openssl - Mirror of https://github.com/openssl/openssl

Age	Commit message (Collapse)	Author
2020-08-09	Add libctx support to CMS.	Shane Lontis
	-Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-08-07	Add new APIs to get PKCS12 secretBag OID and value	Jon Spillett
	Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10063)
2020-08-06	apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2	Sahana Prasad
	Fixes #11672 Add "-legacy" option to load the legacy provider and fall back to the old legacy default algorithms. doc/man1/openssl-pkcs12.pod.in: updates documentation about the new "-legacy" option Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12540)
2020-08-04	openssl-cmp.pod.in: Update and extend example using Insta Demo CA	Dr. David von Oheimb
	Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12534)
2020-08-04	Fix error message on setting cert validity period in apps/cmp.c	Dr. David von Oheimb
	Fixes #12268 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
2020-08-04	apps: Correct and extend diagnostics of parse_name()	Dr. David von Oheimb
	Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
2020-08-04	apps/cmp.c: Defer diagnostic output on server+proxy to be contacted	Dr. David von Oheimb
	Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296)
2020-07-30	Add OSSL_CMP_MSG_write(), use it in apps/cmp.c	Dr. David von Oheimb
	Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
2020-07-30	Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c	Dr. David von Oheimb
	Fixes #12403 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
2020-07-30	apps/cmp.c: Improve documentation of -recipient option	Dr. David von Oheimb
	Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12421)
2020-07-30	deserialisation: add deserialisation to the base provider	Pauli
	Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
2020-07-30	serialisation: Add a built-in base provider.	Pauli
	Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in the default provider. Add additional code to the list command to display what kind of serialisation each entry is capable of. Having the FIPS provider auto load the base provider is a future (but necessary) enhancement. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
2020-07-30	unify spelling of serialize	Pauli
	Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
2020-07-28	Deprecate -nodes in favor of -noenc in pkcs12 and req app	Dr. David von Oheimb
	Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12495)
2020-07-24	Add X509 related libctx changes.	Shane Lontis
	- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
2020-07-23	Test RSA oaep in fips mode	Shane Lontis
	Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11948)
2020-07-22	EVP: deprecate the EVP_X_meth_ functions.	Pauli
	Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082)
2020-07-22	Specific the engine pointer	gujinqiang
	CLA: trivial I found that when I wanted to use an engine by the option-engine XXX , it didn't work. Checking the code, I guess it missed the engine pointer when calling EVP_CipherInit_ex. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12475)
2020-07-22	Fix UI method setup, which should be independent of (deprecated) engine use	Dr. David von Oheimb
	Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12422)
2020-07-21	fixed swapped parameter descriptions for x509	Nihal Jere
	CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12482)
2020-07-21	Add ERR_raise() errors to fips OSSL_provider_init and self tests.	Shane Lontis
	As the ERR_raise() is setup at this point returng a range of negative values for errors is not required. This will need to be revisited if the code ever moves to running from the DEP. Added a -config option to the fips install so that it can test if a fips module is loadable from configuration. (The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file). Added more failure tests for the raised errors. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12346)
2020-07-16	Constify X509_check_akid and prefer using X509_get0_serialNumber over ↵	Dr. David von Oheimb
	X509_get_serialNumber Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375)
2020-07-16	Revert "kdf: make function naming consistent."	Matt Caswell
	The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit 765d04c9460a304c8119f57941341a149498b9db. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
2020-07-16	Revert "The EVP_MAC functions have been renamed for consistency. The ↵	Matt Caswell
	EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
2020-07-16	apps: deprecate engines	Pauli
	Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
2020-07-16	apps/list: deprecate engine support	Pauli
	Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
2020-07-16	Add SSL_get[01]_peer_certificate()	Todd Short
	Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8730)
2020-07-15	Add FIPS related configuration data to the default openssl application ↵	Shane Lontis
	configuration file Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12333)
2020-07-15	Make -provider_name and -section_name optional	Rich Salz
	Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12311)
2020-07-15	Use defaults FIPSKEY if not given on command line	Rich Salz
	Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12311)
2020-07-06	[apps/genpkey] exit status should not be 0 on output errors	Nicola Tuveri
	If the key is to be serialized or printed as text and the framework returns an error, the app should signal the failure to the user using a non-zero exit status. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12305)
2020-07-05	apps: remove NULL check imn release_engine since ENGINE_free also does it.	Pauli
	Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309)
2020-07-05	cmp: remove NULL check.	Pauli
	Instead appease coverity by marking 1464986 as a false positive. Coverity is confused by the engine reference counting. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309)
2020-07-03	If an empty password is supplied still try to use it	Matt Caswell
	If an empty password was supplied we ignored it and were trying to use the fallback method to read the password instead (i.e. read from stdin). However if that failed (which it always does if the cmp option -batch is used) then we were reporting that we had successfully read the password without actually setting one. Instead, if an empty password is explicitly provided we should use it. If no password is supplied explicitly and we have no fallback method then we assume the empty password. [extended tests] Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12275)
2020-07-01	Improve documentation, layout, and code comments regarding self-issued certs ↵	Dr. David von Oheimb
	etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587)
2020-06-30	Force ssl/tls protocol flags to use stream sockets	Benny Baumann
	Prior to this patch doing something like openssl s_client -dtls1 -tls1 ... could cause s_client to speak TLS on a UDP socket which does not normally make much sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12266)
2020-06-29	Add --fips-key configuration parameter to fipsinstall application.	Rich Salz
	Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in fipsinstall optional Make all tests, except fipsinstall, use the default -macopt and -mac_name flags. Define and use FIPSDIR variable on VMS/MMS. Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12235)
2020-06-28	apps/openssl: clean-up of unused fallback code	Richard Levitte
	Remove code in help_main() that duplicates the case when 'openssl' is called with no arguments, which is now handled in main(). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12295)
2020-06-25	Update copyright year	Matt Caswell
	Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12273)
2020-06-25	apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine	Dr. David von Oheimb
	CID 1463570: (USE_AFTER_FREE) CID 1463570: (USE_AFTER_FREE) Passing freed pointer "e" as an argument to "release_engine". Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12231)
2020-06-25	apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity	Dr. David von Oheimb
	CID 1463578: Resource leaks (RESOURCE_LEAK) CID 1463575: Resource leaks (RESOURCE_LEAK) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12231)
2020-06-24	Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>	Dr. Matthias St. Pierre
	Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
2020-06-24	apps: avoid memory overrun.	Pauli
	NULL terminate the built in "help" argv array to avoid reading beyond the end. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12258)
2020-06-24	app/list: add RNG list option	Pauli
	Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24	CMS print should support string conversion	Dmitry Belyavskiy
	Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12206)
2020-06-23	APPS: Properly pass -no-CAstore	Sebastian Andrzej Siewior
	Since its introduction the option no-CAstore maps to OPT_NOCAPATH and so behaves like -no-CApath. Map no-CAstore to OPT_NOCASTORE. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12171)
2020-06-23	APPS: Fix invoking openssl without a command	Sebastian Andrzej Siewior
	Invoking help with "empty" argc leads to a segfault. Invoke do_cmd() with help as argument which invokes help_main() with proper argv. Fixes #12069 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12070)
2020-06-22	Fix CMP -days option range checking and test failing with enable-ubsan	Dr. David von Oheimb
	Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-19	Return the cookie_len value from generate_cookie_callback	Matt Caswell
	The generate_cookie_callback was failing to pass back the generated cookie length to the caller. This results in DTLS connection failures from s_server. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12179)
2020-06-19	Remove whitespace from 'white space'	haykam821
	CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12161)