aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Make `openssl check -rsa ...` to work for both RSA and RSA-PSS.Daniel Fiala2022-03-222-2/+12
| | | | | | | | | | Fixes openssl#17167 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17920) (cherry picked from commit 5d1f357a01f668f708c1abd7567175b4a0f18a38)
* Fix incorrect comments in aes-gcm-armv8-unroll8_64.plXiaokangQian2022-03-221-38/+38
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17918)
* Add EVP RSA key encode/decode demoHugo Landau2022-03-213-0/+225
| | | | | | | | Fixes #14116. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17826)
* Fix coverity 1498607: uninitialised valuePauli2022-03-211-0/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17897)
* OSSL_CMP_CTX_new.pod: make references to private key consistent with ↵Dr. David von Oheimb2022-03-182-5/+6
| | | | | | | | | OSSL_CMP_MSG_get0_header.pod Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17887)
* OSSL_CMP_MSG_get0_header.pod: re-phrase two lenthy otherwise clauses as listsDr. David von Oheimb2022-03-181-13/+28
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17887)
* SSL_CTX_set_verify.pod: move a note further down where it fits betterDr. David von Oheimb2022-03-181-2/+2
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17887)
* print SSL session, fix build warnings on OpenBSD.David Carlier2022-03-181-2/+2
| | | | | | | | time_t is a 64 bits type on this platform. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17917)
* eng_dyn: Avoid spurious errors when checking for 1.1.x engineTomas Mraz2022-03-181-11/+22
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17901)
* Fix documentation for provider-signatureHugo Landau2022-03-181-8/+4
| | | | | | | | | Fixes #17909. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17914)
* Fix declaration inconsistency (Camellia)Hugo Landau2022-03-181-3/+3
| | | | | | | | | Fixes #17911. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17912)
* List missing operations in provider(7)Hugo Landau2022-03-181-8/+40
| | | | | | | | | Fixes #17910. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17915)
* Fix typos in CCM test vector titlesTobias Nießen2022-03-171-3/+3
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17889)
* check return value of functions that call BIO_new()tangyiqun2022-03-161-1/+12
| | | | | | | Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17850)
* Update CHANGES/NEWS for new releaseMatt Caswell2022-03-152-1/+47
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add a negative testcase for BN_mod_sqrtTomas Mraz2022-03-152-1/+22
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add documentation of BN_mod_sqrt()Tomas Mraz2022-03-152-3/+13
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix possible infinite loop in BN_mod_sqrt()Tomas Mraz2022-03-151-12/+18
| | | | | | | | | | | The calculation in some cases does not finish for non-prime p. This fixes CVE-2022-0778. Based on patch by David Benjamin <davidben@google.com>. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix signed integer overflow in evp_encHugo Landau2022-03-152-6/+14
| | | | | | | | | Fixes #17869. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17870)
* Fixed typo in inner_evp_generic_fetch() error handlingOliver Roberts2022-03-151-1/+1
| | | | | | | | | | | Fixes #17876 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17877)
* Fix IV length caching in EVP encryption codeHugo Landau2022-03-151-6/+15
| | | | | | | | | | | | The IV length cache value was being invalidated excessively, causing IV length caching to be ineffective. Related to #17064. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17862)
* aes-gcm-avx512.pl: Fixed mingw64 buildAndrey Matyukov2022-03-142-6/+6
| | | | | | | | | Decoration prefix for some assembler labels in aes-gcm-avx512.pl was fixed for mingw64 build. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17868)
* Add EVP demo for SIPHASHHugo Landau2022-03-142-0/+130
| | | | | | | | | Fixes #14121. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17793)
* Fix bug in scrypt KDF provider dup methodHugo Landau2022-03-141-3/+8
| | | | | | | | | | | The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17873)
* evp_test: Add testcases for DH KEX with X9.42 KDFTomas Mraz2022-03-142-1/+68
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17859)
* Fix documentation of parameters for DH and ECDH KEXTomas Mraz2022-03-143-38/+67
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17859)
* DH: Make padding always on when X9.42 KDF is usedTomas Mraz2022-03-141-5/+6
| | | | | | | | Fixes #17834 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17859)
* Add manpages for SSL_get_certificate, SSL_get_private_keyHugo Landau2022-03-143-2/+79
| | | | | | | | | This is as I understand these functions from reading the code. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17815)
* crypto/pem/pem_lib.c: Add check for BIO_readJiasheng Jiang2022-03-141-7/+10
| | | | | | | | | | | | | | As the potential failure of the BIO_read(), it should be better to add the check and return error if fails. Also, in order to decrease the same code, using 'out_free' will be better. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17754)
* Add EVP demo for RSA key generationHugo Landau2022-03-144-4/+297
| | | | | | | | | Fixes #14111. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17824)
* Replace handling of negative verification result with SSL_set_retry_verify()Tomas Mraz2022-03-1413-21/+144
| | | | | | | | | | | | | | | | Provide a different mechanism to indicate that the application wants to retry the verification. The negative result of the callback function now indicates an error again. Instead the SSL_set_retry_verify() can be called from the callback to indicate that the handshake should be suspended. Fixes #17568 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17825)
* Fixed conditional statement testing 64 and 256 bytesDanny Tsen2022-03-141-67/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17760)
* EVP_MD performance fix (refcount cache contention)Hugo Landau2022-03-133-13/+23
| | | | | | | | | | | | | Partial fix for #17064. Avoid excessive writes to the cache line containing the refcount for an EVP_MD object to avoid extreme cache contention when using a single EVP_MD at high frequency on multiple threads. This changes performance in 3.0 from being double that of 1.1 to only slightly higher than that of 1.1. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17857)
* Make ossltest engine use in test/recipes/20-test_dgst.t platform agnosticRichard Levitte2022-03-121-3/+3
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17861)
* OSSL_CMP_CTX_setup_CRM(): Fix handling of defaults from CSR and refcertDr. David von Oheimb2022-03-125-20/+53
| | | | | | | | | Also update and complete related documentation. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17726)
* DOC: TLS compression is disabled by defaultTodd Short2022-03-111-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/17854)
* README: add missing link to OpenSSL 3.0 manual pagesDr. Matthias St. Pierre2022-03-111-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17855)
* Add TFO support to socket BIO and s_client/s_serverTodd Short2022-03-1034-28/+1129
| | | | | | | | | | | Supports Linux, MacOS and FreeBSD Disabled by default, enabled via `enabled-tfo` Some tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8692)
* Drop ariacbc demo binaryTomas Mraz2022-03-101-0/+0
| | | | | | | Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17848)
* Allow to *just* print key and IV of unstreamable modes when no input filesEasySec2022-03-101-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17843)
* check the return of OPENSSL_sk_new_nullxkernel2022-03-101-0/+5
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/17836)
* Set protocol in init_client()Todd Short2022-03-101-1/+1
| | | | | | | | | If TCP is being used, protocol = 0 is passed to init_client(), then protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17838)
* Avoid potential memory leakDmitry Belyavskiy2022-03-101-1/+4
| | | | | | | | Resolves #17827 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17828)
* check the return value of BIO_new_file()xkernel2022-03-102-0/+8
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17820)
* async_posix: Make ASYNC_set_mem_functions threadsafeArran Cudbard-Bell2022-03-105-3/+37
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17762)
* async_posix: Allow custom stack allocation functions to be specified for ↵Arran Cudbard-Bell2022-03-108-5/+162
| | | | | | | | POSIX contexts Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17762)
* async_posix: raise a memory allocation error if we fail to allocate stack memoryArran Cudbard-Bell2022-03-101-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17762)
* README: add link to migration_guide manual pageDr. Matthias St. Pierre2022-03-101-6/+6
| | | | | | | | | | which replaces the link to the OpenSSL 3.0 Wiki. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17840)
* Some platforms don't have pthread_atforkMatt Caswell2022-03-101-18/+1
| | | | | | | | | | | | | | | | | We've had a report of a linker failure on some platforms (this one was linux ARM) that apparently did not have pthread_atfork. It's strange that this has not been reported before but the simplest solution is just to remove this from the library since it isn't really used anyway. Currently it is called to set up the fork handlers OPENSSL_fork_prepare, OPENSSL_fork_parent and OPENSSL_fork_child. However all of those functions are no-ops. This is a remnant from earlier code that got removed. We can safely remove it now. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17842)
* android-x86 target: Add -latomicMarcel Raad2022-03-091-0/+1
| | | | | | | | | | | Fixes https://github.com/openssl/openssl/issues/14083 again after being broken by https://github.com/openssl/openssl/pull/15640. CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17833)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 23:30:15 +0000