Add special case to skip RC4 reinit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Me

Add special case to skip RC4 reinit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15276)

show more ...

Add an evp_libctx_test test run for legacy provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@ora

Add an evp_libctx_test test run for legacy provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15276)

show more ...

Allow TLS13_AD_MISSING_EXTENSION for older versions

Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in
ssl3_alert_code() and tls1_alert_code(), so that the call to
SSLf

Allow TLS13_AD_MISSING_EXTENSION for older versions

Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in
ssl3_alert_code() and tls1_alert_code(), so that the call to
SSLfatal() in final_psk() will always actually generate an alert,
even for non-TLS1.3 protocol versions.

Fixes #15375

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15412)

show more ...

Remove tmp file smcont.signed_ that was used for debuggin PR #15347

This file made it into the master branch by mistake.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by:

Remove tmp file smcont.signed_ that was used for debuggin PR #15347

This file made it into the master branch by mistake.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15438)

show more ...

write-man-symlinks: Write relative symlinks not absolute

Fixes #15424

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewe

write-man-symlinks: Write relative symlinks not absolute

Fixes #15424

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15437)

show more ...

Add warning to key/param generating apps on potential delay due to missing entropy

This also introduces app_keygen() and app_paramgen() and cleans up err reporting.

Reviewed-by: Tom

Add warning to key/param generating apps on potential delay due to missing entropy

This also introduces app_keygen() and app_paramgen() and cleans up err reporting.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12095)

show more ...

fix Solaris OS detection in config.pm

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

fix Solaris OS detection in config.pm

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15439)

show more ...

Do not try to install image directories with no images

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/

Do not try to install image directories with no images

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)

show more ...

FIPS checksums CI: use merge checkout to compute the new checksums

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https:/

FIPS checksums CI: use merge checkout to compute the new checksums

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)

show more ...

Windows CI: properly drop test_fuzz* tests to speed up things

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://gith

Windows CI: properly drop test_fuzz* tests to speed up things

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)

show more ...

Windows CI: Add make install step on the shared 64 bit build

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://githu

Windows CI: Add make install step on the shared 64 bit build

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)

show more ...

regenerate FIPS checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15365)

checksum: include header files in the checksumming output

Fixes #15133

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15365)

Fix 'openssl req' to be able to use provided keytypes

'openssl req' was still using old APIs that could only deal with
EVP_PKEY_ASN1_METHOD based EVP_PKEYs. Now modified to use more

Fix 'openssl req' to be able to use provided keytypes

'openssl req' was still using old APIs that could only deal with
EVP_PKEY_ASN1_METHOD based EVP_PKEYs. Now modified to use more
generic functions that can handle all forms of EVP_PKEY, this app
should be ready for the future.

Fixes #15388

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15400)

show more ...

mac: add a getter for the MAC block size.

Fixes #12342

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi

mac: add a getter for the MAC block size.

Fixes #12342

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15427)

show more ...

test: add evp_tests for the MAC size and block size

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

test: add evp_tests for the MAC size and block size

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15427)

show more ...

doc: document the MAC block size getter

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl

doc: document the MAC block size getter

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15427)

show more ...

Add fipsinstall option to run self test KATS on module load

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/opens

Add fipsinstall option to run self test KATS on module load

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15149)

show more ...

Remove engine_table_select_int

Add missing file/line args and call it engine_table_select

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openss

Remove engine_table_select_int

Add missing file/line args and call it engine_table_select

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15419)

show more ...

DOCS: Don't mention internal functions in public documentation

This time noticed in OSSL_trace_set_channel.pod, and it turned out to
be easy to mention the public functions affected inst

DOCS: Don't mention internal functions in public documentation

This time noticed in OSSL_trace_set_channel.pod, and it turned out to
be easy to mention the public functions affected instead.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15422)

show more ...

Fix warning in gf_serialize

Compiling under -Werror fails in gf_serialize:

crypto/ec/curve448/f_generic.c:21:27: error: argument 1 of type 'uint8_t[56]' {aka 'unsigned char[56]'} wi

Fix warning in gf_serialize

Compiling under -Werror fails in gf_serialize:

crypto/ec/curve448/f_generic.c:21:27: error: argument 1 of type 'uint8_t[56]' {aka 'unsigned char[56]'} with mismatched bound [-Werror=array-parameter=]
21 | void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
| ~~~~~~~~^~~~~~~~~~~~~~~~~
In file included from crypto/ec/curve448/f_generic.c:12:
crypto/ec/curve448/field.h:65:28: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
~~~~~~~~~^~~~~~
Changed parameter to pointer to fix this warning.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15376)

show more ...

TEST: Avoid using just 'example.com' - test_cmp_http

We have reports that some are using example.com in their /etc/hosts
for testing purposes, so we can't necessarily assume that those

TEST: Avoid using just 'example.com' - test_cmp_http

We have reports that some are using example.com in their /etc/hosts
for testing purposes, so we can't necessarily assume that those will
fail.

We fix it by using "random" hosts in that domain.

Fixes #15395

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15398)

show more ...

openssl srp: make index.txt parsing error more verbose

If index.txt exists but has some problems (like for example
consisting of a single \n character or number of fields wrong in one of

openssl srp: make index.txt parsing error more verbose

If index.txt exists but has some problems (like for example
consisting of a single \n character or number of fields wrong in one of the lines)
then openssl will just exit. This fixes it by printing an error when
load_index returns null.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15360)

show more ...

openssl ocsp: make index.txt parsing error more verbose

If index.txt exists but has some problems (like for example consisting of a single \n character in it,
or some field-number error

openssl ocsp: make index.txt parsing error more verbose

If index.txt exists but has some problems (like for example consisting of a single \n character in it,
or some field-number error in one of the lines) openssl will just exit without any error message.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15360)

show more ...

openssl ca: make index.txt parsing error more verbose

If index.txt exists but has some problems (like for example a single \n character in it) openssl will just exit without any error messag

openssl ca: make index.txt parsing error more verbose

If index.txt exists but has some problems (like for example a single \n character in it) openssl will just exit without any error message.

Bug at least expirienced twice: https://superuser.com/questions/1327848/openssl-ca-fails-after-password-without-error-message

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15360)

show more ...