Update doc for EVP_PKEY_CTX_set_ec_param_enc()

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/opens

Update doc for EVP_PKEY_CTX_set_ec_param_enc()

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12853)

show more ...

EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers

Fixes #12852

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.c

EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers

Fixes #12852

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12853)

show more ...

dev/release.sh: Rework to be smoother

It now creates all the necessary feature branches for github in your
repository, making the cloned sub-directory unnecessary for post-release
pu

dev/release.sh: Rework to be smoother

It now creates all the necessary feature branches for github in your
repository, making the cloned sub-directory unnecessary for post-release
purposes.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12614)

show more ...

keygen: add FIPS error state management to conditional self tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://gith

keygen: add FIPS error state management to conditional self tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

CRNGT: enter FIPS error state if the test fails

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

FIPS: error mode is set from failed self tests and produced a limited number of errors when algorithm accesses are attempted

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from htt

FIPS: error mode is set from failed self tests and produced a limited number of errors when algorithm accesses are attempted

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

ciphers: add FIPS error state handling

The functions that check for the provider being runnable are: new, init, final
and dupctx.

Reviewed-by: Matt Caswell <matt@openssl.org>

ciphers: add FIPS error state handling

The functions that check for the provider being runnable are: new, init, final
and dupctx.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

keymgmt: add FIPS error state handling

The functions that check for the provider being runnable are: new, gen_init,
gen, gen_set_template, load, has, match, validate, import and export.

keymgmt: add FIPS error state handling

The functions that check for the provider being runnable are: new, gen_init,
gen, gen_set_template, load, has, match, validate, import and export.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

signature: add FIPS error state handling

The functions that check for the provider being runnable are: newctx, dupctx,
sign init, sign, verify init, verify, verify recover init, verify r

signature: add FIPS error state handling

The functions that check for the provider being runnable are: newctx, dupctx,
sign init, sign, verify init, verify, verify recover init, verify recover,
digest sign init, digest sign final, digest verify init and digest verify final.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

exchange: add FIPS error state handling

The functions that check for the provider being runnable are: newctx, dupctx,
init, derive and set peer.

Reviewed-by: Matt Caswell <matt@

exchange: add FIPS error state handling

The functions that check for the provider being runnable are: newctx, dupctx,
init, derive and set peer.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

kdf: add FIPS error state handling

Check for provider being disabled on new and derive.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/open

kdf: add FIPS error state handling

Check for provider being disabled on new and derive.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

mac: add FIPS error state handling

Check for provider being runnable in new, dup, init and final calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.

mac: add FIPS error state handling

Check for provider being runnable in new, dup, init and final calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

rand: add FIPS error state handling

Check for provider being runnable in instantiate, reseed, generate and new calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from h

rand: add FIPS error state handling

Check for provider being runnable in instantiate, reseed, generate and new calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

asymciphers: add FIPS error state handling

Check for provider being runnable in newctx, init, encrypt and decrypt.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from http

asymciphers: add FIPS error state handling

Check for provider being runnable in newctx, init, encrypt and decrypt.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

digests: add FIPS error state handling

Check for providering being runnable in init, final, newctx and dupctx.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://

digests: add FIPS error state handling

Check for providering being runnable in init, final, newctx and dupctx.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

FIPS: rename the status call to is_running.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

provider: add an 'is_running' call to all providers.

It can be accessed (read only) via the status parameter.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://g

provider: add an 'is_running' call to all providers.

It can be accessed (read only) via the status parameter.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

show more ...

Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)

Fix coverity issue: CID 1466482 - Resource leak in OSSL_STORE_SEARCH_by_key_fingerprint()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openss

Fix coverity issue: CID 1466482 - Resource leak in OSSL_STORE_SEARCH_by_key_fingerprint()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)

show more ...

Fix coverity issue: CID 1466483 - Improper use of Negative value in dh_ctrl.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)

Fix coverity issue: CID 1466484 - Remove dead code in PKCS7_dataInit()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)

Fix coverity issue: CID 1466485 - Explicit NULL dereference in OSSL_STORE_find()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12

Fix coverity issue: CID 1466485 - Explicit NULL dereference in OSSL_STORE_find()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)

show more ...

Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE

Note that although this is a false positive currently, it could become possible if any of the methods called
change behaviou

Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE

Note that although this is a false positive currently, it could become possible if any of the methods called
change behaviour - so it is safer to add the fix than to ignore it. Added a simple test so that I could prove this was the case.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)

show more ...

OSSL_DECODER 'decode' function must never be NULL.

The conditions for a valid implementation allowed the 'decode'
function to be NULL or the 'export_object' was NULL. That condition

OSSL_DECODER 'decode' function must never be NULL.

The conditions for a valid implementation allowed the 'decode'
function to be NULL or the 'export_object' was NULL. That condition
is changed so that 'decode' is checked to be non-NULL by itself.

Fixes #12819

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12849)

show more ...

TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t

On most systems, there is no E macro for errcode zero in <errno.h>,
which means that it seldom comes up here. However, re

TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t

On most systems, there is no E macro for errcode zero in <errno.h>,
which means that it seldom comes up here. However, reports indicate
that some platforms do have an E macro for errcode zero.
With perl, errcode zero is a bit special. Perl consistently gives
the empty string for that one, while the C strerror() may give back
something else. The easiest way to deal with that possible mismatch
is to skip this errcode.

Fixes #12798

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12799)

show more ...