Add table entries for fips 186-5 related to RSA auxiliary probable
primes.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15845)

ec: Fail build on big-endian with enable-ec_nistp_64_gcc_128

I can't see way of making Configure fail but this at least makes the
build fail.

Fixes #15821

Signed-off-by

ec: Fail build on big-endian with enable-ec_nistp_64_gcc_128

I can't see way of making Configure fail but this at least makes the
build fail.

Fixes #15821

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15831)

show more ...

testutil: preserve app_malloc()'s failure behaviour

app_malloc() terminates execution if the allocation fails. The tests implement
their own app_malloc() in an attempt to reduce the amo

testutil: preserve app_malloc()'s failure behaviour

app_malloc() terminates execution if the allocation fails. The tests implement
their own app_malloc() in an attempt to reduce the amount of code pulled in.

This version also needs to terminate on failed allocation. The alternative
would be adding failed allocation checks pervasively throughout the apps's
commands.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15836)

show more ...

Change self test for AES_CGM to perform both an encrypt and decrypt.

This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and
decrypt. (This makes

Change self test for AES_CGM to perform both an encrypt and decrypt.

This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and
decrypt. (This makes no logical sense since this is not an inverse cipher).
I have left the AES_ECB decrypt test in (although it may not be needed)
since it is actually testing the inverse cipher case.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15844)

show more ...

Fix aes_core to use U64() macro..

AIX reported warnings of the form:
1506-207 (W) Integer constant 0x8080808080808080u out of range.

This truncation causes all startup self test

Fix aes_core to use U64() macro..

AIX reported warnings of the form:
1506-207 (W) Integer constant 0x8080808080808080u out of range.

This truncation causes all startup self tests related to AES to fail.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15842)

show more ...

asn1: properly clean up on failed BIO creation

Fixes coverity 1486070 through 1486077 and 1486079

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <to

asn1: properly clean up on failed BIO creation

Fixes coverity 1486070 through 1486077 and 1486079

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15841)

show more ...

test: put the new DHE auto test in the correct place

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15840)

Add a test for a custom rand provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1581

Add a test for a custom rand provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15810)

show more ...

Ensure we remove libctx DRBG state before removing the provider store

Otherwise a heap use-after-free can result.

Fixes #15766

Reviewed-by: Tomas Mraz <tomas@openssl.org>

Ensure we remove libctx DRBG state before removing the provider store

Otherwise a heap use-after-free can result.

Fixes #15766

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15810)

show more ...

Add tests for KTLS with Chacha20-Poly1035.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

Add tests for KTLS with Chacha20-Poly1035.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15814)

show more ...

Refactor KTLS tests to better support TLS 1.3.

- Use SSL_set_ciphersuites for TLS 1.3 tests instead of using
SSL_set_cipher_list.

- Don't bother passing a sequence number size

Refactor KTLS tests to better support TLS 1.3.

- Use SSL_set_ciphersuites for TLS 1.3 tests instead of using
SSL_set_cipher_list.

- Don't bother passing a sequence number size to KTLS test functions.
These functions always test TLS (and not DTLS) for which the
sequence size is always the same. In addition, even for DTLS the
check in question (verifying that the sequence number fields in SSL
do not change) should still pass when doing a before/after
comparison of the field.

- Define a helper structure to hold the TLS version and cipher name
for a single KTLS test.

- Define an array of such structures with valid KTLS ciphers and move
#ifdef's for TLS versions and supported ciphers out of test
functions and instead use them to define the valid members of this
array. This also permits using TLS 1.3 cipher suite names for
TLS 1.3 tests.

- Use separate tests per cipher for test_ktls to give more
fine-grained pass/fail results as is already done for
test_ktls_sendfile.

- While here, rename test_ktls_sendfile to execute_test_ktls_sendfile
and test_ktls_sendfile_anytls to test_ktls_sendfile. This is more
consistent with the naming used for test_ktls as well as other tests
in this file.

- Close the file descriptors used for temporary sockets in ktls tests.

- Don't assume that KTLS is supported for all compile-time supported
cipher suites at runtime. If the kernel fails to offload a given
cipher suite, skip the test rather than failing it. FreeBSD kernels
may not offload all of the cipher suites supported by its KTLS if a
suitable driver or KTLS backend is not present.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15814)

show more ...

sm3: fix function names after the big ossl_ prefix addition.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15843)

test: add sm3 low level test case to test suite.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/ope

test: add sm3 low level test case to test suite.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14271)

show more ...

STORE: Fix OSSL_STORE_open_ex() error reporting

OSSL_STORE_open_ex() could result in reports like this:

80722AA3927F0000:error:80000002:system library:file_open_ex:No such file

STORE: Fix OSSL_STORE_open_ex() error reporting

OSSL_STORE_open_ex() could result in reports like this:

80722AA3927F0000:error:80000002:system library:file_open_ex:No such file or directory:engines/e_loader_attic.c:1016:calling stat(file:test/blahdibleh.der)
80722AA3927F0000:error:41800069:lib(131)::path must be absolute:engines/e_loader_attic.c:1010:test/blahdibleh.der
80722AA3927F0000:error:1600007B:STORE routines:OSSL_STORE_open_ex:no loaders found:crypto/store/store_lib.c:148:No store loaders were found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them?

The last one turns out to be a bit too generically reported. It
should only be reported when no loader were loaded at all, not when
loader_ctx happens to be NULL (which may happen for other reasons).

We also move the helpful message to the OSSL_STORE_LOADER fetcher.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15820)

show more ...

TESTS: drop explicit quotes from empty command line arguments

Depending on circumstances, something like this:

ok(run(app(['openssl', 'whatever', '-config', '""', ...])))

TESTS: drop explicit quotes from empty command line arguments

Depending on circumstances, something like this:

ok(run(app(['openssl', 'whatever', '-config', '""', ...])))

might end up with a command like this:

./util/wrap.pl apps/openssl whatever -config '""'

Simply use an empty string (i.e. '' instead of '""') and let the
command line fixup functions do their job.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15822)

show more ...

evp_test: Support testing of stitched TLS ciphers

Add a few testcases.

Fixes #15749

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@ope

evp_test: Support testing of stitched TLS ciphers

Add a few testcases.

Fixes #15749

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15827)

show more ...

Replace non-ASCII character in source file

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/opens

Replace non-ASCII character in source file

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15803)

show more ...

test: fix indentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

rsa: fix indentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

asn1: fix indentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

ssl: fix indentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

ssl: fix indentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

punycode: fix indentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

crypto: repalce tabs with spaces

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1

crypto: repalce tabs with spaces

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

show more ...

test: replace tabs with spaces in test recipes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/

test: replace tabs with spaces in test recipes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)

show more ...