| bbc3c22 | Pauli | 24 May 2020, 21:43:45 UTC | Coverity 1463830: Resource leaks (RESOURCE_LEAK) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11941) | 25 May 2020, 21:57:30 UTC |
| b394809 | Dmitry Belyavskiy | 25 May 2020, 09:45:37 UTC | Update the gost-engine submodule Fixes #11949 [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11951) | 25 May 2020, 15:51:51 UTC |
| 3f5ea7d | Richard Levitte | 22 May 2020, 08:17:55 UTC | Fix omissions in providers/common/der/build.info Dependencies on generated files must be declared explicitly. When refactoring the DER code in providers/common/der, a few of those dependency declaration were omitted, which may lead to build errors in a parallel build. Some cleanup and extensive used of build.info variables is done while at it, to avoid unnecessary repetition. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11906) | 25 May 2020, 11:59:29 UTC |
| 8069bf5 | Tomas Mraz | 22 May 2020, 08:14:04 UTC | Drop special case of time interval calculation for VMS The existing special case code is broken and it is not needed anymore as times() and _SC_CLK_TCK should be supported on the supported VMS versions. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11905) | 25 May 2020, 10:01:37 UTC |
| 2bd928a | Tomas Mraz | 22 May 2020, 08:07:43 UTC | Revert "Guard use of struct tms with #ifdef __TMS" The __TMS might be necessary on VMS however there is no such define on glibc even though the times() function is fully supported. Fixes #11903 This reverts commit db71d315479762eefbf2bcda8be3b44b1867133f. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11905) | 25 May 2020, 10:01:37 UTC |
| e919166 | Rich Salz | 22 May 2020, 15:21:11 UTC | Fix auto-gen names in .gitignore Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11916) | 25 May 2020, 09:42:15 UTC |
| f720130 | Marc | 20 May 2020, 00:25:10 UTC | s_client: Fix -proxy flag regression s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2. openssl s_client -connect <target> -proxy <proxy_host:proxy_port> Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target. Fixes https://github.com/openssl/openssl/issues/11879 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11880) | 25 May 2020, 06:17:12 UTC |
| 9c47a33 | Nicola Tuveri | 22 May 2020, 16:50:17 UTC | Fix coverity issues in EC after #11807 This should fix 2 issues detected by Coverity and introduced with https://github.com/openssl/openssl/pull/11807 - CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) - CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) In practice the tests seem to show that they both aren't real issues, yet I believe this small change should appease the scanner and at the same time improve clarity for the reader. Here is the original report: ``` ** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ``` Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11919) | 24 May 2020, 17:13:31 UTC |
| 6e15b81 | Dr. David von Oheimb | 22 May 2020, 12:42:21 UTC | Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h fixes #11818 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11911) | 24 May 2020, 15:39:37 UTC |
| 5e5bc83 | Richard Levitte | 22 May 2020, 13:41:28 UTC | Re-introduce legacy EVP_PKEY types for provided keys EVP_PKEYs with provider side internal keys got the key type EVP_PKEY_NONE. This turned out to be too disruptive, so we try instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever EVP_PKEY type it uses. To make internal coding easier, we introduce a few internal macros to distinguish what can be expected from a EVP_PKEY: - evp_pkey_is_blank(), to detect an unassigned EVP_PKEY. - evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a type, which may be an old style type number or a EVP_KEYMGMT method. - evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned an key value. - evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an EVP_PKEY_METHOD. - evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is a provider side one, i.e. will be handdled via an EVP_KEYMGMT and other provider methods. This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY contains a provider side key for which there are no known EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be handled via EVP_KEYMGMT and other provider methods. Fixes #11823 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11913) | 23 May 2020, 19:11:09 UTC |
| aa2cb51 | Dmitry Belyavskiy | 11 May 2020, 14:08:48 UTC | GOST external tests [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11792) | 23 May 2020, 19:04:21 UTC |
| 712e8de | Bernd Edlinger | 20 March 2017, 16:29:28 UTC | Fix the parameter types of the CRYPTO_EX_dup function type. This fixes a strict aliasing issue in ui_dup_method_data. The parameter type of CRYPTO_EX_dup's from_d parameter is in fact void **, since it points to a pointer. This function is rarely used, therefore fix the param type although that may be considered an API breaking change. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2986) | 23 May 2020, 13:31:14 UTC |
| 2de6466 | Nicola Tuveri | 19 May 2020, 17:36:44 UTC | Adjust length of some strncpy() calls This fixes warnings detected by -Wstringop-truncation. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11878) | 22 May 2020, 13:35:21 UTC |
| e12813d | Tomas Mraz | 21 May 2020, 11:16:57 UTC | Prevent use after free of global_engine_lock If buggy application calls engine functions after cleanup of engines already happened the global_engine_lock will be used although already freed. See for example: https://bugzilla.redhat.com/show_bug.cgi?id=1831086 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11896) | 22 May 2020, 12:50:00 UTC |
| 4d55122 | Pauli | 21 May 2020, 03:44:01 UTC | Coverity 1463571: Null pointer dereferences (FORWARD_NULL) Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892) | 22 May 2020, 07:23:49 UTC |
| 3f17066 | Pauli | 21 May 2020, 03:40:01 UTC | Coverity 1463574: Null pointer dereferences (REVERSE_INULL) Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892) | 22 May 2020, 07:23:49 UTC |
| e5cb345 | Pauli | 21 May 2020, 03:38:35 UTC | Coverity 1463576: Error handling issues (CHECKED_RETURN) Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892) | 22 May 2020, 07:23:49 UTC |
| 084b7be | Pauli | 21 May 2020, 03:18:42 UTC | Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892) | 22 May 2020, 07:23:49 UTC |
| e1c6f76 | mettacrawler | 19 May 2020, 15:53:24 UTC | There is no -signreq option in CA.pl CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11876) | 21 May 2020, 11:28:14 UTC |
| b84439b | Richard Levitte | 19 May 2020, 13:42:07 UTC | STORE: Make try_decode_PrivateKey() ENGINE aware This function only considered the built-in and application EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes through all loaded engines, using whatever table of methods they each have. Fixes #11861 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11872) | 20 May 2020, 19:14:05 UTC |
| e637d47 | Richard Levitte | 19 May 2020, 10:52:07 UTC | rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| In the FIPS module, the code as written generate an unconditional error. Fixes #11865 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11869) | 20 May 2020, 19:10:10 UTC |
| a30027b | Richard Levitte | 19 May 2020, 08:43:49 UTC | Refactor the provider side DER constants and writers This splits up all the providers/common/der/*.c.in so the generated portion is on its own and all related DER writing routines are in their own files. This also ensures that the DIGEST consstants aren't reproduced in several files (resulting in symbol clashes). Finally, the production of OID macros is moved to the generated header files, allowing other similar macros, or DER constant arrays, to be built on top of them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11868) | 20 May 2020, 19:07:09 UTC |
| c2f2db9 | Billy Brumley | 19 May 2020, 14:48:36 UTC | deprecate EC_POINT_make_affine and EC_POINTs_make_affine Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11874) | 20 May 2020, 18:10:31 UTC |
| 7486c71 | Tomas Mraz | 19 May 2020, 08:52:53 UTC | t1_trce: Fix remaining places where the 24 bit shift overflow happens [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857) | 20 May 2020, 15:31:56 UTC |
| 1d05eb5 | Tomas Mraz | 19 May 2020, 08:51:53 UTC | Avoid potential overflow to the sign bit when shifting left 24 places Although there are platforms where int is 64 bit, 2GiB large BIGNUMs instead of 4GiB should be "big enough for everybody". Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857) | 20 May 2020, 15:31:43 UTC |
| cbeb0bf | Tomas Mraz | 19 May 2020, 08:51:19 UTC | Cast the unsigned char to unsigned int before shifting left This is needed to avoid automatic promotion to signed int. Fixes #11853 [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857) | 20 May 2020, 15:31:43 UTC |
| ddec332 | Bernd Edlinger | 17 May 2020, 00:08:56 UTC | Fix egd and devrandom source configs ./config --with-rand-seed=egd need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD) ./config --with-rand-seed=devrandom does not work since wait_random_seeded works under the assumption that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well, that is usually the case, but not when only devrandom is enabled. Skip the wait code in this special case. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11848) | 20 May 2020, 12:48:16 UTC |
| a7ad40c | Richard Levitte | 18 May 2020, 10:43:12 UTC | Add OSSL_PROVIDER_do_all() This allows applications to iterate over all loaded providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11858) | 20 May 2020, 09:26:14 UTC |
| b2a5001 | raja-ashok | 13 May 2020, 18:07:14 UTC | Update early data exchange scenarios in doc Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11816) | 19 May 2020, 17:07:24 UTC |
| e0bcb4f | raja-ashok | 13 May 2020, 18:02:44 UTC | Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11816) | 19 May 2020, 17:07:24 UTC |
| e638112 | Dmitry Belyavskiy | 15 May 2020, 20:03:41 UTC | Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11735) | 19 May 2020, 16:04:11 UTC |
| 09b90e0 | Dmitry Belyavskiy | 05 May 2020, 13:20:42 UTC | Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCALL error with errno 0. This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores the old behaviour for compatibility's sake. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11735) | 19 May 2020, 16:04:11 UTC |
| fb420af | Rich Salz | 24 April 2020, 14:48:51 UTC | Use {module,install}-mac, not -checksum As the documentation points out, these fipsmodule.cnf fields are a MAC, not a digest or checksum. Rename them to be correct. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369) | 19 May 2020, 14:05:56 UTC |
| d03b315 | Rich Salz | 20 March 2020, 15:10:15 UTC | Revise fips_install.pod Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369) | 19 May 2020, 14:05:56 UTC |
| eaf8ec1 | Rich Salz | 20 March 2020, 01:53:11 UTC | Revise x509v3_config.pod Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369) | 19 May 2020, 14:05:56 UTC |
| ca17a6e | Rich Salz | 19 March 2020, 14:19:41 UTC | Revise fips_config.pod Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369) | 19 May 2020, 14:05:32 UTC |
| fe92150 | Norm Green | 12 May 2020, 00:22:47 UTC | Add missing pragma weak declaration to lhash.h The missing symbol caused a linker failure on solaris x86_64. Fixes #11796 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11798) | 19 May 2020, 13:31:14 UTC |
| 6b4eb93 | Billy Brumley | 17 May 2020, 13:09:00 UTC | deprecate EC precomputation functionality Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11851) | 19 May 2020, 13:29:37 UTC |
| 5a5530a | Dmitry Belyavskiy | 30 March 2020, 15:09:24 UTC | New Russian TLS 1.2 implementation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442) | 19 May 2020, 10:02:43 UTC |
| 0e139a0 | Dmitry Belyavskiy | 08 May 2020, 11:17:11 UTC | GOST-related objects changes Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442) | 19 May 2020, 10:02:43 UTC |
| 092a5c7 | Dmitry Belyavskiy | 30 March 2020, 15:04:07 UTC | Constants for new GOST TLS 1.2 ciphersuites Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442) | 19 May 2020, 10:02:43 UTC |
| 5a29b62 | Richard Levitte | 15 May 2020, 13:56:05 UTC | CORE: query for operations only once per provider (unless no_store is true) When a desired algorithm wasn't available, we didn't register anywhere that an attempt had been made, with the result that next time the same attempt was made, the whole process would be done again. To avoid this churn, we register a bit for each operation that has been queried in the libcrypto provider object, and test it before trying the same query and method construction loop again. If course, if the provider has told us not to cache, we don't register this bit. Fixes #11814 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11842) | 19 May 2020, 09:02:41 UTC |
| c0ec5ce | Marc | 16 May 2020, 18:31:03 UTC | Use _get0_ functions instead of _get_. Fix build error on some platforms Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10757) | 19 May 2020, 08:38:00 UTC |
| 2f84d2a | Marc | 04 January 2020, 15:27:17 UTC | s_client: Show cert algorithms & validity period Add certificate validity period (v) and public key & signature algorithms (a) to the "Certificate Chain" output. Eg: Certificate chain 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com i:C = US, O = Google Trust Services, CN = GTS CA 1O1 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 3 14:49:26 2019 GMT; NotAfter: Feb 25 14:49:26 2020 GMT 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 15 00:00:42 2017 GMT; NotAfter: Dec 15 00:00:42 2021 GMT Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10757) | 19 May 2020, 08:38:00 UTC |
| e9e7b5d | Bernd Edlinger | 17 May 2020, 12:45:28 UTC | Fix some places where X509_up_ref is used without error handling. This takes up the ball from #11278 without trying to solve everything at once. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11850) | 18 May 2020, 15:16:16 UTC |
| 0823948 | Maxim Zakharov | 08 May 2020, 04:58:10 UTC | TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) Signed-off-by: Maxim Zakharov <5158255+Maxime2@users.noreply.github.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11767) | 18 May 2020, 08:56:27 UTC |
| 88b15ed | Matt Caswell | 14 May 2020, 14:45:38 UTC | Delete the sslprovider test This was added before the changes to the sslap/ssl_new/ssl_old tests which run those tests with a non-default library context. It no longer adds anything that those tests don't already do, so it can be deleted. This also fixes a number of run-checker build failures which were failing in this test if TLSv1.2 was disabled. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11832) | 18 May 2020, 08:45:14 UTC |
| d9321c0 | Nikolay Morozov | 14 May 2020, 19:32:59 UTC | Fix small documentation issues Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11835) | 18 May 2020, 08:34:07 UTC |
| 4fcd15c | Billy Brumley | 13 May 2020, 04:33:59 UTC | deprecate EC_POINTs_mul function Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11807) | 16 May 2020, 16:20:37 UTC |
| 06a2027 | Matt Caswell | 07 May 2020, 11:11:44 UTC | Update documentation following changes of various types The previous commit changed the types of various objects passed between the core and providers. Therefore the documentation needs to be updated to reflect that. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11758) | 16 May 2020, 16:10:03 UTC |
| d40b42a | Matt Caswell | 06 May 2020, 11:29:57 UTC | Maintain strict type discipline between the core and providers A provider could be linked against a different version of libcrypto than the version of libcrypto that loaded the provider. Different versions of libcrypto could define opaque types differently. It must never occur that a type created in one libcrypto is used directly by the other libcrypto. This will cause crashes. We can "cheat" for "built-in" providers that are part of libcrypto itself, because we know that the two libcrypto versions are the same - but not for other providers. To ensure this does not occur we use different types names for the handful of opaque types that are passed between the core and providers. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11758) | 16 May 2020, 16:10:03 UTC |
| 827f04d | Richard Levitte | 15 May 2020, 05:50:43 UTC | CORE: Fix a couple of bugs in algorithm_do_this() The call of ossl_provider_query_operation() used |data->operation_id|, when |cur_operation| should be used. If any ossl_provider_query_operation() call returned NULL, the loop was stopped, when it should just continue on to the next operation. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11837) | 16 May 2020, 10:08:32 UTC |
| 0b2b0be | raja-ashok | 10 May 2020, 17:17:00 UTC | Test TLSv1.3 out-of-band PSK with all 5 ciphersuites Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11785) | 15 May 2020, 19:31:15 UTC |
| 2e1a4f6 | raja-ashok | 08 May 2020, 13:47:21 UTC | Fix crash in early data send with out-of-band PSK using AES CCM Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11785) | 15 May 2020, 19:31:15 UTC |
| 43a70f0 | Rich Salz | 13 May 2020, 15:16:50 UTC | Fix all MD036 (emphasis used instead of heading) The main fixes were errors in itemized lists "*)" instead of "*" Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11770) | 15 May 2020, 18:49:40 UTC |
| a51f225 | Rich Salz | 08 May 2020, 14:34:22 UTC | Add "md-nits" make target Also fix a nit in recent CHANGES.md update. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11770) | 15 May 2020, 18:49:40 UTC |
| 538404d | David von Oheimb | 28 August 2017, 17:14:47 UTC | Add 'methods' parameter to setup_engine() in apps.c for individual method defaults Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/4277) | 15 May 2020, 18:24:11 UTC |
| 8c10e1b | Dr. David von Oheimb | 21 April 2020, 12:08:49 UTC | Clean up macro definitions of openssl_fdset() in apps.h and sockets.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/4277) | 15 May 2020, 18:23:38 UTC |
| 6d382c7 | Dr. David von Oheimb | 06 May 2020, 11:51:50 UTC | Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755) | 15 May 2020, 18:20:08 UTC |
| 60d5331 | Dr. David von Oheimb | 08 May 2020, 08:56:14 UTC | Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755) | 15 May 2020, 18:20:08 UTC |
| db71d31 | Dr. David von Oheimb | 07 May 2020, 19:37:28 UTC | Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755) | 15 May 2020, 18:20:08 UTC |
| c6601bd | Richard Levitte | 14 May 2020, 10:33:09 UTC | Build: make apps/progs.c depend on configdata.pm Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11824) | 15 May 2020, 18:06:08 UTC |
| 92dc275 | Richard Levitte | 14 May 2020, 12:04:41 UTC | SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys Fixes #11720 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11828) | 15 May 2020, 14:43:31 UTC |
| 8062724 | Matt Caswell | 14 May 2020, 13:21:40 UTC | Ignore some auto-generated DER files Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11830) | 15 May 2020, 14:33:00 UTC |
| 5d979e0 | Matt Caswell | 15 May 2020, 13:35:04 UTC | Prepare for 3.0 alpha 3 Reviewed-by: Richard Levitte <levitte@openssl.org> | 15 May 2020, 13:35:04 UTC |
| 9e8604b | Matt Caswell | 15 May 2020, 13:33:29 UTC | Prepare for release of 3.0 alpha 2 Reviewed-by: Richard Levitte <levitte@openssl.org> | 15 May 2020, 13:33:29 UTC |
| 454afd9 | Matt Caswell | 15 May 2020, 13:09:49 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11839) | 15 May 2020, 13:09:49 UTC |
| 11d7d90 | Nicolas Vigier | 05 March 2020, 19:39:05 UTC | If SOURCE_DATE_EPOCH is defined, use it for copyright year Using the date from SOURCE_DATE_EPOCH instead of the current date makes it possible to reproduce a build that was built on a different year: https://reproducible-builds.org/specs/source-date-epoch/ This is fixing an issue we had while building Tor Browser: https://trac.torproject.org/projects/tor/ticket/33535 CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11296) | 15 May 2020, 10:43:31 UTC |
| d30ef63 | Matt Caswell | 08 May 2020, 10:12:10 UTC | Correct alignment calculation in ssl3_setup_write The alignment calculation in ssl3_setup_write incorrectly results in an alignment allowance of (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1) bytes. This equals 3 in almost all cases. The maximum alignment actually used in do_ssl3_write is (SSL3_ALIGN_PAYLOAD - 1). This equals 7 bytes in almost all cases. So there is a potential to overrun the buffer by up to 4 bytes. Fortunately, the encryption overhead allowed for is 80 bytes which consists of 16 bytes for the cipher block size and 64 bytes for the MAC output. However the biggest MAC that we ever produce is HMAC-384 which is 48 bytes - so we have a headroom of 16 bytes (i.e. more than the 4 bytes of potential overrun). Thanks to Nagesh Hegde for reporting this. Fixes #11766 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11768) | 15 May 2020, 10:26:43 UTC |
| 7689926 | Orgad Shaneh | 24 February 2020, 07:02:31 UTC | Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 This is a 32-bit ABI build (as opposed to linux64-mips64). Setting SIXTY_FOUR_BIT breaks hardware optimizations, at least on octeon processors. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11725) | 15 May 2020, 10:22:40 UTC |
| 64af3ae | Richard Levitte | 24 April 2020, 09:03:28 UTC | dev/release.sh: Add --reviewer to set reviewers Doing this is kind of contrary to how we normally do things, as this constitutes a kind of pre-approval. However, without this, the normal review process will modify the reviewed commits, and render the annotated release tag invalid, which forces the person doing the release to re-tag manually. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11630) | 15 May 2020, 10:20:31 UTC |
| 6c3cbc9 | Thomas Dwyer III | 13 May 2020, 17:32:47 UTC | Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z flag (which is not supported by older compilers). CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11815) | 15 May 2020, 09:11:36 UTC |
| fab8fde | Richard Levitte | 14 May 2020, 15:15:05 UTC | test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11833) | 14 May 2020, 15:15:05 UTC |
| 90ad284 | Richard Levitte | 12 May 2020, 08:27:46 UTC | PROV: make some DER AID arrays non-static, to avoid clang complaints The problem encountered is that some arrays were deemed unnecessary by clang, for example: providers/common/der/der_rsa.c:424:28: error: variable 'der_aid_sha224Identifier' is not needed and will not be emitted [-Werror,-Wunneeded-internal-declaration] static const unsigned char der_aid_sha224Identifier[] = { ^ However, these arrays are used in sizeof() expressions in other parts of the code that's actually used, making that warning-turned-error a practical problem. We solve this by making the array non-static, which guarantees that the arrays will be emitted, even though unnecessarily. Fortunately, they are very small. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:20:24 UTC |
| 16e3588 | Richard Levitte | 12 May 2020, 07:54:04 UTC | .travis.yml: never use -Werror, use --strict-warnings instead There are a few things in the OpenSSL code that are known to give warnings that we know are harmless. We test our builds accordingly. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:20:24 UTC |
| d49be01 | Richard Levitte | 11 May 2020, 16:27:04 UTC | test/recipes/15-test_rsapss.t: Add test with unrestricted signature Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:17:13 UTC |
| f63f3b7 | Richard Levitte | 08 May 2020, 17:39:44 UTC | test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests There were a few RSA-PSS related tests that were disabled for non-default library contexts. We now re-enable them. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:17:13 UTC |
| d59b7a5 | Richard Levitte | 07 May 2020, 07:56:52 UTC | test/evp_pkey_provided_test.c: Display first, compare after To make it easier to check the generated key manually, display it before comparing diverse other serializations. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:17:13 UTC |
| 106ec30 | Richard Levitte | 06 May 2020, 19:52:12 UTC | PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:17:13 UTC |
| e25761b | Richard Levitte | 05 May 2020, 08:29:34 UTC | EVP: Refactor the RSA-PSS key generation controls for providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:17:09 UTC |
| 2d55366 | Richard Levitte | 03 May 2020, 04:02:52 UTC | PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:36 UTC |
| 2c6094b | Richard Levitte | 06 May 2020, 19:44:58 UTC | EVP: For SIGNATURE operations, pass the propquery early Instead of passing it with signature->digest_verify_init() and signature->digest_sign_init(), we pass it with signature->newctx(). This allows the digests that are indicated by RSA PSS parameters to have a useful propquery. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| ea297dc | Richard Levitte | 02 May 2020, 11:39:40 UTC | PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| 8a758e9 | Richard Levitte | 02 May 2020, 11:31:47 UTC | PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| 0ec36bf | Richard Levitte | 07 May 2020, 06:51:09 UTC | PROV: Refactor the RSA SIGNATURE implementation for better param control We want to catch errors in passed parameters early, which requires kowledge of the ongoing operation. Fortunately, that's possible by re-using the EVP_PKEY_OP macros in specific init functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| 36a2a55 | Richard Levitte | 02 May 2020, 11:25:52 UTC | PROV: Refactor the RSA DER support We separate out the NIST arc OIDs to a separate file, so it can be re-used, and also the DIGEST OIDs. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| 2275ff6 | Richard Levitte | 02 May 2020, 11:33:24 UTC | DER writer: Add the possibility to abandon empty SEQUENCEs In some cases, a SEQUENCE that contains only optional fields may end up empty. In some cases, this may be represented by dropping the SEQUENCE entirely from the encoded DER. To do this, we detect the case where WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is used, and adapt accordingly. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| 967cc3f | Richard Levitte | 02 May 2020, 11:14:04 UTC | RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions The import and export functions are affected. We also refactor them to assign the RSA key type more carefully. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| 1567109 | Richard Levitte | 02 May 2020, 10:46:55 UTC | RSA: Add a less loaded PSS-parameter structure RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR and ASN1_INTEGER, which we would rather avoid in our providers. Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that contains the same information, but uses numeric identities (*) and C integers (**). This makes it simpler to handle. Note that neither this structure nor its contents are passed between libcrypto and the providers. Instead, the numeric identities are translated to and from names, which are then passed over that boundary. For future considerations, we might consider dropping RSA_PSS_PARAMS entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code, which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our providers. (*) We use NIDs in this case, because we already have them and because only algorithms that libcrypto knows about are permitted in PSS restrictions. We could use any number series we want, as long as we know for sure what they represent. (**) That's for saltlen and for trailerfield, which are never expect to surpass the set of numbers that fit in a regular 'int'. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:35 UTC |
| e9d6186 | Richard Levitte | 02 May 2020, 10:41:39 UTC | RSA: Add rsa_schemes.c, to store scheme data and translator functions The scheme currently added is OAEP-PSSDigestAlgorithms codified. The translator functions translate an EVP_MD into a NID, and a NID into a name, to support the creation and parsing of OSSL_PARAM items. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:34 UTC |
| 645a541 | Richard Levitte | 02 May 2020, 11:02:29 UTC | RSA: Extract much of the rsa_pkey_export_to() code to a separate function The resulting function, rsa_todata(), is designed to be usable by providers as well. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:34 UTC |
| 484d1a7 | Richard Levitte | 02 May 2020, 09:22:23 UTC | RSA: Add RSA key types The support of restricted RSA key types (OAEP and PSS) was lacking, or dependent on the presence of restriction parameters. For example, this means that even though an RSA-PSS key may have been generated, it may appear as a plain unrestricted RSA key if parameters weren't present (which is the case when default restriction parameters are used) To make it clearer what an RSA key is intended for, and avoid depending in an EVP_PKEY, we introduce RSA key types. This is done by reserving a section of the RSA flags (4 bits, which allows a total of 16 different types). This isn't terribly important for EVP_PKEY_ASN1_METHOD code, as that has access to the wrapping EVP_PKEY. This is very important for provider code, which has no access to the wrapping EVP_PKEY. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710) | 14 May 2020, 10:16:34 UTC |
| a87820e | Richard Levitte | 12 May 2020, 13:27:32 UTC | test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine Verifies that #11671 is fixed Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11674) | 14 May 2020, 08:05:29 UTC |
| bcb018e | Richard Levitte | 29 April 2020, 04:55:40 UTC | EVP: Only use the engine when one is defined, in pkey_mac_ctrl() Fixes #11671 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11674) | 14 May 2020, 08:05:29 UTC |
| c4e3a72 | Nikolay Morozov | 11 May 2020, 17:51:31 UTC | Add documentation for ASN1_INTEGER_new() and ASN1_INTEGER_free() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11795) | 14 May 2020, 06:31:24 UTC |
| 63f1883 | Dr. David von Oheimb | 08 May 2020, 11:30:44 UTC | Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() Also update documentation and example code in openssl-cmp.pod.in Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) | 13 May 2020, 17:42:00 UTC |
| 143be47 | Dr. David von Oheimb | 29 April 2020, 16:06:43 UTC | Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) | 13 May 2020, 17:42:00 UTC |
| 6b326fc | Dr. David von Oheimb | 30 April 2020, 17:38:58 UTC | Improve CMP documentation regarding use of untrusted certs Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) | 13 May 2020, 17:42:00 UTC |
| 8d9a4d8 | Dr. David von Oheimb | 03 April 2020, 08:43:58 UTC | Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) | 13 May 2020, 17:42:00 UTC |
| 3c38fa4 | Dr. David von Oheimb | 12 May 2020, 08:14:00 UTC | Preliminary fix of memory leak in try_decode_PKCS12() - full fix is in #11733 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) | 13 May 2020, 17:42:00 UTC |
