oweals/openssl.git
4 years agoCorrect error output of parse_name() in apps/lib/apps.c and apps/cmp.c
Dr. David von Oheimb [Wed, 20 May 2020 07:14:30 +0000 (09:14 +0200)]
Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

4 years agoCheck expected sender not only for signature-protected CMP messages
Dr. David von Oheimb [Wed, 20 May 2020 06:11:47 +0000 (08:11 +0200)]
Check expected sender not only for signature-protected CMP messages

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

4 years agoImprove description of -trusted, -srvcert, -recipient, and -expect_sender CMP options
Dr. David von Oheimb [Tue, 19 May 2020 07:47:46 +0000 (09:47 +0200)]
Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

4 years agoStreamline the approach to set CMP message recipient and expected sender
Dr. David von Oheimb [Tue, 19 May 2020 10:30:11 +0000 (12:30 +0200)]
Streamline the approach to set CMP message recipient and expected sender

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

4 years agoFix too strict checks of ossl_cmp_calc_protection()
Dr. David von Oheimb [Mon, 18 May 2020 08:50:30 +0000 (10:50 +0200)]
Fix too strict checks of ossl_cmp_calc_protection()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

4 years agoGuard new header mac.h against C++isms.
Pauli [Thu, 11 Jun 2020 22:48:06 +0000 (08:48 +1000)]
Guard new header mac.h against C++isms.

[extended tests]

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12121)

4 years agoFix two additional instances of the old EVP_MAC_CTX_ functions being used.
Pauli [Thu, 11 Jun 2020 21:49:18 +0000 (07:49 +1000)]
Fix two additional instances of the old EVP_MAC_CTX_ functions being used.

[extended tests]

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12121)

4 years agoUse the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs.
John Baldwin [Wed, 10 Jun 2020 22:19:00 +0000 (15:19 -0700)]
Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs.

BSD-generic32 already uses this for building shared libraries on other
32-bit BSD platforms.  Commit b7efa56 collapsed various *BSD targets
down to the BSD-generic ones and BSD-x86.  At the time only
OpenBSD/i386 used `bsd-shared` while both FreeBSD and NetBSD used
`bsd-gcc-shared`.  In practice, all of the BSDs are using either a
GCC/ld.bfd toolchain or a clang/lld toolchain both of which are
compatible with 'bsd-gcc-shared'.

Retire 'bsd-shared' since this removes the last user.

Fixes #12050.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12110)

4 years agodoc: Add a hint to man3/EVP_$hash that it is legacy
Sebastian Andrzej Siewior [Sat, 6 Jun 2020 16:22:04 +0000 (18:22 +0200)]
doc: Add a hint to man3/EVP_$hash that it is legacy

Some hash algorithms are only provided by the legacy provider. This
information is not mentioned in EVP_md4(3) for md4 and one might wonder
why it is no longer working.

Add a note to the EVP_ man page for md2, md4, mdc2, ripemd160 and
whirlpool that it is only available with the legacy provider.

Fixes #11650

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)

4 years agoAPPS: Use a second EVP_MD_CTX for EdDSA verify
Sebastian Andrzej Siewior [Sat, 6 Jun 2020 15:21:15 +0000 (17:21 +0200)]
APPS: Use a second EVP_MD_CTX for EdDSA verify

Verify for the two EdDSA algorithms fails in "speed eddsa".
It appears that the same ctx can not be used for the sign and verify
process.

Create a second EVP_MD_CTX for the verify purpose.

Fixes #11650

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)

4 years agoAPPS: Exclude legacy algorighms from speed
Sebastian Andrzej Siewior [Sat, 6 Jun 2020 12:35:57 +0000 (14:35 +0200)]
APPS: Exclude legacy algorighms from speed

Legacy crypto algorithms are not provided by the default "provider"
leading to a warning.
Remove legacy algorithms from the set that is tested by default. The
algorihms can be tested manually if selected manually and using the
legacy provider.

Fixes #11650

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)

4 years agoThe EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
Pauli [Mon, 8 Jun 2020 22:53:05 +0000 (08:53 +1000)]
The EVP_MAC functions have been renamed for consistency.  The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.

Before 3.0 is released, the names are mutable and this prevents more
inconsistencies being introduced.

There are no functional or code changes.
Just the renaming and a little reformatting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11997)

4 years agokdf: make function naming consistent.
Pauli [Mon, 8 Jun 2020 23:10:41 +0000 (09:10 +1000)]
kdf: make function naming consistent.

The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11996)

4 years agoMake it clear that you can't use all ciphers for CMAC
Matt Caswell [Wed, 27 May 2020 10:50:05 +0000 (11:50 +0100)]
Make it clear that you can't use all ciphers for CMAC

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)

4 years agoAdd a CMAC test
Matt Caswell [Wed, 27 May 2020 10:40:24 +0000 (11:40 +0100)]
Add a CMAC test

We did not have a test of the low level CMAC APIs so we add one. This is
heavily based on the HMAC test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)

4 years agoCorrectly handle the return value from EVP_Cipher() in the CMAC code
Matt Caswell [Wed, 27 May 2020 10:38:39 +0000 (11:38 +0100)]
Correctly handle the return value from EVP_Cipher() in the CMAC code

EVP_Cipher() is a very low level routine that directly calls the
underlying cipher function. It's return value semantics are very odd.
Depending on the type of cipher 0 or -1 is returned on error. We should
just check for <=0 for a failure.

Fixes #11957

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)

4 years agoEnsure we never use a partially initialised CMAC_CTX
Matt Caswell [Wed, 27 May 2020 10:37:39 +0000 (11:37 +0100)]
Ensure we never use a partially initialised CMAC_CTX

If the CMAC_CTX is partially initialised then we make a note of this so
that future operations will fail if the initialisation has not been
completed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)

4 years agorun_tests.pl: Add options for focussing output on failed (sub-)tests
Dr. David von Oheimb [Mon, 8 Jun 2020 11:40:34 +0000 (13:40 +0200)]
run_tests.pl: Add options for focussing output on failed (sub-)tests

VERBOSE_FAILURES_ONLY (VFO): verbose output only of failed (sub-)tests
VERBOSE_FAILURES_PROGRESS (VFP): in addition summary for passed tests
This adds a workaroud for TAP::Parser not coping well with indentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12088)

4 years agoMake error output of dhparams and dsaparams app more consistent
Dr. David von Oheimb [Fri, 5 Jun 2020 19:40:28 +0000 (21:40 +0200)]
Make error output of dhparams and dsaparams app more consistent

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12062)

4 years agoGenerate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA
Dr. David von Oheimb [Fri, 5 Jun 2020 19:27:34 +0000 (21:27 +0200)]
Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12062)

4 years agoSilence gcc false positive warning on refdatalen in test/tls13encryptiontest.c
Dr. David von Oheimb [Fri, 5 Jun 2020 14:42:39 +0000 (16:42 +0200)]
Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12042)

4 years agoSilence gcc false positive warning on alpn_protos_len in test/handshake_helper.c
Dr. David von Oheimb [Thu, 4 Jun 2020 10:37:50 +0000 (12:37 +0200)]
Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12042)

4 years agoUpdate RSA keygen to use sp800-56b by default
Shane Lontis [Tue, 9 Jun 2020 22:59:56 +0000 (08:59 +1000)]
Update RSA keygen to use sp800-56b by default

Fixes #11742
Fixes #11764

The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048.
Insecure key lengths and mutltiprime RSA will use the old method.

Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11765)

4 years agoAdd a test for renegotiation with EXTMS dropped
Tomas Mraz [Fri, 5 Jun 2020 08:50:25 +0000 (10:50 +0200)]
Add a test for renegotiation with EXTMS dropped

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)

4 years agoDo not allow dropping Extended Master Secret extension on renegotiaton
Tomas Mraz [Thu, 4 Jun 2020 09:40:29 +0000 (11:40 +0200)]
Do not allow dropping Extended Master Secret extension on renegotiaton

Abort renegotiation if server receives client hello with Extended Master
Secret extension dropped in comparison to the initial session.

Fixes #9754

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)

4 years agouse safe primes in ssl_get_auto_dh()
Hubert Kario [Fri, 5 Jun 2020 18:21:55 +0000 (20:21 +0200)]
use safe primes in ssl_get_auto_dh()

DH_get_1024_160() and DH_get_2048_224() return parameters from
RFC5114. Those parameters include primes with known small subgroups,
making them unsafe. Change the code to use parameters from
RFC 2409 and RFC 3526 instead (group 2 and 14 respectively).

This patch also adds automatic selection of 4096 bit params for 4096 bit
RSA keys

Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12061)

4 years agoAPPS: Fix 'openssl dhparam'
Richard Levitte [Fri, 5 Jun 2020 21:40:49 +0000 (23:40 +0200)]
APPS: Fix 'openssl dhparam'

'dhparam' can't be completely rewritten in terms of EVP_PKEY functions
yet, because we lack X9.42 support.  However, we do when generating,
but forgot to extract a DH pointer with EVP_PKEY_get0_DH().

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)

4 years agoAPPS: Fix 'openssl dsaparam -genkey'
Richard Levitte [Thu, 4 Jun 2020 20:34:09 +0000 (22:34 +0200)]
APPS: Fix 'openssl dsaparam -genkey'

Using a parameter EVP_PKEY for key generation with EVP_PKEY routines
works a little differently than the raw DSA routines that were used
before.

While fixing that, clean away all remaining use of the DSA type, which
simplifies the code a bit more.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)

4 years agoEVP: Let EVP_PKEY_gen() initialize ctx->keygen_info
Richard Levitte [Thu, 4 Jun 2020 18:05:26 +0000 (20:05 +0200)]
EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info

In EVP_PKEY_METHOD code, the backend initializes ctx->keygen_info.
With provider side code, it's not possible to reach back into the
EVP_PKEY_CTX in the same manner, so we need to make that
initialization in the central generation function, EVP_PKEY_gen().

This isn't quite compatible with the idea that keygen_info could have
an arbitrary amount of elements, but since all our legacy backends use
exactly two elements, that's what we go for.

Fixes #12047

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)

4 years agoTLSv1.3: additional checks in SSL_set_record_padding_callback
Vadim Fedorenko [Mon, 4 May 2020 10:46:04 +0000 (13:46 +0300)]
TLSv1.3: additional checks in SSL_set_record_padding_callback

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

4 years agotest: TLS1.3 and new ciphers for kTLS
Vadim Fedorenko [Sat, 25 Jan 2020 18:49:41 +0000 (21:49 +0300)]
test: TLS1.3 and new ciphers for kTLS

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

4 years agoTLSv13: add kTLS support
Vadim Fedorenko [Sat, 25 Jan 2020 18:49:08 +0000 (21:49 +0300)]
TLSv13: add kTLS support

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

4 years agokTLS: add support for AES_CCM128 and AES_GCM256
Vadim Fedorenko [Fri, 24 Jan 2020 13:57:56 +0000 (16:57 +0300)]
kTLS: add support for AES_CCM128 and AES_GCM256

The support of new algos is added by converting code to use
helper functions found in ktls.h.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

4 years agokTLS: add Linux-specific kTLS helpers
Vadim Fedorenko [Fri, 1 May 2020 20:56:48 +0000 (23:56 +0300)]
kTLS: add Linux-specific kTLS helpers

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

4 years agokTLS: add new algo definitions
Vadim Fedorenko [Fri, 24 Jan 2020 13:08:02 +0000 (16:08 +0300)]
kTLS: add new algo definitions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

4 years agokTLS: make ktls_start type independed
Vadim Fedorenko [Fri, 24 Jan 2020 13:11:02 +0000 (16:11 +0300)]
kTLS: make ktls_start type independed

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

4 years agofix doc typo in bn_dh.c
Hubert Kario [Sat, 6 Jun 2020 20:23:17 +0000 (22:23 +0200)]
fix doc typo in bn_dh.c

while RFC 2312 refers to S/MIME it doesn't actually declare any groups,
RFC 2412 actually talks about DH extensively and the group
defined in the code below is defined on page 47 of it

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12076)

4 years agoFix 90-test_store.t for latest config, limits, providers, and disabled algos
Dr. David von Oheimb [Tue, 5 May 2020 12:04:30 +0000 (14:04 +0200)]
Fix 90-test_store.t for latest config, limits, providers, and disabled algos

Also make sure that the test do not 'pass' if their initialization fails.
Leave out the expensive parts of DSA key gen and RSA keygen for efficiency.
Fix use of the new CA configuration file test/ca-and-certs.cnf.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)

4 years agoFix documentation of OSSL_STORE
Dr. David von Oheimb [Wed, 6 May 2020 11:08:45 +0000 (13:08 +0200)]
Fix documentation of OSSL_STORE

Among others, make clear that OSSL_STORE_close() meanwhile does nothing on NULL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)

4 years agoFix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12()
Dr. David von Oheimb [Tue, 5 May 2020 09:31:05 +0000 (11:31 +0200)]
Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)

4 years agoAdd chain to PKCS#12 test file generation in 90-test_store.t
Dr. David von Oheimb [Tue, 5 May 2020 12:18:46 +0000 (14:18 +0200)]
Add chain to PKCS#12 test file generation in 90-test_store.t

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)

4 years agoFix code layout in crypto/store/loader_file.c satisfying check-format.pl -l
Dr. David von Oheimb [Tue, 5 May 2020 09:24:49 +0000 (11:24 +0200)]
Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)

4 years agoTEST: Adjust test/bioprinttest.c to behave like the testutil routines
Richard Levitte [Fri, 5 Jun 2020 15:05:07 +0000 (17:05 +0200)]
TEST: Adjust test/bioprinttest.c to behave like the testutil routines

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12057)

4 years agoTESTUTIL: Adjust the rest of testutil
Richard Levitte [Fri, 5 Jun 2020 15:04:33 +0000 (17:04 +0200)]
TESTUTIL: Adjust the rest of testutil

Fixes #12054

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12057)

4 years agoTESTUTIL: Separate TAP output and other output by BIO filter
Richard Levitte [Fri, 5 Jun 2020 14:55:42 +0000 (16:55 +0200)]
TESTUTIL: Separate TAP output and other output by BIO filter

Output that's supposed to be understood by a TAP parser gets its own
BIOs (|tap_out| and |tap_err|), and is only used internally within
testutils.  |bio_out| and |bio_err| is now only used for output that
shouldn't be parsed by the TAP parser, and all output written to those
BIOs are therefore always made to look like comments (it gets prefixed
with "# ").

Indentation and prefixing with "# " is reworked to use BIO_f_prefix(),
which allows us to throw away the internal BIO_f_tap().

The indentation level is now adjusted via a special function.

Fixes #12054

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12057)

4 years agoConsolidate doc of BIO_do_connect() and its alias BIO_do_handshake()
Dr. David von Oheimb [Tue, 2 Jun 2020 11:02:42 +0000 (13:02 +0200)]
Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake()

Also documents that they meanwhile try all IP addresses resolved for a given domain name

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12017)

4 years agoAPPS: Remove unnecessary NULL check of uri in load_cert_pass()
Richard Levitte [Fri, 22 May 2020 17:09:45 +0000 (19:09 +0200)]
APPS: Remove unnecessary NULL check of uri in load_cert_pass()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11873)

4 years agoAPPS: Make it possible to load_cert() from stdin again
Richard Levitte [Tue, 19 May 2020 13:56:18 +0000 (15:56 +0200)]
APPS: Make it possible to load_cert() from stdin again

Fixes #11871

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11873)

4 years agoFix a typo in SSL_CTX_set_session_ticket_cb.pod
Benjamin Kaduk [Thu, 28 May 2020 21:34:10 +0000 (14:34 -0700)]
Fix a typo in SSL_CTX_set_session_ticket_cb.pod

"SSL" takes two esses, not three.

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12038)

4 years agoDon't downgrade keys in libssl
Matt Caswell [Tue, 2 Jun 2020 07:57:26 +0000 (08:57 +0100)]
Don't downgrade keys in libssl

We were downgrading to legacy keys at various points in libssl in
order to get or set an encoded point. Now that the encoded point
functions work with provided keys this is no longer necessary.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)

4 years agoWhen asked if an ECX key has parameters we should answer "true"
Matt Caswell [Thu, 21 May 2020 10:36:21 +0000 (11:36 +0100)]
When asked if an ECX key has parameters we should answer "true"

An ECX key doesn't have any parameters associated with it. Therefore it
always has all the parameters it needs, and the "has" function should
return 1 if asked about parameters. Without this
EVP_PKEY_missing_parameters() fails for ECX keys.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)

4 years agoAlways create a key when importing
Matt Caswell [Thu, 21 May 2020 10:33:53 +0000 (11:33 +0100)]
Always create a key when importing

Even if there is no data to import we should still create an empty key.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)

4 years agoMake EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys
Matt Caswell [Wed, 20 May 2020 15:20:27 +0000 (16:20 +0100)]
Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys

EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present
which isn't the case for provided keys. Support has been added to dh,
ec and ecx keys.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)

4 years agoFix error path in int create_ssl_ctx_pair()
Matt Caswell [Wed, 13 May 2020 13:45:36 +0000 (14:45 +0100)]
Fix error path in int create_ssl_ctx_pair()

If we hit the error path and create_ssl_ctx_pair has been passed a
pre-created SSL_CTX then we could end up with a double free.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoImplement a test for sigalgs not being present
Matt Caswell [Fri, 8 May 2020 15:43:14 +0000 (16:43 +0100)]
Implement a test for sigalgs not being present

If sigalgs are not present we should not offer or accept them. We should
test that we handle this correctly.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoImplement a Filtering Provider
Matt Caswell [Mon, 4 May 2020 15:26:07 +0000 (16:26 +0100)]
Implement a Filtering Provider

The filtering provider can be used to place a filter in front of the
default provider. Initially to filter out certain algorithms from being
available for test purposes.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoImplement OSSL_PROVIDER_get0_provider_ctx()
Matt Caswell [Fri, 8 May 2020 15:44:02 +0000 (16:44 +0100)]
Implement OSSL_PROVIDER_get0_provider_ctx()

Implement a function which enables us to get hold of the provider ctx
for a loaded provider.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoEnable applications to directly call a provider's query operation
Matt Caswell [Mon, 4 May 2020 14:28:15 +0000 (15:28 +0100)]
Enable applications to directly call a provider's query operation

This is useful to get hold of the low-level dispatch tables. This could
be used to create a new provider based on an existing one.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoCheck that Signature Algorithms are available before using them
Matt Caswell [Fri, 1 May 2020 16:41:25 +0000 (17:41 +0100)]
Check that Signature Algorithms are available before using them

We should confirm that Signature Algorithms are actually available
through the loaded providers before we offer or select them.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoAPPS: Drop interactive mode in the 'openssl' program
Richard Levitte [Wed, 3 Jun 2020 08:49:50 +0000 (10:49 +0200)]
APPS: Drop interactive mode in the 'openssl' program

This mode is severely untested and unmaintained, is seems not to be
used very much.

Closes #4679
Closes #6292

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12023)

4 years agoAnnounce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md
Dr. David von Oheimb [Wed, 3 Jun 2020 12:13:01 +0000 (14:13 +0200)]
Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md

This is a follow-up of PR #12013.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12026)

4 years agofips: add additional algorithms to the FIPS provider.
Pauli [Wed, 3 Jun 2020 00:55:49 +0000 (10:55 +1000)]
fips: add additional algorithms to the FIPS provider.

Discussions are ongoing but the OMC has approved the in-principle addition
of these algorithms to the upcoming FIPS validation.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12020)

4 years agoMinor doc fix for EVP_PKEY_CTX_new_from_pkey
Jaimee Brown [Wed, 3 Jun 2020 04:28:06 +0000 (14:28 +1000)]
Minor doc fix for EVP_PKEY_CTX_new_from_pkey

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12021)

4 years agoAdd github sponsor button
Kurt Roeckx [Wed, 3 Jun 2020 20:01:31 +0000 (22:01 +0200)]
Add github sponsor button

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #12035

4 years ago[crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation
Nicola Tuveri [Tue, 2 Jun 2020 18:06:48 +0000 (21:06 +0300)]
[crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation

`crypto/ec/ecp_nistz256.c` contained code sections guarded by a
`ECP_NISTZ256_AVX2` define.

The relevant comment read:

> /*
>  * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great
>  * code processing 4 points in parallel, corresponding serial operation
>  * is several times slower, because it uses 29x29=58-bit multiplication
>  * as opposite to 64x64=128-bit in integer-only scalar case. As result
>  * it doesn't provide *significant* performance improvement. Note that
>  * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work,
>  * you'd need to compile even asm/ecp_nistz256-avx.pl module.
>  */

Without diminishing the quality of the original submission, it's evident
that this code has been basically unreachable without modifications to
the library source code and is under-tested.

This commit removes these sections from the codebase.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12019)

4 years agoAdd cipher list ciphersuites which using encryption algorithm in mode CBC.
Otto Hollmann [Thu, 28 May 2020 11:39:33 +0000 (13:39 +0200)]
Add cipher list ciphersuites which using encryption algorithm in mode CBC.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11984)

4 years agoCORE: make sure activated fallback providers stay activated
Richard Levitte [Sat, 23 May 2020 14:39:18 +0000 (16:39 +0200)]
CORE: make sure activated fallback providers stay activated

Calling 'OSSL_PROVIDER_available(NULL, "default")' would search for
the "default" provider, and in doing so, activate it if necessary,
thereby detecting that it's available...  and then immediately free
it, which could deactivate that provider, even though it should stay
available.

We solve this by incrementing the refcount for activated fallbacks one
extra time, thereby simulating an explicit OSSL_PROVIDER_load(), and
compensate for it with an extra ossl_provider_free() when emptying the
provider store.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)

4 years agoTEST: Add provider_fallback_test, to test aspects of fallback providers
Richard Levitte [Sat, 23 May 2020 14:34:07 +0000 (16:34 +0200)]
TEST: Add provider_fallback_test, to test aspects of fallback providers

There are cases where the fallback providers aren't treated right.
For example, the following calls, in that order, will end up with
a failed EVP_KEYMGMT_fetch(), even thought the default provider
does supply an implementation of the "RSA" keytype.

    EVP_KEYMGMT *rsameth = NULL;

    OSSL_PROVIDER_available(NULL, "default");
    rsameth = EVP_KEYMGMT_fetch(NULL, "RSA", NULL);

For good measure, this also tests that explicit loading of the default
provider won't fail.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)

4 years agoFix missed fields in EVP_PKEY_meth_copy.
Aaron Thompson [Sat, 11 Apr 2020 00:56:15 +0000 (00:56 +0000)]
Fix missed fields in EVP_PKEY_meth_copy.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11514)

4 years agoPrepare for 3.0 alpha 4
Matt Caswell [Thu, 4 Jun 2020 13:58:20 +0000 (14:58 +0100)]
Prepare for 3.0 alpha 4

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
4 years agoPrepare for release of 3.0 alpha 3 openssl-3.0.0-alpha3
Matt Caswell [Thu, 4 Jun 2020 13:56:40 +0000 (14:56 +0100)]
Prepare for release of 3.0 alpha 3

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
4 years agoUpdate copyright year
Matt Caswell [Thu, 4 Jun 2020 13:33:57 +0000 (14:33 +0100)]
Update copyright year

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)

4 years agoossl_shim: const cast the param arguments to avoid errors
Pauli [Wed, 3 Jun 2020 08:42:36 +0000 (18:42 +1000)]
ossl_shim: const cast the param arguments to avoid errors

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12022)

4 years agoFix a buffer overflow in drbg_ctr_generate
Bernd Edlinger [Tue, 2 Jun 2020 09:52:24 +0000 (11:52 +0200)]
Fix a buffer overflow in drbg_ctr_generate

This can happen if the 32-bit counter overflows
and the last block is not a multiple of 16 bytes.

Fixes #12012

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12016)

4 years agoUpdate manpage to fix examples, other minor tweaks
Rich Salz [Mon, 27 Apr 2020 16:57:01 +0000 (12:57 -0400)]
Update manpage to fix examples, other minor tweaks

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)

4 years agoCleanup cert config files for tests
Rich Salz [Wed, 4 Mar 2020 19:08:31 +0000 (14:08 -0500)]
Cleanup cert config files for tests

Merge test/P[12]ss.cnf into one config file
Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf
Remove Netscape cert extensions, add keyUsage comment from some cnf files

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)

4 years agoossl_shim: include core_names.h to resolve undeclared symbols
Pauli [Tue, 2 Jun 2020 13:10:06 +0000 (23:10 +1000)]
ossl_shim: include core_names.h to resolve undeclared symbols

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12018)

4 years agoTEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()
Richard Levitte [Mon, 18 May 2020 06:35:29 +0000 (08:35 +0200)]
TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11855)

4 years agoPEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs
Richard Levitte [Mon, 18 May 2020 06:32:28 +0000 (08:32 +0200)]
PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs

PEM_write_bio_PKCS8PrivateKey(), i2d_PKCS8PrivateKey_bio(),
PEM_write_PKCS8PrivateKey(), and i2d_PKCS8PrivateKey_fp() are affected
by this.

Fixes #11845

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11855)

4 years agofix a docs typo
Jack O'Connor [Thu, 28 May 2020 16:42:15 +0000 (12:42 -0400)]
fix a docs typo

Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist.

CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11988)

4 years agoPrevent extended tests run unexpectedly in appveyor
Bernd Edlinger [Thu, 28 May 2020 09:20:50 +0000 (11:20 +0200)]
Prevent extended tests run unexpectedly in appveyor

Reason turns out that "git log -2" is picking up a merge
commit and a random commit message from the master branch.

Restore the expected behavior by using
git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11981)

4 years agoMove EC_METHOD to internal-only
Billy Brumley [Wed, 27 May 2020 10:30:04 +0000 (13:30 +0300)]
Move EC_METHOD to internal-only

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11928)

4 years agoAPPS: Remove make_config_name, use CONF_get1_default_config_file instead
Richard Levitte [Thu, 28 May 2020 11:53:48 +0000 (13:53 +0200)]
APPS: Remove make_config_name, use CONF_get1_default_config_file instead

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11983)

4 years agoRemove getenv(OPENSSL_FIPS) in openssl command
Bernd Edlinger [Sat, 30 May 2020 07:57:29 +0000 (09:57 +0200)]
Remove getenv(OPENSSL_FIPS) in openssl command

This is left over from the past.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11995)

4 years agoRevert the check for NaN in %f format
Bernd Edlinger [Sun, 31 May 2020 05:51:23 +0000 (07:51 +0200)]
Revert the check for NaN in %f format

Unfortunately -Ofast seems to break that check.

Fixes #11994

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12003)

4 years agoundeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations
Tim Hudson [Mon, 1 Jun 2020 09:52:23 +0000 (19:52 +1000)]
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations

The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)

4 years agoMake BIO_do_connect() and friends handle multiple IP addresses
Dr. David von Oheimb [Wed, 27 May 2020 10:16:53 +0000 (12:16 +0200)]
Make BIO_do_connect() and friends handle multiple IP addresses

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11971)

4 years agoadd FFDH to speed command
Hubert Kario [Sat, 18 Jan 2020 18:13:02 +0000 (19:13 +0100)]
add FFDH to speed command

the openssl speed command could not benchmark FFDH speed, but it could
benchmark ECDH, making comparisons between the two hard

this commit adds this feature

fixes #9475

Signed-off-by: Hubert Kario <hubert@kario.pl>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10887)

4 years agobio printf: Avoid using rounding errors in range check
Bernd Edlinger [Mon, 25 May 2020 18:13:47 +0000 (20:13 +0200)]
bio printf: Avoid using rounding errors in range check

There is a problem casting ULONG_MAX to double which clang-10 is warning about.
ULONG_MAX typically cannot be exactly represented as a double.  ULONG_MAX + 1
can be and this fix uses the latter, however since ULONG_MAX cannot be
represented exactly as a double number we subtract 65535 from this number,
and the result has at most 48 leading one bits, and can therefore be
represented as a double integer without rounding error.  By adding
65536.0 to this number we achive the correct result, which should avoid the
warning.

The addresses a symptom of the underlying problem: we print doubles via an
unsigned long integer.  Doubles have a far greater range and should be printed
better.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11955)

4 years agoDOCS: add openssl-core_names.h(7)
Richard Levitte [Tue, 26 May 2020 12:26:30 +0000 (14:26 +0200)]
DOCS: add openssl-core_names.h(7)

A CAVEATS section is present in this manual.  That section name is
borrowed from OpenBSD, where mdoc(7) explains it like this:

    CAVEATS
    Common misuses and misunderstandings should be explained in this
    section.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)

4 years agoDOCS: add openssl-core_numbers.h(7)
Richard Levitte [Tue, 26 May 2020 12:25:44 +0000 (14:25 +0200)]
DOCS: add openssl-core_numbers.h(7)

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)

4 years agoEVP_EncryptInit.pod: fix example
Patrick Steuer [Wed, 27 May 2020 14:32:43 +0000 (16:32 +0200)]
EVP_EncryptInit.pod: fix example

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11976)

4 years agoRSA: Do not set NULL OAEP labels
Benjamin Kaduk [Fri, 22 May 2020 18:13:24 +0000 (11:13 -0700)]
RSA: Do not set NULL OAEP labels

As of the previous commit, when a zero-length (string) parameter
is present in the parameters passed to a provider for a given operation,
we will produce an object corresponding to that zero-length parameter,
indicating to the underlying cryptographic operation that the parameter
was passed.  However, rsa_cms_decrypt() was relying on the previous
behavior, and unconditionally tried to call
EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label
was used (and thus the relevant local variable was still NULL).
In the new setup that distinguishes present-but-empty and absent
more clearly, it is an error to attempt to set a NULL parameter,
even if it is zero-length.

Exercise more caution when setting parameters, and do not call
EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a
label provided.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)

4 years agoparams: do not ignore zero-length strings
Benjamin Kaduk [Thu, 21 May 2020 21:10:50 +0000 (14:10 -0700)]
params: do not ignore zero-length strings

Prior to this commit, if a string (or octet string) parameter
was present but indicated it was zero-length, we would return success
but with a NULL output value.  This can be problematic in cases where
there is a protocol-level distinction between parameter-absent and
parameter-present-but-zero-length, which is uncommon but can happen.

Since OPENSSL_malloc() returns NULL for zero-length allocation requests,
make a dummy allocation for this case, to give a signal that the string
parameter does exist but has zero length.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)

4 years agotest HKDF with empty IKM
Benjamin Kaduk [Thu, 21 May 2020 19:53:59 +0000 (12:53 -0700)]
test HKDF with empty IKM

Add an extra EVP test that provides empty input key material.  It
currently fails, since we lose the information about "key present but
zero length" as we deserialize parameters in the provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)

4 years agoAdd a test for fetching EVP_PKEY style algs without a provider
Matt Caswell [Thu, 14 May 2020 10:33:01 +0000 (11:33 +0100)]
Add a test for fetching EVP_PKEY style algs without a provider

Following on from the previous commit, add a test to check that we fail
to create an EVP_PKEY_CTX if an algorithm is not available in any provider,
*unless* it is an algorithm that has no provider support.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)

4 years agoFail if we fail to fetch the EVP_KEYMGMT
Matt Caswell [Wed, 13 May 2020 16:17:35 +0000 (17:17 +0100)]
Fail if we fail to fetch the EVP_KEYMGMT

If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy.
This is because some algorithms (such as MACs and KDFs used via an old
style EVP_PKEY) have not been transferred to providers.

Unfortunately this means that you cannot stop some algorithms from being
used by not loading the provider.

For example if you wanted to prevent RSA from being used, you might expect
to just not load any providers that make it available. Unfortunately that
doesn't work because we simply fall back to legacy if we fail to fetch
the EVP_KEYMGMT.

Instead we should fail *unless* the key type is one of those legacy key
types that we have not transferred.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)

4 years agoUpdate gost-engine commit to match the API changes
Dmitry Belyavskiy [Wed, 27 May 2020 10:03:04 +0000 (13:03 +0300)]
Update gost-engine commit to match the API changes

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11970)

4 years agoutil/mkpod2html.pl: Fix unbalanced quotes
Richard Levitte [Wed, 27 May 2020 08:09:04 +0000 (10:09 +0200)]
util/mkpod2html.pl: Fix unbalanced quotes

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11969)

4 years agoFix errtest for older compilers
Shane Lontis [Wed, 27 May 2020 02:10:52 +0000 (12:10 +1000)]
Fix errtest for older compilers

Some older compilers use "unknown function" if they dont support __func, so the
test using ERR_PUT_error needed to compensate for this when comparing against the
expected value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11967)