Add an EVP demo for AES key wrap

Fixes openssl#14119

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau

Add an EVP demo for AES key wrap

Fixes openssl#14119

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19141)

show more ...

80-test_ssl_new.t: make dependencies on CTLOG_FILE and TEST_CERTS_DIR explicit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged

80-test_ssl_new.t: make dependencies on CTLOG_FILE and TEST_CERTS_DIR explicit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)

show more ...

stack.c: add missing direct error reporting and improve coding style

Doing so, had to fix sloppiness in using the stack API in crypto/conf/conf_def.c,
ssl/ssl_ciph.c, ssl/statem/statem_s

stack.c: add missing direct error reporting and improve coding style

Doing so, had to fix sloppiness in using the stack API in crypto/conf/conf_def.c,
ssl/ssl_ciph.c, ssl/statem/statem_srvr.c, and mostly in test/helpers/ssltestlib.c.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18918)

show more ...

x509_vpm.c: add missing direct error reporting and improve coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: D

x509_vpm.c: add missing direct error reporting and improve coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18918)

show more ...

X509_STORE_CTX_set_default(): improve error handling, also in its use

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from htt

X509_STORE_CTX_set_default(): improve error handling, also in its use

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)

show more ...

Add tests for trace_api.

Fixes openssl#17422

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

Add tests for trace_api.

Fixes openssl#17422

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19096)

show more ...

Add documentation and test for EVP_PBE_alg_add

Fixes openssl#18687

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:

Add documentation and test for EVP_PBE_alg_add

Fixes openssl#18687

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19157)

show more ...

Add CI to test old FIPS provider versions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>

Add CI to test old FIPS provider versions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

With fips provider 3.0.0 skip tests related to explicit curves handling

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by:

With fips provider 3.0.0 skip tests related to explicit curves handling

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

EVP_PKEY_eq: regain compatibility with the 3.0.0 FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale

EVP_PKEY_eq: regain compatibility with the 3.0.0 FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

Fix default padding regression against 3.0.0 FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.l

Fix default padding regression against 3.0.0 FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

TDES: fix test with old FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>

TDES: fix test with old FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

evp_test: allow FIPS provider version based escapes in evp_test

Also fix a number of regressions when run against the 3.0.0 FIPS provider
that result from bug fixes.

Reviewed-by

evp_test: allow FIPS provider version based escapes in evp_test

Also fix a number of regressions when run against the 3.0.0 FIPS provider
that result from bug fixes.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

test: make unit tests FIPS provider version aware

Fixes #19171

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lo

test: make unit tests FIPS provider version aware

Fixes #19171

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

Fix a typo in the function name

X509_STORE_load_locations_ex() calls X509_STORE_load_file_ex() and X509_STORE_load_path(), there's no such function name as X509_STORE_load_dir().

CL

Fix a typo in the function name

X509_STORE_load_locations_ex() calls X509_STORE_load_file_ex() and X509_STORE_load_path(), there's no such function name as X509_STORE_load_dir().

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19202)

show more ...

Add support for PBE using hmacWithSM3

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1920

Add support for PBE using hmacWithSM3

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19204)

show more ...

util/wrap.pl.in: Use parentheses so `kill` gets all its arguments

In perl, this may be ambiguous:

fn (expr1), expr2

Is the comma (which may be `=>` just as well in this

util/wrap.pl.in: Use parentheses so `kill` gets all its arguments

In perl, this may be ambiguous:

fn (expr1), expr2

Is the comma (which may be `=>` just as well in this case) a separator
between arguments to `fn`, or is it the comma operator, separating the
expressions `fn(expr1)` and `expr2`? It appears that in this particular
case, perl takes the existing parentheses to mean the latter. When the
former was intended, extra parentheses are required.

Fixes #19209

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19211)

show more ...

Add support for loading root CAs from Windows crypto API

Fixes #18020.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged

Add support for loading root CAs from Windows crypto API

Fixes #18020.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)

show more ...

Fix URI handling in SSL_CERT_DIR/introduce SSL_CERT_URI env

Fixes #18068.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Mer

Fix URI handling in SSL_CERT_DIR/introduce SSL_CERT_URI env

Fixes #18068.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)

show more ...

Fix the OSSL_TIME fallback in include/internal/e_os.h

There's a fallback `ossl_sleep()` that uses `OSSL_TIME`. However,
nothing was done to ensure that `OSSL_TIME` is defined.

Fix the OSSL_TIME fallback in include/internal/e_os.h

There's a fallback `ossl_sleep()` that uses `OSSL_TIME`. However,
nothing was done to ensure that `OSSL_TIME` is defined.

Adding an inclusion of "internal/time.h" should be enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19214)

show more ...

QUIC QRL: Fix bug in Handshake packet processing

We automatically dropped Initial keys when receiving a Handshake packet,
but did this regardless of whether the packet was successfully d

QUIC QRL: Fix bug in Handshake packet processing

We automatically dropped Initial keys when receiving a Handshake packet,
but did this regardless of whether the packet was successfully decrypted
and authenticated. Per the RFC, we should only drop Initial keys when
successfully processing a Handshake packet.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19176)

show more ...

Fix AES-GCM on Power 8 CPUs

Properly fallback to the default implementation on CPUs
missing necessary instructions.

Fixes #19163

Reviewed-by: Dmitry Belyavskiy <beldmit

Fix AES-GCM on Power 8 CPUs

Properly fallback to the default implementation on CPUs
missing necessary instructions.

Fixes #19163

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19182)

show more ...

design: TX Packetiser

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18570)

Fix white space

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://g

Fix white space

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)

show more ...

libcrypto: remove reliance on struct timeval

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.or

libcrypto: remove reliance on struct timeval

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)

show more ...