VMS: copy prologue/epilogue headers when header files are generated

This is crucial when the build tree isn't the source tree, as they
only take effect in directories where included head

VMS: copy prologue/epilogue headers when header files are generated

This is crucial when the build tree isn't the source tree, as they
only take effect in directories where included header files reside.

The issue only comes up when linking with the static libraries, since
the shared libraries have upper case aliases of all symbols.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17755)

show more ...

test/crltest.c: Add check for glue2bio

As the glue2bio() could return NULL pointer if fails,
it should be better to check the return value in order
to avoid the use of NULL pointer.

test/crltest.c: Add check for glue2bio

As the glue2bio() could return NULL pointer if fails,
it should be better to check the return value in order
to avoid the use of NULL pointer.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17718)

show more ...

bio_enc.c: add check for BIO_new_mem_buf

Since the memory allocation may fail, the BIO_new_mem_buf() may
return NULL pointer.
Therefore, it should be better to check it and return er

bio_enc.c: add check for BIO_new_mem_buf

Since the memory allocation may fail, the BIO_new_mem_buf() may
return NULL pointer.
Therefore, it should be better to check it and return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17730)

show more ...

X509_VERIFY_PARAM_set_flags.pod: fix typos

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.co

X509_VERIFY_PARAM_set_flags.pod: fix typos

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17731)

show more ...

Add -quiet option to pkcs7 for -print_certs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Add -quiet option to pkcs7 for -print_certs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17708)

show more ...

Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num()

This macro and function were deprecated in the documentation but not in
the source.

Following an OTC vote the deprec

Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num()

This macro and function were deprecated in the documentation but not in
the source.

Following an OTC vote the deprecation has been removed from the
documentation.

See https://github.com/openssl/technical-policies/issues/26

Fixes #17517

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17750)

show more ...

doc: Fix KDF example for scrypt

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/

doc: Fix KDF example for scrypt

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17745)

show more ...

Fix a failure in sslapitest

The SNI test in test_cert_cb_int() was always failing because it used
SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the
correct li

Fix a failure in sslapitest

The SNI test in test_cert_cb_int() was always failing because it used
SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the
correct libctx. PR #17739 amended the test to check the return value from
SSL_CTX_new() which made the failure obvious.

Fixes #17757

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17758)

show more ...

check *libctx which is allocated by OSSL_LIB_CTX_new()

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@o

check *libctx which is allocated by OSSL_LIB_CTX_new()

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17740)

show more ...

test/sslapitest.c: Add check for SSL_CTX_new

As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fai

test/sslapitest.c: Add check for SSL_CTX_new

As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fails, like SSL_CTX_new_ex().

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17739)

show more ...

X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)

show more ...

X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://

X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)

show more ...

CMP: add subject of any provided CSR as default message sender

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17723)

chacha20 performance optimizations for ppc64le with 8x lanes,
Performance increase around 50%.

Co-authored-by: Madhusudhanan Duraisamy <madurais@in.ibm.com>

Co-authored-by: Nila

chacha20 performance optimizations for ppc64le with 8x lanes,
Performance increase around 50%.

Co-authored-by: Madhusudhanan Duraisamy <madurais@in.ibm.com>

Co-authored-by: Nilamjyoti Goswami <nilamgoswami@in.ibm.com>

Co-authored-by: Siva Sundar Anbareeswaran <srisivasundar@in.ibm.com>

Reviewed-by: Danny Tsen <dtsen@us.ibm.com>
Tested-by: Danny Tsen <dtsen@us.ibm.com>
Signed-off-by: Danny <dtsen@us.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16637)

show more ...

x509: handle returns from X509_TRUST_get_by_id() more consistently

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged

x509: handle returns from X509_TRUST_get_by_id() more consistently

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)

show more ...

rand: Add missing check for rand_get_global

As the potential failure of the rand_get_global(),
for example fail to get lock, 'dgbl' could be NULL
pointer and be dereferenced later.

rand: Add missing check for rand_get_global

As the potential failure of the rand_get_global(),
for example fail to get lock, 'dgbl' could be NULL
pointer and be dereferenced later.
Therefore, it should be better to check it and return
error if fails, like RAND_get0_primary() and other callers.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17690)

show more ...

fuzz/asn1.c: Add missing check for BIO_new

Since the BIO_new may fail, the 'bio' could be NULL pointer and be used.
Therefore, it should be better to check it and skip the print if fails

fuzz/asn1.c: Add missing check for BIO_new

Since the BIO_new may fail, the 'bio' could be NULL pointer and be used.
Therefore, it should be better to check it and skip the print if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17690)

show more ...

test/mdc2test.c: Add check for OSSL_PROVIDER_load

Since the potential failure of the OSSL_PROVIDER_load(),
for example there is no lock, the provider could fail to
be loaded into the

test/mdc2test.c: Add check for OSSL_PROVIDER_load

Since the potential failure of the OSSL_PROVIDER_load(),
for example there is no lock, the provider could fail to
be loaded into the library context.
Therefore, it should be better to check it and return error
if fails.
Also, in order to avoid free unknown pointer, 'c' should be
initialized as NULL.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17729)

show more ...

doc: Refactored the example in crypto.pod

Added return value and error code in the sample

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

doc: Refactored the example in crypto.pod

Added return value and error code in the sample

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)

show more ...

doc: Update "SSL/TLS" old documentation description in openssl.pod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.c

doc: Update "SSL/TLS" old documentation description in openssl.pod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)

show more ...

Fix typo

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17713)

Add changes logs caption for the next release 1.1.1n

Co-authored-by: Matthias St. Pierre <matthias.st.pierre@ncp-e.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Revie

Add changes logs caption for the next release 1.1.1n

Co-authored-by: Matthias St. Pierre <matthias.st.pierre@ncp-e.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)

show more ...

Fixed the date of changes of 1.1.1m

Fixed the date in the heading of "Changes between 1.1.1l and 1.1.1m" to 14 Dec 2021

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Revie

Fixed the date of changes of 1.1.1m

Fixed the date in the heading of "Changes between 1.1.1l and 1.1.1m" to 14 Dec 2021

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)

show more ...

enc : add support for wrap mode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17691)

Prefix output to avoid random ok to confuse test parser

Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.

Prefix output to avoid random ok to confuse test parser

Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.

Also corrected indent and removed useless comma after last item.

Fixes #17480

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17689)

show more ...