time: move OSSL_TIME to libcrypto

Keep building it for libssl without exposing any symbols.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@ope

time: move OSSL_TIME to libcrypto

Keep building it for libssl without exposing any symbols.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)

show more ...

Avoid struct timeval in QUIC code

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Mer

Avoid struct timeval in QUIC code

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)

show more ...

ssl: modify libssl so that it uses OSSL_TIME

This is instead of time_t and struct timeval. Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME in

ssl: modify libssl so that it uses OSSL_TIME

This is instead of time_t and struct timeval. Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME internally.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)

show more ...

time: add some additional utilities and document everything

Some of the recently added functions were not documents. This has been addressed.
Also added utility functions for conversion

time: add some additional utilities and document everything

Some of the recently added functions were not documents. This has been addressed.
Also added utility functions for conversions between time_t, seconds and struct timeval
to/from OSSL_TIME.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)

show more ...

apps/openssl-vms.cnf: reflect latest changes by 'make update'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oh

apps/openssl-vms.cnf: reflect latest changes by 'make update'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19179)

show more ...

Revert (most of) "Makefile: Generate crypto objects only as far as needed"

This reverts all adaptations by commit 89c39bd8f6528ad268c1c0d0c9e196ba4396941b
on Configurations/unix-Makefile

Revert (most of) "Makefile: Generate crypto objects only as far as needed"

This reverts all adaptations by commit 89c39bd8f6528ad268c1c0d0c9e196ba4396941b
on Configurations/unix-Makefile.tmpl except for additions to .PHONY

Fixes #19087

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19179)

show more ...

Checking __STDC_VERSION__ rather than __STRICT_ANSI__

`__STRICT_ANSI__` is a gnuish flag macro that indicates if `-ansi`
was given on the command line. To check the C version, it's bett

Checking __STDC_VERSION__ rather than __STRICT_ANSI__

`__STRICT_ANSI__` is a gnuish flag macro that indicates if `-ansi`
was given on the command line. To check the C version, it's better
to check the macro `__STDC_VERSION__`.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19197)

show more ...

OSSL_CRYPTO_ALLOC attribute introduction proposal.

Giving hint to the compiler the returned pointer is not aliased
(so realloc-like api is de facto excluded).

Reviewed-by: Hugo

OSSL_CRYPTO_ALLOC attribute introduction proposal.

Giving hint to the compiler the returned pointer is not aliased
(so realloc-like api is de facto excluded).

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19180)

show more ...

update oqsprovider/liboqs to v0.7.2

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>

update oqsprovider/liboqs to v0.7.2

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19184)

show more ...

Fix PROV_RC5_CTX's original structure name

It looks like a typo when copy & pasting the structure from blowfish.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by:

Fix PROV_RC5_CTX's original structure name

It looks like a typo when copy & pasting the structure from blowfish.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19186)

show more ...

Fix tests when configured with -DOPENSSL_USE_IPV6=0

In include/internal/sockets.h it says that you can disable IPv6, and only
defines OPENSSL_USE_IPV6 (to 0 or 1) if it's not already def

Fix tests when configured with -DOPENSSL_USE_IPV6=0

In include/internal/sockets.h it says that you can disable IPv6, and only
defines OPENSSL_USE_IPV6 (to 0 or 1) if it's not already defined.

The codebase generally then checks `#if OPENSSL_USE_IPV6`.

However, test_bio_dgram uses `#if defined(OPENSSL_USE_IPV6)` which means it tries
to test IPv6 even if it's explicitly configured out with -DOPENSSL_USE_IPV6=0
(`#if defined(OPENSSL_USE_IPV6)` is always true).

This fixes that.

Change-Id: Ie1641c9dd654f27f3bdca186517df5599ad1059b

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19181)

show more ...

list: add an option to list all available algorithms

Fixes #19145

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmi

list: add an option to list all available algorithms

Fixes #19145

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19168)

show more ...

crypto/x509/{x509_req,x_all}.c: add some NULL parameter checks, improve coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merge

crypto/x509/{x509_req,x_all}.c: add some NULL parameter checks, improve coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19090)

show more ...

X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-b

X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19090)

show more ...

X509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updated

We need to reencode X509_req_info_st if member data updated.

Reviewed-by: Tomas Mraz <tomas@openssl.or

X509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updated

We need to reencode X509_req_info_st if member data updated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19090)

show more ...

openssl.cnf: split option value and comment and remove leading space

CLA: trivial

Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>

Reviewed-by: Matt Cas

openssl.cnf: split option value and comment and remove leading space

CLA: trivial

Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19173)

show more ...

Cleanup EBCDIC string defintions

Use a single definiton for protocol string defintions.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.or

Cleanup EBCDIC string defintions

Use a single definiton for protocol string defintions.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19122)

show more ...

Add some API tests for TLSv1.3 record padding

We have some ssl_test_new tests for record padding. But these only use
the block padding approach set via a config file on the SSL_CTX. We a

Add some API tests for TLSv1.3 record padding

We have some ssl_test_new tests for record padding. But these only use
the block padding approach set via a config file on the SSL_CTX. We add
tests for all the various API calls.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19103)

show more ...

crypto/conf: gcc build warning fix

Fix the gcc build warning from conf_sap.c:
variable flags set but not used [-Wunused-but-set-variable]
variable appname set but not used [-Wunused-

crypto/conf: gcc build warning fix

Fix the gcc build warning from conf_sap.c:
variable flags set but not used [-Wunused-but-set-variable]
variable appname set but not used [-Wunused-but-set-variable]
variable filename set but not used [-Wunused-but-set-variable]

CLA: trivial

Signed-off-by: Gang Chen <gang.c.chen@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19153)

show more ...

s390x: fix ecx derive

Derivation via ecx-methods did not properly set the length. Make the code
more similar to common code and set the length property.

Signed-off-by: Juergen

s390x: fix ecx derive

Derivation via ecx-methods did not properly set the length. Make the code
more similar to common code and set the length property.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19158)

show more ...

Remove perror() usage in library

The dgram code used perror extensively.

Keep the `perror()` in the allocation code; it's used for debugging only.
Keep the `perror()`s in the de

Remove perror() usage in library

The dgram code used perror extensively.

Keep the `perror()` in the allocation code; it's used for debugging only.
Keep the `perror()`s in the demos, tests and apps.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19148)

show more ...

bio_dgram_test.c: Fix warning from older clang compilers

Older clang compilers warn about the initializer:

test/bio_dgram_test.c:107:29: error: suggest braces around initialization

bio_dgram_test.c: Fix warning from older clang compilers

Older clang compilers warn about the initializer:

test/bio_dgram_test.c:107:29: error: suggest braces around initialization
of subobject [-Werror,-Wmissing-braces]
struct in6_addr ina6 = {0};
^
{}

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19152)

show more ...

Add an EVP demo for key encoding using EC

Fixes openssl#14117

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale

Add an EVP demo for key encoding using EC

Fixes openssl#14117

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19143)

show more ...

Fix BIO_sendmmsg/BIO_recvmmsg issues on FreeBSD

Fixes #19156.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Pau

Fix BIO_sendmmsg/BIO_recvmmsg issues on FreeBSD

Fixes #19156.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19164)

show more ...

Fix undefined ipi_spec_dst for cygwin build.

The 'struct in_pktinfo' doesn't have a 'ipi_spec_dst' field on windows
OS which break cygwin builds of OpenSSL.

Signed-off-by: Trist

Fix undefined ipi_spec_dst for cygwin build.

The 'struct in_pktinfo' doesn't have a 'ipi_spec_dst' field on windows
OS which break cygwin builds of OpenSSL.

Signed-off-by: Tristan Lelong <tlelong@google.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19134)

show more ...