Correctly display the signing/hmac algorithm in the dgst app

In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:

HMAC-SHA1(README.md)= 55315

Correctly display the signing/hmac algorithm in the dgst app

In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:

HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

Prior to this change master would instead display this like so:

SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

show more ...

Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate

Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx previously
initialised with EVP_DigestSignInit() would retain

Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate

Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx previously
initialised with EVP_DigestSignInit() would retain information about the
key, and re-initialise for another sign operation. To emulate that we
redirect calls to EVP_DigestInit() to EVP_DigestSignInit_ex() if
appropriate.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

show more ...

Don't send -1 as the length of the hmac key

The dgst app was using an undocumented behaviour in the
EVP_PKEY_new_raw_private_key() function when setting a key length for
a MAC. The o

Don't send -1 as the length of the hmac key

The dgst app was using an undocumented behaviour in the
EVP_PKEY_new_raw_private_key() function when setting a key length for
a MAC. The old EVP_PKEY to MAC bridge, probably by accident, converts a
-1 length to a strlen() call, by virtue of the fact that it eventually
calls ASN1_STRING_set() which has this feature.

As noted above this is undocumented, and unexpected since the len
parameter to EVP_PKEY_new_raw_private_key() is an unsigned value (size_t).
In the old bridge it was later (silently) cast to an int, and therefore
the original -1 value was restored. This only works because sizeof(int) <=
sizeof(size_t). If we ever run on a platform where sizeof(int) >
sizeof(size_t) then it would have failed. The behaviour also doesn't hold
for EVP_PKEY_new_raw_private_key() in general - only when the old MAC
bridge was in use.

Rather than restore the original behaviour I think it is best to simply
fix the dgst app to not assume it exists. We should not bake in this
backwards and inconsistent behaviour.

Fixes #12837

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

show more ...

Annotate potential -Wunused-function violations in err.h

Fixes #12792

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merge

Annotate potential -Wunused-function violations in err.h

Fixes #12792

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12851)

show more ...

Add a NULL check to EVP_PKEY_assign

Fixes #12619

Update p_lib.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Mer

Add a NULL check to EVP_PKEY_assign

Fixes #12619

Update p_lib.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12863)

show more ...

Update AES GCM IV max length to be 1024 bits (was 512)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12875)

undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openss

undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12013)

show more ...

Configurations/unix-Makefile.tmpl: Don't specify headers twice

When building in the source tree, a rebuilt Makefile detected both
include/openssl/foo.h.in and include/openssl/foo.h, so p

Configurations/unix-Makefile.tmpl: Don't specify headers twice

When building in the source tree, a rebuilt Makefile detected both
include/openssl/foo.h.in and include/openssl/foo.h, so promptly added
include/openssl/foo.h twice to the list of headers to parse in 'make
update'

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12882)

show more ...

OpenSSL::ParseC: recognise inline function bodies

Function bodies in headers weren't a thing when OpenSSL::ParseC was
created, at least not as clearly as they are nowadays. This module

OpenSSL::ParseC: recognise inline function bodies

Function bodies in headers weren't a thing when OpenSSL::ParseC was
created, at least not as clearly as they are nowadays. This module
must evolve to recognise them (and promptly ignore them).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12882)

show more ...

Add self tests for rsa encryption

SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption
using the RSA primitive (i.e. no padding). This is

Add self tests for rsa encryption

SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption
using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9

A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt()
are now in the fips module.

Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops().

Added corruption test

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12835)

show more ...

free memory use on error in cert verify

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/p

free memory use on error in cert verify

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)

show more ...

generate_cookie_callback: free temporary memory on an error path

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://git

generate_cookie_callback: free temporary memory on an error path

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)

show more ...

PKCS5 PBE: free allocations on unlikely / impossible failure path

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://gi

PKCS5 PBE: free allocations on unlikely / impossible failure path

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)

show more ...

PKCS#8: free data on error path in newpass_bag

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/op

PKCS#8: free data on error path in newpass_bag

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)

show more ...

DTLS: free allocated memory on error paths

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openss

DTLS: free allocated memory on error paths

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)

show more ...

prov/drbg: cleanup some RAND_DRBG leftovers

These are leftovers from the RAND_DRBG removal (#12509).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.co

prov/drbg: cleanup some RAND_DRBG leftovers

These are leftovers from the RAND_DRBG removal (#12509).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12866)

show more ...

prov/drbg: fix misspelling of '#ifdef FIPS_MODULE'

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12866)

EVP: Centralise fetching error reporting

Instead of sometimes, and sometimes not reporting an error in the
caller of EVP_XXX_fetch(), where the error may or may not be very
accurate,

EVP: Centralise fetching error reporting

Instead of sometimes, and sometimes not reporting an error in the
caller of EVP_XXX_fetch(), where the error may or may not be very
accurate, it's now centralised to the inner EVP fetch functionality.
It's made in such a way that it can determine if an error occured
because the algorithm in question is not there, or if something else
went wrong, and will report EVP_R_UNSUPPORTED_ALGORITHM for the
former, and EVP_R_FETCH_FAILED for the latter.

This helps our own test/evp_test.c when it tries to figure out why an
EVP_PKEY it tried to load failed to do so.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12857)

show more ...

Ignore unused return values from some sk_*() macros

Some compilers are very picky about unused return values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Pau

Ignore unused return values from some sk_*() macros

Some compilers are very picky about unused return values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

Don't complain about stack related macros

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/ope

Don't complain about stack related macros

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

Make 'make errors' work again

util/mkerr.pl detects if a header is now a '.in' template, and adjusts
the header file it reads accordingly.

Reviewed-by: Paul Dale <paul.dale@orac

Make 'make errors' work again

util/mkerr.pl detects if a header is now a '.in' template, and adjusts
the header file it reads accordingly.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

Make 'make ordinals' work again

'make ordinals' assumed that all headers reside in the source tree,
which is no longer true, now that we generate a number of them. This
needed some

Make 'make ordinals' work again

'make ordinals' assumed that all headers reside in the source tree,
which is no longer true, now that we generate a number of them. This
needed some refactoring.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

util/mknum.pl: Fix file opening

'or' has lower priority than '||' in perl, which affects evaluation order.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswel

util/mknum.pl: Fix file opening

'or' has lower priority than '||' in perl, which affects evaluation order.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

Streamline the safestack generated code

The safestack code generation was generating a little too much. Some of
it could be done with a normal macro.

Reviewed-by: Richard Levitt

Streamline the safestack generated code

The safestack code generation was generating a little too much. Some of
it could be done with a normal macro.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

Add a CHANGES entry for the safestack updates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl

Add a CHANGES entry for the safestack updates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...