TLS fixes for CBC mode and no-deprecated

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)

TLS: remove legacy code path supporting special CBC mode

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)

legacy: include MD5 code in legacy provider

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)

Deprecate SHA and MD5 again.

This reverts commit a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl

Deprecate SHA and MD5 again.

This reverts commit a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)

show more ...

Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pu

Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)

show more ...

Add 4 new OIDs for PKIX key purposes and 3 new CMP information types

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12807)

TEST: modify test/endecode_test.c to not use legacy keys

Now that PEM_write_bio_PrivateKey_traditional() can handle
provider-native EVP_PKEYs, we don't need to use explicitly legacy

TEST: modify test/endecode_test.c to not use legacy keys

Now that PEM_write_bio_PrivateKey_traditional() can handle
provider-native EVP_PKEYs, we don't need to use explicitly legacy
ones.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12738)

show more ...

PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys

PEM_write_bio_PrivateKey_traditional() didn't handle provider-native
keys very well. Originally, it would si

PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys

PEM_write_bio_PrivateKey_traditional() didn't handle provider-native
keys very well. Originally, it would simply use the corresponding
encoder, which is likely to output modern PEM (not "traditional").

PEM_write_bio_PrivateKey_traditional() is now changed to try and get a
legacy copy of the input EVP_PKEY, and use that copy for traditional
output, if it has such support.

Internally, evp_pkey_copy_downgraded() is added, to be used when
evp_pkey_downgrade() is too intrusive for what it's needed for.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12738)

show more ...

Add CMS AuthEnvelopedData with AES-GCM support

Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM
parameter as defined in RFC 5084.

Reviewed-by: Shane Lontis <shane.l

Add CMS AuthEnvelopedData with AES-GCM support

Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM
parameter as defined in RFC 5084.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8024)

show more ...

apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/127

apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)

show more ...

apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pul

apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)

show more ...

OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/

OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)

show more ...

EVP: Move the functions and controls for setting and getting distid

Those functions were located in the EC files, but is really broader
than that, even thought currently only used for SM

EVP: Move the functions and controls for setting and getting distid

Those functions were located in the EC files, but is really broader
than that, even thought currently only used for SM2. They should
therefore be in a more central location, which was also indicated by
diverse TODOs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)

show more ...

EVP: Expand the use of EVP_PKEY_CTX_md()

Setting a hash function was reserved for signature operations.
However, it turns out that SM2 uses a hash function for encryption and
decrypt

EVP: Expand the use of EVP_PKEY_CTX_md()

Setting a hash function was reserved for signature operations.
However, it turns out that SM2 uses a hash function for encryption and
decryption as well.
Therefore, EVP_PKEY_CTX_md() must be called with an expanded operation
type combination that includes EVP_PKEY_OP_TYPE_CRYPT when used in a
generic way.

For SM2, test/recipes/30-test_evp_data/evppkey_sm2.txt is expanded to
test decryption both with an implicit and an explicit digest.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)

show more ...

EVP: Add support for delayed EVP_PKEY operation parameters

They get called "delayed parameters" because they may make it to the
implementation at a later time than when they're given.

EVP: Add support for delayed EVP_PKEY operation parameters

They get called "delayed parameters" because they may make it to the
implementation at a later time than when they're given.

This currently only covers the distinguished ID, as that's the only
EVP_PKEY operation parameter so far that has been possible to give
before the operation has been initialized.

This includes a re-implementation of EVP_PKEY_CTX_set1_id(),
EVP_PKEY_CTX_get1_id(), and EVP_PKEY_CTX_get1_id_len().

Also, the more rigorous controls of keytype and optype are restored.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)

show more ...

New GOST PKCS12 standard support

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12780)

Fix test/evp_extra_test.c

Because EVP_PKEY_CTX_new_from_name() could return a non-NULL context
with no value in it, the lack of legacy implementation when OpenSSL
was configured with

Fix test/evp_extra_test.c

Because EVP_PKEY_CTX_new_from_name() could return a non-NULL context
with no value in it, the lack of legacy implementation when OpenSSL
was configured with 'no-ec' went through undetected. This adds the
necessary guards to skip a test of SM2 in that case.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12785)

show more ...

EVP: Don't shadow EVP_PKEY_CTX_new* error records

There are places that add an ERR_R_MALLOC_FAILURE record when any of
EVP_PKEY_CTX_new*() return NULL, which is 1) inaccurate, and 2)

EVP: Don't shadow EVP_PKEY_CTX_new* error records

There are places that add an ERR_R_MALLOC_FAILURE record when any of
EVP_PKEY_CTX_new*() return NULL, which is 1) inaccurate, and 2)
shadows the more accurate error record generated when trying to create
the EVP_PKEY_CTX.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12785)

show more ...

EVP: Preserve the EVP_PKEY id in a few more spots

As long as there are internal legacy keys for EVP_PKEY, we need to preserve
the EVP_PKEY numeric identity when generating a key, and whe

EVP: Preserve the EVP_PKEY id in a few more spots

As long as there are internal legacy keys for EVP_PKEY, we need to preserve
the EVP_PKEY numeric identity when generating a key, and when creating the
EVP_PKEY_CTX.

For added consistency, the EVP_PKEY_CTX contructor tries a little
harder to find a EVP_PKEY_METHOD. Otherwise, we may run into
situations where the EVP_PKEY_CTX ends up having no associated methods
at all.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12785)

show more ...

Use return code for 'which command' checks

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.c

Use return code for 'which command' checks

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12775)

show more ...

Fix memory leaks in conf_def.c

Fixes #12471
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lo

Fix memory leaks in conf_def.c

Fixes #12471
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12533)

show more ...

Building: Build Unix static libraries one object file at a time

We're hitting problems that the 'ar' command line becomes too long for
some 'make' versions, or the shell it uses.

Building: Build Unix static libraries one object file at a time

We're hitting problems that the 'ar' command line becomes too long for
some 'make' versions, or the shell it uses.

We therefore change the way we create a static library by doing so one
object file at a time. This is slower, but has better guarantees to
work properly on limited systems.

Fixes #12116

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12706)

show more ...

DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12389)

DOC: Modify one example in EVP_PKEY_fromdata(3)

The example to create an EC key from user data didn't show what one
could expect and application to do, especially with regard to how it's

DOC: Modify one example in EVP_PKEY_fromdata(3)

The example to create an EC key from user data didn't show what one
could expect and application to do, especially with regard to how it's
done with raw EC functions. We therefore refactor it to make proper
use of a BIGNUM where expected, and also use OSSL_PARAM_BLD(3) for
easier handling of the OSSL_PARAM array.

Fixes #12388

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12389)

show more ...

Cleanup deprecation of ENGINE_setup_bsd_cryptodev

CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https:/

Cleanup deprecation of ENGINE_setup_bsd_cryptodev

CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12793)

show more ...