err: add additional errors Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17440)
Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER, negative input values should not be accepted. Fixes #17103 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17104)
Remove all trace of FIPS_mode functions Removed error codes, and the mention of the functions. This removal is already documented in the CHANGES doc. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15140)
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13392)
openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
Add a "random" configuration section. This permits the default trio of DRBGs to have their type and parameters set using configuration. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12931)
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
mkerr: remove legacy guards from generated error headers In pull request #9333, legacy guards were added to the generated error headers, but the mkerr.pl script was not adjusted accordingly. So the legacy guards were removed by subsequent `make update` calls. Fixing the mkerr.pl script properly was disproportionately complicated by the fact that adding legacy guards only made sense for files which already existed in version 1.1.1. To keep things simple, it was decided to drop the legacy guards from the generated headers entirely. Fixes #10569 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11541)
CORE: ossl_namemap_add_names(): new function to add multiple names This was originally the private add_names_to_namemap() in crypto/evp/evp_fetch.c, but made more generally useful. To make for more consistent function naming, ossl_namemap_add() and ossl_namemap_add_n() are renamed to ossl_namemap_add_name() and ossl_namemap_add_name_n(). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
Update source files for deprecation at 3.0 Previous macros suggested that from 3.0, we're only allowed to deprecate things at a major version. However, there's no policy stating this, but there is for removal, saying that to remove something, it must have been deprecated for 5 years, and that removal can only happen at a major version. Meanwhile, the semantic versioning rule is that deprecation should trigger a MINOR version update, which is reflected in the macro names as of this change. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
Add legacy include guards to public header files For every public header file, the old include guard definition needs to be added in addition to the new one include/openssl/file.h: #ifndef OPENSSL_FILE_H # define OPENSSL_FILE_H # pragma once # include <openssl/macros.h> # if !OPENSSL_API_3 # define HEADER_FILE_H # endif ... This is going to ensure that applications which use the old include guards externally, for example like this #ifndef HEADER_FILE_H # include <openssl/file.h> #endif will not fail to compile. In addition to the legacy guard, the public header files also receive a '# pragma once' directive. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
Fix header file include guard names Make the include guards consistent by renaming them systematically according to the naming conventions below For the public header files (in the 'include/openssl' directory), the guard names try to match the path specified in the include directives, with all letters converted to upper case and '/' and '.' replaced by '_'. For the private header files files, an extra 'OSSL_' is added as prefix. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex() They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(), except they take a result buffer from the caller. We take the opportunity to break out the documentation of the hex to / from buffer conversion routines from the OPENSSL_malloc() file to its own file. These routines aren't memory allocation routines per se. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9303)
Parameter building utilities. A fuller implementation of PARAMS_TEMPLATE as per #9266 but renamed. This introduces a statis data type which can be used to constructor a description of a parameter array. It can then be converted into a OSSL_PARAM array and the allocated storage freed by a single call to OPENSSL_free. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9305)
Regenerate mkerr files Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
Instead of global data store it in an OPENSSL_CTX Various core and property related code files used global data. We should store all of that in an OPENSSL_CTX instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
Replumbing: add a configuration module for providers This configuration module supports a configuration structure pretty much like the engine configuration module, i.e. something like this: openssl_conf = openssl_init [openssl_init] providers = provider_section [provider_section] # Configure the provider named "foo" foo = foo_section # Configure the provider named "bar" bar = bar_section [foo_section] # Override name given in the provider section identity = myfoo # The exact path of the module. This is platform specific module_path = /opt/openssl/modules/foo.so # Whether it should be automatically activated. Value is unimportant activate = whatever # Anything else goes as well, and becomes parameters that the # provider can get what = 1 # sub-sections will be followed as well ever = ever_section [ever_section] cookie = monster All the configurations in a provider section and its sub-sections become parameters for the provider to get, i.e. the "foo" provider will be able to get values for the following keys (with associated values shown): identity => myfoo module_path => /opt/openssl/modules/foo.so activate => whatever what => 1 ever.cookie => monster Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8549)
Replumbing: add functionality to set provider parameters Provider parameters are parameters set by the core that the provider can retrieve. The primary use it to support making OpenSSL configuration data available to the provider. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8549)