| 62829f9f | 13-Feb-2021 |
Beat Bolli |
README-ENGINES: fix the link to the provider API README
Signed-off-by: Beat Bolli <dev@drbeat.li>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@op
README-ENGINES: fix the link to the provider API README
Signed-off-by: Beat Bolli <dev@drbeat.li>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14173)
show more ...
|
| 9dc9c7f2 | 10-Feb-2021 |
Matt Caswell |
Document the newly added function EVP_PKEY_param_check_quick()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://git
Document the newly added function EVP_PKEY_param_check_quick()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
show more ...
|
| 0217e53e | 10-Feb-2021 |
Matt Caswell |
Fix the dhparam_check test
genpkey can sometimes create files that fail "openssl dhparam -check". See
issue #14145. We had some instances of such invalid files in the
dhparam_check t
Fix the dhparam_check test
genpkey can sometimes create files that fail "openssl dhparam -check". See
issue #14145. We had some instances of such invalid files in the
dhparam_check test. Now that "openssl dhparam -check" has been fixed to
work the same way as it did in 1.1.1 these tests were failing. We move the
invalid files inot the "invalid" directory. A future PR will have to fix
genpkey to not generate invalid files.
We also remove a "SKIP" block that was skipping tests in a no deprecated
build unnecessarily. Nothing being tested is deprecated.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
show more ...
|
| 899e2564 | 09-Feb-2021 |
Matt Caswell |
Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "ful
Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.
Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
show more ...
|
| aee73562 | 09-Feb-2021 |
Matt Caswell |
Run DH_check_ex() not DH_check_params_ex() when checking params
Both DH_check_ex() and DH_check_params_ex() check the parameters.
DH_check_ex() performs a more complete check, while DH_c
Run DH_check_ex() not DH_check_params_ex() when checking params
Both DH_check_ex() and DH_check_params_ex() check the parameters.
DH_check_ex() performs a more complete check, while DH_check_params_ex()
performs a lightweight check. In 1.1.1 EVP_PKEY_param_check() would call
DH_check_ex() for DH keys. For backwards compatibility we should continue
with that behaviour.
Fixes #13501
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
show more ...
|
| 93e43f4c | 11-Feb-2021 |
Benjamin Kaduk |
RSA: avoid dereferencing possibly-NULL parameter in initializers
Fix CID 1472835: the explicit NULL check for prsactx is useless when
we have already dereferenced it in the initializers.
RSA: avoid dereferencing possibly-NULL parameter in initializers
Fix CID 1472835: the explicit NULL check for prsactx is useless when
we have already dereferenced it in the initializers.
Move the actual initialization to the function body to get the
logic sequenced properly.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14160)
show more ...
|
| 63ae8476 | 12-Feb-2021 |
Benjamin Kaduk |
x509_vfy: remove redundant stack allocation
Fix CID 1472833 by removing a codepath that attempts to allocate a
stack if not already allocated, when the stack was already allocated
un
x509_vfy: remove redundant stack allocation
Fix CID 1472833 by removing a codepath that attempts to allocate a
stack if not already allocated, when the stack was already allocated
unconditionally a few lines previously.
Interestingly enough, this additional allocation path (and the comment
describing the need for it) were added in commit
69664d6af0cdd7738f55d10fbbe46cdf15f72e0e, also prompted by Coverity(!).
It seems that the intervening (and much more recent) commit
d53b437f9992f974c1623e9b9b9bdf053aefbcc3 that allowed sk_X509_dup()
to accept a NULL argument allowed the earlier initialization path
to unconditionally allocate a stack, rendering this later allocation fully
redundant.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14161)
show more ...
|
| 99c166a1 | 11-Nov-2020 |
Shane Lontis |
Add docs for ASN1_item_sign and ASN1_item_verify functions
This is to address part of issue #13192.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o
Add docs for ASN1_item_sign and ASN1_item_verify functions
This is to address part of issue #13192.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13373)
show more ...
|
| 09c77b87 | 12-Feb-2021 |
Pauli |
Remove an unnecessary free call.
https://github.com/openssl/openssl/commit/64954e2f34b8839ca7ad1e9576a6efaf3e49e17c#r47045920
Reviewed-by: Matt Caswell <matt@openssl.org>
Review
Remove an unnecessary free call.
https://github.com/openssl/openssl/commit/64954e2f34b8839ca7ad1e9576a6efaf3e49e17c#r47045920
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14165)
show more ...
|
| 8a43091b | 12-Feb-2021 |
Shane Lontis |
Remove dead code in rsa_pkey_ctrl.
Fixes CID #1472393
Previously this switch handled CMS & PCKS7 controls (e.g ANS1_PKEY_CTRL_PKCS7_SIGN)
which fell thru to the dead code to set
Remove dead code in rsa_pkey_ctrl.
Fixes CID #1472393
Previously this switch handled CMS & PCKS7 controls (e.g ANS1_PKEY_CTRL_PKCS7_SIGN)
which fell thru to the dead code to set the X509_ALG.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14163)
show more ...
|
| bae39163 | 11-Feb-2021 |
Disconnect3d |
passwd.c: use the actual ROUNDS_DEFAULT macro
Before this commit, the `ROUNDS_DEFAULT` macro was not used at all, while defined in the source code.
Instead, a `unsigned int rounds = 5000
passwd.c: use the actual ROUNDS_DEFAULT macro
Before this commit, the `ROUNDS_DEFAULT` macro was not used at all, while defined in the source code.
Instead, a `unsigned int rounds = 5000;` was set, which uses the same value.
This commit changes the `5000` to `ROUNDS_DEFAULT`.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14156)
show more ...
|
| 70f23648 | 05-Feb-2021 |
Jay Satiro |
NOTES-WINDOWS: fix typo
CLA: trivial
(cherry picked from commit fb97b8e8a52b853b2b2209d5aeee36eaa08bb9ad)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthi
NOTES-WINDOWS: fix typo
CLA: trivial
(cherry picked from commit fb97b8e8a52b853b2b2209d5aeee36eaa08bb9ad)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14042)
show more ...
|
| a0ca1eed | 02-Feb-2021 |
Dr. Matthias St. Pierre |
Add a skeleton README-PROVIDERS file
The current content of this README file are just meant to be a
starting point and an incentive to add more. Most of the text
was borrowed from th
Add a skeleton README-PROVIDERS file
The current content of this README file are just meant to be a
starting point and an incentive to add more. Most of the text
was borrowed from the [OpenSSL 3.0 Wiki], which is the reason
why a added Matt as co-author. To be continued...
[OpenSSL 3.0 Wiki]: https://wiki.openssl.org/index.php/OpenSSL_3.0
Co-authored-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
show more ...
|
| d507436a | 02-Feb-2021 |
Dr. Matthias St. Pierre |
Add deprecation note to the README-ENGINES file
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042) |
| 4148581e | 01-Feb-2021 |
Dr. Matthias St. Pierre |
Unify the markdown links to the NOTES and README files
In many locations, the files have been converted to markdown
syntactically, but don't utilize the power of markdown yet.
Here,
Unify the markdown links to the NOTES and README files
In many locations, the files have been converted to markdown
syntactically, but don't utilize the power of markdown yet.
Here, instead of just repeating the file name, the markdown link
now shows the title of the document.
Additionally, the notes are now reference in the same order in both
the README and the INSTALL file.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
show more ...
|
| dc589dae | 01-Feb-2021 |
Dr. Matthias St. Pierre |
Reformat some NOTES and README files
Formatting is still very mixed in the NOTES and README files.
This commit tries to make formatting more consistent with the one
introduced in pul
Reformat some NOTES and README files
Formatting is still very mixed in the NOTES and README files.
This commit tries to make formatting more consistent with the one
introduced in pull request #10545.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
show more ...
|
| 9f1fe6a9 | 02-Feb-2021 |
Dr. Matthias St. Pierre |
Revise some renamings of NOTES and README files
Some of the notes and readme files have been converted to markdown
format recently and renamed during this process. While adding the
.
Revise some renamings of NOTES and README files
Some of the notes and readme files have been converted to markdown
format recently and renamed during this process. While adding the
.md extension was a natural step, switching to mixed cases was not
a change to the better, it gives them a ragged appearance:
NOTES.ANDROID => NOTES-Android.md
NOTES.DJGPP => NOTES-DJGPP.md
NOTES.PERL => NOTES-Perl.md
NOTES.UNIX => NOTES-Unix.md
NOTES.VMS => NOTES-VMS.md
NOTES.VALGRIND => NOTES-Valgrind.md
NOTES.WIN => NOTES-Windows.txt
README.ENGINE => README-Engine.md
README.FIPS => README-FIPS.md
Moreover, the NOTES-Windows.txt file is the only file which has been
converted to markdown but has received a .txt file extension.
This doesn't make sense, because the OpenSSL users on Windows will
need to read the other markdown documents as well. Since they are
developers, we can trust them to be able to associate their favorite
editor with the .md extension.
In fact, having a comment at the beginning of the file saying that it
is in markdown format but we didn't dare to add the correct extension
in order not to overwhelm our Windows users can be interpreted either
as unintentionally funny or disrespectful ;-)
This commit suggests the following more consistent renaming:
NOTES.ANDROID => NOTES-ANDROID.md
NOTES.DJGPP => NOTES-DJGPP.md
NOTES.PERL => NOTES-PERL.md
NOTES.UNIX => NOTES-UNIX.md
NOTES.VMS => NOTES-VMS.md
NOTES.VALGRIND => NOTES-VALGRIND.md
NOTES.WIN => NOTES-WINDOWS.md
README.ENGINE => README-ENGINES.md
README.FIPS => README-FIPS.md
(note the plural in README-ENGINES, anticipating a README-PROVIDERS)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
show more ...
|
| 9ff5bd61 | 11-Feb-2021 |
Tomas Mraz |
ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Mer
ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
show more ...
|
| 89e14ca7 | 11-Feb-2021 |
Tomas Mraz |
tls_valid_group: Add missing dereference of okfortls13
Fixes #14153
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154) |
| d8c1cafb | 11-Jan-2021 |
Richard Levitte |
VMS documentation fixes
This mostly clarifies details.
Fixes #13789
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/138
VMS documentation fixes
This mostly clarifies details.
Fixes #13789
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13835)
show more ...
|
| 72ddea9b | 11-Jan-2021 |
Richard Levitte |
Configurations/descrip.mms.tmpl: avoid enormous PIPE commands
DCL has a total command line limitation that's too easily broken by
them.
We solve them by creating separate messag
Configurations/descrip.mms.tmpl: avoid enormous PIPE commands
DCL has a total command line limitation that's too easily broken by
them.
We solve them by creating separate message scripts and using them.
Fixes #13789
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13835)
show more ...
|
| 1695e10e | 03-Feb-2021 |
Richard Levitte |
DOCS: Update the internal documentation on EVP_PKEY.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14059) |
| c5689319 | 11-Feb-2021 |
Richard Levitte |
Use ERR_R_*_LIB instead of ERR_LIB_* as reason code for sub-libraries
Using ERR_LIB_* causes the error output to say 'reason(n)' instead of
the name of the sub-library in question.
Use ERR_R_*_LIB instead of ERR_LIB_* as reason code for sub-libraries
Using ERR_LIB_* causes the error output to say 'reason(n)' instead of
the name of the sub-library in question.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14152)
show more ...
|
| 13888e79 | 08-Feb-2021 |
Matt Caswell |
Update documentation following deprecation of SRP
Ensure all the man pages correctly reflect the deprecated status of SRP.
Fixes #13917
Reviewed-by: Tomas Mraz <tomas@opens
Update documentation following deprecation of SRP
Ensure all the man pages correctly reflect the deprecated status of SRP.
Fixes #13917
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
show more ...
|
| 76cb077f | 08-Feb-2021 |
Matt Caswell |
Deprecate the libssl level SRP APIs
The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.
Re
Deprecate the libssl level SRP APIs
The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
show more ...
|
