fips: remove unnecessary commas to get CI working

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15337)

Avoid failing label removal if label is not there

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)

Separate FIPS checksum and labelling into different workflows

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)

Remove "openssl ifdef" handling

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openss

Remove "openssl ifdef" handling

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)

show more ...

Remove '=for openssl ifdef'

No longer needed after rewrite of cmd-nits

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>

Remove '=for openssl ifdef'

No longer needed after rewrite of cmd-nits

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)

show more ...

Better error messages if there are no encoders/decoders/store loaders

If you don't have the base or default providers loaded and therefore there
are no encoders/decoders or store loaders

Better error messages if there are no encoders/decoders/store loaders

If you don't have the base or default providers loaded and therefore there
are no encoders/decoders or store loaders then the error messages can be
cryptic. We provide better hints about how to fix the problem.

Fixes #13798

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15306)

show more ...

Move ossl_sleep() to e_os.h and use it in apps

Fixes #15304

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://githu

Move ossl_sleep() to e_os.h and use it in apps

Fixes #15304

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15308)

show more ...

DOC: Fix nits found by improved find-doc-nits -c

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

ci.yml: Add cmd-nits to the doc-nits CI run

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

find-doc-nits: Make -c option (cmd-nits) independent of app build and execution

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

apps/s_server: Add -proxy and -no_proxy options

Strongly related to feature request #6965

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope

apps/s_server: Add -proxy and -no_proxy options

Strongly related to feature request #6965

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15245)

show more ...

apps/ocsp: Add -proxy and -no_proxy options

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15245)

Add -quiet flag to genpkey

Picking up late suggestions to PR #6909 by Philip Prindeville
<philipp@redfish-solutions.com>.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>

Add -quiet flag to genpkey

Picking up late suggestions to PR #6909 by Philip Prindeville
<philipp@redfish-solutions.com>.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15249)

show more ...

apps: use else if when checking for headers in the http server code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https

apps: use else if when checking for headers in the http server code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

show more ...

seal: make EVP_SealInit() library context aware

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openss

seal: make EVP_SealInit() library context aware

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

show more ...

hmac: fix coverity 1484888 negative integer to size_t conversion

More theoretical than real but easy and cheap to check for.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed

hmac: fix coverity 1484888 negative integer to size_t conversion

More theoretical than real but easy and cheap to check for.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

show more ...

keymgmt: fix coverity 1484886 unchecked return value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/o

keymgmt: fix coverity 1484886 unchecked return value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

show more ...

evp: fix coverity 1484885 negative integer to size_t conversion

Theoretically, the IV length can come back negative which would explode.

Reviewed-by: Tomas Mraz <tomas@openssl.org>

evp: fix coverity 1484885 negative integer to size_t conversion

Theoretically, the IV length can come back negative which would explode.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

show more ...

provider: fix coverity 1484884: uninitialised lock use

This actually fixes a more subtle problem that wasn't detected which could
cause memory leaks.

Reviewed-by: Tomas Mraz <to

provider: fix coverity 1484884: uninitialised lock use

This actually fixes a more subtle problem that wasn't detected which could
cause memory leaks.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

show more ...

apps: clean up the http server code

Clean up some of the null checking in the http server code.

This also "fixes" the false positive from coverity CID 1484883.

Reviewed-by:

apps: clean up the http server code

Clean up some of the null checking in the http server code.

This also "fixes" the false positive from coverity CID 1484883.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

show more ...

test: conditionally exclude unused code for no-tls1.2 build

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15301)

Fix a use-after-free in the child provider code

If the child provider context data gets cleaned up before all usage of
providers has finished then a use-after-free can occur. We change t

Fix a use-after-free in the child provider code

If the child provider context data gets cleaned up before all usage of
providers has finished then a use-after-free can occur. We change the
priority of this data so that it gets freed later.

Fixes #15284

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15286)

show more ...

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.

Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)

show more ...

Fix pointer passed to provider_unquery_operation

Walking through the `map` modifies the pointer passed to the `unquery`
operation.

Reviewed-by: Matt Caswell <matt@openssl.org>

Fix pointer passed to provider_unquery_operation

Walking through the `map` modifies the pointer passed to the `unquery`
operation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15295)

show more ...