DECODER: Add tracing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

DECODER: Add input structure support for EVP_PKEY decoding

OSSL_DECODER_CTX_new_by_EVP_PKEY() takes one more argument to express
the desired outermost structure for the input.

R

DECODER: Add input structure support for EVP_PKEY decoding

OSSL_DECODER_CTX_new_by_EVP_PKEY() takes one more argument to express
the desired outermost structure for the input.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

show more ...

DECODER: Add support for OSSL_FUNC_decoder_does_selection()

OSSL_FUNC_decoder_does_selection() is a dispatchable decoder implementation
function that should return 1 if the given |select

DECODER: Add support for OSSL_FUNC_decoder_does_selection()

OSSL_FUNC_decoder_does_selection() is a dispatchable decoder implementation
function that should return 1 if the given |selection| is supported by an
decoder implementation and 0 if not. This can be used by libcrypto
functionality to figure out if an encoder implementation should be
considered or not.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

show more ...

DECODER: Add support for specifying the outermost input structure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

25-test_x509.t: Re-add and improve a test on non-existence of ASN.1 parse errors

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13353)

cmp_msg.c: Use issuer of reference cert as default issuer entry in certTemplate

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Mer

cmp_msg.c: Use issuer of reference cert as default issuer entry in certTemplate

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13357)

show more ...

Add support for making all of KBKDF FixedInput fields optional.

Added settable integer parameters OSSL_KDF_PARAM_KBKDF_USE_L, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR.
This is required for CAV

Add support for making all of KBKDF FixedInput fields optional.

Added settable integer parameters OSSL_KDF_PARAM_KBKDF_USE_L, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR.
This is required for CAVS tests that only use a combined blob of
inputdata. A test showing this use case has been added.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13258)

show more ...

Remove some redundant error messages in the apps

We change the load_key() and load_pubkey() functions to make them more
consistent with the load_keyparams() function modified as a result

Remove some redundant error messages in the apps

We change the load_key() and load_pubkey() functions to make them more
consistent with the load_keyparams() function modified as a result of
PR #13317.

The error message on a NULL key is removed, because an error message has
already been displayed by load_key_certs_crls().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13355)

show more ...

Fix the reading of DSA parameters files using the dsaparam app

DSA parameters files were failing to load correctly. We also fix a number
of follow on issues which resulted in multiple si

Fix the reading of DSA parameters files using the dsaparam app

DSA parameters files were failing to load correctly. We also fix a number
of follow on issues which resulted in multiple similar errors messages
being displayed for the same problem, as well as a seg-fault.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13317)

show more ...

Document pkcs12 alg NONE

To generate unencrypted PKCS#12 file it is needed to use options: -keypbe NONE -certpbe NONE

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.

Document pkcs12 alg NONE

To generate unencrypted PKCS#12 file it is needed to use options: -keypbe NONE -certpbe NONE

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12426)

show more ...

openssl-cmp.pod.in: Clean up doc of -verify_email, -verify_hostname, and -verify_ip

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1293

openssl-cmp.pod.in: Clean up doc of -verify_email, -verify_hostname, and -verify_ip

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

show more ...

openssl.pod: Improve doc of -verify_email, -verify_hostname, and -verify_ip

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

openssl-*.pod.in: Prevent newlines on empty engine_synopsis causing layout errors

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

openssl-cmp.pod.in: Align order of options with apps/cmp.c; improve structuring of SYNOPSIS

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/p

openssl-cmp.pod.in: Align order of options with apps/cmp.c; improve structuring of SYNOPSIS

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

show more ...

apps/cmp.c: Improve order of -path option: just after -server

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

PEM: Always use PEM_def_callback() when cb == NULL in pem_read_bio_key()

Too many other functions depend on this being done.

Fixes #13340

Reviewed-by: Paul Dale <paul.dale@

PEM: Always use PEM_def_callback() when cb == NULL in pem_read_bio_key()

Too many other functions depend on this being done.

Fixes #13340

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13346)

show more ...

UI: Use OPENSSL_zalloc() in general_allocate_prompt()

This is to ensure that fields we don't set explicitly are always zero.

Fixes #13340

Reviewed-by: Paul Dale <paul.dale@

UI: Use OPENSSL_zalloc() in general_allocate_prompt()

This is to ensure that fields we don't set explicitly are always zero.

Fixes #13340

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13346)

show more ...

Fix REF_PRINT_COUNT argument in ecx_key_free

Currently, when configuring OpenSSL using -DREF_PRINT the following
compilation error is generated:

In file included from include/cr

Fix REF_PRINT_COUNT argument in ecx_key_free

Currently, when configuring OpenSSL using -DREF_PRINT the following
compilation error is generated:

In file included from include/crypto/ecx.h:21,
from crypto/ec/ecx_key.c:11:
crypto/ec/ecx_key.c: In function 'ecx_key_free':
crypto/ec/ecx_key.c:65:32: error: 'r' undeclared
(first use in this function)
65 | REF_PRINT_COUNT("ECX_KEY", r);
| ^
include/internal/refcount.h:169:40: note: in definition of macro
'REF_PRINT_COUNT'
169 | fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
| ^
crypto/ec/ecx_key.c:65:32: note: each undeclared identifier is reported
only once for each function it appears in
65 | REF_PRINT_COUNT("ECX_KEY", r);
| ^
include/internal/refcount.h:169:40: note: in definition of macro
'REF_PRINT_COUNT'
169 | fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
| ^
make[1]: *** [Makefile:14929: crypto/ec/libcrypto-lib-ecx_key.o] Error 1

This commit updates the argument passed in to be the ECX_KEY* key.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13298)

show more ...

Remove test that breaks on AIX.

The offending test checks that fopen("anydir/") fails. This looks fairly platform
specific. For the test involved this creates a file called
"anydir"

Remove test that breaks on AIX.

The offending test checks that fopen("anydir/") fails. This looks fairly platform
specific. For the test involved this creates a file called
"anydir" on an AIX test machine.

This change was introduced on (Sept 24)
https://github.com/openssl/openssl/commit/29844ea5b3d2b7240d99b043a0d82cb177f0762d

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13309)

show more ...

This should fix a lock-order-inversion

Calling OPENSSL_init_crypto before acquiring the
ossl_property_read_lock in ossl_method_store_fetch
makes the second call to OPENSSL_init_crypt

This should fix a lock-order-inversion

Calling OPENSSL_init_crypto before acquiring the
ossl_property_read_lock in ossl_method_store_fetch
makes the second call to OPENSSL_init_crypto
from ossl_ctx_global_properties unnecessary.

Fixes #12869

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13321)

show more ...

test/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check

With our providers, RSA now supports public key check and key parameter check.

Reviewed-by: Matt Cas

test/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check

With our providers, RSA now supports public key check and key parameter check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)

show more ...

EVP: Have all EVP_PKEY check functions export to provider if possible

Fixes #13322

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

EVP: Have all EVP_PKEY check functions export to provider if possible

Fixes #13322

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)

show more ...

Fix test/recipes/80-test_ca.t to skip_all properly in a subtest

It's perfectlt ok to 'plan skip_all' in a subtest, but in that case,
it must really be inside the subtest.

Fixes

Fix test/recipes/80-test_ca.t to skip_all properly in a subtest

It's perfectlt ok to 'plan skip_all' in a subtest, but in that case,
it must really be inside the subtest.

Fixes #13330

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13331)

show more ...

Correct system guessing for solaris64-x86_64-* targets

Previously the system guessing script was choosing a target that did not
exist for these platforms.

Fixes #13323

Correct system guessing for solaris64-x86_64-* targets

Previously the system guessing script was choosing a target that did not
exist for these platforms.

Fixes #13323

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13327)

show more ...

Don't complain about uninitialized values when running Configure

If a system understands `uname -X` then the Configure script will attempt
to use uninitialized values.

Reviewed-

Don't complain about uninitialized values when running Configure

If a system understands `uname -X` then the Configure script will attempt
to use uninitialized values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13327)

show more ...