DSO: Fix the VMS DSO name converter to actually do something

This function has never before actually done its work. This wasn't
discovered before, because its output wasn't important be

DSO: Fix the VMS DSO name converter to actually do something

This function has never before actually done its work. This wasn't
discovered before, because its output wasn't important before the FIPS
provider self test started using its value.

This function is now made to insert the VMS DSO extension (".EXE") at
the end of the filename, being careful to make sure what can be a
typical VMS generation number (separated from the file name with a
';') remains at the end.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15765)

show more ...

TEST: Change 'catdir' to 'catfile' when dealing with files, in run_tests.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https

TEST: Change 'catdir' to 'catfile' when dealing with files, in run_tests.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15767)

show more ...

Build file templates: Fix in2script dependencies

The in2script functions generates the build file rules for generating
scripts from .in files. A dependency on configdata.pm is needed,

Build file templates: Fix in2script dependencies

The in2script functions generates the build file rules for generating
scripts from .in files. A dependency on configdata.pm is needed,
since it's being used for this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15792)

show more ...

Configuration: Fix incorrect $unified_info{attributes} references

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.c

Configuration: Fix incorrect $unified_info{attributes} references

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)

show more ...

prov: tag SM2 encoders and decoders as non-FIPS

They're impossible to use in a FIPS environment, so they shouldn't be flagged
as compatible.

Reviewed-by: Shane Lontis <shane.lon

prov: tag SM2 encoders and decoders as non-FIPS

They're impossible to use in a FIPS environment, so they shouldn't be flagged
as compatible.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15782)

show more ...

VMS build: drop a spurious debug print

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/157

VMS build: drop a spurious debug print

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)

show more ...

HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c

For this reason, export this function, which allows removing http_local.h

Reviewed-by: Tomas Mraz <tom

HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c

For this reason, export this function, which allows removing http_local.h

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15764)

show more ...

X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merge

X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15762)

show more ...

CORE: Do a bit of cleanup of core fetching

Some data, like the library context, were passed both through higher
level callback structures and through arguments to those same higher
l

CORE: Do a bit of cleanup of core fetching

Some data, like the library context, were passed both through higher
level callback structures and through arguments to those same higher
level callbacks. This is a bit unnecessary, so we rearrange the
callback arguments to simply pass that callback structure and rely on
the higher level fetching functionality to pick out what data they
need from that structure.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15750)

show more ...

Fix DH private key check.

A recent addition removed setting the dh private key length when
a safe prime group is used. The private key validation check was relying on this
being set

Fix DH private key check.

A recent addition removed setting the dh private key length when
a safe prime group is used. The private key validation check was relying on this
being set for safe primes. Setting the upper bound no longer checks the
length if the value is zero.

This caused a failure in the daily build of acvp_tests.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15760)

show more ...

Add a test for fetching various non-evp objects

We fetch an Encoder, Decoder and Loader.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Add a test for fetching various non-evp objects

We fetch an Encoder, Decoder and Loader.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)

show more ...

Clean up the encoder/decoder/loader stores before providers

We already had the evp method store being cleaned up before the provider
store was. This prevents issues where the method clea

Clean up the encoder/decoder/loader stores before providers

We already had the evp method store being cleaned up before the provider
store was. This prevents issues where the method clean up functions cause
providers to clean up, which then needs access to the provider store. We
extend the same thinking to the encoder/decoder/loader stores.

Fixes #15727

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)

show more ...

apps: remove AEAD/mode checks that are now redundant

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)

apps: use get_cipher_any() instead of get_cipher() for commands that support these ciphers/modes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/opens

apps: use get_cipher_any() instead of get_cipher() for commands that support these ciphers/modes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)

show more ...

apps: limit get_cipher() to not return AEAD or XTS ciphers

Add a get_cipher_any() function to access these in addition to more normal ciphers

Fixes #7720

Reviewed-by: Tomas

apps: limit get_cipher() to not return AEAD or XTS ciphers

Add a get_cipher_any() function to access these in addition to more normal ciphers

Fixes #7720

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)

show more ...

doc: document the various get_cipher functions in the commands lib.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)

test: add test cases for SHAxxx helper functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15752)

Include a local static buffer for the SHA helper functions

This functionality existed in 1.1.1 but was lost.

Fixes #15718

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(M

Include a local static buffer for the SHA helper functions

This functionality existed in 1.1.1 but was lost.

Fixes #15718

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15752)

show more ...

Correct processing of AES-SHA stitched ciphers

Fixes: #15706

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Pau

Correct processing of AES-SHA stitched ciphers

Fixes: #15706

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15740)

show more ...

Add missing migration_guide API mappings.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Add missing migration_guide API mappings.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15732)

show more ...

Add documentation for the newly added OBJ up calls

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl

Add documentation for the newly added OBJ up calls

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)

show more ...

Add a test for the newly added OBJ upcalls

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Add a test for the newly added OBJ upcalls

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)

show more ...

Add various OBJ functions as callbacks

This enables providers to register new OIDs in the same libcrypto instance
as is used by the application.

Fixes #15624

Reviewed-b

Add various OBJ functions as callbacks

This enables providers to register new OIDs in the same libcrypto instance
as is used by the application.

Fixes #15624

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)

show more ...

doc: finish the provider child up call documentation

The bulk of the documentation was there but it wasn't quite complete.

Fixes #15678

Reviewed-by: Matt Caswell <matt@open

doc: finish the provider child up call documentation

The bulk of the documentation was there but it wasn't quite complete.

Fixes #15678

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15734)

show more ...

TEST: Skip test/recipes/01-test_symbol_presence.t on MacOS

It renames symbols, so we can a false negative

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pa

TEST: Skip test/recipes/01-test_symbol_presence.t on MacOS

It renames symbols, so we can a false negative

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15776)

show more ...