Commits · openssl-3.0.0-alpha13 · linux-packages / Openssl

This project is mirrored from https://github.com/openssl/openssl.git. Pull mirroring failed Mar 16, 2021.
Last successful update Mar 14, 2021.

11 Mar, 2021 5 commits

Prepare for release of 3.0 alpha 13 · 88df2c0b
Matt Caswell authored Mar 11, 2021
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
88df2c0b

Update copyright year · 8020d79b

Matt Caswell authored Mar 11, 2021

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)

8020d79b

Use read/write locking on Windows · f70863d9

Vincent Drake authored Mar 01, 2021

Fixes #13914

The "SRWLock" synchronization primitive is available in Windows Vista
and later.  CRYPTO_THREAD functions now use SRWLock functions when the
target operating system supports them.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14381)

f70863d9

Check SSL_set1_chain error in set_cert_cb · 1aa7ecd0

panda authored Mar 08, 2021

CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14469)

1aa7ecd0

Fix reason code: EVP_R_OPERATON_NOT_INITIALIZED · bf23b9a1

Pedro Monreal authored Mar 04, 2021

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14429)

bf23b9a1

10 Mar, 2021 11 commits

test: convert store test to use relative paths · 903a6558

Pauli authored Mar 09, 2021

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)

903a6558

core: add up_ref callback for OSSL_CORE_BIO · 925b5360

Pauli authored Mar 05, 2021

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)

925b5360

Add a real type for OSSL_CORE_BIO which is distinct from and not castable to BIO · 141cc94e

Pauli authored Mar 04, 2021

Providers (particularly the FIPS provider) needs access to BIOs from libcrypto.
Libcrypto is allowed to change the internal format of the BIO structure and it
is still expected to work with providers that were already built.  This means
that the libcrypto BIO must be distinct from and not castable to the provider
side OSSL_CORE_BIO.

Unfortunately, this requirement was broken in both directions.  This fixes
things by forcing the two to be different and any casts break loudly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)

141cc94e

Use BIO_f_readbuffer() in the decoder to support stdin. · 7a45d51c

Shane Lontis authored Mar 09, 2021

Fixes #13185
Fixes #13352

Removed the existing code in file_store that was trying to figure out the
input type.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)

7a45d51c

Add new filter BIO BIO_f_readbuffer() · a30823c8

Shane Lontis authored Mar 09, 2021

This allows BIO_tell() and BIO_seek() to work for BIO's that do
not support these methods. The main use case for this is file/fd BIO's
that use stdin.

This works for stdin taken from input redirection (command < file),
and stdin via pipe (cat file | command).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)

a30823c8

Fix formatting error of HISTORY section in some manual pages. · c8511e89

Tomas Mraz authored Mar 09, 2021

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14450)

c8511e89

Change default algorithms in PKCS12_create() and PKCS12_set_mac() · 762970bd

Tomas Mraz authored Mar 05, 2021

Use the modern defaults as now set in the pkcs12 app. This also
allows modifying the application to not override the default values
when calling the API.

Fixes #14034
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14450)

762970bd

Mention the change of licence in NEWS.md · 18fdebf1

Matt Caswell authored Mar 08, 2021

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)

18fdebf1

Expand the CHANGES entry for SHA1 and libssl · 0966aee5

Matt Caswell authored Mar 08, 2021

As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at
security level 1 we also document that TLS 1.2 connection will fail
if the ClientHello does not have a signature algorithms extension.

Fixes #14447
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)

0966aee5

Add a CHANGES for OSSL_STORE_INFO_get_type() · f74f416b

Matt Caswell authored Mar 08, 2021

The function OSSL_STORE_INFO_get_type() may now return a new object
type. Applications may have to be amended accordingly.

Fixes #14446
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)

f74f416b

Add a missing CHANGES.md entry for the legacy provider · c7d4d032

Matt Caswell authored Mar 08, 2021

Numerous ciphers and digests have been moved to the legacy provider.
There should be a CHANGES.md entry pointing this out.

Fixes #14441
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)

c7d4d032

09 Mar, 2021 9 commits

Non-const accessor to legacy keys · 896dcda1

Dmitry Belyavskiy authored Mar 08, 2021

Fixes #14466.

Reverting the changes of the EVP_PKEY_get0 function.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14468)

896dcda1

EVP_KDF-KB man page: Fix typo in the example code · c99248ea

Arthur Gautier authored Mar 06, 2021

CLA: trivial
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14455)

c99248ea

Fixup support for io_pgetevents_time64 syscall · e5499a3c

Alistair Francis authored Mar 04, 2021

This is a fixup for the original commit 5b5e2985
"Add support for io_pgetevents_time64 syscall" that didn't correctly
work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V.

For a full discussion of the issue see:
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbcSigned-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14432)

e5499a3c

cmp_hdr.c: Fix minor Coverity issue CID 1473605 · 4c52ee1d

Dr. David von Oheimb authored Mar 08, 2021

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14460)

4c52ee1d

http_test.c: Fix minor Coverity issue CID 1473608 · b6a06b13
Dr. David von Oheimb authored Mar 08, 2021
```
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14460)
```
b6a06b13

Reword repeated words. · 3e6a0d57

Shane Lontis authored Mar 04, 2021

A trivial PR to remove some commonly repeated words. It looks like this is
not the first PR to do this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14420)

3e6a0d57

apps/pkcs12: Allow continuing on absent mac · 889ad4ef

Tomas Mraz authored Mar 05, 2021

Just print a warning in that case.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)

889ad4ef

apps/pkcs12: Detect missing PKCS12KDF support on import · 5e9a8678

Tomas Mraz authored Mar 05, 2021

Report error message with hint to use -nomacver if
MAC verification is not required.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)

5e9a8678

apps/pkcs12: Properly detect MAC setup failure · 913f9d5e

Tomas Mraz authored Mar 05, 2021

The MAC requires PKCS12KDF support which is not present
in FIPS provider as it is not an approved KDF algorithm.
Suggest using -nomac if MAC is not required.

Fixes #14057
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)

913f9d5e

08 Mar, 2021 8 commits

fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined · 31e2e6e0

Armin Fuerst authored Mar 08, 2021

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14471)

31e2e6e0

Fix the check for suitable groups and TLSv1.3 · 9afc6c54

Matt Caswell authored Mar 04, 2021

If we have TLSv1.3 enabled then we must have at least one TLSv1.3 capable
group available. This check was not always working
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14430)

9afc6c54

Make the EVP_PKEY_get0* functions have a const return type · 7bc0fdd3

Matt Caswell authored Mar 02, 2021

OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)

7bc0fdd3

Document the change in behaviour of the the low level key getters/setters · cc57dc96

Matt Caswell authored Feb 25, 2021

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)

cc57dc96

Ensure the various legacy key EVP_PKEY getters/setters are deprecated · 8e53d94d

Matt Caswell authored Feb 25, 2021

Most of these were already deprecated but a few have been missed. This
commit corrects that.

Fixes #14303
Fixes #14317
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)

8e53d94d

Cache legacy keys instead of downgrading them · b574c6a9

Matt Caswell authored Feb 24, 2021

If someone calls an EVP_PKEY_get0*() function then we create a legacy
key and cache it in the EVP_PKEY - but it doesn't become an "origin" and
it doesn't ever get updated. This will be documented as a restriction of
the EVP_PKEY_get0*() function with provided keys.

Fixes #14020
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)

b574c6a9

Avoid a null pointer deref on a malloc failure · ec961f86

Matt Caswell authored Feb 24, 2021

Make sure we were sucessful in creating an EVP_PKEY
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)

ec961f86

Add a multi thread test for downgrading keys · e8afd78a

Matt Caswell authored Jan 29, 2021

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)

e8afd78a

06 Mar, 2021 7 commits

Restore GOST macros compatibility with 1.1.1 · a2c911c2

Dmitry Belyavskiy authored Mar 05, 2021

Fixes #14440

Before IANA assigned the official codes for the GOST signature
algorithms in TLS, the values from the Reserved for Private Use range
were in use in Russia. The old values were renamed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14448)

a2c911c2

apps/x509.c: Rename -signkey to -key for consistency with the req app · 9293046f

Dr. David von Oheimb authored Jan 06, 2021

Also because this better reflects that usually also the public portion is used.
Retaining the old -signkey as an alias for backward compatibility.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14007)

9293046f

HTTP: Fix BIO_mem_d2i() on NULL mem input · 2de5d3b8

Dr. David von Oheimb authored Mar 01, 2021

This fixes also failure behavior of OSSL_HTTP_REQ_CTX_sendreq_d2i(), OCSP_sendreq_nbio(), etc.
Fixes #14322
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14356)

2de5d3b8

http_local.h: Remove unused declaration of HTTP_sendreq_bio() · 676d879c
Dr. David von Oheimb authored Mar 01, 2021
```
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14356)
```
676d879c

Simplify OCSP_sendreq_bio() · 73e6e3e0

Dr. David von Oheimb authored Mar 01, 2021

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14356)

73e6e3e0

Make more use of X509_add_certs(); minor related code & comments cleanup · 0dca5ede

Dr. David von Oheimb authored Feb 08, 2021

This is a follow-up on #12615.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14436)

0dca5ede

OCSP_resp_find_status.pod: Complete the RETURN VALUES section · 9b9d24f0

Dr. David von Oheimb authored Mar 01, 2021

Supersedes #11877. Also make order in NAME section consistent.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14347)

9b9d24f0