Add a test for verifying an email with a bad othername type

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/ope

Add a test for verifying an email with a bad othername type

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16443)

show more ...

Ensure that we check the ASN.1 type of an "otherName" before using it

We should not assume that the type of an ASN.1 value is UTF8String as
expected. We must actually check it, otherwise

Ensure that we check the ASN.1 type of an "otherName" before using it

We should not assume that the type of an ASN.1 value is UTF8String as
expected. We must actually check it, otherwise we could get a NULL ptr
deref, or worse memory errors.

Reported by David Benjamin.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16443)

show more ...

Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE

Fixes #16457

The ECDSA and DSA signature tests use Pairwise tests instead of KATS.
Note there is a seperate type used by

Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE

Fixes #16457

The ECDSA and DSA signature tests use Pairwise tests instead of KATS.
Note there is a seperate type used by the keygen for conditional Pairwise Tests.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16461)

show more ...

Add a warning about locking in the child provider callback docs

The child provider callbacks can hold the store lock. In order to avoid
deadlocks we require that the callback implementat

Add a warning about locking in the child provider callback docs

The child provider callbacks can hold the store lock. In order to avoid
deadlocks we require that the callback implementations don't themselves
call functions that may aquire those locks.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)

show more ...

Add additional test to thread sanitizer build

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)

Refactor provider_core.c to adhere to the locking rules

The previous commit provided some guidelines and some rules for using
locking in order to avoid deadlocks. This commit refactors t

Refactor provider_core.c to adhere to the locking rules

The previous commit provided some guidelines and some rules for using
locking in order to avoid deadlocks. This commit refactors the code in
order to adhere to those guidelines and rules.

Fixes #16312

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)

show more ...

Add commentary about lock usage in provider_core.c

Provide some guidelines, as well as some rules for using the locks in
provider_core.c, in order to avoid the introduction of deadlocks.

Add commentary about lock usage in provider_core.c

Provide some guidelines, as well as some rules for using the locks in
provider_core.c, in order to avoid the introduction of deadlocks.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)

show more ...

CI: add builds covering a number of different compiler versions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://gi

CI: add builds covering a number of different compiler versions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16463)

show more ...

apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https:/

apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)

show more ...

ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https

ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)

show more ...

Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests

Fixes #16428

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>

Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests

Fixes #16428

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)

show more ...

Document that EVP_get_cipherbyname() does not work for some new algorithm names.

These algorithms were added to providers but have no const EVP_CIPHER*
mapping. Ciphers for SIV and CTS w

Document that EVP_get_cipherbyname() does not work for some new algorithm names.

These algorithms were added to providers but have no const EVP_CIPHER*
mapping. Ciphers for SIV and CTS were previously only available via low level
function calls that are deprecated.

Reported by @reaperhulk.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16414)

show more ...

Typo correction.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/164

Typo correction.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16470)

show more ...

Use applink to fix windows tests

(readapted from 5c69c66a6972f84d56160c9ea4b30bab8fc2d3d4 by @bernd-edlinger)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi

Use applink to fix windows tests

(readapted from 5c69c66a6972f84d56160c9ea4b30bab8fc2d3d4 by @bernd-edlinger)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)

show more ...

[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID

Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of par

[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID

Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead
set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.

This is a follow-up to https://github.com/openssl/openssl/pull/12312

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)

show more ...

Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros

These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as m

Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros

These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.

This commit fixes the public headers to reflect these changes.

Fixes #12443

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)

show more ...

Add tests for i2d_TYPE_fp and d2i_TYPE_fp

These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the abs

Add tests for i2d_TYPE_fp and d2i_TYPE_fp

These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.

@@ Note: This commit limits to ECPKParameters as a type.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)

show more ...

Ensure that _GNU_SOURCE is defined for bss_dgram.c

This fixes the following error with gcc10 under strict ANSI conditions:

.../crypto/bio/bss_dgram.c:373:20: error: 'const struct in

Ensure that _GNU_SOURCE is defined for bss_dgram.c

This fixes the following error with gcc10 under strict ANSI conditions:

.../crypto/bio/bss_dgram.c:373:20: error: 'const struct in6_addr' has no member named 's6_addr32'

CLA: trivial
Fixes #16449

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16451)

show more ...

Adjust the list of default provider's algorithms

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/opens

Adjust the list of default provider's algorithms

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16448)

show more ...

Fix the "Out of memory" EVP KDF scrypt test

This test did not really execute, since usually
the OPENSSL_malloc(0) will fail and prevent the
execution of the KDF.

Reviewed-by

Fix the "Out of memory" EVP KDF scrypt test

This test did not really execute, since usually
the OPENSSL_malloc(0) will fail and prevent the
execution of the KDF.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16444)

show more ...

Yet another doc-nits fix

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged

Yet another doc-nits fix

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16436)

show more ...

cms: fix memleaks in cms_env.c

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/op

cms: fix memleaks in cms_env.c

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16403)

(cherry picked from commit 58e1e397c6774be11b903c0f88e85bd2b8c4206f)

show more ...

Fix libdir path on darwin

In current Configure script, libdir can be specified either an absolute
path or relative, while in Configurations/shared-info.pl, on darwin
system "-install

Fix libdir path on darwin

In current Configure script, libdir can be specified either an absolute
path or relative, while in Configurations/shared-info.pl, on darwin
system "-install_name" only accepts relative libdir path, and the
program fails when receiving absolute libdir path. This PR is to fix
this and match requirements of scripts.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16393)

show more ...

Darwin platform allows to build on releases before Yosemite/ios 8.

backport #16409

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Me

Darwin platform allows to build on releases before Yosemite/ios 8.

backport #16409

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16418)

show more ...

doc: Add note about operation parameters validation

Fixes #16394

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16424)