| e3ec802 | Matt Caswell | 06 August 2020, 13:00:13 UTC | Prepare for release of 3.0 alpha 6 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 06 August 2020, 13:00:13 UTC |
| 0f84cbc | Matt Caswell | 06 August 2020, 12:22:30 UTC | Update copyright year Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12595) | 06 August 2020, 12:22:30 UTC |
| 914f97e | Shane Lontis | 04 August 2020, 22:45:29 UTC | Fix provider cipher reinit after init/update with a partial update block. The test added previously used a 16 byte block during the update which does not cause internal buffering in the provider. Some internal variables related to the buffering were not being cleared in the init, which meant that the second update would use the buffered data from the first update. Added test for this scenario with exclusions for ciphers that do not support partial block updates. Found by guidovranken. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12523) | 04 August 2020, 22:45:29 UTC |
| c5b356d | Peter Eisentraut | 16 July 2020, 08:18:16 UTC | Mark an argument of an inline function as unused This allows users of this header file to compile their own code with the gcc option -Wunused-parameter. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12459) | 04 August 2020, 11:34:38 UTC |
| ebc1e8f | Dr. David von Oheimb | 25 July 2020, 11:47:04 UTC | openssl-cmp.pod.in: Update and extend example using Insta Demo CA Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12534) | 04 August 2020, 10:11:46 UTC |
| 4c525cb | Richard Levitte | 03 August 2020, 05:22:37 UTC | DESERIALIZER: Fix EVP_PKEY construction by export When the keymgmt provider and the deserializer provider differ, deserialization uses the deserializer export function instead of the keymgmt load, with a selection of what parts should be exported. That selection was set to OSSL_KEYMGMT_SELECT_ALL_PARAMETERS when it should have been OSSL_KEYMGMT_SELECT_ALL. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12571) | 04 August 2020, 08:19:08 UTC |
| aff8c0a | Dr. David von Oheimb | 27 June 2020, 08:29:55 UTC | Fix error message on setting cert validity period in apps/cmp.c Fixes #12268 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) | 04 August 2020, 07:17:47 UTC |
| 57c05c5 | Dr. David von Oheimb | 27 June 2020, 08:28:45 UTC | apps: Correct and extend diagnostics of parse_name() Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) | 04 August 2020, 07:17:47 UTC |
| 02ae130 | Dr. David von Oheimb | 26 June 2020, 18:40:19 UTC | Add 'section=...' info in error output of X509V3_EXT_nconf() as far as appropriate Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) | 04 August 2020, 07:17:47 UTC |
| 1ac658a | Dr. David von Oheimb | 26 June 2020, 18:13:47 UTC | Rename misleading X509V3_R_INVALID_NULL_NAME to X509V3_R_INVALID_EMPTY_NAME Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) | 04 August 2020, 07:17:47 UTC |
| c90c469 | Dr. David von Oheimb | 26 June 2020, 14:16:00 UTC | Correct confusing X509V3 conf error output by removing needless 'section:<NULL>' etc. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) | 04 August 2020, 07:17:47 UTC |
| b516a4b | Dr. David von Oheimb | 26 June 2020, 14:16:56 UTC | Correct misleading diagnostics of OBJ_txt2obj on unknown object name Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) | 04 August 2020, 07:17:47 UTC |
| 8f7e897 | Dr. David von Oheimb | 26 June 2020, 10:37:12 UTC | apps/cmp.c: Defer diagnostic output on server+proxy to be contacted Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) | 04 August 2020, 07:17:47 UTC |
| b5b6669 | Richard Levitte | 02 August 2020, 11:12:54 UTC | PROV: Make the DER to KEY deserializer decode parameters too It should be noted that this may be dodgy if we ever encounter parameter objects that look like something else. However, experience with the OSSL_STORE 'file:' loader, which does exactly this kind of thing, has worked fine so far. A possibility could be that to decode parameters specifically, we demand that there's an incoming data type specifying this, which demands by extension that parameters can only come from a file format that has the parameter type encoded, such as PEM. This would be a future effort. Fixes #12568 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12569) | 04 August 2020, 04:35:12 UTC |
| 19b4e6f | Norman Ashley | 04 August 2020, 02:34:22 UTC | Coverity Fixes for issue #12531 Fixes #12531 on master branch. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12557) | 04 August 2020, 02:34:22 UTC |
| e5b2cd5 | Shane Lontis | 04 August 2020, 02:18:51 UTC | Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo Added der_writer functions for writing octet string primitives. Generate OID's for key wrapping algorithms used by X942 KDF. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12554) | 04 August 2020, 02:18:51 UTC |
| 37d898d | David Woodhouse | 19 May 2020, 10:51:14 UTC | Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201) | 03 August 2020, 15:15:36 UTC |
| 892a9e4 | David Woodhouse | 11 May 2020, 18:28:03 UTC | Disallow setting more than one IP address with SSL_add1_host() The X509_VERIFY_PARAM can only take a single IP address, although it can have multiple hostnames. When SSL_add1_host() is given an IP address, don't accept it if there is already one configured. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201) | 03 August 2020, 15:15:36 UTC |
| 396e720 | David Woodhouse | 20 June 2019, 20:39:38 UTC | Fix certificate validation for IPv6 literals in sconnect demo Instead of naïvely trying to truncate at the first colon, use BIO_get_conn_hostname(). That handles IPv6 literals correctly, even stripping the [] from around them. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201) | 03 August 2020, 15:15:35 UTC |
| c832840 | David Woodhouse | 14 October 2019, 09:46:07 UTC | Make SSL_set1_host() and SSL_add1_host() take IP addresses There is a slight mismatch here because X509_VERIFY_PARAM copes only with a single IP address, and doesn't let it be cleared once it's set. But this fixes up the major use case, making things easier for users to get it right. The sconnect demo now works for Legacy IP literals; for IPv6 it needs to fix up the way it tries to split the host:port string, which will happen in a subsequent patch. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201) | 03 August 2020, 15:15:35 UTC |
| a677190 | Dr. David von Oheimb | 27 July 2020, 06:50:27 UTC | 81-test_cmp_cli.t: Skip tests with mock server if server cannot be started Fixes #12514 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12537) | 03 August 2020, 06:31:32 UTC |
| 0f9fdef | Matt Caswell | 30 July 2020, 14:15:05 UTC | Fix an ENGINE leak in asn1_item_digest_with_libctx Commit 6725682d introduced a call to ENGINE_get_digest_engine() into the function asn1_item_digest_with_libctx() to determine whether there is an ENGINE registered to handle the specified digest. However that function increases the ref count on the returned ENGINE object, so it must be freed. Fixes #12558 [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12560) | 01 August 2020, 01:55:34 UTC |
| 790a1b0 | Richard Levitte | 27 July 2020, 20:11:53 UTC | DESERIALIZER: Small bugfix in the deser_process() Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:20 UTC |
| 1dbf453 | Richard Levitte | 27 July 2020, 20:02:07 UTC | DESERIALIZER: Make OSSL_DESERIALIZER_from_{bio,fp} use BIO_tell() / BIO_seek() Depending on the BIO used, using BIO_reset() may lead to "interesting" results. For example, a BIO_f_buffer() on top of another BIO that handles BIO_reset() as a BIO_seek(bio, 0), the deserialization process may find itself with a file that's rewound more than expected. Therefore, OSSL_DESERIALIZER_from_{bio,fp}'s behaviour is changed to rely purely on BIO_tell() / BIO_seek(), and since BIO_s_mem() is used internally, it's changed to handle BIO_tell() and BIO_seek() better. This does currently mean that OSSL_DESERIALIZER can't be easily used with streams that don't support BIO_tell() / BIO_seek(). Fixes #12541 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:20 UTC |
| 3c033c5 | Richard Levitte | 27 July 2020, 19:51:44 UTC | DESERIALIZER: Refactor the constructor setting API It's not the best idea to set a whole bunch of parameters in one call, that leads to functions that are hard to update. Better to re-model this into several function made to set one parameter each. This also renames "finalizer" to "constructor", which was suggested earlier but got lost at the time. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:20 UTC |
| 319d0b2 | Richard Levitte | 27 July 2020, 16:40:11 UTC | TEST: Add testutil tests to compare unterminated strings of different lengths We use this in test/serdes_test.c, to compare serializations into PEM, which aren't necessarily terminated with a NUL byte when they were written to a BIO_s_mem(). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:19 UTC |
| 7c664b1 | Richard Levitte | 27 July 2020, 16:40:05 UTC | DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:19 UTC |
| 3ff8159 | Richard Levitte | 27 July 2020, 16:40:02 UTC | DESERIALIZER: Make it possible to deserialize public keys too Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:18 UTC |
| 4701f0a | Richard Levitte | 27 July 2020, 16:39:58 UTC | DESERIALIZER: Rethink password handling The OSSL_DESERIALIZER API makes the incorrect assumption that the caller must cipher and other pass phrase related parameters to the individual desserializer implementations, when the reality is that they only need a passphrase callback, and will be able to figure out the rest themselves from the input they get. We simplify it further by never passing any explicit passphrase to the provider implementation, and simply have them call the passphrase callback unconditionally when they need, leaving it to libcrypto code to juggle explicit passphrases, cached passphrases and actual passphrase callback calls. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:18 UTC |
| a649547 | Richard Levitte | 27 July 2020, 16:39:55 UTC | RSA: Better synchronisation between ASN1 PSS params and RSA_PSS_PARAMS_30 This is needed so RSA keys created from different code paths have a chance to compare as equal. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 01 August 2020, 01:51:18 UTC |
| 6c6b20d | Richard Levitte | 27 July 2020, 16:39:51 UTC | DER writer: Make context-specific tags constructed (i.e. explicit) For now, that's what we see being used. It's possible that we will have to figure out a way to specific if these should be implicit or explicit on a case by case basis. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 30 July 2020, 21:23:15 UTC |
| 86b5ab5 | Richard Levitte | 27 July 2020, 16:39:44 UTC | PROV: Fix small logic error in ec_kmgmt.c matching function Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544) | 30 July 2020, 21:23:15 UTC |
| 1202de4 | Dr. David von Oheimb | 11 July 2020, 10:26:22 UTC | Add OSSL_CMP_MSG_write(), use it in apps/cmp.c Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421) | 30 July 2020, 18:14:51 UTC |
| fafa56a | Dr. David von Oheimb | 11 July 2020, 09:36:48 UTC | Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c Fixes #12403 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421) | 30 July 2020, 18:14:49 UTC |
| 87d20a9 | Dr. David von Oheimb | 11 July 2020, 09:21:06 UTC | apps/cmp.c: Improve documentation of -recipient option Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421) | 30 July 2020, 18:10:07 UTC |
| a3f15e2 | Pauli | 27 July 2020, 04:47:59 UTC | deserialisation: add deserialisation to the base provider Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104) | 30 July 2020, 10:15:59 UTC |
| dfc0857 | Pauli | 10 June 2020, 23:08:01 UTC | serialisation: Add a built-in base provider. Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in the default provider. Add additional code to the list command to display what kind of serialisation each entry is capable of. Having the FIPS provider auto load the base provider is a future (but necessary) enhancement. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104) | 30 July 2020, 10:15:22 UTC |
| aa97970 | Pauli | 10 June 2020, 23:42:34 UTC | unify spelling of serialize Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104) | 30 July 2020, 10:15:22 UTC |
| adf3f83 | Matt Caswell | 29 July 2020, 12:58:18 UTC | Fix test_cmp_cli for extended tests The test_cmp_cli was failing in the extended tests on cross-compiled mingw builds. This was due to the test not using wine when it should do. The simplest solution is to just skip the test in this case. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12555) | 30 July 2020, 09:13:22 UTC |
| b8ea8d3 | Matt Caswell | 28 July 2020, 15:47:03 UTC | Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily The only reason we should fallback to legacy codepaths in DigestSignInit/ DigestVerifyInit, is if we have an engine, or we have a legacy algorithm that does not (yet) have a provider based equivalent (e.g. SM2, HMAC, etc). Currently we were falling back even if we have a suitable key manager but the export of the key fails. This might be for legitimate reasons (e.g. we only have the FIPS provider, but we're trying to export a brainpool key). In those circumstances we don't want to fallback to the legacy code. Therefore we tighten then checks for falling back to legacy. Eventually this particular fallback can be removed entirely (once all legacy algorithms have provider based key managers). Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12550) | 30 July 2020, 08:28:01 UTC |
| 593d655 | Dr. David von Oheimb | 18 July 2020, 14:59:06 UTC | Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12431) | 30 July 2020, 07:38:08 UTC |
| 299e0f1 | Dr. David von Oheimb | 13 July 2020, 12:12:02 UTC | Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq() Fixes #12395 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12431) | 30 July 2020, 07:38:08 UTC |
| cfae32c | Nicola Tuveri | 21 July 2020, 20:12:59 UTC | [test][ectest] Minor touches to custom_generator_test Minor changes to `custom_generator_test`: - this is to align to the 1.1.1 version of the test (simplify the code as there is no need to use `EC_GROUP_get_field_type()`) - add comment to explain how the buffer size is computed Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12507) | 29 July 2020, 20:46:32 UTC |
| f5384f0 | Nicola Tuveri | 21 July 2020, 15:04:38 UTC | [test] Vertically test explicit EC params API patterns This commit adds a new test (run on all the built-in curves) to create `EC_GROUP` with **unknown** *explicit parameters*: from a built-in group we create an alternative group from scratch that differs in the generator used. At the `EC_GROUP` layer we perform a basic math check to ensure that the math on the alternative group still makes sense, using comparable results from the origin group. We then create two `EC_KEY` objects on top of this alternative group and run key generation from the `EC_KEY` layer. Then we promote these two `EC_KEY`s to `EVP_PKEY` objects and try to run the derive operation at the highest abstraction layer, comparing results in both directions. Finally, we create provider-native keys using `EVP_PKEY_fromdata` and data derived from the previous objects, we compute an equivalent shared secret from these provider keys, and compare it to the result obtained from the previous steps. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12507) | 29 July 2020, 20:45:57 UTC |
| 79410c5 | Pauli | 28 July 2020, 01:14:14 UTC | namemap: fix threading issue The locking was too fine grained when adding entries to a namemap. Refactored the working code into unlocked functions and call these with appropriate locking. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12545) | 29 July 2020, 07:31:32 UTC |
| 5cd9962 | Matt Caswell | 28 July 2020, 14:28:06 UTC | Fix a test_verify failure A recently added certificate in test/certs expired causing test_verify to fail. This add a replacement certificate with a long expiry date. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12549) | 28 July 2020, 14:28:06 UTC |
| ef89801 | Dr. David von Oheimb | 11 May 2020, 13:41:08 UTC | Deprecate -nodes in favor of -noenc in pkcs12 and req app Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12495) | 28 July 2020, 07:17:56 UTC |
| 846f96f | Richard Levitte | 20 July 2020, 14:14:40 UTC | TEST: Add RSA-PSS cases in test/serdes_test.c Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492) | 27 July 2020, 10:15:29 UTC |
| a4e55cc | Richard Levitte | 20 July 2020, 14:13:18 UTC | PROV: Add a DER to RSA-PSS deserializer implementation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492) | 27 July 2020, 10:15:29 UTC |
| 456b3b9 | Richard Levitte | 20 July 2020, 14:09:47 UTC | EVP, PROV: Add misc missing bits for RSA-PSS - EVP_PKEY_is_a() didn't recognise "RSA-PSS" for legacy keys. - The RSA-PSS keymgmt didn't have a OSSL_FUNC_keymgmt_match() function. - ossl_prov_prepare_rsa_params() didn't return 1 for unrestricted RSA-PSS params. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492) | 27 July 2020, 10:15:29 UTC |
| 51d9ac8 | Matt Caswell | 24 July 2020, 11:24:45 UTC | Fix no-ec2m Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12526) | 27 July 2020, 09:07:35 UTC |
| 71b35e1 | Richard Levitte | 26 July 2020, 08:39:00 UTC | DER to RSA deserializer: fix inclusion Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12535) | 26 July 2020, 08:39:00 UTC |
| fcdd228 | Matt Caswell | 24 July 2020, 11:04:00 UTC | Fix no-dh and no-dsa Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12525) | 26 July 2020, 06:01:15 UTC |
| 1660c8f | Read Hughes | 23 July 2020, 14:25:28 UTC | Update EVP_EncodeInit.pod Fix EVP_EncodeBlock description using incorrect parameter name for encoding length CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12518) | 24 July 2020, 15:14:03 UTC |
| a57fc73 | Richard Levitte | 20 July 2020, 08:50:04 UTC | EVP: Fix key type check logic in evp_pkey_cmp_any() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:47:20 UTC |
| e2ac846 | Richard Levitte | 20 July 2020, 08:47:59 UTC | TEST: Update the serialization/deserialization test with legacy PEM encryption This adds legacy PEM variants of already existing tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:47:20 UTC |
| 436623f | Richard Levitte | 20 July 2020, 08:46:49 UTC | PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:47:20 UTC |
| 3ecbea6 | Richard Levitte | 10 July 2020, 13:28:05 UTC | TEST: Update the serialization/deserialization test with encryption This adds variants of already existing tests, but where the object is encrypted / decrypted along the way as well. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:47:13 UTC |
| 38b14f4 | Richard Levitte | 10 July 2020, 13:25:15 UTC | PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:45:38 UTC |
| 7524b7b | Richard Levitte | 10 July 2020, 13:13:55 UTC | DESERIALIZER: Implement decryption of password protected objects This implements these functions: OSSL_DESERIALIZER_CTX_set_cipher() OSSL_DESERIALIZER_CTX_set_passphrase() OSSL_DESERIALIZER_CTX_set_passphrase_ui() OSSL_DESERIALIZER_CTX_set_passphrase_cb() To be able to deal with multiple deserializers trying to work on the same byte array and wanting to decrypt it while doing so, the deserializer caches the passphrase. This cache is cleared at the end of OSSL_DESERIALIZER_from_bio(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:43:20 UTC |
| 45396db | Richard Levitte | 10 July 2020, 13:08:29 UTC | SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() Serialization will only encrypt, so there's no point telling OSSL_SERIALIZER_CTX_set_passphrase_cb() that's going to happen. We fix the declaration of OSSL_DESERIALIZER_CTX_set_passphrase_cb() the same way. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:43:20 UTC |
| 5a23d78 | Richard Levitte | 09 July 2020, 17:10:39 UTC | TEST: Add new serializer and deserializer test This test revolves around a central function that will first serialize an EVP_PKEY, then deserialize the result into a new EVP_PKEY and compare the two. The following tests are currently implemented: 1. EVP_PKEY (RSA) -> DER, then DER -> EVP_PKEY (RSA). 2. EVP_PKEY (RSA) -> PEM, then PEM -> EVP_PKEY (RSA). This one exercises deserializer chains, as we know that there is a PEM -> DER and a DER -> EVP_PKEY (RSA) deserializer, but no direct PEM -> EVP_PKEY (RSA) deserializer. Additionally, a small fix in test_fail_string_common(), as strcmp() could run past a buffer if one of the strings isn't terminated with a null byte within the given length. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:43:13 UTC |
| dcfacbb | Richard Levitte | 09 July 2020, 17:09:40 UTC | PROV: Implement PEM to DER deserializer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:35:10 UTC |
| 1017b8e | Richard Levitte | 09 July 2020, 17:07:12 UTC | PROV: Implement DER to RSA deserializer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:35:03 UTC |
| 853ca12 | Richard Levitte | 09 July 2020, 16:55:44 UTC | CORE: Add upcalls for BIO_gets() and BIO_puts() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:32:01 UTC |
| 072a9fd | Richard Levitte | 08 July 2020, 21:19:13 UTC | SERIALIZER: Add functions to deserialize into an EVP_PKEY EVP_PKEY is the fundamental type for provider side code, so we implement specific support for it, in form of a special context constructor. This constructor looks up and collects all available KEYMGMT implementations, and then uses those names to collect deserializer implementations, as described in the previous commit. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:32:01 UTC |
| c3e4c1f | Richard Levitte | 08 July 2020, 21:04:08 UTC | DESERIALIZER: Add foundation for deserializers This adds a method OSSL_DESERIALIZER, a deserializer context and basic support to use a set of serializers to get a desired type of data, as well as deserializer chains. The idea is that the caller can call OSSL_DESERIALIZER_CTX_add_serializer() to set up the set of desired results, and to add possible chains, call OSSL_DESERIALIZER_CTX_add_extra(). All these deserializers are pushed on an internal stack. The actual deserialization is then performed using functions like OSSL_DESERIALIZER_from_bio(). When performing deserialization, the inernal stack is walked backwards, keeping track of the deserialized data and its type along the way, until the data kan be processed into the desired type of data. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:32:00 UTC |
| 5dacb38 | Richard Levitte | 08 July 2020, 20:21:18 UTC | KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() This function is used to create a keydata for a key that libcrypto only has a reference to. This introduces provider references, the contents which only the provider know how to interpret. Outside of the provider, this is just an array of bytes. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:32:00 UTC |
| af836c2 | Richard Levitte | 08 July 2020, 20:09:32 UTC | EVP KEYMGMT utils: Make a few more utility functions available This makes the following functions available for libcrypto code: evp_keymgmt_util_try_import() - callback function evp_keymgmt_util_assign_pkey() - assigns keymgmt and keydata to an EVP_PKEY evp_keymgmt_util_make_pkey() - creates an EVP_PKEY from keymgmt and keydata Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410) | 24 July 2020, 14:32:00 UTC |
| 6725682 | Shane Lontis | 24 July 2020, 12:53:27 UTC | Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153) | 24 July 2020, 12:53:27 UTC |
| ae89578 | Shane Lontis | 23 July 2020, 07:40:40 UTC | Test RSA oaep in fips mode Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11948) | 23 July 2020, 07:40:40 UTC |
| a27cb95 | Dr. Matthias St. Pierre | 20 July 2020, 21:21:37 UTC | Fix: uninstantiation breaks the RAND_DRBG callback mechanism The RAND_DRBG callbacks are wrappers around the EVP_RAND callbacks. During uninstantiation, the EVP_RAND callbacks got lost while the RAND_DRBG callbacks remained, because RAND_DRBG_uninstantiate() calls RAND_DRBG_set(), which recreates the EVP_RAND object. This was causing drbgtest failures. This commit fixes the problem by adding code to RAND_DRBG_set() for saving and restoring the EVP_RAND callbacks. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11195) | 22 July 2020, 23:12:48 UTC |
| d1768e8 | Dr. Matthias St. Pierre | 13 July 2020, 00:02:15 UTC | test/drbgtest.c: set the correct counter to trigger reseeding It's the generate counter (drbg->reseed_gen_counter), not the reseed counter which needs to be raised above the reseed_interval. This mix-up was partially caused by some recent renamings of DRBG members variables, but that will be dealt with in a separate commit. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11195) | 22 July 2020, 23:12:48 UTC |
| 8e3e1df | Dr. Matthias St. Pierre | 04 July 2020, 10:29:14 UTC | test/drbgtest.c: Remove error check for large generate requests The behaviour of RAND_DRBG_generate() has changed. Previously, it would fail for requests larger than max_request, now it automatically splits large input into chunks (which was previously done only by RAND_DRBG_bytes() before calling RAND_DRBG_generate()). So this test has not only become obsolete, the fact that it succeeded unexpectedly also caused a buffer overflow that terminated the test. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11195) | 22 July 2020, 23:12:48 UTC |
| 9fb6692 | Vitezslav Cizek | 01 June 2020, 09:45:09 UTC | Fix DRBG reseed counter condition. The reseed counter condition was broken since a93ba40, where the initial value was wrongly changed from one to zero. Commit 8bf3665 fixed the initialization, but also adjusted the check, so the problem remained. This change restores original (OpenSSL-fips-2_0-stable) behavior. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11195) | 22 July 2020, 23:12:48 UTC |
| 11a6d6f | Vitezslav Cizek | 27 February 2020, 14:37:43 UTC | test/drbgtest.c: Fix error check test The condition in test_error_checks() was inverted, so it succeeded as long as error_check() failed. Incidently, error_check() contained several bugs that assured it always failed, thus giving overall drbg test success. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11195) | 22 July 2020, 23:12:48 UTC |
| dcb71e1 | Shane Lontis | 21 July 2020, 00:51:33 UTC | Cleanup fips provider init Removed dummy evp_test Changed all algorithm properties to use fips=yes (except for RAND_TEST) (This changes the DRBG and ECX settings) Removed unused includes. Added TODO(3.0) for issue(s) that need to be resolved. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12498) | 22 July 2020, 11:12:42 UTC |
| 7b9f218 | Pauli | 21 July 2020, 07:40:19 UTC | document the deprecation of the '-public-key-methods' option to list Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082) | 22 July 2020, 10:19:01 UTC |
| 41bbba5 | Pauli | 13 February 2020, 01:00:57 UTC | EVP: deprecate the EVP_X_meth_ functions. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082) | 22 July 2020, 10:19:01 UTC |
| 77ae4f6 | Pauli | 22 April 2020, 00:38:10 UTC | engines: fixed to work with EVP_*_meth calls deprecated Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082) | 22 July 2020, 10:19:01 UTC |
| 9e5f344 | Pauli | 22 April 2020, 00:25:23 UTC | evp_test: use correct deallocation for EVP_CIPHER Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082) | 22 July 2020, 10:18:29 UTC |
| 340f82a | Pauli | 22 April 2020, 00:24:05 UTC | evp_test: use correct deallocation for EVP_MD Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082) | 22 July 2020, 10:18:29 UTC |
| 1d864f0 | gujinqiang | 17 July 2020, 09:52:26 UTC | Specific the engine pointer CLA: trivial I found that when I wanted to use an engine by the option-engine XXX , it didn't work. Checking the code, I guess it missed the engine pointer when calling EVP_CipherInit_ex. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12475) | 22 July 2020, 07:37:49 UTC |
| 490c871 | Gustaf Neumann | 17 July 2020, 10:31:26 UTC | Align documentation with recommendations of Linux Documentation Project This change applies the recommendation of the Linux Documentation Project to the documentation files of OpenSSL. Additionally, util/find-doc-nits was updated accordingly. The change follows a suggestion of mspncp on https://github.com/openssl/openssl/pull/12370 and incoporates the requested changes on the pull request Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12460) | 22 July 2020, 07:15:00 UTC |
| bf19b64 | Dr. David von Oheimb | 18 July 2020, 14:09:19 UTC | Fix UI method setup, which should be independent of (deprecated) engine use Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12422) | 22 July 2020, 05:27:42 UTC |
| 4f8fbf3 | Dr. David von Oheimb | 14 July 2020, 08:38:06 UTC | 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12422) | 22 July 2020, 05:27:42 UTC |
| f91624d | Dr. David von Oheimb | 11 July 2020, 11:20:39 UTC | Skip test_cmp_cli if 'lsof' or 'kill' command is not available Fixes #12324 partly fixes #12378 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12422) | 22 July 2020, 05:27:42 UTC |
| 90409da | Shane Lontis | 22 July 2020, 00:40:55 UTC | Fix provider cipher reinit issue Fixes #12405 Fixes #12377 Calling Init()/Update() and then Init()/Update() again gave a different result when using the same key and iv. Cipher modes that were using ctx->num were not resetting this value, this includes OFB, CFB & CTR. The fix is to reset this value during the ciphers einit() and dinit() methods. Most ciphers go thru a generic method so one line fixes most cases. Add test for calling EVP_EncryptInit()/EVP_EncryptUpdate() multiple times for all ciphers. Ciphers should return the same value for both updates. DES3-WRAP does not since it uses a random in the update. CCM modes currently also fail on the second update (This also happens in 1_1_1). Fix memory leak in AES_OCB cipher if EVP_EncryptInit is called multiple times. Fix AES_SIV cipher dup_ctx and init. Calling EVP_CIPHER_init multiple times resulted in a memory leak in the siv. Fixing this leak also showed that the dup ctx was not working for siv mode. Note: aes_siv_cleanup() can not be used by aes_siv_dupctx() as it clears data that is required for the decrypt (e.g the tag). Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12413) | 22 July 2020, 00:40:55 UTC |
| 7717459 | Viktor Dukhovni | 17 July 2020, 01:30:43 UTC | Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #12472 | 21 July 2020, 18:40:07 UTC |
| 5ac582d | Richard Levitte | 20 July 2020, 15:14:45 UTC | DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod The 'cert_cb' / 'client_cert_cb' arguments had extra, a bit weird documentation. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12494) | 21 July 2020, 16:52:29 UTC |
| 8eca461 | Richard Levitte | 20 July 2020, 15:10:44 UTC | util/find-doc-nits: Relax check of function declarations in name_synopsis() The relaxation allows spaces between function name and argument list, to allow line breaks like this when there are very long names: int (fantastically_long_name_breaks_80char_limit) (fantastically_long_name_breaks_80char_limit *something); This revealed some other intricaties, such as documented internal structures with function pointers inside, so a check of open structures was also added, and they are now simply skipped over. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12494) | 21 July 2020, 16:52:29 UTC |
| 904f425 | Richard Levitte | 20 July 2020, 07:11:15 UTC | PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a libcommon.a is FIPS agnostic, while libfips.a and libnonfips.a are FIPS / non-FIPS specific. Since bio_prov.c checks FIPS_MODULE, it belongs to the latter. Along with this, a bit more instruction commentary is added to providers/build.info. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/12486) | 21 July 2020, 09:52:32 UTC |
| 7e4f01d | Nihal Jere | 19 July 2020, 21:54:07 UTC | fixed swapped parameter descriptions for x509 CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12482) | 21 July 2020, 07:32:13 UTC |
| 9f7bdcf | Shane Lontis | 21 July 2020, 06:30:02 UTC | Add ERR_raise() errors to fips OSSL_provider_init and self tests. As the ERR_raise() is setup at this point returng a range of negative values for errors is not required. This will need to be revisited if the code ever moves to running from the DEP. Added a -config option to the fips install so that it can test if a fips module is loadable from configuration. (The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file). Added more failure tests for the raised errors. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12346) | 21 July 2020, 06:30:02 UTC |
| 823a113 | Shane Lontis | 20 July 2020, 01:18:24 UTC | Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12483) | 20 July 2020, 22:51:18 UTC |
| 02e14a6 | Dimitri John Ledkov | 14 July 2020, 16:55:49 UTC | man3: Drop warning about using security levels higher than 1. Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12444) | 20 July 2020, 19:36:47 UTC |
| 16c6534 | Dr. David von Oheimb | 25 June 2020, 09:55:56 UTC | check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270) | 20 July 2020, 09:17:34 UTC |
| 174f4a4 | Dr. David von Oheimb | 07 June 2020, 12:53:20 UTC | check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270) | 20 July 2020, 09:17:34 UTC |
| dc18781 | Dr. David von Oheimb | 07 June 2020, 12:47:16 UTC | check-format.pl: Add check for essentially empty line at beginning of file Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270) | 20 July 2020, 09:17:34 UTC |
| 43b2e9e | Dr. David von Oheimb | 06 June 2020, 19:14:29 UTC | check-format.pl: Add check for multiples essentially empty lines in a row Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270) | 20 July 2020, 09:17:34 UTC |
