openssl / openssl Public

Mention openssl list -digest-algorithms, NOT -digest-commands. Move option -list just after the related option -digest. Fix HTML formatting of section 'Examples' by adding missing newlines and add 2 examples variant to clarify syntax of the command. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17626)

Add copyright to files that were missing it. Update license from OpenSSL to Apache as needed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17606)

We use opt_int_arg() to prevent malformed processing of hexadecimal input to some command line options. Updated help to mention the change. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17585)

…IC_KEY. The private key for rsa, dsa, dh and ecx was being included when the selector was just the public key. (ec was working correctly). This matches the documented behaviour. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17200)

The function/macro allow user get groups/extensions without memory allcations. So we could calculate the ssl fignerprint(ja3) in low cost. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #16910)

As with 11d7d90, use SOURCE_DATE_EPOCH for the copyright year if it is defined, to avoid reproducibility problems. CLA: trivial Signed-off-by: Ross Burton <ross.burton@arm.com> Change-Id: I1bea19070411a69155c43de7082350fb2c499da3 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #17601)

The struct s->s3 has been modified. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17611)

The var 'thiswr' is an unwanted modification, it was submitted in #5253. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17610)

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #17572)

…line in pod file Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #17609)

On a big endian machine, we get test failures in params_api_test like # ERROR: (memory) 'buf1 == buf2' failed @ test/params_api_test.c:473 # --- buf1 # +++ buf2 # 0000:-e901 # 0000:+01e9 # ^^^^ # # OPENSSL_TEST_RAND_ORDER=1643313367 not ok 157 - iteration 3 They are due to an additional conversion copy. Remove this copy to solve the problem. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #17608)

After OMC and OTC discussions, the 95% performance loss resulting from the constant time code was deemed excessive for something outside of our security policy. The option to use the constant time code exists as it was in OpenSSL 1.1.1. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #17600)

Affected file: Configurations/unix-Makefile.tmpl Fixes #17602 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17605)

The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910. And it is valid for versions below (D)TLS 1.2. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17597)

Allow dhparam to run quietly in scripts, etc. For other commands that took a -verbose flag already, also support -quiet. For genpkey which only supported -quiet, add the -verbose flag. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17336)

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17336)

CLA: trivial Signed-off-by: Zhou Qingyang <zhou1615@umn.edu> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17578)

The get_globals could return NULL, for example, CRYPTO_THREAD_read_lock() failed. Therefore, just checking the member of 'bcgbl' is not enough. We need to check 'bcgbl' itself too in order to avoid the dereference of the NULL pointer. And the caller of ossl_bio_init_core(), OSSL_LIB_CTX_new_from_dispatch() in `crypto/context.c`, has already checked return value and dealed with the situation if it returns 0. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17581)

Any propquery passed via the -propquery option to the ciphers command was being ignored. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #17595)

In particular: X509_STORE_CTX_set_purpose() X509_STORE_CTX_set_trust(); X509_STORE_CTX_purpose_inherit(); Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #17382)

openssl / openssl Public

Commits on Feb 3, 2022

Commits on Feb 2, 2022

Commits on Feb 1, 2022

Commits on Jan 31, 2022

Commits on Jan 28, 2022

Commits on Jan 27, 2022