summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Rename internal drbg_ functions so they have an ossl_ prefix.Pauli2020-11-196-39/+39
| | | | | | | | These functions are: drbg_enable_locking(), drbg_get_ctx_params(), drbg_lock(), drbg_set_ctx_params() and drbg_unlock(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
* Rename SHA3 internal functions so they have an ossl_ prefixPauli2020-11-193-16/+17
| | | | | | | | These are: keccak_kmac_init(), sha3_final(), sha3_init(), sha3_reset() and sha3_update(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
* rename sha1_ctrl to ossl_sha1_ctrl.Pauli2020-11-194-7/+8
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
* Provide side RNG functions renamed to have an ossl_ prefix.Pauli2020-11-1913-35/+35
| | | | | | | | | These are: prov_crngt_cleanup_entropy(), prov_crngt_get_entropy(), prov_pool_acquire_entropy(), prov_pool_add_nonce_data(), prov_rand_drbg_free() and prov_rand_drbg_new(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
* rename mac_key_* to ossl_mac_key_*Pauli2020-11-193-15/+15
| | | | | | | mac_key_free(), mac_key_new(), mac_key_up_ref(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
* rename md5_block_asm_data_order to ossl_md5_block_asm_data_orderPauli2020-11-195-18/+18
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
* Rename md5_sha1_* ossl_md5_sha1_*Pauli2020-11-194-16/+16
| | | | | | | md5_sha1_init(), md5_sha1_update(), md5_sha1_final() and md5_sha1_ctrl(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
* DOC: Fix example in OSSL_PARAM_int.podRichard Levitte2020-11-181-3/+3
| | | | | | | | | | This fixes an incorrect NULL check. Fixes #11162 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13426)
* Swap to FIPS186-2 DSA generation outside of the FIPS moduleMatt Caswell2020-11-185-5/+16
| | | | | | | | Inside the FIPS module we continue to use FIPS186-4. We prefer FIPS186-2 in the default provider for backwards compatibility reasons. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13228)
* Swap to DH_PARAMGEN_TYPE_GENERATOR as the default outside of the FIPS moduleMatt Caswell2020-11-183-9/+35
| | | | | | | | | The documentation claimed this was already the default but it wasn't. This was causing the dhparam application to change behaviour when compared to 1.1.1 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13228)
* Adapt ssltest_old to not use deprecated DH APIsMatt Caswell2020-11-181-91/+67
| | | | | | | There are non-deprecated replacements so we should use those instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Extend the auto DH testing to check DH sizesMatt Caswell2020-11-181-0/+157
| | | | | | | | Check that the size of the DH parameters we select changes according to the size of the certificate key or symmetric cipher (if no certificate). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Add some additional test certificates/keysMatt Caswell2020-11-189-0/+318
| | | | | | | Add certs with 1024, 3072, 4096 and 8192 bit RSA keys Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Add a CHANGES.md entry for the "tmp_dh" functions/macrosMatt Caswell2020-11-181-0/+15
| | | | | | | Describe the tmp_dh deprecations, and what applications should do instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Add a test for the various ways of setting temporary DH paramsMatt Caswell2020-11-184-6/+206
| | | | | | | | We support a number of different ways of setting temporary DH params. We should test that they all work correctly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Document some SSL DH related functions/macrosMatt Caswell2020-11-184-78/+70
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Return sensible values for some SSL ctrlsMatt Caswell2020-11-181-6/+5
| | | | | | | Some ctrls were always returning 0 even if they were successful. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Only disabled what we need to in a no-dh buildMatt Caswell2020-11-1810-45/+20
| | | | | | | | | no-dh disables the low level API for DH. However, since we're now using the high level EVP API in most places we don't need to disable quite so much. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Implement a replacement for SSL_set_tmp_dh()Matt Caswell2020-11-187-88/+102
| | | | | | | | The old function took a DH as a parameter. In the new version we pass an EVP_PKEY instead. Similarly for the SSL_CTX version of this function. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Remove deprecated functionality from s_serverMatt Caswell2020-11-181-2/+15
| | | | | | | This will be added back in by a later commit Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Disable the DHParameters config option in a no-deprecated buildMatt Caswell2020-11-181-2/+3
| | | | | | | | This option calls SSL_set_tmp_dh() which does not exist in a no-deprecated build. We need to implement an alternative. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Remove DH usage from tls_process_cke_dheMatt Caswell2020-11-181-12/+1
| | | | | | | We instead set the encoded public key directly in the EVP_PKEY object. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Remove DH usage in tls_construct_server_key_exchange()Matt Caswell2020-11-181-18/+22
| | | | | | | | We get DH related parameters directly from the EVP_PKEY instead of downgrading to a DH object first. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Avoid the use of a DH object in tls_construct_cke_dhe()Matt Caswell2020-11-181-21/+27
| | | | | | | | There is no need for us to downgrade the EVP_PKEY into a DH object for this function so we rewrite things to avoid it. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Deprecate SSL_CTRL_SET_TMP_DH and other related ctrlsMatt Caswell2020-11-186-34/+49
| | | | | | | | These ctrls pass around a DH object which is now deprecated, so we deprecate the ctrls themselves. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Convert TLS ServerKeyExchange processing to use an EVP_PKEYMatt Caswell2020-11-181-39/+33
| | | | | | | | Previously we were constructing a DH object and then assigning it to an EVP_PKEY. Instead we construct an EVP_PKEY directly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Convert TLS auto DH parameters to use EVP_PKEYMatt Caswell2020-11-183-26/+34
| | | | | | | | Previously a DH object was constructed and then assigned to an EVP_PKEY. Instead we now construct the EVP_PKEY directly instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* DOC: Rewrite the section on reporting errors in doc/man3/ERR_put_error.podRichard Levitte2020-11-181-20/+85
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13320)
* CONF: Convert one last CONFerr() to ERR_raise()Richard Levitte2020-11-181-1/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13320)
* Simplify util/err-to-raiseRichard Levitte2020-11-181-45/+4
| | | | | | | | | There's no need to enumerate the possible {NAME}err, as they have a consistent pattern. Also, this script should not be used on the engines, as they have already converted appropriately. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13320)
* Really deprecate the old NAMEerr() macrosRichard Levitte2020-11-181-1/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13320)
* util/find-doc-nits: check podchecker() return valueRichard Levitte2020-11-171-1/+2
| | | | | | | | | | | From the Pod::Checker manual: > RETURN VALUE > podchecker returns the number of POD syntax errors found or > -1 if there were no POD commands at all found in the file. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13416)
* util/mkrc.pl: Make sure FILEVERSION and PRODUCTVERSION have four numbersRichard Levitte2020-11-171-2/+4
| | | | | | | Partially fixes #13414 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13415)
* NetBSD build fix.David Carlier2020-11-171-2/+3
| | | | | | | | | | getentropy shows up wrongly as weak symbol whereas there is no support. However NetBSD 10.0 will support getrandom. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13408)
* DOC: Fixup the description of the -x509_strict optionRichard Levitte2020-11-161-16/+48
| | | | | | | | | | | | | | | | | | | POD commands must always be surrounded by blank lines POD transformers read everything in paragraph mode. The following lines become *one* command, where the second line becomes part of the text of the first, including the command itself. In other words, this: =item something =item something else Translates to this in a man-page: something =item something else Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13412)
* Fix dsa securitycheck for fips.Shane Lontis2020-11-164-15/+14
| | | | | | | | | | | | Fixes #12627 Changed security check for DSA verification to match SP800-131Ar2 when the security strength is < 112. Fixed compilation error when using config opt 'no-fips-securitychecks' Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13387)
* Add documentation for EVP_PKEY2PKCS8/EVP_PKCS82PKEYShane Lontis2020-11-162-3/+47
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13388)
* Fixup EVP-MAC-KMAC documentationShane Lontis2020-11-161-3/+70
| | | | | | | | | Fixes #13232 Added example that shows setup of XOF. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13385)
* REF_PRINT: cast pointer to void to avoid warningsDaniel Bevenius2020-11-162-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, when configuring OpenSSL and specifying the --strict-warnings option there are failures like the following one: crypto/bio/bio_lib.c: In function 'BIO_up_ref': include/internal/refcount.h:169:25: error: format '%p' expects argument of type 'void *', but argument 3 has type 'BIO *' {aka 'struct bio_st *'} [-Werror=format=] 169 | fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) | ^~~~~~~~~~~~~ crypto/bio/bio_lib.c:185:5: note: in expansion of macro'REF_PRINT_COUNT' 185 | REF_PRINT_COUNT("BIO", a); | ^~~~~~~~~~~~~~~ include/internal/refcount.h:169:27: note: format string is defined here 169 | fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) | ~^ | | | void * cc1: all warnings being treated as errors This commit adds casts to avoid the warnings. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13389)
* Document the provider KDF API.Pauli2020-11-161-0/+329
| | | | | | | Fixes #11351 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13376)
* test/endecoder_legacy_test.c: new test for legacy comparisonRichard Levitte2020-11-153-0/+724
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | It checks that all of these functions have a corresponding OSSL_ENCODER implementation, and that the output is the same: - i2d_{TYPE}PrivateKey - i2d_{TYPE}PublicKey - i2d_{TYPE}params - i2d_{TYPE}_PUBKEY - PEM_write_bio_{TYPE}PrivateKey - PEM_write_bio_{TYPE}PublicKey - PEM_write_bio_{TYPE}Parameters - PEM_write_bio_{TYPE}_PUBKEY It also checks that all of these functions have a corresponding OSSL_DECODER implementation, and that the decoding result matches: - d2i_{TYPE}PrivateKey() - d2i_{TYPE}PublicKey(), - d2i_{TYPE}params(), - d2i_{TYPE}_PUBKEY(), - PEM_read_bio_{TYPE}PrivateKey() - PEM_read_bio_{TYPE}PublicKey() - PEM_read_bio_{TYPE}params() - PEM_read_bio_{TYPE}_PUBKEY() Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13262)
* Fix SUPPORT.md for better readabilityRichard Levitte2020-11-141-47/+18
| | | | | | | | | Most of the text was duplicated, and the second copy had better section titles that made the intent more prominent. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13398)
* Fix a few github file referencesRichard Levitte2020-11-143-3/+3
| | | | | | | | | | https://github.com/openssl/openssl/blob/master/.github/SUPPORT.md -> https://github.com/openssl/openssl/blob/master/SUPPORT.md Fixes #13396 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13397)
* Remove -C option from x509 commandRich Salz2020-11-133-34/+6
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13384)
* Remove -C from dhparam,dsaparam,ecparamRich Salz2020-11-137-222/+16
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13384)
* BIO: Undefine UNICODE in b_addr.c to get POSIX declaration of gai_strerror()Richard Levitte2020-11-131-0/+10
| | | | | | | | When UNICODE is defined, Windows headers push for WCHAR implementations, which aren't compatible with POSIX declarations. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
* crypto/provider_core.c: fix a couple of faulty ERR_raise_data() callsRichard Levitte2020-11-131-2/+2
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
* CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()Richard Levitte2020-11-1351-366/+273
| | | | | | | | | This is not done absolutely everywhere, as there are places where the use of ERR_add_error_data() is quite complex, but at least the simple cases are done. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
* Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() callRichard Levitte2020-11-13370-3734/+3429
| | | | | | | | | | This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
* EVP: Adapt EVP_PKEY2PKCS8() to better handle provider-native keysRichard Levitte2020-11-131-19/+51
| | | | | | | | | | | It doesn't downgread the keys to legacy any more. Instead, it uses OSSL_ENCODER to encode the key to DER, and d2i_PKCS8_PRIV_KEY_INFO() to make a PKCS8_PRIV_KEY_INFO structure from that. Fixes #12990 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12995)
View Lorry Controller Status