git.openssl.org Git - openssl.git/log

Remove duplicate GENERATE declarations for .pod files

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13824)

Configure: warn about duplicate GENERATE declarations in build.info files

This sort of duplication is permitted, as the end result will be a single
item anyway, but we might as well warn to avoid future confusion.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13824)

Configure: clean away perl syntax faults

The faults aren't fatal (i.e. perl just shrugs), but are curious.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13824)

Configure: Check all SOURCE declarations, to ensure consistency

If the given sources are GENERATEd, we check those generators as well.

This ensures that the declarations in the diverse build.info files are
consistent with existing files.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13824)

v3_ocsp.c: fix indentation of include directives

Fixes #13820

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13822)

Close /dev/crypto file descriptor after CRIOGET ioctl().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13807)

APPS: Print help also on -h and --h; print high-level help when no cmd given

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13799)

APPS: Fix confusion between program and app/command name used in diagnostic/help output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13799)

apps/pkey.c: Forther improve user guidance, also on non-sensical option combinations

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)

apps/pkey.c: Re-order help output and option documentation

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)

apps/pkey.c: Make clear that -passout is not supported for DER output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)

apps.c: Fix crash in case uri arg of IS_HTTP or IS_HTTPS is NULL

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)

doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free()
instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13814)

Fix for negative return value from `SSL_CTX_sess_accept()`

Fixes #13183

From the original issue report, before this commit, on master and on
1.1.1, the issue can be detected with the following steps:

- Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI,
  "Accept" count of default context gets incremented
- After servername lookup, "Accept" count of default context gets
  decremented and that of SNI context is incremented
- Server sends a "Hello Retry Request"
- Client sends the second "Client Hello", now again "Accept" count of
  default context is decremented. Hence giving a negative value.

This commit fixes it by adding a check on `s->hello_retry_request` in
addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved
only on the first ClientHello.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13297)

Fix simpledynamic test compilation when condigured without DSO support.

This fixes this compilation error:
In file included from test/simpledynamic.c:13:
test/simpledynamic.h:39:35: error: unknown type name 'SD'
   39 | int sd_load(const char *filename, SD *sd, int type);
      |                                   ^~
test/simpledynamic.h:40:12: error: unknown type name 'SD'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |            ^~
test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |                                        ^~~~~~
test/simpledynamic.h:41:14: error: unknown type name 'SD'
   41 | int sd_close(SD lib);
      |              ^~
make[1]: *** [Makefile:24670: test/moduleloadtest-bin-simpledynamic.o] Error 1
make[1]: *** Waiting for unfinished jobs....
In file included from test/moduleloadtest.c:19:
test/simpledynamic.h:39:35: error: unknown type name 'SD'
   39 | int sd_load(const char *filename, SD *sd, int type);
      |                                   ^~
test/simpledynamic.h:40:12: error: unknown type name 'SD'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |            ^~
test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |                                        ^~~~~~
test/simpledynamic.h:41:14: error: unknown type name 'SD'
   41 | int sd_close(SD lib);
      |              ^~

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13802)

replace 'unsigned const char' with 'const unsigned char'

The openssl code base has only a few occurrences of 'unsigned const char'
(15 occurrences), compared to the more common 'const unsigned char' (4420
occurrences).

While the former is not illegal C, mixing the 'const' keyword (a 'type
qualifier') in between 'unsigned' and 'char' (both 'type specifiers') is a
bit odd.

The background for writing this patch is not to be pedantic, but because
the 'opmock' program (used to mock headers for unit tests) does not accept
the 'unsigned const char' construct. While this definitely is a bug in
opmock or one of its dependencies, openssl is the only piece of software we
are using in combination with opmock that has this construct.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13722)

[test][pkey_check] Add more invalid SM2 key tests

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)

Add SM2 private key range validation

According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.

For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.

Partially fixes https://github.com/openssl/openssl/issues/8435

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)

[test][pkey_check] Add invalid SM2 key test

SM2 private keys have different validation requirements than EC keys:
this test checks one corner case highlighted in
https://github.com/openssl/openssl/issues/8435

As @bbbrumley mentioned in
https://github.com/openssl/openssl/issues/8435#issuecomment-720504282
this only fixes the absence of a regression test for validation of this
kind of boundary issues for decoded SM2 keys.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)

[apps/pkey] Return error on failed `-[pub]check`

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)

[test] Add `pkey -check` validation tests

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)

Adding TLS group name retrieval

Function SSL_group_to_name() added, together with documentation and tests.
This now permits displaying names of internal and external
provider-implemented groups.

Partial fix of #13767

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13785)

[crypto/dh] side channel hardening for computing DH shared keys

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13783)

Ensure DTLS free functions can handle NULL

Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.

Fixes #13649

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13655)

Remove extra space.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)

Fixed error and return code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)

Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)

Fix set_ciphersuites ignore unknown ciphers.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)

Prepare for 3.0 alpha 11

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

Prepare for release of 3.0 alpha 10

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

Update copyright year

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13800)

Only perform special TLS handling if TLS has been configured

Skip over special TLS steps for stream ciphers if we haven't been
configured for TLS.

Fixes #12528

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13774)

Mac M1 setting change proposal.

Running tests takes very long with the current setting while it takes a
lot shorter time with this change.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13771)

Support session information on FreeBSD.

FreeBSD's /dev/crypto does not provide a CIOCGSESSINFO ioctl, but it
does provide other ioctls that can be used to provide similar
functionality.

First, FreeBSD's /dev/crypto defines a CIOCGESSION2 ioctl which accepts
a 'struct session2_op'.  This structure extends 'struct session_op'
with a 'crid' member which can be used to either request an individual
driver by id, or a class of drivers via flags.

To determine if the available drivers for a given algorithm are
accelerated or not, use CIOCGESSION2 to first attempt to create an
accelerated (hardware) session.  If that fails, fall back to
attempting a software session.  In addition, when requesting a new
cipher session, use the current setting of the 'use_softdrivers' flag
to determine the value assigned to 'crid' when invoking CIOCGSESSION2.

Finally, use the returned 'crid' value from CIOCGSESSION2 to look up
the name of the associated driver via the CIOCFINDDEV ioctl.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13468)

Use CRIOGET to fetch a crypto descriptor when present.

FreeBSD's current /dev/crypto implementation requires that consumers
clone a separate file descriptor via the CRIOGET ioctl that can then
be used with other ioctls such as CIOCGSESSION.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13468)

Updated SSL_CTX_new doc

Fixes #13703

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13741)

28-seclevel.cnf.in: fix typo in algo name

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13768)

EVP_SIGNATURE-ED25519.pod: fix typo in algo name

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13768)

win-onecore: Build with /APPCONTAINER for UWP compat

When targeting the win-onecore configuration, we must link with
/APPCONTAINER which is a requirement for submitting apps to the
Windows Store.

Without this, the Windows App Certificate Kit will reject the app:
https://docs.microsoft.com/en-us/cpp/build/reference/appcontainer-windows-store-app

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12400)

crypto/win: Don't use disallowed APIs on UWP

CreateFiber and ConvertThreadToFiber are not allowed in Windows Store
(Universal Windows Platform) apps since they have been replaced by
their Ex variants which have a new dwFlags parameter.

This flag allows the fiber to do floating-point arithmetic in the
fiber on x86, which would silently cause corruption otherwise since
the floating-point state is not switched by default.

Switch to these "new" APIs which were added in Vista.

See: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfiberex#parameters

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12400)

Update copyright years of auto-generated headers (make update)

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13764)

Add a test for the new CRYPTO_atomic_* functions

Also tests the older CRYPTO_atomic_add() which was without a test

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)

Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)

Optimise OPENSSL_init_crypto

If everything has already been initialised we can check this with a
single test at the beginning of OPENSSL_init_crypto() and therefore
reduce the amount of time spent in this function. Since this is called
via very many codepaths this should have significant performance benefits.

Partially fixes #13725 and #13578

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)

Add some more CRYPTO_atomic functions

We add an implementation for CRYPTO_atomic_or() and CRYPTO_atomic_load()

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)

Don't call EVP_CIPHER_CTX_block_size() to find the block size

The EVP lib was calling EVP_CIPHER_CTX_block_size(), which in turn calls
EVP_CIPHER_block_size() in order to find the block_size in every
EVP_EncryptUpdate() call. This adds a surprising amount of overhead when
using speed to test aes-128-cbc. Since we're in the EVP lib itself, we can
just directly access this value.

To test performance I ran the command:
openssl speed -evp aes-128-cbc -bytes 16 -seconds 30

For the before and after, I ran this twice and discarded the first result
to "warm up" my machine.

Before:
aes-128-cbc 716949.71k

After:
aes-128-cbc 742807.11k

This represents a performance improvement of about 4%

Partially fixes #13407

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13734)

Optimise OPENSSL_init_crypto to not need a lock when loading config

Most of the time we don't have any explicit settings when loading a
config file. Therefore we optimise things so that we don't need to use
a lock in that instance.

Partially addresses performance issues in #13725

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13731)

Cache Digest constants

EVP_CIPHER already caches certain constants so that we don't have to
query the provider every time. We do the same thing with EVP_MD constants.
Without this we can get performance issues, e.g. running "speed" with
small blocks of data to digest can spend a long time in EVP_MD_size(),
which should be quick.

Partialy fixes #13578

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13730)

Move the caching of cipher constants into evp_cipher_from_dispatch

Previously we cached the cipher constants in EVP_CIPHER_fetch(). However,
this means we do the caching every time we call that function, even if
the core has previusly fetched the cipher and cached it already. This
means we can end up re-caching the constants even though they are already
present. This also means we could be updating these constants from
multiple threads at the same time.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13730)

Fix doc-nits for list command

Bug was introduced in #13669

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13728)

Fetch provided algorithm once per benchmark

Partially fixes #13578

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13721)

Fix NULL pointer access caused by X509_ATTRIBUTE_create()

When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return
failure rather than silently constructing a broken X509_ATTRIBUTE object
that might cause NULL pointer accesses later on. This matters because
X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3)
and the NID comes straight from the user.

This bug was found while working on LibreSSL documentation.

Reviewed-by: Theo Buehler <tb@openbsd.org>
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12052)

Restore v2i_AUTHORITY_INFO_ACCESS() behavior

Fixes #13636

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13683)

Drop OPENSSL_NO_RSA everywhere

The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)

GitHub CI: Separate no-deprecated job from minimal job

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)

Fix 'no-deprecated'

Some of the handling of no-deprecated stuff wasn't quite complete, or
even plain wrong.

This restores i2d_PublicKey() to be able to handle EVP_PKEYs with
legacy internal keys.

This also refactors the DSA key tests in test/evp_extra_test.c to use
EVP functionality entirely.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)

Fix OSSL_PARAM creation in OSSL_STORE_open_ex

The params[0].data is set to a non-NULL value, but params[0].data_size
is always zero. This confuses get_string_internal, which creates 1 byte
string with uninitialized content.

When OSSL_PARAM_construct_utf8_string is used, the data_size is set
correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13699)

TEST: Fix test/endecode_test.c for 'no-legacy'

This adds an additional check that the legacy provider is available
when wanting to add tests for protected PVK, since that depends on the
availability of RC4.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13705)

make update

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/13701)

GitHub CI: Add 'check-update' and 'check-docs'

'check-update' runs a 'make update' to check that it wasn't forgotten.

'check-docs' runs 'make doc-nits'. We have that as a separate job to
make it more prominent.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/13701)

dsa: add additional deprecated functions to CHANGES entry.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)

dsa: provider and library deprecation changes

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)

dsa: apps deprecation changes

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)

dsa: fuzzer deprecation changes

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)

dsa: documentation deprecation changes

Fixes #13121

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)

apps/cmp.c: Correct -keyform option range w.r.t engine

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13690)

apps/cmp.c: Fix bug on -path option introduced in commit 3c9d6266ed85

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13690)

EVP: Fix memory leak in EVP_PKEY_CTX_dup()

In most error cases, EVP_PKEY_CTX_dup() would only free the EVP_PKEY_CTX
without freeing the duplicated contents.

Fixes #13503

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)

CORE: Separate OSSL_PROVIDER activation from OSSL_PROVIDER reference

This introduces a separate activation counter, and the function
ossl_provider_deactivate() for provider deactivation.

Something to be noted is that if the reference count goes down to
zero, we don't care if the activation count is non-zero (i.e. someone
forgot to call ossl_provider_deactivate()). Since there are no more
references to the provider, it doesn't matter.
The important thing is that deactivation doesn't remove the provider
as long as there are references to it, for example because there are
live methods associated with that provider, but still makes the
provider unavailable to create new methods from.

Fixes #13503
Fixes #12157

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)

DECODER: Adjust the library context of keys in our decoders

Because decoders are coupled with keymgmts from the same provider,
ours need to produce provider side keys the same way. Since our
keymgmts create key data with the provider library context, so must
our decoders.

We solve with functions to adjust the library context of decoded keys,
and use them.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)

MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key

So far, the MSBLOB and PVK writers could only handle EVP_PKEYs with
legacy internal keys.

Specially to be able to compile the loader_attic engine, we use the C
macro OPENSSL_NO_PROVIDER_CODE to avoid building the provider specific
things when we don't need them. The alternative is to suck half of
crypto/evp/ into loader_attic, and that's just not feasible.

Fixes #13503

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)

DECODER EVP_PKEY: Don't store all the EVP_KEYMGMTs

OSSL_DECODER_CTX_new_by_EVP_PKEY() would keep copies of all the
EVP_KEYMGMTs it finds.
This turns out to be fragile in certain circumstances, so we switch to
fetch the appropriate EVP_KEYMGMT when it's time to construct an
EVP_PKEY from the decoded data instead. This has the added benefit
that we now actually use the property query string that was given by
the caller for these fetches.

Fixes #13503

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)

Github CI: run also on repository pushes

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13686)

Add necessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC

When OpenSSL is configured with 'no-dh', 'no-dsa' and 'no-ec'
combined, some static functions have no use, which the compiler may
complain about. We therefore add extra guards to silence it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC

The apps, the CMS library and the X.509 library are primarly affected.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured).  However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
EC_KEY.  This change solves that problem by shuffling these functions
to more appropriate places.

Partially fixes #13550

squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_EC.  This requires some re-arrangements of
internal tables to translate between numeric identities and names.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured).  However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
DH.  This change solves that problem by shuffling these functions to
more appropriate places.

By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_DH.  This requires some re-arrangements of
internal tables to translate between numeric identities and names.

Partially fixes #13550

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

EVP_PKEY & DSA: move dsa_ctrl.c to be included only on libcrypto

These functions aren't used by the FIPS module, so there's no reason
to include it there.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

PROV: Add MSBLOB and PVK encoders

This allows 15-test_rsa.t to succeed, and provides the same OSSL_ENCODER
support for these formats as for all other formats supported in OpenSSL.

Fixes #13379

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13645)

TEST: Fix test/recipes/15-test_rsa.t

Perl strings should be compared with 'eq', not '=='.
This only generates a perl warning, so wasn't immediately noticed.

Also, remove the check of disabled 'dsa'. That never made reak sense.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13645)

APPS: Correct the output structure for public keys in 'openssl rsa'

'openssl rsa' would output a PKCS#1 structure when asked for a
SubjectPublicKeyInfo and vice versa.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13645)

Check non-option arguments

Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.

Made all error messages consistent (which is to say, minimal).

Fixes: #13527
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)

test: document the random test ordering env variable

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13672)

test: print OPENSSL_TEST_RAND_ORDER=x when a randomised test fails.

The previous message "random seed x" is a lot less descriptive.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13672)

Document OCSP_REQ_CTX_i2d.

Based on comments from David von Oheimb.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13620)

Deprecate OCSP_REQ_CTX_set1_req

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13620)

Skip tests depending on deprecated list -*-commands options

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)

Documenting the options deprecating in CHANGES.md

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)

Documenting the options deprecating

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)

Skip unavailable digests and ciphers in -*-commands

Fixes #13594

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)

Deprecate -cipher-commands and -digest-commands options

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)

OPENSSL_NO_GOST has nothing to do with low-level algos

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)

Configurations: PowerPC is big endian

Define B_ENDIAN on PowerPC because it is a big endian architecture. With
this change the BN* related tests pass.

Fixes: #12199
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12371)

Change AES-CTS modes CS2 and CS3 to also be inside the fips module.

The initial thought was that only CS1 mode (the NIST variant) was allowed.
The lab has asked if these other modes should be included.
The algorithm form indicates that these are able to be validated.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13639)

Fix Segfault in EVP_PKEY_CTX_dup when the ctx has an undefined operation.

Fixes #12438

Note: This worked in 1.1.1 so just returning an error is not valid.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13505)

Fix no-threads

Make OPENSSL_fork_prepare() et al always available even in a no-threads
build. These functions are no-ops anyway so this shouldn't make any
difference.

This fixes an issue where the symbol_presence test fails in a no-threads
build. This is because these functions have not been marked in
libcrypto.num as being dependent on thread support. Enclosing the
declarations of the functions in the header with an appropriate guard
does not help because we never define OPENSSL_NO_THREADS (we define the
opposite OPENSSL_THREADS). This confuses the scripts which only consider
OPENSSL_NO_* guards. The simplest solution is to just make them always
available.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13647)

openssl.pod: Fix openSSL options doc

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13651)

Remove unnecessary guards around MSBLOB and PVK readers and writers

The OPENSSL_NO_RC4 guard remain around protected PVK tests in
test/endecoder_test.c.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)

PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4'

All these functions are usable with RSA keys, there's no reason why
they should be unaccessible when DSA or RC4 are disabled.

When DSA is disabled, it's not possible to use these functions for
DSA EVP_PKEYs. That's fine, and supported.

When RC4 is disabled, it's not possible to use these functions to
write encrypted PVK output. That doesn't even depend on the
definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible
via EVP, something that isn't known when building libcrypto.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)

Building: Fix the library file names for MSVC builds to include multilib

In OpenSSL 1.1.1, VC-WIN64I and VC-WIN64A have a 'multilib' attribute
set, which affect the names of the produced libcrypto and libssl DLLs.
This restores that for OpenSSL 3.0.

Fixes #13659

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13670)