Create libcrypto support for BIO_new_from_core_bio()

Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an
internal only concept for our own providers. Since this is l

Create libcrypto support for BIO_new_from_core_bio()

Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an
internal only concept for our own providers. Since this is likely to be
generally useful, we make it a part of the public API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15072)

show more ...

Run coveralls daily and not exactly at midnight

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)

coveralls: Enable fips as it is disabled by default

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)

apps: Switch to X509_REQ_verify_ex

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15118)

test: fix failure with FIPS and no-des configured.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15105)

APPS: Add passphrase handling in the "rsa" and "dsa" commands

They completely ignored any passphrase related setting.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from ht

APPS: Add passphrase handling in the "rsa" and "dsa" commands

They completely ignored any passphrase related setting.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15119)

show more ...

APPS: Set a default passphrase UI for the "ec" command

Fixes #15114

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15119)

[TEMPORARY] make 'make update' verbose in ci.yml

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

GitHub CI: ensure that unifdef is installed

This is required for 'make update' and fips checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

GitHub CI: ensure that unifdef is installed

This is required for 'make update' and fips checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

show more ...

FIPS module checksums: add scripts and Makefile rule

This adds the following scripts:

util/lang-compress.pl:

Compress source code, which language is determined by the first

FIPS module checksums: add scripts and Makefile rule

This adds the following scripts:

util/lang-compress.pl:

Compress source code, which language is determined by the first argument.
For the moment, we know 'perl' (perlasm source code), 'C' (C source code)
and 'S' (Assembler with C preprocessor directives).
This removes comments and empty lines, and compresses series of horizontal
spaces to one single space in the languages where that's appropriate.

util/fips-checksums.sh:

Takes source file names as arguments, pushes them through
util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates
the checksum on the result.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

show more ...

Unix build file: Add a target to create providers/fips.module.sources

This file will be the basis for the FIPS module checksum calculation

Reviewed-by: Tomas Mraz <tomas@openssl.org

Unix build file: Add a target to create providers/fips.module.sources

This file will be the basis for the FIPS module checksum calculation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

show more ...

Add OpenSSL::Config::Query and use it in configdata.pm

OpenSSL::Config::Query is a configuration querying tool that's meant
to make it easier to query the diverse configuration data for

Add OpenSSL::Config::Query and use it in configdata.pm

OpenSSL::Config::Query is a configuration querying tool that's meant
to make it easier to query the diverse configuration data for info.
That's much easier than to dig through all the parts of %unified_info.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

show more ...

Windows build file: add forgotten quotes on POD->html command line

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15084)

OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

The perl interpreter name itself might contain spaces and need quoting.
__fixup_prg() does this for us.

Fix

OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

The perl interpreter name itself might contain spaces and need quoting.
__fixup_prg() does this for us.

Fixes #14256

Co-authored-by: Tomáš Mráz <tomas@openssl.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15084)

show more ...

acvp-test: disable the ACVP testing code by default

It's only useful for the FIPS lab and shouldn't be in production.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged

acvp-test: disable the ACVP testing code by default

It's only useful for the FIPS lab and shouldn't be in production.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15092)

show more ...

ssl: fix possible ref counting fields use before init.

`strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is called.
The possible call is made before reference and

ssl: fix possible ref counting fields use before init.

`strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is called.
The possible call is made before reference and lock fields setup.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15052)

show more ...

man: s_server: fix text repetition in -alpn description

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com

man: s_server: fix text repetition in -alpn description

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15099)

show more ...

APPS: Document the core of the opt_ API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/opens

APPS: Document the core of the opt_ API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14995)

show more ...

Use OCSP-specific error code for clarity

Fixes #12735

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://gi

Use OCSP-specific error code for clarity

Fixes #12735

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/xxxxx)

show more ...

Simplify AppVeyor configuration

Adjust the stuff we are building and testing in various
configurations to trim the run time a little bit.

Reviewed-by: Paul Dale <pauli@openssl.o

Simplify AppVeyor configuration

Adjust the stuff we are building and testing in various
configurations to trim the run time a little bit.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15087)

show more ...

Add -latomic to threads enabled 32bit linux builds

It might not be necessary with the most recent toolchain versions
but apparently many 32bit linux architectures and commonly used
t

Add -latomic to threads enabled 32bit linux builds

It might not be necessary with the most recent toolchain versions
but apparently many 32bit linux architectures and commonly used
toolchain versions require this.

It is also harmless to include even on architectures that do not
need it.

Fixes #14083

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15086)

show more ...

Fix no-fips-securitychecks test failure

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15091)

apps/ca,req,x509: Switch to EVP_DigestSignInit_ex

Switch lib/apps.c do_sign_init() to use EVP_DigestSignInit_ex, so it
works with external providers.
Since EVP_DigestSignInit_ex requ

apps/ca,req,x509: Switch to EVP_DigestSignInit_ex

Switch lib/apps.c do_sign_init() to use EVP_DigestSignInit_ex, so it
works with external providers.
Since EVP_DigestSignInit_ex requires a digest name instead of
an EVP_MD pointer, the apps using do_sign_init() had to be modified
to pass char* instead of EVP_MD*.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15014)

show more ...

Fix typo in OSSL_DECODER_CTX_set_input_structure

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openss

Fix typo in OSSL_DECODER_CTX_set_input_structure

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15085)

show more ...

STORE: Fix the repeated prompting of passphrase

OSSL_STORE's loading function could prompt repeatedly for the same
passphrase. It turns out that OSSL_STORE_load() wasn't caching the

STORE: Fix the repeated prompting of passphrase

OSSL_STORE's loading function could prompt repeatedly for the same
passphrase. It turns out that OSSL_STORE_load() wasn't caching the
passphrase properly. Fixed in this change.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15064)

show more ...