EVP: Make evp_pkey_ctx_{set,get}_params_strict() legacy aware

In the interest of calling these functions on legacy EVP_PKEY
contexts, only check the settable / gettable params for provid

EVP: Make evp_pkey_ctx_{set,get}_params_strict() legacy aware

In the interest of calling these functions on legacy EVP_PKEY
contexts, only check the settable / gettable params for provider side
keys, leaving to the translated EVP_PKEY_CTX_ctrl() call check the
ctrl commands on its own.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13913)

show more ...

EVP: Implement data-driven translation between known ctrl and OSSL_PARAMs

The idea is to make it as transparent as possible to call things like
EVP_PKEY_CTX_ctrl() with a provider backed

EVP: Implement data-driven translation between known ctrl and OSSL_PARAMs

The idea is to make it as transparent as possible to call things like
EVP_PKEY_CTX_ctrl() with a provider backed EVP_PKEY_CTX, or things
like EVP_PKEY_get_bn_param() with a legacy EVP_PKEY.

All these sorts of calls demand that we translate between ctrl
commands and OSSL_PARAM keys, and treat the arguments appropriately.

This implementation has it being as data driven as possible, thereby
centralizing everything into one table of translation data, which
supports both directions.

Fixes #13528

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13913)

show more ...

EVP: make evp_pkey_is_assigned() usable in the FIPS module

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/open

EVP: make evp_pkey_is_assigned() usable in the FIPS module

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13913)

show more ...

EVP: Make evp_pkey_ctx_state() available to all of EVP

This will help with transitioning diverse functions to be able to use the
ctrl<->OSSL_PARAM translators.

Reviewed-by: Toma

EVP: Make evp_pkey_ctx_state() available to all of EVP

This will help with transitioning diverse functions to be able to use the
ctrl<->OSSL_PARAM translators.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13913)

show more ...

EVP: Implement EVP_PKEY_CTX_is_a()

This does what was previously done by looking at pctx->pmeth->pkey_id,
but handles both legacy and provider side contexts, and is supposed to
becom

EVP: Implement EVP_PKEY_CTX_is_a()

This does what was previously done by looking at pctx->pmeth->pkey_id,
but handles both legacy and provider side contexts, and is supposed to
become a replacement for the old way.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13913)

show more ...

util/perl/OpenSSL/config.pm: Add VMS specific C compiler settings

That includes proper compiler version detection.

Partially fixes #14247

Reviewed-by: Paul Dale <pauli@open

util/perl/OpenSSL/config.pm: Add VMS specific C compiler settings

That includes proper compiler version detection.

Partially fixes #14247

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14270)

show more ...

util/perl/OpenSSL/config.pm: Fix determine_compiler_settings()

There may be times when a compiler can't be detected, in which case
determine_compiler_settings() bailed out too early, bef

util/perl/OpenSSL/config.pm: Fix determine_compiler_settings()

There may be times when a compiler can't be detected, in which case
determine_compiler_settings() bailed out too early, before platform
specific fallbacks have a chance to set the record straight. That
bail out has been moved to be done after the platform specific
fallbacks.

Furthermore, the attempt to check for gcc or clang and get their
version number was done even if no compiler had been automatically
detected or pre-specified via $CC. It now only does this when there
is a compiler specified or detected. The platform specific fallbacks
check the versions separately.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14270)

show more ...

Add back in legacy paths for d2i_PrivateKey/d2i_AutoPrivateKey.

Fixes #14263

If the new decoder code fails, it now falls back to the old legacy code
and tries that also.
Tes

Add back in legacy paths for d2i_PrivateKey/d2i_AutoPrivateKey.

Fixes #14263

If the new decoder code fails, it now falls back to the old legacy code
and tries that also.
Tested manually using gost engine master.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14266)

show more ...

Fix no-tests on mingw

Using the no-tests option on mingw in an out-of-source build tree was
failing.

Fixes #14246

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merge

Fix no-tests on mingw

Using the no-tests option on mingw in an out-of-source build tree was
failing.

Fixes #14246

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14249)

show more ...

Note that the OSSL_CORE_MAKE_FUNC macro is reserved

The OSSL_CORE_MAKE_FUNC macro has been added since 1.1.1 and is
undocumented. However it is not intended for application use and so we

Note that the OSSL_CORE_MAKE_FUNC macro is reserved

The OSSL_CORE_MAKE_FUNC macro has been added since 1.1.1 and is
undocumented. However it is not intended for application use and so we
document it as "reserved".

Fixes #13192

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14232)

show more ...

Document the OSSL_PARAM_DEFN macro

This macro was added since 1.1.1 and was undocumented.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Document the OSSL_PARAM_DEFN macro

This macro was added since 1.1.1 and was undocumented.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14232)

show more ...

Add documentation for the macro OPENSSL_VERSION_PREREQ

This macro was added since 1.1.1 but had no associated documentation.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-

Add documentation for the macro OPENSSL_VERSION_PREREQ

This macro was added since 1.1.1 but had no associated documentation.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14232)

show more ...

Document OPENSSL_LH_flush()

The function OPENSSL_LH_flush() was added since 1.1.1 and was
undocumented. We also add documentation for some other OPENSSL_LH_*()
functions at the same

Document OPENSSL_LH_flush()

The function OPENSSL_LH_flush() was added since 1.1.1 and was
undocumented. We also add documentation for some other OPENSSL_LH_*()
functions at the same time.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14232)

show more ...

Suppress errors about undocumented asn1_d2i_read_bio

asn1_d2i_read_bio is exported by libcrypto but is only intended
for internal usage, and does not exist in our public headers.
The

Suppress errors about undocumented asn1_d2i_read_bio

asn1_d2i_read_bio is exported by libcrypto but is only intended
for internal usage, and does not exist in our public headers.
Therefore we suppress errors about it being a newly added
undocumented symbol.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14232)

show more ...

Fix -pkeyopt handling in apps/pkeyutl -rawin

The EVP_DigestSignInit and EVP_DigestVerifyInit actually have to
be initialized before EVP_PKEY_CTX_ctrl_str is invoked.
Otherwise, when

Fix -pkeyopt handling in apps/pkeyutl -rawin

The EVP_DigestSignInit and EVP_DigestVerifyInit actually have to
be initialized before EVP_PKEY_CTX_ctrl_str is invoked.
Otherwise, when the ctx not initialized, the ctrl command fails.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13828)

show more ...

Handle NULL result of ERR_reason_error_string() in some apps

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/op

Handle NULL result of ERR_reason_error_string() in some apps

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13920)

show more ...

Add EVP_PKEY_public_check_quick.

Adding the EVP_PKEY_param_check_quick() reminded me that there are also
partial checks for public keys as part of SP800-56A for FFC (DH named safe
pr

Add EVP_PKEY_public_check_quick.

Adding the EVP_PKEY_param_check_quick() reminded me that there are also
partial checks for public keys as part of SP800-56A for FFC (DH named safe
prime groups) and ECC. The code was mainly already there and just needed
to be plumbed into the validate methods.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14206)

show more ...

Fix external symbols for pkcs7.

Partial fix for #12964

This adds ossl_ names for symbols related to pkcs7_*

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from ht

Fix external symbols for pkcs7.

Partial fix for #12964

This adds ossl_ names for symbols related to pkcs7_*

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14241)

show more ...

Fix external symbols for cms.

Partial fix for #12964

This adds ossl_ names for symbols related to cms_* and ess_*

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged f

Fix external symbols for cms.

Partial fix for #12964

This adds ossl_ names for symbols related to cms_* and ess_*

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14241)

show more ...

-Wunused-function cleanup

core_dispatch.h seems to be the source of some compiler warnings with legacy applications in alpha12 now that it is implicitly exported via evp.h

Reviewed-

-Wunused-function cleanup

core_dispatch.h seems to be the source of some compiler warnings with legacy applications in alpha12 now that it is implicitly exported via evp.h

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14260)

show more ...

DECODER: Add better tracing of the chain walking process

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/opens

DECODER: Add better tracing of the chain walking process

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14233)

show more ...

DECODER: Use the data structure from the last decoder to select the next

Any decoder can now also declare the name of the data structure for
the object it decoded in the OSSL_PARAM array

DECODER: Use the data structure from the last decoder to select the next

Any decoder can now also declare the name of the data structure for
the object it decoded in the OSSL_PARAM array they pass back to the
decoding process. The decoding process will use that as another
criterion to select the next decoder in the chain to consider.

Together with declaring the data type, this becomes a means to refine
how the decoded data is treated along the chain.

Fixes #13539

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14233)

show more ...

Correct the return value of BIO_get_ktls_*().

BIO_get_ktls_send() and BIO_get_ktls_recv() are documented as
returning either 0 or 1. However, they were actually returning the
intern

Correct the return value of BIO_get_ktls_*().

BIO_get_ktls_send() and BIO_get_ktls_recv() are documented as
returning either 0 or 1. However, they were actually returning the
internal value of the associated BIO flag for the true case instead of
1.

Also trim redundant ternary operators.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14023)

show more ...

CMP: Fix total_timeout behavior; small doc and diagnostic improvements

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14019)

81-test_cmp_cli_data: fixup on CSR test cases

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14019)