Pauli [Wed, 3 Mar 2021 01:32:39 +0000 (11:32 +1000)]
doc: note that get_params and set_params calls should return true if the param array is null
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Wed, 3 Mar 2021 01:26:51 +0000 (11:26 +1000)]
doc: document the additional params argument to the various init() calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:46:24 +0000 (22:46 +1000)]
support params argument to AES cipher init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Wed, 3 Mar 2021 00:59:18 +0000 (10:59 +1000)]
doc: update cipher documentation to include the new init functions with params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:46:04 +0000 (22:46 +1000)]
prov: support params argument to common cipher init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:45:34 +0000 (22:45 +1000)]
prov: support param argument to DES cipher init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:45:13 +0000 (22:45 +1000)]
prov: support param argument to null cipher init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:44:53 +0000 (22:44 +1000)]
prov: support params argument to CHACHA20 ciphers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:44:25 +0000 (22:44 +1000)]
prov: support params argument to RCx ciphers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:43:36 +0000 (22:43 +1000)]
prov: support params arguments to signature init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 23:20:21 +0000 (09:20 +1000)]
prov: update digests to support modified ctx params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Wed, 3 Mar 2021 00:59:01 +0000 (10:59 +1000)]
doc: update digest documentation to include the new init functions with params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:42:41 +0000 (22:42 +1000)]
prov: support param argument to digest init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:42:10 +0000 (22:42 +1000)]
doc: document param argument to RSA calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:41:58 +0000 (22:41 +1000)]
doc: document param argument to cipher init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:41:24 +0000 (22:41 +1000)]
test: support params arguments to init functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:41:10 +0000 (22:41 +1000)]
ssl: support params arguments to init functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:40:25 +0000 (22:40 +1000)]
apps: support param argument to init functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:01:12 +0000 (22:01 +1000)]
prov: update KEM to support params on init()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 12:00:53 +0000 (22:00 +1000)]
prov: update exchange algorithms to support params on the init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 10:21:00 +0000 (20:21 +1000)]
misc: other init function param additions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Wed, 3 Mar 2021 01:02:42 +0000 (11:02 +1000)]
doc: update PKEY documentation to include the new init functions with params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 10:20:25 +0000 (20:20 +1000)]
evp: add params arguments to init functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 09:05:39 +0000 (19:05 +1000)]
core: add params arguments to init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Tue, 2 Mar 2021 09:04:55 +0000 (19:04 +1000)]
prov: asym ciphers take an extra init() params argument
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Mon, 1 Mar 2021 23:05:15 +0000 (09:05 +1000)]
doc: add params argument to key manager's gen_init call
Fixes #14286
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Mon, 1 Mar 2021 23:03:00 +0000 (09:03 +1000)]
core: add params argument to key manager's gen_init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Mon, 1 Mar 2021 23:02:25 +0000 (09:02 +1000)]
provider: add params argument to key manager's gen_init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Mon, 1 Mar 2021 23:01:33 +0000 (09:01 +1000)]
evp: add params argument to key manager's gen_init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Pauli [Mon, 1 Mar 2021 23:01:14 +0000 (09:01 +1000)]
test: add params argument to key manager's gen_init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
Rich Salz [Thu, 18 Feb 2021 21:27:08 +0000 (16:27 -0500)]
Fix error-checking compiles for mutex
Fixes: #14229
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14264)
Anthony Hu [Wed, 10 Mar 2021 16:15:57 +0000 (11:15 -0500)]
Increase the upper limit on group name length
While all the standardized groups would fit within the old limit,
with the addition of providers, some might want to experiment with
new and unstandardized groups. As such, their names might not fit
within the old limit.
Define it as GROUP_NAME_BUFFER_LENGTH with value 64.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14502)
Richard Levitte [Tue, 9 Mar 2021 17:49:06 +0000 (18:49 +0100)]
TEST: Stop the cleanup in test/recipes/20-test_mac.t
Let the files remain to make test forensics easy
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14484)
Richard Levitte [Tue, 9 Mar 2021 17:23:39 +0000 (18:23 +0100)]
PROV: use EVP_CIPHER_CTX_set_params() rather than EVP_CIPHER_CTX_ctrl()
This is in gmac_final(), where the cipher is known to be fetched.
It's more suitable to use OSSL_PARAMs than _ctrl functions, as the
latter are expected to become obsolete.
Fixes #14359
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14484)
Dr. David von Oheimb [Tue, 9 Mar 2021 12:32:43 +0000 (13:32 +0100)]
openssl-cmp.pod.in and apps/cmp.c: Various minor do improvements
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14493)
Matt Caswell [Thu, 11 Mar 2021 13:47:21 +0000 (13:47 +0000)]
Prepare for 3.0 alpha 14
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 11 Mar 2021 13:47:12 +0000 (13:47 +0000)]
Prepare for release of 3.0 alpha 13
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 11 Mar 2021 13:27:36 +0000 (13:27 +0000)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
Vincent Drake [Mon, 1 Mar 2021 19:38:02 +0000 (14:38 -0500)]
Use read/write locking on Windows
Fixes #13914
The "SRWLock" synchronization primitive is available in Windows Vista
and later. CRYPTO_THREAD functions now use SRWLock functions when the
target operating system supports them.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14381)
panda [Mon, 8 Mar 2021 21:12:42 +0000 (13:12 -0800)]
Check SSL_set1_chain error in set_cert_cb
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14469)
Pedro Monreal [Thu, 4 Mar 2021 16:01:50 +0000 (17:01 +0100)]
Fix reason code: EVP_R_OPERATON_NOT_INITIALIZED
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14429)
Pauli [Tue, 9 Mar 2021 00:57:05 +0000 (10:57 +1000)]
test: convert store test to use relative paths
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)
Pauli [Fri, 5 Mar 2021 01:24:34 +0000 (11:24 +1000)]
core: add up_ref callback for OSSL_CORE_BIO
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)
Pauli [Thu, 4 Mar 2021 03:53:53 +0000 (13:53 +1000)]
Add a real type for OSSL_CORE_BIO which is distinct from and not castable to BIO
Providers (particularly the FIPS provider) needs access to BIOs from libcrypto.
Libcrypto is allowed to change the internal format of the BIO structure and it
is still expected to work with providers that were already built. This means
that the libcrypto BIO must be distinct from and not castable to the provider
side OSSL_CORE_BIO.
Unfortunately, this requirement was broken in both directions. This fixes
things by forcing the two to be different and any casts break loudly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)
Shane Lontis [Tue, 9 Mar 2021 07:27:55 +0000 (17:27 +1000)]
Use BIO_f_readbuffer() in the decoder to support stdin.
Fixes #13185
Fixes #13352
Removed the existing code in file_store that was trying to figure out the
input type.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
Shane Lontis [Tue, 9 Mar 2021 07:25:26 +0000 (17:25 +1000)]
Add new filter BIO BIO_f_readbuffer()
This allows BIO_tell() and BIO_seek() to work for BIO's that do
not support these methods. The main use case for this is file/fd BIO's
that use stdin.
This works for stdin taken from input redirection (command < file),
and stdin via pipe (cat file | command).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
Tomas Mraz [Tue, 9 Mar 2021 13:59:20 +0000 (14:59 +0100)]
Fix formatting error of HISTORY section in some manual pages.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14450)
Tomas Mraz [Fri, 5 Mar 2021 21:11:49 +0000 (22:11 +0100)]
Change default algorithms in PKCS12_create() and PKCS12_set_mac()
Use the modern defaults as now set in the pkcs12 app. This also
allows modifying the application to not override the default values
when calling the API.
Fixes #14034
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14450)
Matt Caswell [Mon, 8 Mar 2021 17:15:55 +0000 (17:15 +0000)]
Mention the change of licence in NEWS.md
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
Matt Caswell [Mon, 8 Mar 2021 16:23:14 +0000 (16:23 +0000)]
Expand the CHANGES entry for SHA1 and libssl
As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at
security level 1 we also document that TLS 1.2 connection will fail
if the ClientHello does not have a signature algorithms extension.
Fixes #14447
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
Matt Caswell [Mon, 8 Mar 2021 16:18:26 +0000 (16:18 +0000)]
Add a CHANGES for OSSL_STORE_INFO_get_type()
The function OSSL_STORE_INFO_get_type() may now return a new object
type. Applications may have to be amended accordingly.
Fixes #14446
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
Matt Caswell [Mon, 8 Mar 2021 16:06:17 +0000 (16:06 +0000)]
Add a missing CHANGES.md entry for the legacy provider
Numerous ciphers and digests have been moved to the legacy provider.
There should be a CHANGES.md entry pointing this out.
Fixes #14441
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
Dmitry Belyavskiy [Mon, 8 Mar 2021 20:36:10 +0000 (21:36 +0100)]
Non-const accessor to legacy keys
Fixes #14466.
Reverting the changes of the EVP_PKEY_get0 function.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14468)
Arthur Gautier [Sat, 6 Mar 2021 23:08:08 +0000 (23:08 +0000)]
EVP_KDF-KB man page: Fix typo in the example code
CLA: trivial
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14455)
Alistair Francis [Thu, 4 Mar 2021 17:10:11 +0000 (12:10 -0500)]
Fixup support for io_pgetevents_time64 syscall
This is a fixup for the original commit
5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
"Add support for io_pgetevents_time64 syscall" that didn't correctly
work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V.
For a full discussion of the issue see:
https://github.com/openssl/openssl/commit/
5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14432)
Dr. David von Oheimb [Mon, 8 Mar 2021 07:04:54 +0000 (08:04 +0100)]
cmp_hdr.c: Fix minor Coverity issue CID
1473605
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14460)
Dr. David von Oheimb [Mon, 8 Mar 2021 06:58:04 +0000 (07:58 +0100)]
http_test.c: Fix minor Coverity issue CID
1473608
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14460)
Shane Lontis [Thu, 4 Mar 2021 03:54:40 +0000 (13:54 +1000)]
Reword repeated words.
A trivial PR to remove some commonly repeated words. It looks like this is
not the first PR to do this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14420)
Tomas Mraz [Fri, 5 Mar 2021 17:19:12 +0000 (18:19 +0100)]
apps/pkcs12: Allow continuing on absent mac
Just print a warning in that case.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)
Tomas Mraz [Fri, 5 Mar 2021 17:08:05 +0000 (18:08 +0100)]
apps/pkcs12: Detect missing PKCS12KDF support on import
Report error message with hint to use -nomacver if
MAC verification is not required.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)
Tomas Mraz [Fri, 5 Mar 2021 16:22:35 +0000 (17:22 +0100)]
apps/pkcs12: Properly detect MAC setup failure
The MAC requires PKCS12KDF support which is not present
in FIPS provider as it is not an approved KDF algorithm.
Suggest using -nomac if MAC is not required.
Fixes #14057
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)
Armin Fuerst [Mon, 8 Mar 2021 20:14:50 +0000 (21:14 +0100)]
fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14471)
Matt Caswell [Thu, 4 Mar 2021 16:33:26 +0000 (16:33 +0000)]
Fix the check for suitable groups and TLSv1.3
If we have TLSv1.3 enabled then we must have at least one TLSv1.3 capable
group available. This check was not always working
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14430)
Matt Caswell [Tue, 2 Mar 2021 15:52:00 +0000 (15:52 +0000)]
Make the EVP_PKEY_get0* functions have a const return type
OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Matt Caswell [Thu, 25 Feb 2021 17:00:38 +0000 (17:00 +0000)]
Document the change in behaviour of the the low level key getters/setters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Matt Caswell [Thu, 25 Feb 2021 16:27:46 +0000 (16:27 +0000)]
Ensure the various legacy key EVP_PKEY getters/setters are deprecated
Most of these were already deprecated but a few have been missed. This
commit corrects that.
Fixes #14303
Fixes #14317
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Matt Caswell [Wed, 24 Feb 2021 16:38:28 +0000 (16:38 +0000)]
Cache legacy keys instead of downgrading them
If someone calls an EVP_PKEY_get0*() function then we create a legacy
key and cache it in the EVP_PKEY - but it doesn't become an "origin" and
it doesn't ever get updated. This will be documented as a restriction of
the EVP_PKEY_get0*() function with provided keys.
Fixes #14020
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Matt Caswell [Wed, 24 Feb 2021 15:04:41 +0000 (15:04 +0000)]
Avoid a null pointer deref on a malloc failure
Make sure we were sucessful in creating an EVP_PKEY
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Matt Caswell [Fri, 29 Jan 2021 17:25:33 +0000 (17:25 +0000)]
Add a multi thread test for downgrading keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Dmitry Belyavskiy [Fri, 5 Mar 2021 17:50:37 +0000 (18:50 +0100)]
Restore GOST macros compatibility with 1.1.1
Fixes #14440
Before IANA assigned the official codes for the GOST signature
algorithms in TLS, the values from the Reserved for Private Use range
were in use in Russia. The old values were renamed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14448)
Dr. David von Oheimb [Wed, 6 Jan 2021 14:01:46 +0000 (15:01 +0100)]
apps/x509.c: Rename -signkey to -key for consistency with the req app
Also because this better reflects that usually also the public portion is used.
Retaining the old -signkey as an alias for backward compatibility.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14007)
Dr. David von Oheimb [Mon, 1 Mar 2021 11:43:05 +0000 (12:43 +0100)]
HTTP: Fix BIO_mem_d2i() on NULL mem input
This fixes also failure behavior of OSSL_HTTP_REQ_CTX_sendreq_d2i(), OCSP_sendreq_nbio(), etc.
Fixes #14322
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14356)
Dr. David von Oheimb [Mon, 1 Mar 2021 10:47:18 +0000 (11:47 +0100)]
http_local.h: Remove unused declaration of HTTP_sendreq_bio()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14356)
Dr. David von Oheimb [Mon, 1 Mar 2021 13:06:32 +0000 (14:06 +0100)]
Simplify OCSP_sendreq_bio()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14356)
Dr. David von Oheimb [Mon, 8 Feb 2021 18:13:26 +0000 (19:13 +0100)]
Make more use of X509_add_certs(); minor related code & comments cleanup
This is a follow-up on #12615.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14436)
Dr. David von Oheimb [Mon, 1 Mar 2021 07:56:46 +0000 (08:56 +0100)]
OCSP_resp_find_status.pod: Complete the RETURN VALUES section
Supersedes #11877. Also make order in NAME section consistent.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14347)
Dr. David von Oheimb [Mon, 1 Mar 2021 07:54:52 +0000 (08:54 +0100)]
crypto/ocsp/ocsp_cl.c: coding style improvements
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14347)
Paul Nelson [Wed, 10 Feb 2021 22:49:19 +0000 (16:49 -0600)]
Update the demos/README file because it is really old. New demos should provide best practice for API use.
Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14150)
Tomas Mraz [Thu, 4 Mar 2021 12:37:34 +0000 (13:37 +0100)]
CI external tests: separate each external test into its own phase
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
Tomas Mraz [Thu, 4 Mar 2021 11:35:16 +0000 (12:35 +0100)]
CI external test: for now run only the krb5 and gost_engine tests
The boringssl (https://github.com/openssl/openssl/issues/14424)
and pyca-cryptography (https://github.com/openssl/openssl/issues/14425)
tests are currently broken.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
Tomas Mraz [Thu, 4 Mar 2021 11:33:33 +0000 (12:33 +0100)]
gost_engine test: further cleanups and fixes
Allow absolute paths for $SRCTOP and $BLDTOP.
Do not build the gost_engine in tree.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
Tomas Mraz [Wed, 3 Mar 2021 17:46:34 +0000 (18:46 +0100)]
gost_engine test: Run also perl and tcl tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
Tomas Mraz [Wed, 3 Mar 2021 17:26:22 +0000 (18:26 +0100)]
CI: add job with external tests
Update gost-engine submodule.
Update pyca-cryptography submodule.
Fix condition for skipping krb5 test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
Richard Levitte [Wed, 3 Mar 2021 16:33:08 +0000 (17:33 +0100)]
DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod
Fixes #14414
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14415)
Richard Levitte [Mon, 1 Mar 2021 12:27:24 +0000 (13:27 +0100)]
Make provider provider_init thread safe, and flag checking/setting too
provider_init() makes changes in the provider structure, and needs a
bit of protection to ensure that doesn't happen concurrently with race
conditions.
This also demands a bit of protection of the flags, since they are
bits and presumably occupy the same byte in memory.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14354)
Richard Levitte [Mon, 1 Mar 2021 12:27:15 +0000 (13:27 +0100)]
Make ossl_provider_disable_fallback_loading() thread safe
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14354)
Richard Levitte [Mon, 1 Mar 2021 15:31:34 +0000 (16:31 +0100)]
test/threadstest.c: Add a test to load providers concurrently
If we don't synchronize properly in the core provider code, and build
with a thread sanitizer, this should cause a crash.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14354)
Tomas Mraz [Wed, 3 Mar 2021 08:44:25 +0000 (09:44 +0100)]
ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt
We can try to do that although for legacy keys the keymgmt
will not be set. This function will disappear with legacy support
removed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Tue, 2 Mar 2021 16:17:46 +0000 (17:17 +0100)]
bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module
We do not want tracing in the FIPS module.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Tue, 2 Mar 2021 16:05:48 +0000 (17:05 +0100)]
ecx_set_priv_key: Remove TODO 3.0 related to setting libctx
This function is used only for legacy keys so the TODO is
not relevant.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Tue, 2 Mar 2021 15:55:48 +0000 (16:55 +0100)]
do_sigver_init: Remove fallback for missing provider implementations.
We now have everything implemented in providers.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Tue, 2 Mar 2021 15:16:06 +0000 (16:16 +0100)]
Remove some of the TODO 3.0 in crypto/evp related to legacy support.
The legacy support stays in 3.0. The TODOs are dropped.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 16:48:19 +0000 (17:48 +0100)]
crypto/param_build_set.c: Remove irrelevant TODO 3.0
The OSSL_PARAM_set_BN() pads to data_size so there is no
need for OSSL_PARAM_set_BN_pad().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 16:24:55 +0000 (17:24 +0100)]
crypto/ppccap.c: Remove useless TODO 3.0
The chacha and poly1305 algorithms are not FIPS approved so
they should stay out of FIPS module.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 15:55:23 +0000 (16:55 +0100)]
include/crypto: Remove TODOs that are irrelevant for 3.0
The legacy support will not be removed in 3.0. Remove the
related TODO 3.0 marks.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Mon, 1 Mar 2021 15:51:13 +0000 (16:51 +0100)]
include/internal: Remove TODOs that are irrelevant for 3.0
The sha3 and sm3 legacy support requires these headers.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14404)
Tomas Mraz [Tue, 2 Mar 2021 17:55:35 +0000 (18:55 +0100)]
test/x509: Test for issuer being overwritten when printing.
The regression from commit
05458fd was fixed, but there is
no test for that regression. This adds it simply by having
a certificate that we compare for -text output having
a different subject and issuer.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14353)
Dr. David von Oheimb [Thu, 26 Nov 2020 07:35:26 +0000 (08:35 +0100)]
OSSL_STORE: restore diagnostics on decrypt error; provide password hints
Fixes #13493
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13525)
Tobias Nießen [Tue, 2 Mar 2021 17:15:32 +0000 (18:15 +0100)]
crypto: rename error flags in internal structures
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14405)
Richard Levitte [Fri, 26 Feb 2021 09:46:27 +0000 (10:46 +0100)]
Add a new test recipe to verify the generated test fipsmodule.cnf
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)