apps/progs.pl: use SOURCE_DATE_EPOCH if defined for copyright year

As with 11d7d903, use SOURCE_DATE_EPOCH for the copyright year if it is
defined, to avoid reproducibility problems.

apps/progs.pl: use SOURCE_DATE_EPOCH if defined for copyright year

As with 11d7d903, use SOURCE_DATE_EPOCH for the copyright year if it is
defined, to avoid reproducibility problems.

CLA: trivial

Signed-off-by: Ross Burton <ross.burton@arm.com>
Change-Id: I1bea19070411a69155c43de7082350fb2c499da3

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17601)

show more ...

Update the comment on ssl3_write_pending()

The struct s->s3 has been modified.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Review

Update the comment on ssl3_write_pending()

The struct s->s3 has been modified.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17611)

show more ...

Revert dropped usage of var thiswr in do_ssl3_write()

The var 'thiswr' is an unwanted modification,
it was submitted in #5253.

Reviewed-by: Matt Caswell <matt@openssl.org>
R

Revert dropped usage of var thiswr in do_ssl3_write()

The var 'thiswr' is an unwanted modification,
it was submitted in #5253.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17610)

show more ...

indentation fix

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

tls1 prf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pkcs12 kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

test: change pkey kdf dup fail test to a pkey kdf dup success test

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

k942 kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

ss KDF: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

ssh kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

scrypt: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pvk kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

krb5kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

kbkdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

hkdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pbkdf2: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pbkdf1: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

evp_test: add a ctx dup operation to the KDF tests

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

prov: add a safe memdup function for context cloning

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

Fix bad HTML formatting in EVP_KEYEXCH-DH.html because of missing newline in pod file

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.or

Fix bad HTML formatting in EVP_KEYEXCH-DH.html because of missing newline in pod file

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17609)

show more ...

Fix endianness problem in params_api_test

On a big endian machine, we get test failures in params_api_test like

# ERROR: (memory) 'buf1 == buf2' failed @ test/params_api_tes

Fix endianness problem in params_api_test

On a big endian machine, we get test failures in params_api_test like

# ERROR: (memory) 'buf1 == buf2' failed @ test/params_api_test.c:473
# --- buf1
# +++ buf2
# 0000:-e901
# 0000:+01e9
# ^^^^
#
# OPENSSL_TEST_RAND_ORDER=1643313367
not ok 157 - iteration 3

They are due to an additional conversion copy. Remove this copy to solve the
problem.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17608)

show more ...

aes: make the no-asm constant time code path not the default

After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for someth

aes: make the no-asm constant time code path not the default

After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.

The option to use the constant time code exists as it was in OpenSSL 1.1.1.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)

show more ...

Include the modules directory in openssl.pc

Affected file: Configurations/unix-Makefile.tmpl

Fixes #17602

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Toma

Include the modules directory in openssl.pc

Affected file: Configurations/unix-Makefile.tmpl

Fixes #17602

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17605)

show more ...

apps: Add option -no_ems to s_client/s_server apps

The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910.
And it is valid for versions below (D)TLS 1.2.

Reviewed-by: Dm

apps: Add option -no_ems to s_client/s_server apps

The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910.
And it is valid for versions below (D)TLS 1.2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17597)

show more ...

Add -verbose/-queit flags to dhparam

Allow dhparam to run quietly in scripts, etc.

For other commands that took a -verbose flag already, also support -quiet.

For genpkey wh

Add -verbose/-queit flags to dhparam

Allow dhparam to run quietly in scripts, etc.

For other commands that took a -verbose flag already, also support -quiet.

For genpkey which only supported -quiet, add the -verbose flag.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)

show more ...