Move more general parts of internal/cryptlib.h to new internal/common.h

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and HAS_CASE_SUFFIX()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/

Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

show more ...

80-test_cmp_http: Make server diagnostics more verbose to aid debugging

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)

cmp_server.c: Log received request type before checking details

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)

Fix verbosity of CMP client diagnostics

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)

Add documentation for some of the missing environment variables.

Where document already exists, it has been linked to.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewe

Add documentation for some of the missing environment variables.

Where document already exists, it has been linked to.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17044)

show more ...

Fix Coverity 1493746: constant expression result

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17034)

BIO_read_filename: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

BIO_read_filename: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17033)

show more ...

EVP_PKEY_keygen_init: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged

EVP_PKEY_keygen_init: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17031)

show more ...

EVP_PKEY_paramgen_init: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merg

EVP_PKEY_paramgen_init: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17030)

show more ...

EVP_DigestVerifyFinal: fix test function and invocation

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli

EVP_DigestVerifyFinal: fix test function and invocation

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17029)

show more ...

EVP_Cipher: fix the incomplete return check

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org

EVP_Cipher: fix the incomplete return check

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17027)

show more ...

Add RSA encrypt demo

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16283)

Abstract out policy and extensions in CA.pl

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/138

Abstract out policy and extensions in CA.pl

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13819)

show more ...

Add a test for creating ECX private keys that are too short

We expect attempting to create such short keys to fail

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul

Add a test for creating ECX private keys that are too short

We expect attempting to create such short keys to fail

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17041)

show more ...

Don't create an ECX key with short keys

If an ECX key is created and the private key is too short, a fromdata
call would create the key, and then later detect the error and report it

Don't create an ECX key with short keys

If an ECX key is created and the private key is too short, a fromdata
call would create the key, and then later detect the error and report it
after freeing the key. However freeing the key was calling
OPENSSL_secure_clear_free() and assuming that the private key was of the
correct length. If it was actually too short this will write over memory
that it shouldn't.

Fixes #17017

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17041)

show more ...

RAND_bytes_ex: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17032)

Clarify the PEM docs

Make it clear how the existing PEM functions can be used to create an
X509, X509_REQ or X509_CRL object with an associated libctx/propq.

Fixes #16966

Clarify the PEM docs

Make it clear how the existing PEM functions can be used to create an
X509, X509_REQ or X509_CRL object with an associated libctx/propq.

Fixes #16966

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17012)

show more ...

Reset the rwstate before calling ASYNC_start_job()

If an async job pauses while processing a TLS connection then the
rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should

Reset the rwstate before calling ASYNC_start_job()

If an async job pauses while processing a TLS connection then the
rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should
reset the rwstate back to SSL_NOTHING. In fact we can do this
unconditionally since if we're about to call ASYNC_start_job() then either
we are about to start the async job for the first time (in which case the
rwstate should already by SSL_NOTHING), or we are restarting it after a
pause (in which case reseting it to SSL_NOTHING is the correct action).

Fixes #16809

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17013)

show more ...

BIO_s_connect(): Enable BIO_gets()

Fixes #16028

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16030)

Add null digest implementation to the default provider

This is necessary to keep compatibility with 1.1.1.

Fixes #16660

Reviewed-by: Matt Caswell <matt@openssl.org>
(Me

Add null digest implementation to the default provider

This is necessary to keep compatibility with 1.1.1.

Fixes #16660

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17016)

show more ...

Extend the test_multi_load() test

Run more threads and load the legacy provider (which uses a child lib ctx)
in order to hit more possible thread failures.

Reviewed-by: Tomas Mr

Extend the test_multi_load() test

Run more threads and load the legacy provider (which uses a child lib ctx)
in order to hit more possible thread failures.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16980)

show more ...

Hold the flag_lock when calling child callbacks

Not holding the flag lock when creating/removing child providers can
confuse the activation counts if the parent provider is loaded/unload

Hold the flag_lock when calling child callbacks

Not holding the flag lock when creating/removing child providers can
confuse the activation counts if the parent provider is loaded/unloaded
at the same time.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16980)

show more ...

Use a write lock during ossl_provider_find()

A "find" operation on a stack can end up sorting the underlying stack. In
this case it is necessary to use a "write" lock to synchronise acce

Use a write lock during ossl_provider_find()

A "find" operation on a stack can end up sorting the underlying stack. In
this case it is necessary to use a "write" lock to synchronise access to
the stack across multiple threads.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16980)

show more ...