Deprecate the low level SRP APIs

The OTC decided that all low level APIs should be deprecated. This extends
to SRP, even though at the current time there is no "EVP" interface to it.

Deprecate the low level SRP APIs

The OTC decided that all low level APIs should be deprecated. This extends
to SRP, even though at the current time there is no "EVP" interface to it.
This could be added in a future release.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)

show more ...

Add OID for draft-ietf-opsawg-finding-geofeeds detached CMS signature

RFC 8805 Geofeed files can be authenticated with RPKI

CLA: trivial

Reviewed-by: Shane Lontis <shane.lo

Add OID for draft-ietf-opsawg-finding-geofeeds detached CMS signature

RFC 8805 Geofeed files can be authenticated with RPKI

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14050)

show more ...

Add a configure time option to disable the fetch cache.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.co

Add a configure time option to disable the fetch cache.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

test: add import and export key management hooks for the TLS provider.

Without these hooks, if the TLS provider isn't matched in the fetch cache, a test
failure will occur in the TLS API

test: add import and export key management hooks for the TLS provider.

Without these hooks, if the TLS provider isn't matched in the fetch cache, a test
failure will occur in the TLS API tests. Without allowing import and export, an
existing key can not move to a new key manager even if it is really the same.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

test: filter provider honours the no_cache setting.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

test: filter provider honours the no_cache setting.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

changes: add a CHANGES.md entry for the OSSL_FORCE_NO_CACHE_FETCH option.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

changes: add a CHANGES.md entry for the OSSL_FORCE_NO_CACHE_FETCH option.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

test: fix no-cache problem with the quality comparison for KDFs.

In a caching world, it's fine to compare the pointers directly. In a
non-caching world, the names and providers need to

test: fix no-cache problem with the quality comparison for KDFs.

In a caching world, it's fine to compare the pointers directly. In a
non-caching world, the names and providers need to be compared.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

EVP: fix reference counting for EVP_CIPHER.

Under some circumstances, the reference count for a cipher wasn't updated
properly. This shows up best when fetches are not being queried but

EVP: fix reference counting for EVP_CIPHER.

Under some circumstances, the reference count for a cipher wasn't updated
properly. This shows up best when fetches are not being queried but would be
possible if the cache flushed at a bad time.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

Prov: add an option to force provider fetches to not be cached.

If the macro OSSL_FORCE_NO_CACHE_FETCH is defined, no provider will have its
fetches cached.

Reviewed-by: Shane L

Prov: add an option to force provider fetches to not be cached.

If the macro OSSL_FORCE_NO_CACHE_FETCH is defined, no provider will have its
fetches cached.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

CI: add a non-caching CI loop

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/141

CI: add a non-caching CI loop

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

EVP: fix reference counting for digest operations.

The reference count wasn't being incremented but the EVP_MD pointer was being
held. In a no cache build, this resulted in a failure on

EVP: fix reference counting for digest operations.

The reference count wasn't being incremented but the EVP_MD pointer was being
held. In a no cache build, this resulted in a failure on update in some
circumstances.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)

show more ...

Allow -rand to be repeated

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from

Allow -rand to be repeated

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)

show more ...

Fetch cipher after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(M

Fetch cipher after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)

show more ...

Process digest option after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.or

Process digest option after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)

show more ...

Load rand state after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Load rand state after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)

show more ...

Fetch alg, etc., after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Fetch alg, etc., after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)

show more ...

Fetch algorithm after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Fetch algorithm after loading providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)

show more ...

test: add an option to output timing information from tests.

Fixes #14141

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

test: add an option to output timing information from tests.

Fixes #14141

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14149)

show more ...

X509_STORE_CTX_cleanup(): Use internally so no need to call explicitly

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14088)

X509_STORE_CTX_get1_issuer(): Make preference on expired certs consistent with find_issuer()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

X509_STORE_CTX_get1_issuer(): Make preference on expired certs consistent with find_issuer()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14130)

show more ...

x509_vfy.c: Make chain_build() error diagnostics to the point

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14094)

Rename internal providercommonerr.h to less mouthful proverr.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis

Rename internal providercommonerr.h to less mouthful proverr.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)

show more ...

Various cleanup of PROV_R_ reason codes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.c

Various cleanup of PROV_R_ reason codes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)

show more ...

Move the PROV_R reason codes to a public header

The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications

Move the PROV_R reason codes to a public header

The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications
or third party providers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)

show more ...

Match description with actual output of dgst

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.

Match description with actual output of dgst

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14089)

show more ...