Fix external symbols related to dsa keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, d

Fix external symbols related to dsa keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, dsa_check_pub_key, dsa_check_pub_key_partial,
dsa_do_sign_int, dsa_ffc_params_fromdata,
dsa_generate_ffc_parameters, dsa_generate_public_key,
dsa_get0_params, dsa_key_fromdata, dsa_new_with_ctx, dsa_pkey_method, dsa_sign_int

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)

show more ...

Fix external symbols related to dh keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_

Fix external symbols related to dh keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)

show more ...

Fix external symbols for bn

Partial fix for #12964

This adds ossl_ names for symbols related to bn_*

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from htt

Fix external symbols for bn

Partial fix for #12964

This adds ossl_ names for symbols related to bn_*

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14296)

show more ...

Fix filename escaping in c_rehash

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@o

Fix filename escaping in c_rehash

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14301)

show more ...

evp_extra_test: Do not manipulate providers in default context

Otherwise the with OPENSSL_TEST_RAND_ORDER following tests will
be broken. There is also no real need to do that.

evp_extra_test: Do not manipulate providers in default context

Otherwise the with OPENSSL_TEST_RAND_ORDER following tests will
be broken. There is also no real need to do that.

Fixes #14070

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14305)

show more ...

fake_random: Do not overwrite the callback on instatiation

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14299)

Ensure that the fake rand is initialized

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14299)

Fix an integer overflow in o_time.c

If input offset_sec is sufficiently large (> INT32_MAX * SECS_PER_DAY, which is possible for a long on 64-bit platforms), then the first assignment contai

Fix an integer overflow in o_time.c

If input offset_sec is sufficiently large (> INT32_MAX * SECS_PER_DAY, which is possible for a long on 64-bit platforms), then the first assignment contains an overflow.

I think leaving offset_hms as an int is still safe.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14252)

show more ...

Add a test for a names_do_all function

Make sure that if we change the namemap part way through calling a
names_do_all function it still works.

Reviewed-by: Tomas Mraz <tomas@op

Add a test for a names_do_all function

Make sure that if we change the namemap part way through calling a
names_do_all function it still works.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)

show more ...

Don't hold a lock when calling a callback in ossl_namemap_doall_names

We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk

Don't hold a lock when calling a callback in ossl_namemap_doall_names

We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk of a deadlock is high.
Instead we collect all the names first inside the read lock, and then
subsequently call the user callback outside the read lock.

Fixes #14225

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)

show more ...

Fix string termination and length setting in OSSL_PARAM_BLD_push_utf8_string()

OSSL_PARAM_BLD_push_utf8_string() was still setting the length in
bytes of the UTF8 string to include the t

Fix string termination and length setting in OSSL_PARAM_BLD_push_utf8_string()

OSSL_PARAM_BLD_push_utf8_string() was still setting the length in
bytes of the UTF8 string to include the terminating NUL byte, while
recent changes excludes that byte from the length. It's still made to
add a NUL byte at the end of the string no matter what.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)

show more ...

Fix OSSL_PARAM_allocate_from_text() for OSSL_PARAM_UTF8_STRING

OSSL_PARAM_allocate_from_text() was still setting the length in bytes
of the UTF8 string to include the terminating NUL byt

Fix OSSL_PARAM_allocate_from_text() for OSSL_PARAM_UTF8_STRING

OSSL_PARAM_allocate_from_text() was still setting the length in bytes
of the UTF8 string to include the terminating NUL byte, while recent
changes excludes that byte from the length.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)

show more ...

Allow the sshkdf type to be passed as a single character

This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.

This also slightly modifies the way diverse paramete

Allow the sshkdf type to be passed as a single character

This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.

This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.

Fixes #14027

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)

show more ...

Cleanup of some of the EVP_PKEY_CTX_ctrl related TODOs

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/o

Cleanup of some of the EVP_PKEY_CTX_ctrl related TODOs

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)

show more ...

Fix missing EOL at the end of the rsa/build.info

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl

Fix missing EOL at the end of the rsa/build.info

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)

show more ...

Remove inclusion of unnecessary header files

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/ope

Remove inclusion of unnecessary header files

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)

show more ...

Use strcasecmp when comparing kdf_type

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Use strcasecmp when comparing kdf_type

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14290)

show more ...

speed: Drop deprecated <ALG>_options() calls

Also correction of some code format issues.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl

speed: Drop deprecated <ALG>_options() calls

Also correction of some code format issues.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)

show more ...

speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa

Fixes #13909

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merg

speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa

Fixes #13909

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)

show more ...

speed: Adapt digests and hmac to always use non-deprecated APIs

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://git

speed: Adapt digests and hmac to always use non-deprecated APIs

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)

show more ...

speed: Drop code to handle platforms without SIGALRM

(except for Windows where a separate thread stops the looping)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richa

speed: Drop code to handle platforms without SIGALRM

(except for Windows where a separate thread stops the looping)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)

show more ...

Fix typo in comment in DH_set0_pqg function

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

Fix typo in comment in DH_set0_pqg function

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14288)

show more ...

Test errors from a provider can still be accessed after unload

Providers can create errors that may refer to const strings within the
provider module itself. If the provider gets unloade

Test errors from a provider can still be accessed after unload

Providers can create errors that may refer to const strings within the
provider module itself. If the provider gets unloaded we need to be sure
that we can still access the errors in the error stack.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14213)

show more ...

Duplicate the file and func error strings

Errors raised from a provider that is subsequently unloaded from memory
may have references to strings representing the file and function that

Duplicate the file and func error strings

Errors raised from a provider that is subsequently unloaded from memory
may have references to strings representing the file and function that
are no longer present because the provider is no longer in memory. This
can cause crashes. To avoid this we duplicate the file and func strings.

Fixes #13623

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14213)

show more ...

provider: add an unquery function to allow providers to clean up.

Without this, a provider has no way to know that an application
has finished with the array it returned earlier. A non

provider: add an unquery function to allow providers to clean up.

Without this, a provider has no way to know that an application
has finished with the array it returned earlier. A non-caching provider
requires this information.

Fixes #12974

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12974)

show more ...