Increase test coverage by enabling more build options

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@

Increase test coverage by enabling more build options

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18606)

show more ...

Avoid crashing if CONF_modules_unload() is called after OPENSSL_cleanup()

Although this is basically an incorrect API call it was not crashing
before and it might happen inadvertently if

Avoid crashing if CONF_modules_unload() is called after OPENSSL_cleanup()

Although this is basically an incorrect API call it was not crashing
before and it might happen inadvertently if CONF_modules_unload()
is called from a destructor for example.

Fixes #18669

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18673)

show more ...

APPS: dsaparam, gendsa: Support setting properties

The -provider and -propquery options did not work on dsaparam and
gendsa. Fix this and add tests that check that operations that are no

APPS: dsaparam, gendsa: Support setting properties

The -provider and -propquery options did not work on dsaparam and
gendsa. Fix this and add tests that check that operations that are not
supported by the FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

See also https://bugzilla.redhat.com/show_bug.cgi?id=2094956, where this
was initially reported.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18576)

show more ...

apps/cmp.c: improve print_itavs()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged fr

apps/cmp.c: improve print_itavs()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18657)

show more ...

apps/cmp.c: Fix glitch in -newkeypass warning and extend warnings for genm

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo La

apps/cmp.c: Fix glitch in -newkeypass warning and extend warnings for genm

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18657)

show more ...

CMP: implement optional hashAlg field of certConf CMPv3 message

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hland

CMP: implement optional hashAlg field of certConf CMPv3 message

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18294)

show more ...

CMP: introduce version 3, while version 2 stays the default

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@o

CMP: introduce version 3, while version 2 stays the default

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18294)

show more ...

Coverity: fix 1506297: negative returns

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openss

Coverity: fix 1506297: negative returns

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18587)

show more ...

Coverity: fix 1506298: negative returns

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openss

Coverity: fix 1506298: negative returns

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18587)

show more ...

fix Coverity 1506709: error handling

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

fix Coverity 1506709: error handling

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18679)

show more ...

Documentation update for EVP_set_default_properties

Explicitly state that it is not thread safe.
Fixes #18613

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas M

Documentation update for EVP_set_default_properties

Explicitly state that it is not thread safe.
Fixes #18613

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18678)

show more ...

Update the default macsaltlen and Add the configure for macsaltlen
Fixed #18489

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by

Update the default macsaltlen and Add the configure for macsaltlen
Fixed #18489

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18550)

show more ...

Remove redundant check for `saltlen > UINT32_MAX`

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/opens

Remove redundant check for `saltlen > UINT32_MAX`

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18671)

show more ...

Fix memory leak in cmp_calc_protection()

Triggered by a memory allocation failure.
Detected by PR #18355

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von O

Fix memory leak in cmp_calc_protection()

Triggered by a memory allocation failure.
Detected by PR #18355

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18670)

show more ...

Avoid using union wrt. SystemTimeToFileTime

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Avoid using union wrt. SystemTimeToFileTime

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18660)

show more ...

Avoid using union wrt. optlen parameter for getsockopt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/

Avoid using union wrt. optlen parameter for getsockopt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18660)

show more ...

kdf objects missing a return if malloc fails.

I have searched through all references of ERR_R_MALLOC_FAILURE for any
other instances..

Reviewed-by: Tomas Mraz <tomas@openssl.org

kdf objects missing a return if malloc fails.

I have searched through all references of ERR_R_MALLOC_FAILURE for any
other instances..

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18638)

show more ...

SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

Fix the documentation.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Revie

SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

Fix the documentation.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18599)

show more ...

Add test for try_key_ref() fallback handling

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Add test for try_key_ref() fallback handling

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17554)

show more ...

Add missing documentation of OSSL_FUNC_store_export_object()

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/o

Add missing documentation of OSSL_FUNC_store_export_object()

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17554)

show more ...

Correct doubled OSSL_OSSL when documenting OSSL_FUNC_.._fn

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

Correct doubled OSSL_OSSL when documenting OSSL_FUNC_.._fn

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17554)

show more ...

store_result: Add fallback for fetching the keymgmt from the provider of the store

Fixes #17531

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openss

store_result: Add fallback for fetching the keymgmt from the provider of the store

Fixes #17531

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17554)

show more ...

CMS: Export CMS_EnvelopedData and add CMS_EnvelopedData_decrypt()

Also document CMS_decrypt_set1_password() and fix CMS_EnvelopedData_create.pod.

Reviewed-by: Dmitry Belyavskiy <bel

CMS: Export CMS_EnvelopedData and add CMS_EnvelopedData_decrypt()

Also document CMS_decrypt_set1_password() and fix CMS_EnvelopedData_create.pod.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18301)

show more ...

crypto/provider_core.c: Avoid calling unlock two times

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/

crypto/provider_core.c: Avoid calling unlock two times

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18641)

show more ...

Allocate EVP_PBE_CTL with OPENSSL_zalloc.

Fixes openssl#18598.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mra

Allocate EVP_PBE_CTL with OPENSSL_zalloc.

Fixes openssl#18598.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18666)

show more ...