summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Prepare for release of 3.0 beta 1openssl-3.0.0-beta1Matt Caswell2021-06-173-4/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* make updateMatt Caswell2021-06-173-54/+54
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update copyright yearMatt Caswell2021-06-17191-191/+191
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
* test/recipes/80-test_cmp_http.t: Kill the mock server brutallyRichard Levitte2021-06-171-1/+1
| | | | | | | | | | | | | | To kill a subprocess with the KILL signal is pretty brutal. However, it doesn't seem to be killed completely on some platforms, which makes this test recipe hang indefinitely when (implicitly) closing the file handle for this server ($server_fh). A brutal KILL resolves this problem. Fixes #15781 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15797)
* gost: remove the internal GOST test.Pauli2021-06-174-172/+1
| | | | | | | | | The external GOST test is sufficient according @beldmit. This avoids having to manually update and build the GOST engine when something changes. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15795)
* Fix exit code for VMS in util/wrap.pl and test/run_tests.plRichard Levitte2021-06-172-7/+32
| | | | | | | | | | | | | | | | The exit code for VMS is a bit tricky, and while perl translates the VMS status code from a typical C program to posix terms, it doesn't automatically translate its exit code into the typical C program VMS status code. Perl scripts are recommended to do so explicitly. Therefore, we make util/wrap.pl and test/run_tests.pl simulate the typical C program VMS status code for all non-zero exit codes, except we give them all the error severity (according to the VMS C library reference manual, exit codes 2 and above are treated as success...). Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15787)
* Fix small typo in test/recipes/05-test_pbe.tRichard Levitte2021-06-171-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15786)
* Add self test for ECDSA using curve with a binary fieldShane Lontis2021-06-171-8/+45
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15794)
* Always wait for both threads to finishRich Salz2021-06-161-5/+9
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15708)
* DSO: Fix the VMS DSO name converter to actually do somethingRichard Levitte2021-06-161-5/+31
| | | | | | | | | | | | | | | This function has never before actually done its work. This wasn't discovered before, because its output wasn't important before the FIPS provider self test started using its value. This function is now made to insert the VMS DSO extension (".EXE") at the end of the filename, being careful to make sure what can be a typical VMS generation number (separated from the file name with a ';') remains at the end. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15765)
* TEST: Change 'catdir' to 'catfile' when dealing with files, in run_tests.plRichard Levitte2021-06-161-2/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15767)
* Build file templates: Fix in2script dependenciesRichard Levitte2021-06-163-3/+3
| | | | | | | | | | | The in2script functions generates the build file rules for generating scripts from .in files. A dependency on configdata.pm is needed, since it's being used for this. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15792)
* Configuration: Fix incorrect $unified_info{attributes} referencesRichard Levitte2021-06-166-6/+9
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15758)
* prov: tag SM2 encoders and decoders as non-FIPSPauli2021-06-162-10/+10
| | | | | | | | | They're impossible to use in a FIPS environment, so they shouldn't be flagged as compatible. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15782)
* VMS build: drop a spurious debug printRichard Levitte2021-06-161-2/+0
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15758)
* HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.cDr. David von Oheimb2021-06-168-34/+33
| | | | | | | For this reason, export this function, which allows removing http_local.h Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15764)
* X509_digest_sig(): Improve default hash for EdDSA and allow to return the ↵Dr. David von Oheimb2021-06-165-23/+58
| | | | | | | | chosen default Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15762)
* CORE: Do a bit of cleanup of core fetchingRichard Levitte2021-06-166-62/+48
| | | | | | | | | | | | | Some data, like the library context, were passed both through higher level callback structures and through arguments to those same higher level callbacks. This is a bit unnecessary, so we rearrange the callback arguments to simply pass that callback structure and rely on the higher level fetching functionality to pick out what data they need from that structure. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15750)
* Fix DH private key check.Shane Lontis2021-06-162-1/+2
| | | | | | | | | | | | | | A recent addition removed setting the dh private key length when a safe prime group is used. The private key validation check was relying on this being set for safe primes. Setting the upper bound no longer checks the length if the value is zero. This caused a failure in the daily build of acvp_tests. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15760)
* Add a test for fetching various non-evp objectsMatt Caswell2021-06-163-1/+197
| | | | | | | | We fetch an Encoder, Decoder and Loader. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15741)
* Clean up the encoder/decoder/loader stores before providersMatt Caswell2021-06-163-3/+6
| | | | | | | | | | | | | We already had the evp method store being cleaned up before the provider store was. This prevents issues where the method clean up functions cause providers to clean up, which then needs access to the provider store. We extend the same thinking to the encoder/decoder/loader stores. Fixes #15727 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15741)
* apps: remove AEAD/mode checks that are now redundantPauli2021-06-162-20/+5
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
* apps: use get_cipher_any() instead of get_cipher() for commands that support ↵Pauli2021-06-163-4/+4
| | | | | | | these ciphers/modes Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
* apps: limit get_cipher() to not return AEAD or XTS ciphersPauli2021-06-162-6/+38
| | | | | | | | | Add a get_cipher_any() function to access these in addition to more normal ciphers Fixes #7720 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
* doc: document the various get_cipher functions in the commands lib.Pauli2021-06-161-5/+12
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
* test: add test cases for SHAxxx helper functionsPauli2021-06-163-1/+127
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15752)
* Include a local static buffer for the SHA helper functionsPauli2021-06-161-0/+20
| | | | | | | | | This functionality existed in 1.1.1 but was lost. Fixes #15718 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15752)
* Correct processing of AES-SHA stitched ciphersDmitry Belyavskiy2021-06-161-1/+1
| | | | | | | | | Fixes: #15706 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15740)
* Add missing migration_guide API mappings.Shane Lontis2021-06-161-0/+24
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15732)
* Add documentation for the newly added OBJ up callsMatt Caswell2021-06-163-24/+62
| | | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15681)
* Add a test for the newly added OBJ upcallsMatt Caswell2021-06-163-1/+136
| | | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15681)
* Add various OBJ functions as callbacksMatt Caswell2021-06-162-0/+50
| | | | | | | | | | | | | This enables providers to register new OIDs in the same libcrypto instance as is used by the application. Fixes #15624 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15681)
* doc: finish the provider child up call documentationPauli2021-06-161-1/+7
| | | | | | | | | | The bulk of the documentation was there but it wasn't quite complete. Fixes #15678 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15734)
* TEST: Skip test/recipes/01-test_symbol_presence.t on MacOSRichard Levitte2021-06-161-0/+2
| | | | | | | | It renames symbols, so we can a false negative Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15776)
* TEST: Display the correct shared library nameRichard Levitte2021-06-161-4/+5
| | | | | | | | In test/recipes/01-test_symbol_presence.t Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15776)
* new: update NEWS.md so it is correct.Pauli2021-06-161-1/+1
| | | | | | | | | | | | | - Removing the deprecation note for public key commands. - Fixing the note about ECX and SHAKE in the FIPS provider. - Noting which KDFs are included. - Noting which MACs are included. Fixes #15743 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15746)
* new: update NEWS.md so it is correct.Pauli2021-06-161-9/+7
| | | | | | | | | | | | | - Removing the deprecation note for public key commands. - Fixing the note about ECX and SHAKE in the FIPS provider. - Noting which KDFs are included. - Noting which MACs are included. Fixes #15743 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15746)
* Disabling Encrypt-then-MAC extension in s_client/s_serverDmitry Belyavskiy2021-06-155-5/+23
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15735)
* TEST: Make test/recipes/01-test_symbol_presence.t more platform agnosticRichard Levitte2021-06-151-3/+9
| | | | | | | | | | Assuming ".so" as shared library ending is faulty on MacOS, where the normal shared library extension is ".dylib". We use the platform module to get the same extension as the build process. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15771)
* Refactor OSSL_STORE_LOADER_do_all_provided() to behave like ↵Richard Levitte2021-06-151-32/+24
| | | | | | | | | | | | | | | | | | OSSL_STORE_LOADER_fetch() This is refactored to use inner_loader_fetch() without any given name, which is just there to ensure all decoder implementations are made into methods, and then use ossl_method_store_do_all() to list them all. This also adds the internal ossl_store_loader_do_all_prefetched(), which can be used if pre-fetching needs to be done separately from listing all the decoder implementations, or if listing may happen multiple times. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* test/evp_extra_test.c: Peek at the error instead of getting it.Richard Levitte2021-06-151-1/+1
| | | | | | | | If there is an error report, we want to get it printed too. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* DECODER & ENCODER: Add better tracingRichard Levitte2021-06-151-0/+44
| | | | | | | | | Now that we have functions to get the name and properties of the diverse implementations, we can as well display them for clarity. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all()Richard Levitte2021-06-1510-5/+12
| | | | | | | | | Fixes #15538 Fixes #14837 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* Refactor evp_generic_do_all() to behave like evp_generic_fetch()Richard Levitte2021-06-152-42/+52
| | | | | | | | | | | | | | | | | | | This is refactored to use inner_evp_generic_fetch() without any given name, which is just there to ensure all decoder implementations are made into methods, and then use ossl_method_store_do_all() to list them all. This also adds the internal evp_generic_do_all_prefetched(), which can be used if pre-fetching needs to be done separately from listing all the decoder implementations, or if listing may happen multiple times. Fixes #15538 Fixes #14837 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* Refactor OSSL_ENCODER_do_all_provided() to behave like OSSL_ENCODER_fetch()Richard Levitte2021-06-151-33/+22
| | | | | | | | | | | | | | | | | | | This is refactored to use inner_ossl_encoder_fetch() without any given name, which is just there to ensure all encoder implementations are made into methods, and then use ossl_method_store_do_all() to list them all. This also adds the internal ossl_encoder_do_all_prefetched(), which can be used if pre-fetching needs to be done separately from listing all the encoder implementations, or if listing may happen multiple times. Fixes #15538 Fixes #14837 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* Refactor OSSL_DECODER_do_all_provided() to behave like OSSL_DECODER_fetch()Richard Levitte2021-06-152-34/+28
| | | | | | | | | | | | | | | | | | | This is refactored to use inner_ossl_decoder_fetch() without any given name, which is just there to ensure all decoder implementations are made into methods, and then use ossl_method_store_do_all() to list them all. This also adds the internal ossl_decoder_do_all_prefetched(), which can be used if pre-fetching needs to be done separately from listing all the decoder implementations, or if listing may happen multiple times. Fixes #15538 Fixes #14837 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* Add the internal function ossl_method_store_do_all()Richard Levitte2021-06-152-0/+39
| | | | | | | | | | | | It will simply call the given callback for every method found in the given store. Fixes #15538 Fixes #14837 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15604)
* s_server: make -rev option easier to find (mention echo)Hubert Kario2021-06-152-4/+3
| | | | | | | | | | | | Since the service is echo-like (see TCP port 7 from RFC 862 or gnutls-serv --echo), make it easier to find by mentioning "echo" in the description of it in the help message an man page Also fixes the man page inconsistency ("sends it back to the server") Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15739)
* CORE: Move away the allocation of the temporary no_cache method storeRichard Levitte2021-06-156-129/+188
| | | | | | | | | | | | | | | | | The responsibility for managing the temporary store for methods from algorithm implementations flaged "no_store" is moved up to the diverse method fetching functions. This allows them to allocate it "just in time", or in other words not at all if there is not such algorithm implementation. This makes this temporary store more flexible if it's needed outside of the core fetching functionality, and slightly faster when this temporary store isn't necessary at all. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15737)
* ASN1_parse_dump(): allow NULL BIO input, to simplify applications not ↵Dr. David von Oheimb2021-06-151-7/+8
| | | | | | | needing output Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15722)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 21:58:35 +0100