ret in ossl_config_int() only used to check return value of
CONF_modules_load_file(), should set it to 1 if in UEFI system.
Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21300)
Duncan Thomson [Wed, 28 Jun 2023 21:02:26 +0000 (22:02 +0100)]
Fix OSSL_PROVIDER_try_load() retain_fallbacks doc
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21319)
Jakub Wilk [Wed, 28 Jun 2023 20:17:00 +0000 (22:17 +0200)]
openssl-rsautl.pod: Add missing comma
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21318)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
Sam James [Wed, 26 Apr 2023 00:04:09 +0000 (01:04 +0100)]
CI: add GCC 13
Signed-off-by: Sam James <sam@gentoo.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20961)
Matt Caswell [Tue, 27 Jun 2023 09:23:47 +0000 (10:23 +0100)]
Fix typos in s_client
There was some typos of OPENSS_NO_QUIC (should be OPENSSL_NO_QUIC) in
s_client
Fixes #21291
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21293)
Tomas Mraz [Wed, 28 Jun 2023 14:55:57 +0000 (16:55 +0200)]
Do not use stitched AES-GCM implementation on PPC32
The implementation is not usable there at all.
Fixes #21301
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21312)
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21232)
Jörg Sommer [Thu, 15 Jun 2023 16:16:49 +0000 (18:16 +0200)]
openssl speed -multi -evp prints wrong algorithm name
When running `openssl speed -evp md5` the result shows `md5` as algorithm
name. But when adding the option `-multi 2` it gives `evp` as algorithm
name.
Signed-off-by: Jörg Sommer <joerg@jo-so.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21216)
Matt Caswell [Wed, 14 Jun 2023 09:22:57 +0000 (10:22 +0100)]
Add a tutorial on writing a simple blocking QUIC client
This tutorial only covers a single stream client at this stage. A future
PR will cover adding multi-stream support.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Tue, 13 Jun 2023 12:12:08 +0000 (13:12 +0100)]
Before we do anything the ping deadline is infinite
Needed for tserver so that it the deadline isn't immediate before we've
accepted a connection.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Tue, 13 Jun 2023 12:11:18 +0000 (13:11 +0100)]
Ensure SSL_connect() actually blocks if we are in blocking mode
Fix supplied by Hugo Landau.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Tue, 13 Jun 2023 12:08:00 +0000 (13:08 +0100)]
The CC wake up deadline is now if we have TX allowance
If we have TX allowance then there is no need to wait if we have something
to send - the wake up deadline is immediate.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Thu, 8 Jun 2023 15:36:17 +0000 (16:36 +0100)]
Add a non-blocking QUIC client demo
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Thu, 8 Jun 2023 11:18:38 +0000 (12:18 +0100)]
Add a test quicserver utility
This QUIC server utility is intended for test purposes only and is expected
to be replaced in a future version of OpenSSL by s_server. At that point
it will be removed.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Tomas Mraz [Mon, 26 Jun 2023 15:13:30 +0000 (17:13 +0200)]
s390xcap.c: Avoid copying structure on initialization
This is problematic on old compilers. It also avoids duplicating
the read-only data.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21284)
Fergus Dall [Mon, 12 Jun 2023 10:02:14 +0000 (20:02 +1000)]
Add support for SHA256/192
This is defined in NIST SP 800-208 as the truncation to 192 bits of
SHA256. Unlike other truncated hashes in the SHA2 suite, this variant
doesn't have a different initial state, it is just a pure truncation
of the output.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21180)
Tomas Mraz [Mon, 26 Jun 2023 09:11:57 +0000 (11:11 +0200)]
CONF_modules_load_file_ex(): Do not try to load an empty file name
Fixes #21258
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/21282)
Matt Caswell [Fri, 23 Jun 2023 15:01:41 +0000 (16:01 +0100)]
Add some test_ssl_new tests for the ffdhe groups
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
Matt Caswell [Fri, 23 Jun 2023 14:45:14 +0000 (15:45 +0100)]
Fix supported_groups handing in TLSv1.2
In TLSv1.2 we should not attempt to use a supported_group value that is
intended for use with TLSv1.3 - even if both the server and the client
support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but
not for TLSv1.2.
Fixes #21081
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
Matt Caswell [Fri, 23 Jun 2023 11:05:07 +0000 (12:05 +0100)]
Add a test for pkeyutl encrypt/decrypt using SM2
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
Matt Caswell [Fri, 23 Jun 2023 10:50:17 +0000 (11:50 +0100)]
Don't truncate the input when decrypting in pkeyutl
The pkeyutl app was truncating the input file for decryption leading to
incorrect results. This was probably ok historically when RSA was being
used for decryption which has short maximum sizes. This is not ok with SM2.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
fullwaywang [Wed, 21 Jun 2023 07:00:06 +0000 (15:00 +0800)]
Check for 0 modulus in BN_RECP_CTX_set.
The function BN_RECP_CTX_set did not check whether arg d is zero,
in which case an early failure should be returned to the invoker.
This is a similar fix to the cognate defect of CVE-2015-1794.
Fixes #21111
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21255)
Richard Levitte [Fri, 16 Jun 2023 11:56:36 +0000 (13:56 +0200)]
Add a test case for the password prompt on garbage PKCS#12 file
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)
Richard Levitte [Tue, 13 Jun 2023 18:06:04 +0000 (20:06 +0200)]
OSSL_STORE and PKCS#12: Check if there is a MAC to verify before prompting
When a DER object with unknown contents comes all the way to
ossl_store_handle_load_result(), and it attempts to decode them as different
objects, the PKCS#12 decoding attempt would (almost) always prompt for a
passphrase, even if there isn't a MAC to verify it against in the PKCS#12
object.
This change checks if there is a MAC to verify against before attempting to
prompt for a passphrase, leading to less surprising behavior.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)
Consistency: "Authors" after "The OpenSSL Project"
All source files show "The OpenSSL Project Authors" as the
copyright owner.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21268)
Matt Caswell [Fri, 9 Jun 2023 08:33:11 +0000 (09:33 +0100)]
Add a test for an invalid group in the HRR
Test that if the client sends a key share for a group in the server's
supported_group list but is otherwise invalid, that we don't select it
in the HRR.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
Matt Caswell [Fri, 9 Jun 2023 08:09:06 +0000 (09:09 +0100)]
Don't ask for an invalid group in an HRR
If the client sends us a group in a key_share that is in our
supported_groups list but is otherwise not suitable (e.g. not compatible
with TLSv1.3) we reject it. We should not ask for that same group again
in a subsequent HRR.
Fixes #21157
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
Vladimír Kotal [Thu, 15 Jun 2023 08:02:57 +0000 (10:02 +0200)]
Allow to disable apps building with no-apps
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21212)
updated the end copyright year in README.md to 2023
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21225)
Remove restriction to only cross-sign self-signed certificates
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21137)
Vladimír Kotal [Thu, 15 Jun 2023 19:29:58 +0000 (21:29 +0200)]
add no-http
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21217)
Vladimír Kotal [Thu, 15 Jun 2023 15:03:21 +0000 (17:03 +0200)]
log actual NID causing the 'unknown message digest algorithm error'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21214)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21210)
fisher.yu [Wed, 14 Jun 2023 07:17:49 +0000 (07:17 +0000)]
Fix function signatures in aes-gcm-armv8 comments.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21208)
Hugo Landau [Mon, 12 Jun 2023 13:13:33 +0000 (14:13 +0100)]
QUIC: Allow application to trigger TXKU
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Mon, 12 Jun 2023 13:13:26 +0000 (14:13 +0100)]
QUIC: Minor fixups
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 14:37:34 +0000 (15:37 +0100)]
QUIC CHANNEL: Inform the ACKM when the handshake is confirmed
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC: Test key update works correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Optimise key update using ACKs
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC: Add internal APIs for white-box testing of key update
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Enforce the RX packet forgery limit
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RXDP: Strictly enforce ACK PNs with regard to TX key epochs
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Ensure new packets aren't enforced with old keys
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Handle key updates correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Make TXP use time callback correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC APL: Correct implementation of time callback override
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RX: Support reporting the key epoch a packet was received with
This is needed to support key update validation on the receive side.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Allow callbacks on ACK transmission
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Allow next PN to be used to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RX: Refactor key update callback to provide PN
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC TXP: Remove TX key update handling from TXP
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC TXP: Refactor status output to use an extensible structure
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC ACKM: Allow largest acked PN to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC WIRE: Utility function to determine if PN is in an ACK frame
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC Glossary: TXKU, RXKU, KU
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Richard Levitte [Wed, 8 Mar 2023 10:53:34 +0000 (11:53 +0100)]
apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't been documented, and the meaning has been
left undefined, until now.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20460)
Hugo Landau [Tue, 13 Jun 2023 09:40:22 +0000 (10:40 +0100)]
Partially revert #18070 (Add support for Windows CA certificate store)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21190)
Richard Levitte [Mon, 12 Jun 2023 04:31:25 +0000 (06:31 +0200)]
OpenSSL::paramnames: Use less magic perl
Constructions like $$cursor{whatever} and %$cursor{whatever} were ambiguous
in some perl versions, and it's still better to use the arrow syntax for the
way we use them, i.e. they can both be replaced with $cursor->{whatever}.
Fixes #21152
Fixes #21172
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21178)