aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* rand: allow seed-src to be missingPauli2020-12-091-1/+4
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13640)
* rand: don't leak memoryPauli2020-12-091-1/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13640)
* rand seed: include lock and unlock functions.Pauli2020-12-091-0/+13
| | | | | | | | This satisfies EVP's RAND layer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13640)
* Fix error clash in buildPauli2020-12-092-2/+2
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13640)
* rand: add a provider side seed source.Pauli2020-12-0910-3/+348
| | | | | | | | | This allows the operating system sources that OpenSSL supports to be used directly as RNGs. It also allows DRBG seeding to be explicitly specified rather than being left to a fall back case. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13455)
* TLS: Use EVP_PKEY_get_group_name() to get the group nameRichard Levitte2020-12-083-18/+18
| | | | | | | | | | For the moment, we translate the result to a NID, because that's still used in several locations in libssl. Future development should change all the internals to be name based instead. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13436)
* EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkeyRichard Levitte2020-12-089-69/+107
| | | | | | | | This replaces the internal evp_pkey_get_EC_KEY_curve_nid() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13436)
* EVP: constify the EVP_PKEY_get_*_param() argument |pkey|Richard Levitte2020-12-084-21/+29
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13436)
* Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmapDavid Carlier2020-12-081-1/+4
| | | | | | | | | call level. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13394)
* CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc ↵David Carlier2020-12-081-0/+3
| | | | | | | | | dont-dump-region. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13394)
* STORE: clear err after ossl_store_get0_loader_intDaniel Bevenius2020-12-082-1/+42
| | | | | | | | | | | | | | | This commit clears the error that might have been set when ossl_store_get0_loader_int has been called as it will try to retrieve a loader for the scheme on an empty store, which will cause the error OSSL_STORE_R_UNREGISTERED_SCHEME to be set. The motivation for this after returning from ossl_store_get0_loader_int, OSSL_STORE_attach will continue and try to fetch a OSSL_STORE_LOADER from the provider. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12901)
* Fix no-errMatt Caswell2020-12-081-53/+58
| | | | | | | | | | | | The ERR_load_*_strings() functions were not being defined in a no-err build. This is an API break since in 1.1.1 they were still present in a no-err build, but were no-ops. This was also causing a failure in test_symbol_presence. We revert to the way things were done in 1.1.1, i.e. in a no-err build the functions are still present but are no-ops. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13598)
* Fix a compilation failure with no-tls_1_2Matt Caswell2020-12-081-1/+1
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13596)
* Fix a test failure with no-tls1_3Matt Caswell2020-12-081-3/+19
| | | | | | | | | If we're using TLSv1.2 then the test_sigalgs_available test needs to be careful which ciphersuite is selected in order for the test to behave correctly. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13596)
* providers/common/der/build.info: Improve checks of disabled algosRichard Levitte2020-12-081-47/+58
| | | | | | | | This protects us from unwanted GENERATE statements in particular. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13626)
* Update CHANGES and NEWS for new releaseMatt Caswell2020-12-082-2/+16
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add a test for encoding/decoding using an invalid ASN.1 TemplateMatt Caswell2020-12-082-0/+69
| | | | | | | If you have a CHOICE type that it must use explicit tagging - otherwise the template is invalid. We add tests for this. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
* Add a test for GENERAL_NAME_cmpMatt Caswell2020-12-081-0/+344
| | | | | | Based on a boringssl test contributed by David Benjamin Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
* Complain if we are attempting to encode with an invalid ASN.1 templateMatt Caswell2020-12-081-0/+16
| | | | | | | | | | It never makes sense for multi-string or CHOICE types to have implicit tagging. If we have a template that uses the in this way then we should immediately fail. Thanks to David Benjamin from Google for reporting this issue. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
* Check that multi-strings/CHOICE types don't use implicit taggingMatt Caswell2020-12-084-0/+22
| | | | | | | | | | It never makes sense for multi-string or CHOICE types to use implicit tagging since the content would be ambiguous. It is an error in the template if this ever happens. If we detect it we should stop parsing. Thanks to David Benjamin from Google for reporting this issue. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
* Correctly compare EdiPartyName in GENERAL_NAME_cmp()Matt Caswell2020-12-081-3/+42
| | | | | | | | | | | | If a GENERAL_NAME field contained EdiPartyName data then it was incorrectly being handled as type "other". This could lead to a segmentation fault. Many thanks to David Benjamin from Google for reporting this issue. CVE-2020-1971 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
* DirectoryString is a CHOICE type and therefore uses explicit taggingMatt Caswell2020-12-081-2/+3
| | | | | | | | | | | | | | | EDIPartyName has 2 fields that use a DirectoryString. However they were marked as implicit tagging - which is not correct for a CHOICE type. Additionally the partyName field was marked as Optional when, according to RFC5280 it is not. Many thanks to github user @filipnavara for reporting this issue. Also to David Benjamin from Google who independently identified and reported it. Fixes #6859 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
* Deprecate EC_POINT_bn2point and EC_POINT_point2bn.Shane Lontis2020-12-0710-118/+168
| | | | | | | | | | | | | Fixes #10366 The one place that actually used was in the legacy printing of ecparams. This has been replaced by the pointtobuf variant. The ecparam app was using one of these functions - this line has just been removed as another PR will remove all the code generated lines.. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13294)
* Change OPENSSL_hexstr2buf_ex() & OPENSSL_buf2hexstr_ex() to pass the separatorShane Lontis2020-12-075-11/+18
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13294)
* openssl.pod: Carve out Trusted Certificate, Pass Phrase, Name Format, and ↵Ankita Shetty2020-12-0539-428/+531
| | | | | | | | | | Format Options Move detailed doc to specific new files in doc/man1/openssl-*-options.pod Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13315)
* openssl.pod: Move verification doc to new ↵David von Oheimb2020-12-055-355/+404
| | | | | | | doc/man1/openssl-verification-options.pod Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13315)
* find-doc-nits: fix regexp and point out that CA.pl and tsget.pod are specialDr. David von Oheimb2020-12-051-1/+2
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13315)
* PEM: Add a more generic way to implement PEM _ex functions for libctxRichard Levitte2020-12-056-54/+191
| | | | | | | | | | | | This also adds the following functions, for completeness: PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_ex(), PEM_write_PUBKEY_ex, PEM_write_bio_PUBKEY_ex Fixes #13542 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13547)
* EVP: Adjust EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()Richard Levitte2020-12-051-13/+15
| | | | | | | | | | These functions are documented to return 0 if the size they are supposed to return 0 if the size isn't available. They needed a bit of adjustment to actually do so, since the backend functions they call might return negative numbers in that case. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13611)
* DSA: Make DSA_bits() and DSA_size() check that there are key parametersRichard Levitte2020-12-053-14/+21
| | | | | | | | | | | | | | | | Without these check, a DSA structure without key parameters will cause these functions to crash. This is also the case in pre-3.0 OpenSSL, but since we now extract these data early, to cache them in the EVP_PKEY structure, the same crash happens earlier and much more internally. The added checks are of the same kind as DSA_security_bits() already does. Fixes #13610 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13611)
* Switch deprecation method for X.509Richard Levitte2020-12-041-11/+16
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for WhirlpoolRichard Levitte2020-12-041-9/+10
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for OSSL_STORERichard Levitte2020-12-041-50/+54
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for SSLRichard Levitte2020-12-041-25/+41
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for SRPRichard Levitte2020-12-041-1/+4
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for SHARichard Levitte2020-12-041-33/+40
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for SEEDRichard Levitte2020-12-041-29/+32
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for RIPEMDRichard Levitte2020-12-041-9/+10
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for RC5Richard Levitte2020-12-041-21/+24
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for RC4Richard Levitte2020-12-041-6/+8
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for RC2Richard Levitte2020-12-041-19/+23
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for RANDRichard Levitte2020-12-041-4/+7
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for PKCS#12Richard Levitte2020-12-041-2/+4
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for MDC2Richard Levitte2020-12-041-7/+8
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for MD5Richard Levitte2020-12-041-7/+8
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for MD4Richard Levitte2020-12-041-7/+8
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for MD2Richard Levitte2020-12-041-8/+9
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for IDEARichard Levitte2020-12-041-22/+25
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for HMACRichard Levitte2020-12-041-23/+26
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
* Switch deprecation method for EVPRichard Levitte2020-12-041-226/+218
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13460)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 05:39:42 +0000