Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram
Commit log since last time: 4114964865 Build files: add module installation targets ae6b654b66 TEST: make and use a fipsinstall script c0bfc473d8 Use the libctx for all EVP_PKEY_CTX operations 4f6c704495 Re-enable FIPS testing in sslapitest.c 5e30f2fd58 Use a non-default libctx in sslapitest 09ec5e6f5d dhparam: white space cleaning 61b2afb50a apps: undeprecate the conditioned out apps 19d9be09d1 openssl: include the version a command was deprecated in the output text. f84fe4f448 apps: reinstate deprecated commands but using PKEY APIs 7539cb70eb dsaparam: update command line app to use EVP calls b304f8567c CHANGES: note which command line utilities are marked for deprecation but still available. 769cfc3bd0 Undeprecate DH_get_length() and DH_set_length() functions dddbbc6f39 gendsa: update command line app to use EVP calls 8f7e1f68cc genrsa: update command line app to use EVP calls 99a7c3a7bf openssl: include the version a command was deprecated in the output text. 188dd86ab4 apps: reinstate deprecated commands but using PKEY APIs ccefc3411e dhparam: update command line app to use EVP calls b0cfe526d7 tests: reinstate tests for deprecated but non-removed functionality cd3572a110 dsaparam: update command line app to use EVP calls 54affb77c5 rsa: update command line app to use EVP calls b940349de1 dsa: update command line app to use EVP calls e0331eb8b8 Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber 753283cd23 Add CMP error reason 'missing reference cert' e599d0aecd Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/ a81151bd56 Add a couple of hints to fuzz/README.md 642f60d840 Rename CMP_PROTECTEDPART to OSSL_CMP_PROTECTEDPART for consistency 7a41760667 GOST2012 TLS ClientCertificateType Identifiers support ccb47dbf47 DOC: Extend the description of EVP_PKEY_CTX_new_from_name() 476de2e5e5 DOC: Add more description of EVP_PKEY_fromdata(), and examples 031c9bd3f3 apps/speed: fix invalid final report when run SM2 benchmarks in parallel ad16671d49 GOST cipher names adjustment 301ea192c7 INSTALL: document 'no-ui-console' rather than 'no-ui' 629c72db5f When calling the import_to function pass the libctx too 7da7b27eec Windows: Add type casting in CRYPTO_atomic_add to remove warning 4350a6bd42 doc: note that the FIPS provider contains some non-approved algorithms. 19985ac42c news: note the addition of ECX and SHAKE256 to the FIPS provider as non-approved algorithms b5bcc05302 pkey: free key manager on error path d8171446a2 ecx: check for errors creating public keys from private ones. c1e48c5171 s390: ECX key generation fixes. 43cd37014e ecx: add key generation support. 1ee1e55114 Add ECX to FIPS provider as non-FIPS algorithms 8a5cb59601 TEST: Add a test of keygen with an empty template in test/evp_extra_test.c d0ddf9b409 EVP: Fix calls to evp_pkey_export_to_provider() 6f89229603 TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support 7525c93030 Document X509_verify_ex() and X509_REQ_verify_ex() 465f34ed27 Introduce an internal version of X509_check_issued() 0820217441 Create a libctx aware X509_verify_ex() b27ed81943 Put sys-specific files in build.info 705536e2b5 Use build.info, not ifdef for crypto modules 7165593ce5 Add DH keygen to providers b03ec3b5d6 Add DSA keygen to provider 09b3654096 Make sure we always send an alert in libssl if we hit a fatal error e395ba223d When calling EC_POINT_point2buf we must use a libctx 137b274aee Document the new libctx aware private key functions d6a2bdf7f1 Make sure we use the libctx in libssl when loading PrivateKeys 1531241c54 Teach PEM_read_bio_PrivateKey about libctx 8755b08524 Teach the OSSL_STORE code about libctx f13fdeb321 Use the libctx in Ed448 private key decoding 472a88b79e Teach d2i_PrivateKey et al about libctx ca59b00bbd Fix no-pic static builds 49276c3569 EVP: fix memleak in evp_pkey_downgrade() 813d317178 EVP: Add a temporary SM2 hack to key generation 10d756a70e EC: Refactor EVP_PKEY_CTX curve setting macros for param generation 1f185f51a7 PROV: Implement EC param / key generation 2b9add6965 KEYMGMT: Add functions to get param/key generation parameters a5c864ce90 Fix Dynamic engine loading so that the call to ENGINE_load_builtin_engines() is performed. 9bf475fcf3 mkerr: remove legacy guards from generated error headers ff1f7cdeb1 Add ex_data to EVP_PKEY. 0437435a96 BIO_do_accept: correct error return value b93e2ec273 Fix some errors in documentation e32e00ab20 Initialize files that declare internal symbols 8270c4791d Rework util/find-doc-nits to distinguish internal documentation eacd30a703 Add manpage entry for X509_check_purpose() abfc73f374 Fix EVP_DigestSign interface when used with DES CMAC cc572c2564 EVP: legacy_ctrl_to_param() to handle provider side keys aec8de1a5f CMS KARI: Temporarly downgrade newly generated EVP_PKEYs to legacy 1ae56f2f43 Don't compile commands if disabled fa4d3fe46d Fix krb5 external test 09fafd0606 Add common internal crypto/ modules in liblegacy.a 5435044fd6 Enable Ed25519 signing/verifying to use the libctx bbe3ed06d7 Add the auto generated der files to .gitignore aa233ef7f7 Document the new library context aware CT functions 1a37ee9402 Ensure libssl uses the new library context aware CT code d4b2bfbade Make the CT code library context aware 76e23fc50b Enable export_to functions to have access to the libctx 8519b244bc OpenSSL::OID: Don't use List::Util ae3254287f Update RAND_METHOD definition in man page fbc6efbbc1 Travis build matrix adjustments 7b4344ac3e Add a null provider which implements no algorithms. f5056577ba Move legacy ciphers into the legacy provider cc45a884bd Document the new X509_STORE_CTX_new_with_libctx() function e66c37deb6 Explicitly cache the X509v3_extensions in one more place in libssl 0c56a64829 Use the libctx and propq from the X509_STORE_CTX a959b4fa97 Use X509_STORE_CTX_new_with_libctx() in libssl 1143c27be1 Add X509_STORE_CTX_new_with_libctx() afce590b74 TLS: Temporarly downgrade newly generated EVP_PKEYs to legacy e3be0f4389 Fix export of provided EC keys c2041da8c1 EVP & TLS: Add necessary EC_KEY data extraction functions, and use them 4f76d62f23 EVP: add EVP_PKEY_is_a() and EVP_PKEY_can_sign() 82e1fc1bc0 params: add a warning about the PTR types. 069165d106 AES CTR-DRGB: do not leak timing information 96218269f4 Integer overflow in ASN1_STRING_set. 86f32187c3 params: avoid a core dump with a null pointer and a get string call c61ced5ec5 [crypto/ec] blind coordinates in ec_wNAF_mul for robustness 1eb9b54af7 Fix the error handling in EC_POINTs_mul d803930448 Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() 99d680e6bc Fix error reporting glitch in X509_STORE_CTX_print_verify_cb() in t_x509.c a1e4c8ef81 Fix bugs in 3GPP exception checking and improve diagnostics in crypt/cmp/cmp_vfy.c 2d956b320c PROV: Add DERlib support for ECDSA and EC keys 8c55580347 PROV: Add DERlib support for DSA 6f5837dc16 PROV: Add DERlib support for RSA 1d39620b34 PROV: Add the beginning of a DER writing library 77de6bb38d Add perl support to parse and DER encode ASN.1 OID specs 3cb55fe47c Add test cases for the non CA certificate with pathlen:0 fa86e2ee35 Set X509_V_ERR_INVALID_EXTENSION error for invalid basic constraints 428cf5ff83 Allow certificates with Basic Constraints CA:false, pathlen:0 a056ee28ed Add a WPACKET test for the new DER capability d3ba3916d4 Add "endfirst" writing to WPACKET e2bf331bc0 Fix a gcc warning about possible null pointer 70d80ef989 Expand the XTS documentation 94468c775c Remove an unnecessary call to BN_CTX_free. 0e8b6c97ba Fix bugs in EC code introduced with FIPS changes. ec4d1b8f8c Add data driven SELF TEST code for signatures and key agreement 4b1fe471ac HTTP client: make server/proxy and port params more consistent; minor other improvements afe554c2d2 Chunk 10 of CMP contribution to OpenSSL: CMP http client and related tests 98278b9631 TLS Cipher Suite 0xC102 Support b5f7aa5ce7 Fix a printf format error in cmp_client.c ccb8f0c87e Fixups in CHANGES.md beb958ccd8 Extend the sslprovider_test to be able to additionally test FIPS 5093fec23b Make sure we always use the correct libctx in sslprovidertest.c d882e4ce56 Make sure we use the libctx when creating an EVP_PKEY_CTX in libssl fc69f32cd6 Use EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex in libssl fe56d5951f Don't double free a DH object a4a93bbfb0 [crypto/ec] Ladder tweaks 09736245b1 [test] Make sm2_internal_test less fragile to changes in the ec module cd81ac7be3 apps: support sendfile in s_server when ktls enabled 96ebe52e89 Add EVP_PKEY_gettable_params support for accessing EVP_PKEY key data fields f4c8807309 Windows makefile generator: Don't delete long lists of files in one go a70535f849 Give a better error if we can't find a sig alg fd03868b34 Fix off-by-1 bug on provider_activate with custom error strings 551543e5e2 Add test for providers exposing OSSL_FUNC_PROVIDER_GET_REASON_STRINGS e15d369781 Document the new X509v3_cache_extensions() function 9f0f53b7db Explicitly cache X509v3 extensions in libssl 33328581b8 Add the X509v3_cache_extensions() function c2146b57d2 Don't attempt to up-ref an EVP_CIPHER if it is NULL 743d9c16de Describe the "want" parameter in int create_bare_ssl_connection() e737adb42a Display errors if a test TLS connection fails 20c98cd453 Param builder: Remove the static size limit. 6d4e6009d2 Param build: make structures opaque. be19d3caf0 NEWS: note OSSL_PARAM_BLD API as public. 110bff618b Param builder: make the OSSL_PARAM_BLD APIs public. 9e885a707d s_server: Properly indicate ALPN protocol mismatch 9e2c03582d PROV: Fix EC_KEY exporters to allow domain parameter keys 4c106e20ef Document various SRP related APIs 20c00d0a0a Use the new library context aware SRP functions in sslapitest 1744b6d3aa Update libssl to use the new library context aware SRP functions e85982c7a9 Make SRP library context aware c9f51264d8 Use the new OCSP functions in sslapitest.c be6aeda647 Add OCSP_RESPID_set_by_key_ex() and OCSP_RESPID_match_ex() 5fcb97c61e Ignore some fetch failures 6b1e5fa487 Put an error on the stack in the event of a fetch failure 9727f4e7fd Use a fetched cipher for the TLSv1.3 early secret 148bfd26a4 Use a fetched cipher when decrypting a ticket in libssl 8158cf2097 EVP: Limit the diverse key parameter functions to domain params only 0abae1636d EVP: Implement support for key downgrading in backends ff7262b4f4 test/evp_pkey_provided_test.c: Add test of EVP_PKEY_copy_parameters() acb90ba8ff EVP: Downgrade keys rather than upgrade 8243d8d1a1 EVP: Add EVP_PKEY_set_type_by_keymgmt() and use it adc9f73126 EVP: Clarify the states of an EVP_PKEY 5036dc67d0 EC: Refactor ec_curve_name2nid() to accept NIST curve names 7e765f46a6 Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests b4ba2b7ce0 Fix bug in strncpy() use of sk_ASN1_UTF8STRING2text() in asn1_lib.c cbb9b7c460 Fix whitespace nit in OSSL_SELF_TEST_new.pod which caused doc-nits warning 71f852802f Issuer Sign Tool extention support 129c22840e Fix EVP_PKEY_new_mac_key() 5f1adadce1 util/wrap.pl: Correct exit code when signalled 402b00d579 Use ctx2 instead ctx. 6f829f58ef Make sure we use a fetched cipher when encrypting stateless tickets abd86cecce Use a fetched version of SHA256 in tls_process_new_session_ticket() ca1bbc1a20 Use correct libctx when fetching the TLS1 PRF in libssl 3aceb9ec51 Use the libctx and properties when constructing an EVP_PKEY_CTX cab33afb71 Update CA.pl podpage, and script 55ca81259a Handle mdname in legacy EVP_DigestSignInit_ex codepaths a45694a356 Make it possible to easily specify a libctx for EVP_DigestSign* 0996cff91f DH, DSA, EC_KEY: Fix exporters to allow domain parameter keys 8cc86b81ac Constify various mostly X509-related parameter types in crypto/ and apps/ 7e06a6758b Fix error handling in x509v3_cache_extensions and related functions d3b2f8760a evp_test: the tests using MDC2 need the legacy provider 4b9e90f42a EVP: fetch the EVP_KEYMGMT earlier 9a1c170d63 s_server: warn about NO PSK identity hint in TLSv1.3 22e27978b2 Add support for passing the libctx to the config loader 0f2deef59d Use RAND_bytes_ex in crypto/rsa cb57f42528 Make sure we use the libctx when fetching a MAC a2b6231601 Handle the case where there is no digest in an EVP_MD_CTX 8658feddea Update CHANGES and NEWS for 1.1.1e release ad090d57e2 make err() message strings of find-doc-nits consistently start with uppercase letters bc6ca4cbea add line and file info to 'Malformed line' error msg on *.num files in make-doc-nits ae8483d24d Rename OSSL_{d2i,i2d}_CMP_MSG_bio to {d2i,id2}_OSSL_CMP_MSG_bio 90a7c90500 fix false positive of check-format.pl regarding '#if' on preceding line; extend negative tests aed723f1e4 make util/check-format.pl script executable 38e497818e fix false positive of check-format.pl reporting '{1 stmt}' after multi-line 'if(expr)' cde63b7315 Extend Travis build time-out 244bc29746 Implement serializers for ED25519 and ED448