Ensure that _GNU_SOURCE is defined for NI_MAXHOST and NI_MAXSERV

Since glibc 2.8, these defines like `NI_MAXHOST` are exposed only
if suitable feature test macros are defined, namely: _G

Ensure that _GNU_SOURCE is defined for NI_MAXHOST and NI_MAXSERV

Since glibc 2.8, these defines like `NI_MAXHOST` are exposed only
if suitable feature test macros are defined, namely: _GNU_SOURCE,
_DEFAULT_SOURCE (since glibc 2.19), or _BSD_SOURCE or _SVID_SOURCE
(before glibc 2.19), see GETNAMEINFO(3).

CLA: trivial
Fixes #13049

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13054)

show more ...

Fix segfault on missing provider_query_operation()

A provider without `provider_query_operation()` is admittedly quite
useless, yet technically the base provider functions are not mandat

Fix segfault on missing provider_query_operation()

A provider without `provider_query_operation()` is admittedly quite
useless, yet technically the base provider functions are not mandatory
according to our documentation.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13058)

show more ...

TLS AEAD ciphers: more bytes for key_block than needed

Fixes #12007
The key_block length was not written to trace, thus it was not obvious
that extra key_bytes were generated for TLS

TLS AEAD ciphers: more bytes for key_block than needed

Fixes #12007
The key_block length was not written to trace, thus it was not obvious
that extra key_bytes were generated for TLS AEAD.

The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers
to figure out how many bytes from the key_block were needed for the IV.
The correct way was to take cipher mode (GCM, CCM, etc) into
consideration rather than simply callin the general function
EVP_CIPHER_iv_length.

The new function tls_iv_length_within_key_block takes this into
consideration.

Besides that, the order of addendums was counter-intuitive MAC length
was second, but it have to be first to correspond the order given in the RFC.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13035)

show more ...

EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use

We've had explicit checks for when to fall back to legacy code for
operations that use an EVP_PKEY. Unfortunately, t

EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use

We've had explicit checks for when to fall back to legacy code for
operations that use an EVP_PKEY. Unfortunately, the checks were
radically different in different spots, so we refactor that into a
macro that gets used everywhere.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13043)

show more ...

Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2

Was detected via test_req_distinguishing_id() with config having no-ec but not no-sm2

Reviewed-by:

Fix memory leak in req_cb() of x_req.c - handle distinguishing_id also with NO_SM2

Was detected via test_req_distinguishing_id() with config having no-ec but not no-sm2

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13021)

show more ...

Fix some things the rename script didn't quite get right

The previous commit ran an automated rename throughout the codebase.
There are a small number of things it didn't quite get right

Fix some things the rename script didn't quite get right

The previous commit ran an automated rename throughout the codebase.
There are a small number of things it didn't quite get right so we fix
those in this commit.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

Perl util to do with_libctx renaming

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

der: _ossl prefix der_oid_ and der_aid_ functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13038)

der: _ossl prefix DER functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13038)

rsa_mp_coeff_names should only have one entry in it for fips mode.

Reported by Tim Hudson

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl

rsa_mp_coeff_names should only have one entry in it for fips mode.

Reported by Tim Hudson

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13011)

show more ...

prov: prefix all exposed 'cipher' symbols with ossl_

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13030)

prov: prefix aes-cbc-cts functions with ossl_

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13030)

check-format.pl: Allow nested indentation of labels (not only at line pos 1)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13019)

check-format.pl: Extend exceptions for no SPC after trailing ';' in 'for (...;)'

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13019)

check-format.pl: Document how to run positive and negative self-tests

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13019)

EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull

EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13023)

show more ...

Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc.

Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t

Reviewed-

Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc.

Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13023)

show more ...

25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/130

25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13023)

show more ...

Configure: handle undefined shared_target.

Some very basic config targets don't defined the 'shared_target'
attribute at all. This wasn't handled well enough in Configure.
This also

Configure: handle undefined shared_target.

Some very basic config targets don't defined the 'shared_target'
attribute at all. This wasn't handled well enough in Configure.
This also cleans away an explicit reference to the ossltest engine in
Configurations/unix-Makefile.tmpl, which isn't necessary since the
build.info attributes were added.

Fixes openssl/web#197

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13031)

show more ...

prov: prefix provider internal functions with ossl_

Also convert the names to lower case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/open

prov: prefix provider internal functions with ossl_

Also convert the names to lower case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13014)

show more ...

prov: prefix all OSSL_DISPATCH tables names with ossl_

This stops them leaking into other namespaces in a static build.
They remain internal.

Reviewed-by: Richard Levitte <levit

prov: prefix all OSSL_DISPATCH tables names with ossl_

This stops them leaking into other namespaces in a static build.
They remain internal.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13013)

show more ...

30-test_evp.t: On no-dh, no-dsa, no-ec, no-sm2, and no-gost configurations disable respective tests

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/

30-test_evp.t: On no-dh, no-dsa, no-ec, no-sm2, and no-gost configurations disable respective tests

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13022)

show more ...

appveyor.yml: Clean up minimal configuration, adding no-ec and pruning cascaded no-*

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13

appveyor.yml: Clean up minimal configuration, adding no-ec and pruning cascaded no-*

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13022)

show more ...

rand: declare get_hardware_random_value() before use.

Introduced by #12923

Fixes #13004

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openss

rand: declare get_hardware_random_value() before use.

Introduced by #12923

Fixes #13004

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13005)

show more ...