The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)
Also slightly improve the style of the respective code in crypto/x509/v3_san.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
This does not change the semantics of expected usage because only either one may be given.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
We should not be freeing the caller's key in the event of error.
Fixes#17196
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17209)
For HTTP (not HTTPS) with proxy, server must be given, port is optional
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
Also remove the outdated BUGS section and fix the coding style of the function.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17188)
Fixes#17109
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17119)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
The passphrase callback data was not properly initialized.
Fixes#17054
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.
https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html
We clarify the wording to make it clear that the warning applies to the
following functions.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)
Check is done to prevent wrong memory access by EVP_PKEY_get0_asn1()
Also fix wrong coding style in the s_cb.c file.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17176)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16925)
These used to exist but were removed before release.
Updating the documentation was missed.
Fixes#17138
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17141)
When an integer value was specified, it was not being passed back via
the orig_p2 weirdness.
Regression test included.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17136)
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17133)
The doc/html sub-dirs get created by Configure. Therefore they should
not be cleaned away by "nmake clean". Otherwise the following sequence
fails:
perl Configure VC-WIN64A
nmake clean
nmake
nmake install
Fixes#17114
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17128)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17110)
This is done for the data type OSSL_PARAM_INTEGER by checking if the
most significant bit is set, and adding 8 to the number of buffer bits
if that is the case. Everything else is already in place.
Fixes#17103
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER,
negative input values should not be accepted.
Fixes#17103
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
With arbitrary size ints, we get to know exactly how large the minimum
buffer must be.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
The restriction about setting a tag length prior to setting the IV only
applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG
can be called.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17111)
In the x509 app when doing the ip/email/host validation of a
certificate we return nonzero exit code if the validation fails.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17022)
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT
resulting in all ARM acceleration features being disabled.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17082)
d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp()
were documented in OpenSSL 1.0.2. In a grand unification of the
documentation of (almost) all d2i and i2d functions, these were
dropped, most likely by mistake.
This simply adds them back.
Fixes#17091
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17094)
(cherry picked from commit 1aa96159b0)
