Tomas Mraz [Thu, 28 Jul 2022 14:23:51 +0000 (16:23 +0200)]
Fix regression from GCM mode refactoring
Fixes #18896
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18903)
Tomas Mraz [Thu, 28 Jul 2022 09:40:36 +0000 (11:40 +0200)]
test_external_oqsprovider: Use working checkout of liboqs
Fixes #18898
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18899)
Richard Levitte [Tue, 26 Jul 2022 17:38:02 +0000 (19:38 +0200)]
Fix quotes install_fips in Configurations/windows-makefile.tmpl
Directories and file names with spaces require quoting... again
Fixes #18880
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18881)
Alon Bar-Lev [Tue, 26 Jul 2022 12:17:06 +0000 (15:17 +0300)]
Handle SMIME_crlf_copy return code
Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.
This patch handles the SMIME_crlf_copy return code in all occurrences.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)
Alon Bar-Lev [Tue, 26 Jul 2022 05:53:48 +0000 (08:53 +0300)]
REGRESSION: CMS_final: do not ignore CMS_dataFinal result
The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning success from CMS_final.
The SMIME_crlf_copy result is returned while it is ignored in the rest
of the openssl code.
Prefer the CMS_dataFinal result.
This is regression from openssl-1.
Blame finds c1669f41ei as root cause of regression.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)
Tomas Mraz [Mon, 20 Jun 2022 15:11:28 +0000 (17:11 +0200)]
SSL object refactoring using SSL_CONNECTION object
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.
It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)
Matt Caswell [Thu, 16 Jun 2022 16:35:30 +0000 (17:35 +0100)]
Add some documentation for the BIO_s_mem() datagram capability
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18596)
Matt Caswell [Thu, 16 Jun 2022 16:30:46 +0000 (17:30 +0100)]
Add a test for BIO_s_mem() when using datagrams
The previous commit added support to BIO_s_mem() for using datagrams. We
now add tests for that functionality.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18596)
Matt Caswell [Thu, 16 Jun 2022 15:08:37 +0000 (16:08 +0100)]
Give BIO_s_mem() the ability to support datagrams
We introduce a new BIO ctrl that switches a BIO_s_mem() into datagram
mode. Packet boundaries are respected.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18596)
Joachim Vandersmissen [Tue, 26 Jul 2022 12:33:43 +0000 (12:33 +0000)]
Update EVP_KDF-X942-ASN1.pod
Replaced OSSL_KDF_PARAM_KEY with OSSL_KDF_PARAM_SECRET as that seems to be the intended value from the code (OSSL_KDF_PARAM_KEY is also supported but looks like a fallback).
Fixed name for OSSL_KDF_PARAM_X942_USE_KEYBITS.
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18878)
Pauli [Mon, 25 Jul 2022 06:07:26 +0000 (16:07 +1000)]
GCM: record limit counter gets reset on AAD changes
It shouldn't be. This moves the reset to the init function instead and only
does the reset on a key change.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18860)
Slanterns [Mon, 25 Jul 2022 23:15:40 +0000 (07:15 +0800)]
Remove `no-{ssl|tls|tls1_3|dtls}-method` in INSTALL.md
CLA: trivial
Actually there is no option called `no-{ssl|tls|tls1_3|dtls}-method`.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18872)
Dr. David von Oheimb [Wed, 20 Jul 2022 13:33:51 +0000 (15:33 +0200)]
x509_lu.c and x509_vfy.c: improve coding style, comments, and related doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18840)
Juergen Christ [Mon, 25 Jul 2022 09:31:20 +0000 (11:31 +0200)]
s390x: Optimize kmac
Use hardware acceleration for kmac on s390x. Since klmd does not support
kmac, perform padding of the last block by hand and use kimd. Yields a
performance improvement of between 2x and 3x.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18863)
Dr. David von Oheimb [Sun, 24 Jul 2022 20:44:13 +0000 (22:44 +0200)]
80-test_cmp_http.t: fix adaption of plan on 'certstatus' aspect of Mock server
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18858)
Charles Milette [Sat, 14 May 2022 01:42:29 +0000 (21:42 -0400)]
Fix UWP builds by defining VirtualLock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18311)
Richard Levitte [Mon, 25 Jul 2022 06:07:33 +0000 (08:07 +0200)]
Configurations/10-main.conf: In the VC-common target, unquote $(CC)
Some of the VC-common attributes have values that use `$(CC)`, wrapped with
quotes. However, `Configurations/windows-makefile.tmpl` already quotes the
`CC` value, like this:
CC="{- $config{CC} -}"
The interaction between that makefile variable and the attributes using
`$(CC)` wrapped with quotes is a command line with the quotes doubled. For
example, the value of `$(CPP)` becomes `""cl""`.
Strangely enough, this appears to be tolerated, at least on some versions of
Windows. However, this has been reported not to be the case.
This is fixed by removing the quotes in `Configurations/10-main.conf`,
making `Configurations/windows-makefile.tmpl` responsible for proper
quoting.
Fixes #18823
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18861)
(cherry picked from commit
c04b8819161de007cee831dd9e58dde52268da18)
Juergen Christ [Mon, 25 Jul 2022 08:34:26 +0000 (10:34 +0200)]
s390x: Fix GCM setup
Rework of GCM code did not include s390x causing NULL pointer dereferences on
GCM operations other than AES-GCM on platforms that support kma. Fix this by
a proper setup of the function pointers.
Fixes: 92c9086e5c2b ("Use separate function to get GCM functions")
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18862)
Pauli [Mon, 25 Jul 2022 03:01:00 +0000 (13:01 +1000)]
Fix error in LHASH documentation
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18859)
Matt Caswell [Fri, 22 Jul 2022 10:12:52 +0000 (11:12 +0100)]
Fix no-dtls1_2
dtlstest.c needs some adjusting to handle no-dtls1_2 since commit
7bf2e4d7f0c banned DTLSv1 at the default security level - causing the
test to fail.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18848)
Richard Levitte [Wed, 20 Jul 2022 10:49:54 +0000 (12:49 +0200)]
Don't try to make configuration leaner
This partially reverts Github PR #16378:
commit
764cf5b26306a8712e8b3d41599c44dc5ed07a25, titled "Configuration:
only produce a new configdata.pm if it has changed contents"
Unfortunately, the attempt to make configuration leaner didn't take
into account all the files that may or may not affect the outcome of
`configdata.pm`, and most of all, didn't take into account that `Makefile`
has clauses of its own to determined when a reconfiguration is needed, all
based on time stamps.
Something as simple as a changed `Configurations/10-main.conf`, where the
change doesn't affect the resulting `configdata.pm` gets `make` into a
reconfiguration loop, because `configdata.pm` is older than `10-main.conf`.
The lesson to remember is not to try to outsmart `make` in cases like this.
We retain the other parts of the PR mentioned, as they are still valid.
needed to be taken into account (all the Configurations/*.conf
as well as all the build.info)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18832)
Dr. David von Oheimb [Wed, 20 Jul 2022 12:38:20 +0000 (14:38 +0200)]
CHANGES.md: Add entries for contributions to 3.1 by DDvO
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18833)
Todd Short [Thu, 21 Jul 2022 13:45:52 +0000 (09:45 -0400)]
Add test from "Fix re-signing certificates with different key sizes"
Tests for #16080 and #18836
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18841)
Pauli [Thu, 21 Jul 2022 02:46:27 +0000 (12:46 +1000)]
Coverity
1507376: Dereference after null check
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18837)
Todd Short [Wed, 20 Jul 2022 15:11:41 +0000 (11:11 -0400)]
Clean up GCM_MUL and remove GCM_FUNCREF_4BIT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
Todd Short [Wed, 20 Jul 2022 15:06:59 +0000 (11:06 -0400)]
Clean up use of GHASH macro
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
Todd Short [Wed, 20 Jul 2022 14:54:24 +0000 (10:54 -0400)]
Use separate function to get GCM functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
Todd Short [Wed, 20 Jul 2022 14:04:34 +0000 (10:04 -0400)]
Remove some unused 4bit GCM code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
Todd Short [Wed, 20 Jul 2022 13:48:21 +0000 (09:48 -0400)]
Remove unused 1bit GCM implementation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
Todd Short [Wed, 20 Jul 2022 13:38:07 +0000 (09:38 -0400)]
Remove unused 8bit GCM implementation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
Matt Caswell [Fri, 10 Jun 2022 11:33:45 +0000 (12:33 +0100)]
Fix a crash in v2i_IPAddrBlocks()
If an IP address prefix value is supplied that is too large then a crash
can result. v2i_IPAddrBlocks() should sanity check the prefix value, as
should X509v3_addr_add_prefix().
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18523)
Pauli [Wed, 20 Jul 2022 00:09:53 +0000 (10:09 +1000)]
Fix error in example.
Fixes #18828
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18829)
Dr. David von Oheimb [Wed, 20 Jul 2022 06:39:45 +0000 (08:39 +0200)]
X509_STORE_CTX_purpose_inherit(): add missing details to its documentation
Fixes #18801
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18830)
marcfedorow [Tue, 19 Jul 2022 16:15:44 +0000 (19:15 +0300)]
Emit rev8 on __riscv_zbkb as on __riscv_zbb
Also add early clobber for two-insn bswap.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18827)
Dr. David von Oheimb [Tue, 14 Dec 2021 10:29:19 +0000 (11:29 +0100)]
Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg()
Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(),
and add respective tests as well as the -srvcertout CLI option using the new function.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18656)
Dmitry Belyavskiy [Thu, 14 Jul 2022 19:41:48 +0000 (21:41 +0200)]
Fix verify_callback in the openssl s_client/s_server app
We need to check that error cert is available before printing its data
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18805)
Dr. David von Oheimb [Tue, 12 Jul 2022 21:55:28 +0000 (23:55 +0200)]
check-format.pl: fix detection of missing/extra blank lines in local decls
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18789)
Dr. David von Oheimb [Tue, 12 Jul 2022 22:05:48 +0000 (00:05 +0200)]
check-format.pl: fix false positive on 'for(;; stmt)'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18789)
Dr. David von Oheimb [Tue, 12 Jul 2022 19:04:53 +0000 (21:04 +0200)]
check-format.pl: improve wording: 'no' -> 'missing'; further minor improvements
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18789)
Richard Levitte [Thu, 14 Apr 2022 15:52:12 +0000 (17:52 +0200)]
"Reserve" the method store when constructing methods
Introducing the concept of reserving the store where a number of
provided operation methods are to be stored.
This avoids racing when constructing provided methods, which is
especially pertinent when multiple threads are trying to fetch the
same method, or even any implementation for the same given operation
type.
This introduces a |biglock| in OSSL_METHOD_STORE, which is separate
from the |lock| which is used for more internal and finer grained
locking.
Fixes #18152
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18153)
Pauli [Tue, 19 Jul 2022 01:04:32 +0000 (11:04 +1000)]
Coverity
1507372: explicit null dereference
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18822)
Pauli [Tue, 19 Jul 2022 01:01:57 +0000 (11:01 +1000)]
Coverity
1503321 &
1503327: dereference after null check
The earlier fix being inadequate
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18822)
Tom Cosgrove [Mon, 18 Jul 2022 09:24:47 +0000 (10:24 +0100)]
Fix aarch64 signed bit shift issue found by UBSAN
Also fix conditional branch out of range when using sanitisers.
Fixes #18813
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Change-Id: Ic543885091ed3ef2ddcbe21de0a4ac0bca1e2494
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18816)
Dr. David von Oheimb [Thu, 14 Jul 2022 13:12:55 +0000 (15:12 +0200)]
apps/x509: Improve doc fix for -CAserial anc -CAcreateserial
This follows up on https://github.com/openssl/openssl/pull/18373
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18804)
Dr. David von Oheimb [Tue, 28 Jun 2022 07:03:31 +0000 (09:03 +0200)]
crypto/x509/v3_addr.c: fix style nits reported by check-format.pl
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
Dr. David von Oheimb [Tue, 28 Jun 2022 06:42:28 +0000 (08:42 +0200)]
libcrypto and test: rename asn1_string_to_time_t to ossl_asn1_string_to_time_t
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
Dr. David von Oheimb [Tue, 28 Jun 2022 05:53:59 +0000 (07:53 +0200)]
libcrypto refactoring: introduce and use ossl_asn1_string_set_bits_left()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
Dr. David von Oheimb [Tue, 28 Jun 2022 06:17:59 +0000 (08:17 +0200)]
libcrypto refactoring: make more use of ASN1_STRING_set0()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
Dr. David von Oheimb [Mon, 27 Jun 2022 17:42:13 +0000 (19:42 +0200)]
Add X509_PUBKEY_set0_public_key(), extracted from X509_PUBKEY_set0_param()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
Roberto Hueso Gomez [Fri, 15 Jul 2022 09:21:30 +0000 (11:21 +0200)]
Fix memleak in PKCS12_pbe_crypt_ex()
Makes sure that the variable 'out' is free on every error path.
Fixes #18689
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18808)
Bernd Edlinger [Fri, 13 May 2022 07:57:45 +0000 (09:57 +0200)]
Remove duplicated BIO_get_ktls_send calls in do_ssl3_write
This rather long function used to call BIO_get_ktls_send
mutliple times, although that result cannot change during
the execution of that function.
There was a similar unnecessary call to BIO_get_ktls_recv
in ssl3_get_record.
And while I'm already there, rewrite ssl3_write_bytes
to use BIO_get_ktls_send as a boolean (so using "!" instead
of "== 0").
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18304)
Tomas Mraz [Thu, 14 Jul 2022 10:32:03 +0000 (12:32 +0200)]
ossl_ffc_params_copy: Copy the keylength too
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
Tomas Mraz [Wed, 13 Jul 2022 14:04:09 +0000 (16:04 +0200)]
Test that we generate a short private key for known DH prime
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
Tomas Mraz [Tue, 12 Jul 2022 10:32:44 +0000 (12:32 +0200)]
dhparam: Correct the documentation of -dsaparam
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
Tomas Mraz [Fri, 10 Jun 2022 08:06:24 +0000 (10:06 +0200)]
dhparam_test: Test that we add private key length on generation and print it
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
Tomas Mraz [Fri, 10 Jun 2022 07:46:45 +0000 (09:46 +0200)]
dh_to_text: Print the dh->length if set
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
Tomas Mraz [Mon, 6 Jun 2022 08:22:00 +0000 (10:22 +0200)]
Use as small dh key size as possible to support the security
Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.
We use minimum key sizes as defined in RFC7919.
For arbitrary parameters we cannot know whether they are safe
primes (we could test but that would be too inefficient) we have
to keep generating large keys.
However we now set a small dh->length when we are generating safe prime
parameters because we know it is safe to use small keys with them.
That means users need to regenerate the parameters if they
want to take the performance advantage of small private key.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
Pauli [Thu, 14 Jul 2022 05:22:30 +0000 (15:22 +1000)]
Coverity
1506566: unchecked return value
There isn't much else that can be done here unfortunately.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18799)
Pauli [Thu, 14 Jul 2022 05:17:41 +0000 (15:17 +1000)]
evp: make all _is_a functions accept and handle a NULL argument
Makes life easier for callers.
Fixes Coverity
1503326
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18799)
Pauli [Thu, 14 Jul 2022 05:09:36 +0000 (15:09 +1000)]
Coverity
1503321 &
1503327: dereference after null check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18799)
Dr. David von Oheimb [Thu, 14 Jul 2022 15:11:22 +0000 (17:11 +0200)]
cmsapitest.c: add test case for CMS_EnvelopedData_decrypt()
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18667)
Dr. David von Oheimb [Mon, 27 Jun 2022 15:05:21 +0000 (17:05 +0200)]
CMS: add CMS_SignedData_verify(), a variant of CMS_verify() with extensions
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18667)
Dr. David von Oheimb [Mon, 27 Jun 2022 15:04:03 +0000 (17:04 +0200)]
CMS_add0_cert.pod: various improvements of the description
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18667)
Dr. David von Oheimb [Mon, 27 Jun 2022 13:16:51 +0000 (15:16 +0200)]
cms_sd.c: fix style/formatting nits reported check-format.pl
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18667)
Allan [Wed, 13 Jul 2022 08:55:22 +0000 (01:55 -0700)]
Added paragraph to free objects alloced by X509V3_add1_i2d()
Fixes #18665
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18786)
Allan [Wed, 13 Jul 2022 08:55:06 +0000 (01:55 -0700)]
Updated X509v3_get_ext_by_NID.pod and X509_CRL_get0_by_serial.pod
Updated these to the current documentation style.
Moved X509v3_delete_ext() under BUGS
to NOTES and added information to call free.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18786)
Juergen Christ [Wed, 13 Jul 2022 13:07:16 +0000 (15:07 +0200)]
s390x: Fix Keccak implementation
s390x does not directly support keccak via CPACF since these instructions
hard-code the padding to either SHA-3 or SHAKE for the "compute last message
digest" function. This caused test errors on Keccak digests. Fix it by using
"compute intermediate message digest" and manually computing the padding for
Keccak.
Fixes: a8b238f0e4c1 ("Fix SHA, SHAKE, and KECCAK ASM flag passing")
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18794)
xkernel [Wed, 13 Jul 2022 03:07:31 +0000 (11:07 +0800)]
ocspapitest: use TEST_true to report the exact failure
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18774)
xkernel [Mon, 11 Jul 2022 07:12:00 +0000 (15:12 +0800)]
ocspapitest: properly check the return of memory-allocating functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18774)
Juergen Christ [Wed, 13 Jul 2022 09:15:43 +0000 (11:15 +0200)]
Fix EC ASM flag passing
Flags for ASM implementations of EC curves were only passed to the FIPS
provider and not to the default or legacy provider. This left some potential
for optimization. Pass the correct flags also to these providers.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18791)
Dr. David von Oheimb [Mon, 11 Jul 2022 11:52:01 +0000 (13:52 +0200)]
http_client.c: 2nd fix for calculation of Content-Length in set1_content()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18779)
Dr. David von Oheimb [Tue, 31 May 2022 08:03:10 +0000 (10:03 +0200)]
apps/x509: add warnings for options ignored when -CA is not specified
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
Dr. David von Oheimb [Tue, 31 May 2022 08:02:02 +0000 (10:02 +0200)]
openssl-x509.pod.in: fix description of certificate serial number storage
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
Dr. David von Oheimb [Mon, 30 May 2022 14:53:05 +0000 (16:53 +0200)]
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial.
Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
Dr. David von Oheimb [Fri, 20 May 2022 04:23:54 +0000 (06:23 +0200)]
apps/x509: Fix -CAfile option being neglected with -new or -in
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
Dr. David von Oheimb [Mon, 11 Jul 2022 16:48:52 +0000 (18:48 +0200)]
crypto/evp/bio_b64.c: improve coding style
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18787)
Hongren (Zenithal) Zheng [Wed, 11 May 2022 10:09:46 +0000 (18:09 +0800)]
Add ROTATE inline RISC-V zbb/zbkb asm for chacha
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18289)
Daniel Fiala [Mon, 11 Jul 2022 07:03:58 +0000 (09:03 +0200)]
Add an EVP demo for CMAC
Fixes openssl#14110
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18778)
slontis [Tue, 12 Jul 2022 04:28:37 +0000 (14:28 +1000)]
Check for EVP_MD being NULL inside ssl.
Fix multiple places that could potentially segfault if memory
allocations fail. e.g. ssl_load_ciphers() could fail while calling
ssl_evp_md_fetch().
Found by #18355
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18784)
Dr. David von Oheimb [Fri, 8 Jul 2022 20:25:12 +0000 (22:25 +0200)]
crypto/x509/v3_purp.c: Improve coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18759)
Dr. David von Oheimb [Sat, 9 Jul 2022 08:44:35 +0000 (10:44 +0200)]
crypto/x509/x509_vfy.c: Improve coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18759)
Tomas Mraz [Mon, 11 Jul 2022 10:49:56 +0000 (12:49 +0200)]
speed: Always reset the outlen when calling EVP_PKEY_derive
Fixes #18768
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18777)
Richard Levitte [Thu, 28 Apr 2022 06:15:53 +0000 (08:15 +0200)]
Pre-declare all core dispatch table functions, and fix the internal ones
When assigning pointers to functions in an OSSL_DISPATCH table, we try
to ensure that those functions are properly defined or declared with
an extra declaration using the corresponding function typedefs that
are defined by include/openssl/core_dispatch.h.
For the core dispatch table, found in crypto/provider_core.c, it seems
we forgot this habit, and thus didn't ensure well enough that the
function pointers that are assigned in the table can actually be used
for those dispatch table indexes.
This change adds all the missing declarations, and compensates for
differences with functions that do the necessary casting, making those
explicit rather than implicit, thereby trying to assure that we know
what we're doing.
One function is not fixed in this change, because there's a controversy,
a clash between the signature of BIO_ctrl() and OSSL_FUNC_BIO_ctrl_fn.
They have different return types.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18198)
xkernel [Mon, 11 Jul 2022 07:21:09 +0000 (15:21 +0800)]
add a check for the return of OBJ_new_nid()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18773)
Varun Sharma [Sat, 9 Jul 2022 14:03:23 +0000 (07:03 -0700)]
ci: add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)
Dr. David von Oheimb [Fri, 8 Jul 2022 09:14:16 +0000 (11:14 +0200)]
OSSL_trace_set_channel.pod and openssl.pod: fix missing/inconsistent category items
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18763)
Dr. David von Oheimb [Sat, 9 Jul 2022 09:09:08 +0000 (11:09 +0200)]
x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting
The problem of producing to-the-point diagnostics will be fixed in a follow-up PR.
Fixes #18691
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18758)
Dr. David von Oheimb [Fri, 8 Jul 2022 19:49:28 +0000 (21:49 +0200)]
test/certs/setup.sh: add missing comment on CA cert variant without basic constraints
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18758)
slontis [Thu, 7 Jul 2022 05:03:08 +0000 (15:03 +1000)]
Fix memory leak in EVP_PKEY_get1_encoded_public_key.
Occurs if a failure happens after the malloc call in the second call to
EVP_PKEY_get_octet_string_param().
Detected by PR #18355
Some calling code assumes that nothing is allocated in the returned
pointer if there was a failure. Other calling code always trys freeing.
The third case is in ecdh_cms_encrypt() where it does not check the
return value. I am assuming this change is ok since the legacy path in
EVP_PKEY_get1_encoded_public_key() also does not return the pointer on
failure.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18739)
Dr. David von Oheimb [Fri, 1 Jul 2022 15:46:36 +0000 (17:46 +0200)]
http_client.c: fix calculation of Content-Length in set1_content()
Work around an inconsistency in the implementations of BIO_CTRL_INFO.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18701)
Dr. David von Oheimb [Fri, 1 Jul 2022 18:38:59 +0000 (20:38 +0200)]
apps/cmp.c: fix cleanup of CMP_CTX vs. APP_HTTP_TLS_INFO in its http_cb_arg field
Prevent crashes on error by making sure the info is freed after OSSL_CMP_CTX_free(),
which may call OSSL_HTTP_close() and thus indirectly reference the info.
Moreover, should not attempt to reference the cmp_ctx variable when NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18702)
Dr. David von Oheimb [Fri, 1 Jul 2022 18:25:55 +0000 (20:25 +0200)]
cmp_http.c: extend comment in keep_alive()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18702)
Allan [Thu, 7 Jul 2022 23:04:09 +0000 (16:04 -0700)]
Fix memory leak in X509V3_add1_i2d when flag is X509V3_ADD_DELETE
Fixes #18677
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18698)
Viktor Szakats [Sun, 3 Jul 2022 22:30:06 +0000 (22:30 +0000)]
use #pragma comment(lib) with _MSC_VER only
Avoid this warning when compiled with llvm/gcc + mingw-w64 and
`USE_BCRYPTGENRANDOM` enabled:
```
../providers/implementations/rands/seeding/rand_win.c:31:11: warning: unknown pragma ignored [-Wunknown-pragmas]
^
1 warning generated.
```
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18709)
Mingjun.Yang [Mon, 4 Jul 2022 09:41:54 +0000 (17:41 +0800)]
feat: add hmac-sm3 test cases from GM/T 0042-2015 Appendix D.3
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18714)
Kan [Tue, 21 Jun 2022 06:55:55 +0000 (14:55 +0800)]
Add config option for speed command
Fixed #16986
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18616)
Tomas Mraz [Thu, 7 Jul 2022 15:23:10 +0000 (17:23 +0200)]
Add the LibreOffice Draw source for the QUIC overview graph
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18745)
Juergen Christ [Thu, 7 Jul 2022 16:57:55 +0000 (18:57 +0200)]
Fix SHA, SHAKE, and KECCAK ASM flag passing
Flags for ASM implementations of SHA, SHAKE, and KECCAK were only passed to
the FIPS provider and not to the default or legacy provider. This left some
potential for optimization. Pass the correct flags also to these providers.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18747)
slontis [Thu, 7 Jul 2022 02:01:09 +0000 (12:01 +1000)]
Make evp_test skip mac tests if digest or ciphers are disabled.
Fixes test error in #18714
This only happens currently during minimal builds.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18737)
Daniel Fiala [Thu, 7 Jul 2022 06:55:06 +0000 (08:55 +0200)]
Add an EVP demo for HMAC
Fixes openssl#14109
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18752)