Pauli [Fri, 18 Jun 2021 09:46:50 +0000 (19:46 +1000)]
asn1: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 09:46:36 +0000 (19:46 +1000)]
ssl: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 09:46:27 +0000 (19:46 +1000)]
ssl: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 09:46:16 +0000 (19:46 +1000)]
punycode: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 07:50:54 +0000 (17:50 +1000)]
crypto: repalce tabs with spaces
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 07:46:40 +0000 (17:46 +1000)]
test: replace tabs with spaces in test recipes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 07:44:57 +0000 (17:44 +1000)]
ssl: replace tabs with spaces
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 07:44:44 +0000 (17:44 +1000)]
include: replace tabs with spaces in headers
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 03:17:42 +0000 (13:17 +1000)]
test: add test for auto DH security level meets the minimum
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)
Pauli [Fri, 18 Jun 2021 02:54:24 +0000 (12:54 +1000)]
ssl: do not choose auto DH groups that are weaker than the security level
Fixes #15808
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)
Pauli [Fri, 18 Jun 2021 04:43:24 +0000 (14:43 +1000)]
params: fix range check when converting double to uint64_t.
Found in #15815
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15819)
Pauli [Fri, 18 Jun 2021 01:05:20 +0000 (11:05 +1000)]
params: avoid using intmax_t since it's not well supported
Converting doubles to integers used to go via intmax_t which isn't properly
defined on some platforms. The alternative is to go via int64_t.
Fixes #15815
Alternative to #15816
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15817)
Tomas Mraz [Thu, 17 Jun 2021 14:57:57 +0000 (16:57 +0200)]
aix64-gcc target: Fix build breakage with enable-fips
Fixes #15804
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15807)
Dr. David von Oheimb [Thu, 17 Jun 2021 11:29:06 +0000 (13:29 +0200)]
http_client.c: fix HTTP_VERSION_STR_LEN and make it more efficient
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
Dr. David von Oheimb [Thu, 17 Jun 2021 11:26:32 +0000 (13:26 +0200)]
http_client.c: make HTTP_LINE1_MINLEN more efficient
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
Dr. David von Oheimb [Thu, 17 Jun 2021 10:55:14 +0000 (12:55 +0200)]
http_client.c: make prefix checking more readable and more efficient
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
Dr. David von Oheimb [Thu, 17 Jun 2021 07:31:50 +0000 (09:31 +0200)]
http_client.c: fix error reporting (a char was missing; improve style)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
Dr. David von Oheimb [Thu, 17 Jun 2021 05:55:42 +0000 (07:55 +0200)]
http_client.c: fix OSSL_HTTP_proxy_connect() for HTTPS proxy use
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
Richard Levitte [Wed, 16 Jun 2021 08:32:43 +0000 (10:32 +0200)]
Make util/wrap.pl work better on VMS
Perl's system() on VMS needs to have the command line properly fixed
up, even with arguments passed in list form. We arrange that by
having util/wrap.pl use the same command line fixups as OpenSSL::Test.
As a consequence, util/wrap.pl needs to be generated, to easily pick
up data from configdata.pm. This also removes yet another file
copying hack from the build file templates.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15791)
Richard Levitte [Wed, 16 Jun 2021 08:18:20 +0000 (10:18 +0200)]
OpenSSL::Test: Move the command line quotifier
The command line quotifier is more useful as a common utility, so it
gets moved to OpenSSL::Util, as the following two functions:
fixup_cmd_elements(), which is the generic command line reformatter
fixup_cmd(), which is like fixup_cmd_elements(), but treats the first
element specially where necessary (such as on VMS).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15791)
Marek [Sat, 22 May 2021 08:48:38 +0000 (10:48 +0200)]
Add demo for HKDF
Fixes #14120
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15784)
Matt Caswell [Thu, 17 Jun 2021 13:03:53 +0000 (14:03 +0100)]
Prepare for 3.0 beta 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 17 Jun 2021 13:03:42 +0000 (14:03 +0100)]
Prepare for release of 3.0 beta 1
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 17 Jun 2021 13:03:41 +0000 (14:03 +0100)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 17 Jun 2021 12:24:59 +0000 (13:24 +0100)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
Richard Levitte [Thu, 17 Jun 2021 08:47:26 +0000 (10:47 +0200)]
test/recipes/80-test_cmp_http.t: Kill the mock server brutally
To kill a subprocess with the KILL signal is pretty brutal. However,
it doesn't seem to be killed completely on some platforms, which makes
this test recipe hang indefinitely when (implicitly) closing the file
handle for this server ($server_fh). A brutal KILL resolves this
problem.
Fixes #15781
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15797)
Pauli [Thu, 17 Jun 2021 03:31:01 +0000 (13:31 +1000)]
gost: remove the internal GOST test.
The external GOST test is sufficient according @beldmit. This avoids having
to manually update and build the GOST engine when something changes.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15795)
Richard Levitte [Wed, 16 Jun 2021 04:48:12 +0000 (06:48 +0200)]
Fix exit code for VMS in util/wrap.pl and test/run_tests.pl
The exit code for VMS is a bit tricky, and while perl translates the
VMS status code from a typical C program to posix terms, it doesn't
automatically translate its exit code into the typical C program VMS
status code. Perl scripts are recommended to do so explicitly.
Therefore, we make util/wrap.pl and test/run_tests.pl simulate the
typical C program VMS status code for all non-zero exit codes, except
we give them all the error severity (according to the VMS C library
reference manual, exit codes 2 and above are treated as success...).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15787)
Richard Levitte [Wed, 16 Jun 2021 04:52:27 +0000 (06:52 +0200)]
Fix small typo in test/recipes/05-test_pbe.t
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15786)
Shane Lontis [Thu, 17 Jun 2021 02:44:27 +0000 (12:44 +1000)]
Add self test for ECDSA using curve with a binary field
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15794)
Rich Salz [Thu, 10 Jun 2021 20:06:10 +0000 (16:06 -0400)]
Always wait for both threads to finish
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15708)
Richard Levitte [Tue, 15 Jun 2021 12:59:17 +0000 (14:59 +0200)]
DSO: Fix the VMS DSO name converter to actually do something
This function has never before actually done its work. This wasn't
discovered before, because its output wasn't important before the FIPS
provider self test started using its value.
This function is now made to insert the VMS DSO extension (".EXE") at
the end of the filename, being careful to make sure what can be a
typical VMS generation number (separated from the file name with a
';') remains at the end.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15765)
Richard Levitte [Tue, 15 Jun 2021 14:11:51 +0000 (16:11 +0200)]
TEST: Change 'catdir' to 'catfile' when dealing with files, in run_tests.pl
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15767)
Richard Levitte [Wed, 16 Jun 2021 08:49:31 +0000 (10:49 +0200)]
Build file templates: Fix in2script dependencies
The in2script functions generates the build file rules for generating
scripts from .in files. A dependency on configdata.pm is needed,
since it's being used for this.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15792)
Richard Levitte [Wed, 16 Jun 2021 04:09:41 +0000 (06:09 +0200)]
Configuration: Fix incorrect $unified_info{attributes} references
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)
Pauli [Tue, 15 Jun 2021 22:44:28 +0000 (08:44 +1000)]
prov: tag SM2 encoders and decoders as non-FIPS
They're impossible to use in a FIPS environment, so they shouldn't be flagged
as compatible.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15782)
Richard Levitte [Tue, 15 Jun 2021 09:46:00 +0000 (11:46 +0200)]
VMS build: drop a spurious debug print
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)
Dr. David von Oheimb [Sat, 12 Jun 2021 15:43:15 +0000 (17:43 +0200)]
HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c
For this reason, export this function, which allows removing http_local.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15764)
Dr. David von Oheimb [Tue, 15 Jun 2021 11:00:38 +0000 (13:00 +0200)]
X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15762)
Richard Levitte [Tue, 15 Jun 2021 08:18:19 +0000 (10:18 +0200)]
CORE: Do a bit of cleanup of core fetching
Some data, like the library context, were passed both through higher
level callback structures and through arguments to those same higher
level callbacks. This is a bit unnecessary, so we rearrange the
callback arguments to simply pass that callback structure and rely on
the higher level fetching functionality to pick out what data they
need from that structure.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15750)
Shane Lontis [Tue, 15 Jun 2021 09:56:36 +0000 (19:56 +1000)]
Fix DH private key check.
A recent addition removed setting the dh private key length when
a safe prime group is used. The private key validation check was relying on this
being set for safe primes. Setting the upper bound no longer checks the
length if the value is zero.
This caused a failure in the daily build of acvp_tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15760)
Matt Caswell [Mon, 14 Jun 2021 11:56:01 +0000 (12:56 +0100)]
Add a test for fetching various non-evp objects
We fetch an Encoder, Decoder and Loader.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)
Matt Caswell [Mon, 14 Jun 2021 11:08:38 +0000 (12:08 +0100)]
Clean up the encoder/decoder/loader stores before providers
We already had the evp method store being cleaned up before the provider
store was. This prevents issues where the method clean up functions cause
providers to clean up, which then needs access to the provider store. We
extend the same thinking to the encoder/decoder/loader stores.
Fixes #15727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)
Pauli [Tue, 15 Jun 2021 04:07:51 +0000 (14:07 +1000)]
apps: remove AEAD/mode checks that are now redundant
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
Pauli [Tue, 15 Jun 2021 04:07:25 +0000 (14:07 +1000)]
apps: use get_cipher_any() instead of get_cipher() for commands that support these ciphers/modes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
Pauli [Tue, 15 Jun 2021 04:06:17 +0000 (14:06 +1000)]
apps: limit get_cipher() to not return AEAD or XTS ciphers
Add a get_cipher_any() function to access these in addition to more normal ciphers
Fixes #7720
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
Pauli [Tue, 15 Jun 2021 04:05:05 +0000 (14:05 +1000)]
doc: document the various get_cipher functions in the commands lib.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
Pauli [Tue, 15 Jun 2021 09:57:36 +0000 (19:57 +1000)]
test: add test cases for SHAxxx helper functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15752)
Pauli [Tue, 15 Jun 2021 08:48:35 +0000 (18:48 +1000)]
Include a local static buffer for the SHA helper functions
This functionality existed in 1.1.1 but was lost.
Fixes #15718
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15752)
Dmitry Belyavskiy [Mon, 14 Jun 2021 12:30:48 +0000 (14:30 +0200)]
Correct processing of AES-SHA stitched ciphers
Fixes: #15706
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15740)
Shane Lontis [Mon, 14 Jun 2021 06:36:39 +0000 (16:36 +1000)]
Add missing migration_guide API mappings.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15732)
Matt Caswell [Wed, 9 Jun 2021 15:10:03 +0000 (16:10 +0100)]
Add documentation for the newly added OBJ up calls
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)
Matt Caswell [Wed, 9 Jun 2021 14:50:37 +0000 (15:50 +0100)]
Add a test for the newly added OBJ upcalls
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)
Matt Caswell [Wed, 9 Jun 2021 13:05:26 +0000 (14:05 +0100)]
Add various OBJ functions as callbacks
This enables providers to register new OIDs in the same libcrypto instance
as is used by the application.
Fixes #15624
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)
Pauli [Mon, 14 Jun 2021 08:07:49 +0000 (18:07 +1000)]
doc: finish the provider child up call documentation
The bulk of the documentation was there but it wasn't quite complete.
Fixes #15678
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15734)
Richard Levitte [Tue, 15 Jun 2021 16:50:55 +0000 (18:50 +0200)]
TEST: Skip test/recipes/01-test_symbol_presence.t on MacOS
It renames symbols, so we can a false negative
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15776)
Richard Levitte [Tue, 15 Jun 2021 16:15:52 +0000 (18:15 +0200)]
TEST: Display the correct shared library name
In test/recipes/01-test_symbol_presence.t
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15776)
Pauli [Mon, 14 Jun 2021 22:32:48 +0000 (08:32 +1000)]
new: update NEWS.md so it is correct.
- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.
Fixes #15743
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
Pauli [Mon, 14 Jun 2021 22:30:23 +0000 (08:30 +1000)]
new: update NEWS.md so it is correct.
- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.
Fixes #15743
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
Dmitry Belyavskiy [Mon, 14 Jun 2021 09:40:31 +0000 (11:40 +0200)]
Disabling Encrypt-then-MAC extension in s_client/s_server
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15735)
Richard Levitte [Tue, 15 Jun 2021 15:43:02 +0000 (17:43 +0200)]
TEST: Make test/recipes/01-test_symbol_presence.t more platform agnostic
Assuming ".so" as shared library ending is faulty on MacOS, where the
normal shared library extension is ".dylib".
We use the platform module to get the same extension as the build process.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15771)
Richard Levitte [Thu, 10 Jun 2021 05:31:13 +0000 (07:31 +0200)]
Refactor OSSL_STORE_LOADER_do_all_provided() to behave like OSSL_STORE_LOADER_fetch()
This is refactored to use inner_loader_fetch() without any given name,
which is just there to ensure all decoder implementations are made
into methods, and then use ossl_method_store_do_all() to list them
all.
This also adds the internal ossl_store_loader_do_all_prefetched(),
which can be used if pre-fetching needs to be done separately from
listing all the decoder implementations, or if listing may happen
multiple times.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Richard Levitte [Wed, 9 Jun 2021 09:00:00 +0000 (11:00 +0200)]
test/evp_extra_test.c: Peek at the error instead of getting it.
If there is an error report, we want to get it printed too.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Richard Levitte [Wed, 9 Jun 2021 08:58:33 +0000 (10:58 +0200)]
DECODER & ENCODER: Add better tracing
Now that we have functions to get the name and properties of the
diverse implementations, we can as well display them for clarity.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Richard Levitte [Wed, 9 Jun 2021 05:52:09 +0000 (07:52 +0200)]
Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all()
Fixes #15538
Fixes #14837
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Richard Levitte [Wed, 9 Jun 2021 05:50:08 +0000 (07:50 +0200)]
Refactor evp_generic_do_all() to behave like evp_generic_fetch()
This is refactored to use inner_evp_generic_fetch() without any given
name, which is just there to ensure all decoder implementations are
made into methods, and then use ossl_method_store_do_all() to list
them all.
This also adds the internal evp_generic_do_all_prefetched(), which
can be used if pre-fetching needs to be done separately from listing
all the decoder implementations, or if listing may happen multiple
times.
Fixes #15538
Fixes #14837
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Richard Levitte [Wed, 9 Jun 2021 05:47:41 +0000 (07:47 +0200)]
Refactor OSSL_ENCODER_do_all_provided() to behave like OSSL_ENCODER_fetch()
This is refactored to use inner_ossl_encoder_fetch() without any given
name, which is just there to ensure all encoder implementations are
made into methods, and then use ossl_method_store_do_all() to list
them all.
This also adds the internal ossl_encoder_do_all_prefetched(), which
can be used if pre-fetching needs to be done separately from listing
all the encoder implementations, or if listing may happen multiple
times.
Fixes #15538
Fixes #14837
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Richard Levitte [Fri, 4 Jun 2021 12:29:07 +0000 (14:29 +0200)]
Refactor OSSL_DECODER_do_all_provided() to behave like OSSL_DECODER_fetch()
This is refactored to use inner_ossl_decoder_fetch() without any given
name, which is just there to ensure all decoder implementations are
made into methods, and then use ossl_method_store_do_all() to list
them all.
This also adds the internal ossl_decoder_do_all_prefetched(), which
can be used if pre-fetching needs to be done separately from listing
all the decoder implementations, or if listing may happen multiple
times.
Fixes #15538
Fixes #14837
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Richard Levitte [Thu, 3 Jun 2021 07:09:19 +0000 (09:09 +0200)]
Add the internal function ossl_method_store_do_all()
It will simply call the given callback for every method found in the
given store.
Fixes #15538
Fixes #14837
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
Hubert Kario [Mon, 14 Jun 2021 11:38:02 +0000 (13:38 +0200)]
s_server: make -rev option easier to find (mention echo)
Since the service is echo-like (see TCP port 7 from RFC 862 or
gnutls-serv --echo), make it easier to find by mentioning "echo" in
the description of it in the help message an man page
Also fixes the man page inconsistency ("sends it back to the server")
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15739)
Richard Levitte [Mon, 14 Jun 2021 07:25:53 +0000 (09:25 +0200)]
CORE: Move away the allocation of the temporary no_cache method store
The responsibility for managing the temporary store for methods from
algorithm implementations flaged "no_store" is moved up to the diverse
method fetching functions. This allows them to allocate it "just in
time", or in other words not at all if there is not such algorithm
implementation.
This makes this temporary store more flexible if it's needed outside
of the core fetching functionality, and slightly faster when this
temporary store isn't necessary at all.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15737)
Dr. David von Oheimb [Mon, 14 Jun 2021 10:58:40 +0000 (12:58 +0200)]
ASN1_parse_dump(): allow NULL BIO input, to simplify applications not needing output
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
Dr. David von Oheimb [Sat, 12 Jun 2021 09:49:22 +0000 (11:49 +0200)]
BIO_write_ex(): Make handing of BIO b == NULL and dlen == 0 less redundant
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
Dr. David von Oheimb [Sat, 12 Jun 2021 11:47:38 +0000 (13:47 +0200)]
BIO: Make source file names in crypto/bio/ consistent
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
Dr. David von Oheimb [Sat, 12 Jun 2021 11:41:19 +0000 (13:41 +0200)]
BIO_dum_indent_cb(): Fix handling of cb return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
Dr. David von Oheimb [Sat, 12 Jun 2021 09:35:09 +0000 (11:35 +0200)]
fuzz/asn1parse.c: Clean up non-portable code and catch malloc failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
Dr. David von Oheimb [Sat, 12 Jun 2021 09:27:28 +0000 (11:27 +0200)]
BIO: prevent crash on NULL BIO for prefix_ctrl() and thus for BIO_set_prefix(), BIO_set_indent(), etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
Dr. David von Oheimb [Sat, 12 Jun 2021 09:25:07 +0000 (11:25 +0200)]
ASN1: rename asn1_par.c to asn1_parse.c for clarity; simplify asn1_parse2()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
Lars Immisch [Thu, 5 Mar 2020 10:26:06 +0000 (11:26 +0100)]
Use getauxval on Android with API level > 18
We received analytics that devices of the device family Oppo A37x
are crashing with SIGILL when trying to load libcrypto.so.
These crashes were fixed by using the system-supplied getauxval function.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11257)
Rich Salz [Sun, 13 Jun 2021 14:49:47 +0000 (10:49 -0400)]
Remove "-immedate_renegotiation" option
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15415)
Rich Salz [Fri, 21 May 2021 17:26:33 +0000 (13:26 -0400)]
Move AllowClientRenegotiation tests
Move them from test_renegotiation to renegotiation in ssl_new
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15415)
Pauli [Tue, 15 Jun 2021 09:01:00 +0000 (19:01 +1000)]
remove end of line whitespace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Pauli [Mon, 14 Jun 2021 11:22:55 +0000 (21:22 +1000)]
cms: free PKEY_CTX
Preventing a memory leak.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15731)
Pauli [Sun, 13 Jun 2021 23:50:36 +0000 (09:50 +1000)]
cms: fix coverity
1485981: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15731)
Pauli [Thu, 10 Jun 2021 06:58:12 +0000 (16:58 +1000)]
apps: move global libctx and property query into their own file
The header has been split out so the functions should be as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 02:05:28 +0000 (12:05 +1000)]
speed: make sure to free any allocated EVP_MAC structures
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 01:27:44 +0000 (11:27 +1000)]
pkcs12: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 01:27:31 +0000 (11:27 +1000)]
speed: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 00:26:43 +0000 (10:26 +1000)]
list: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 00:26:43 +0000 (10:26 +1000)]
kdf: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 00:26:43 +0000 (10:26 +1000)]
fipsinstall: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 01:35:26 +0000 (11:35 +1000)]
add libctx and property query to fetch functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 00:48:51 +0000 (10:48 +1000)]
test: add SPKAC command test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 00:33:13 +0000 (10:33 +1000)]
spkac: document -digest option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Pauli [Thu, 10 Jun 2021 00:06:20 +0000 (10:06 +1000)]
spkac: allow digests other than MD5 to be used for signing
Fixes #15683
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Shane Lontis [Mon, 14 Jun 2021 06:43:28 +0000 (16:43 +1000)]
Add missing NULL check in OSSL_DECODER_from_bio().
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15733)
Matt Caswell [Fri, 11 Jun 2021 11:43:00 +0000 (12:43 +0100)]
Avoid excessive OSSL_DECODER_do_all_provided calls
OSSL_DECODER_CTX_add_extra was calling OSSL_DECODER_do_all_provided in a
loop which was resulting in a large number of calls. Since
OSSL_DECODER_do_all_provided is quite "heavy" this was causing performance
issues.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15716)
Matt Caswell [Tue, 8 Jun 2021 10:49:06 +0000 (11:49 +0100)]
Add a generic SubjectPublicKeyInfo decoder
Previously all the SubjectPublicKeyInfo decoders were specific to a key
type. We would iterate over all them until a match was found for the correct
key type. Each one would fully decode the key before then testing whether
it was a match or not - throwing it away if not. This was very inefficient.
Instead we introduce a generic SubjectPublicKeyInfo decoder which figures
out what type of key is contained within it, before subsequently passing on
the data to a key type specific SubjectPublicKeyInfo decoder.
Fixes #15646
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15662)
Shane Lontis [Thu, 10 Jun 2021 08:14:03 +0000 (18:14 +1000)]
Fix DH/DHX named groups to not overwrite the private key length.
The only reason(s) the DH private key length should be set are:
(1) The user sets it during key generation via EVP_PKEY_CTX_set_params
using OSSL_PKEY_PARAM_DH_PRIV_LEN.
(2) When loading a PKCS3 (DH) key the optional value
'privateValueLength' is set.
Now that the named groups contain a value for 'q' there is no reason to
automatically overwrite the private key length.
Issue detected by @davidmakepeace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15695)
Tomas Mraz [Fri, 11 Jun 2021 10:32:39 +0000 (12:32 +0200)]
When linking to static libssl always link to static libcrypto
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15714)