the EXIT_FAILURE is -1 truncated to 255. Fixes #15633 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15694)
* Clean away remaining Travis related filesRichard Levitte2021-06-112-18/+0
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15692)
* fuzz/asn1parse: Use BIO_s_mem() as fallback outputTomas Mraz2021-06-111-0/+2
| | | | | | | /dev/null is not available everywhere. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15672)
* BIO_write_ex: No error only on 0 bytes to writeTomas Mraz2021-06-112-3/+12
| | | | | | | Fixes #15682 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15672)
* Windows CI: Enable fuzz test in plain buildTomas Mraz2021-06-111-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15672)
* apps/lib/s_socket.c: Alias getpid with _getpid for _WIN32Richard Levitte2021-06-111-0/+9
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15710)
* Fix FIPS provider value in docsTodd Short2021-06-111-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15676)
* STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functionsRichard Levitte2021-06-114-10/+10
| | | | | | | | | | The argument order was different on this one. Fixes #15688 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15689)
* Document that provider name can be a full pathTomas Mraz2021-06-112-2/+12
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15680)
* dl_name_converter: Avoid unnecessary overallocationTomas Mraz2021-06-111-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15680)
View Lorry Controller Status