Commit Graph

27474 Commits

Author SHA1 Message Date
Matt Caswell
091f6074c5 Convert TLS auto DH parameters to use EVP_PKEY
Previously a DH object was constructed and then assigned to an EVP_PKEY.
Instead we now construct the EVP_PKEY directly instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
2020-11-18 14:14:22 +00:00
Richard Levitte
2b93900e28 DOC: Rewrite the section on reporting errors in doc/man3/ERR_put_error.pod
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13320)
2020-11-18 11:40:52 +01:00
Richard Levitte
e19c5a1064 CONF: Convert one last CONFerr() to ERR_raise()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13320)
2020-11-18 11:40:52 +01:00
Richard Levitte
01fe51578e Simplify util/err-to-raise
There's no need to enumerate the possible {NAME}err, as they have a
consistent pattern.  Also, this script should not be used on the
engines, as they have already converted appropriately.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13320)
2020-11-18 11:40:52 +01:00
Richard Levitte
b06e70b868 Really deprecate the old NAMEerr() macros
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13320)
2020-11-18 11:40:52 +01:00
Richard Levitte
bf57cab74b util/find-doc-nits: check podchecker() return value
From the Pod::Checker manual:

> RETURN VALUE
>        podchecker returns the number of POD syntax errors found or
>        -1 if there were no POD commands at all found in the file.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13416)
2020-11-17 23:12:02 +01:00
Richard Levitte
c7d32b6ba5 util/mkrc.pl: Make sure FILEVERSION and PRODUCTVERSION have four numbers
Partially fixes #13414

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13415)
2020-11-17 13:18:16 +01:00
David Carlier
ef2a44eb31 NetBSD build fix.
getentropy shows up wrongly as weak symbol whereas there is no support.

However NetBSD 10.0 will support getrandom.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13408)
2020-11-17 13:16:49 +01:00
Richard Levitte
ccbf3f90c4 DOC: Fixup the description of the -x509_strict option
POD commands must always be surrounded by blank lines

POD transformers read everything in paragraph mode.  The following
lines become *one* command, where the second line becomes part of the
text of the first, including the command itself.  In other words,
this:

    =item something
    =item something else

Translates to this in a man-page:

    something =item something else

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13412)
2020-11-16 10:03:04 +01:00
Shane Lontis
4605c5ab47 Fix dsa securitycheck for fips.
Fixes #12627

Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error when using config opt 'no-fips-securitychecks'
Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13387)
2020-11-16 17:21:57 +10:00
Shane Lontis
e557d46333 Add documentation for EVP_PKEY2PKCS8/EVP_PKCS82PKEY
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13388)
2020-11-16 17:16:18 +10:00
Shane Lontis
317b7c57e4 Fixup EVP-MAC-KMAC documentation
Fixes #13232

Added example that shows setup of XOF.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13385)
2020-11-16 16:56:11 +10:00
Daniel Bevenius
fce56f5b69 REF_PRINT: cast pointer to void to avoid warnings
Currently, when configuring OpenSSL and specifying the --strict-warnings
option there are failures like the following one:

crypto/bio/bio_lib.c: In function 'BIO_up_ref':
include/internal/refcount.h:169:25: error: format '%p' expects argument
of type 'void *', but argument 3 has type 'BIO *'
{aka 'struct bio_st *'} [-Werror=format=]
  169 |         fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
      |                         ^~~~~~~~~~~~~
crypto/bio/bio_lib.c:185:5:
note: in expansion of macro'REF_PRINT_COUNT'
  185 |     REF_PRINT_COUNT("BIO", a);
      |     ^~~~~~~~~~~~~~~
include/internal/refcount.h:169:27: note: format string is defined here
  169 |         fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
      |                          ~^
      |                           |
      |                           void *
cc1: all warnings being treated as errors

This commit adds casts to avoid the warnings.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13389)
2020-11-16 09:35:11 +10:00
Pauli
3084b9d316 Document the provider KDF API.
Fixes #11351

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13376)
2020-11-16 08:07:42 +10:00
Richard Levitte
e76a696273 test/endecoder_legacy_test.c: new test for legacy comparison
It checks that all of these functions have a corresponding
OSSL_ENCODER implementation, and that the output is the same:

- i2d_{TYPE}PrivateKey
- i2d_{TYPE}PublicKey
- i2d_{TYPE}params
- i2d_{TYPE}_PUBKEY
- PEM_write_bio_{TYPE}PrivateKey
- PEM_write_bio_{TYPE}PublicKey
- PEM_write_bio_{TYPE}Parameters
- PEM_write_bio_{TYPE}_PUBKEY

It also checks that all of these functions have a corresponding
OSSL_DECODER implementation, and that the decoding result matches:

- d2i_{TYPE}PrivateKey()
- d2i_{TYPE}PublicKey(),
- d2i_{TYPE}params(),
- d2i_{TYPE}_PUBKEY(),
- PEM_read_bio_{TYPE}PrivateKey()
- PEM_read_bio_{TYPE}PublicKey()
- PEM_read_bio_{TYPE}params()
- PEM_read_bio_{TYPE}_PUBKEY()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13262)
2020-11-15 19:37:26 +01:00
Richard Levitte
efb4667f72 Fix SUPPORT.md for better readability
Most of the text was duplicated, and the second copy had better
section titles that made the intent more prominent.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13398)
2020-11-14 16:42:41 +01:00
Richard Levitte
322d56cd64 Fix a few github file references
https://github.com/openssl/openssl/blob/master/.github/SUPPORT.md ->
https://github.com/openssl/openssl/blob/master/SUPPORT.md

Fixes #13396

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13397)
2020-11-14 12:01:28 +01:00
Rich Salz
a18cf8fc63 Remove -C option from x509 command
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13384)
2020-11-13 14:45:22 +01:00
Rich Salz
1696b8909b Remove -C from dhparam,dsaparam,ecparam
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13384)
2020-11-13 14:45:22 +01:00
Richard Levitte
256d41d437 BIO: Undefine UNICODE in b_addr.c to get POSIX declaration of gai_strerror()
When UNICODE is defined, Windows headers push for WCHAR implementations,
which aren't compatible with POSIX declarations.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:31 +01:00
Richard Levitte
105d01f1eb crypto/provider_core.c: fix a couple of faulty ERR_raise_data() calls
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:31 +01:00
Richard Levitte
a150f8e1fc CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()
This is not done absolutely everywhere, as there are places where
the use of ERR_add_error_data() is quite complex, but at least the
simple cases are done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:31 +01:00
Richard Levitte
9311d0c471 Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:02 +01:00
Richard Levitte
31a6b52f6d EVP: Adapt EVP_PKEY2PKCS8() to better handle provider-native keys
It doesn't downgread the keys to legacy any more.  Instead, it uses
OSSL_ENCODER to encode the key to DER, and d2i_PKCS8_PRIV_KEY_INFO()
to make a PKCS8_PRIV_KEY_INFO structure from that.

Fixes #12990

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12995)
2020-11-13 09:20:12 +01:00
David Carlier
0bb450fe2f DragonFlyBSD build fix and update.
getentropy call is not supported however getrandom since the 5.7.x branch is.
current LTS stable is 5.8.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13375)
2020-11-13 10:49:11 +10:00
Shane Lontis
a04400fc74 Remove unused helper functions EVP_str2ctrl() & EVP_hex2ctrl().
These were added when the EVP_MAC work was being done.
I dont think these lightweight wrappers are required, and it seems better to remove them,
rather than adding documentation.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13372)
2020-11-13 10:32:48 +10:00
Nicola Tuveri
a7da4d488d [test/recipes] Split test_fuzz into separate recipes
When using `HARNESS_JOBS` to run the tests in parallel, no matter the
level of parallelism that can be used, the monolithic `test_fuzz` takes
a long time to run, conditioning the duration of the whole build.

This commit splits the single `test_fuzz` recipe into separate recipes
for each fuzzer.
The previous mechanism to select individual fuzz tests using the
`FUZZ_TESTS` environment variable is also dropped (and documentation
updated).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13307)
2020-11-12 16:27:17 +02:00
XiaokangQian
9ce8e0d17e Optimize AES-XTS mode in OpenSSL for aarch64
Aes-xts mode can be optimized by interleaving cipher operation on
several blocks and loop unrolling. Interleaving needs one ideal
unrolling factor, here we adopt the same factor with aes-cbc,
which is described as below:
	If blocks number > 5, select 5 blocks as one iteration,every
	loop, decrease the blocks number by 5.
	If left blocks < 5, treat them as tail blocks.
Detailed implementation has a little adjustment for squeezing
code space.
With this way, for small size such as 16 bytes, the performance is
similar as before, but for big size such as 16k bytes, the performance
improves a lot, even reaches to 2x uplift, for some arches such as A57,
the improvement even reaches more than 2x uplift. We collect many
performance datas on different micro-archs such as thunderx2,
ampere-emag, a72, a75, a57, a53 and N1, all of which reach 0.5-2x uplift.
The following table lists the encryption performance data on aarch64,
take a72, a75, a57, a53 and N1 as examples. Performance value takes the
unit of cycles per byte, takes the format as comparision of values.
List them as below:

A72:
                            Before optimization     After optimization  Improve
evp-aes-128-xts@16          8.899913518             5.949087263         49.60%
evp-aes-128-xts@64          4.525512668             3.389141845         33.53%
evp-aes-128-xts@256         3.502906908             1.633573479         114.43%
evp-aes-128-xts@1024        3.174210419             1.155952639         174.60%
evp-aes-128-xts@8192        3.053019303             1.028134888         196.95%
evp-aes-128-xts@16384       3.025292462             1.02021169          196.54%
evp-aes-256-xts@16          9.971105023             6.754233758         47.63%
evp-aes-256-xts@64          4.931479093             3.786527393         30.24%
evp-aes-256-xts@256         3.746788153             1.943975947         92.74%
evp-aes-256-xts@1024        3.401743802             1.477394648         130.25%
evp-aes-256-xts@8192        3.278769327             1.32950421          146.62%
evp-aes-256-xts@16384       3.27093296              1.325276257         146.81%

A75:
                            Before optimization     After optimization  Improve
evp-aes-128-xts@16          8.397965173             5.126839098         63.80%
evp-aes-128-xts@64          4.176860631             2.59817764          60.76%
evp-aes-128-xts@256         3.069126585             1.284561028         138.92%
evp-aes-128-xts@1024        2.805962699             0.932754655         200.83%
evp-aes-128-xts@8192        2.725820131             0.829820397         228.48%
evp-aes-128-xts@16384       2.71521905              0.823251591         229.82%
evp-aes-256-xts@16          11.24790935             7.383914448         52.33%
evp-aes-256-xts@64          5.294128847             3.048641998         73.66%
evp-aes-256-xts@256         3.861649617             1.570359905         145.91%
evp-aes-256-xts@1024        3.537646797             1.200493533         194.68%
evp-aes-256-xts@8192        3.435353012             1.085345319         216.52%
evp-aes-256-xts@16384       3.437952563             1.097963822         213.12%

A57:
                            Before optimization     After optimization  Improve
evp-aes-128-xts@16          10.57455446             7.165438012         47.58%
evp-aes-128-xts@64          5.418185447             3.721241202         45.60%
evp-aes-128-xts@256         3.855184592             1.747145379         120.66%
evp-aes-128-xts@1024        3.477199757             1.253049735         177.50%
evp-aes-128-xts@8192        3.36768104              1.091943159         208.41%
evp-aes-128-xts@16384       3.360373443             1.088942789         208.59%
evp-aes-256-xts@16          12.54559459             8.745489036         43.45%
evp-aes-256-xts@64          6.542808937             4.326387568         51.23%
evp-aes-256-xts@256         4.62668822              2.119908754         118.25%
evp-aes-256-xts@1024        4.161716505             1.557335554         167.23%
evp-aes-256-xts@8192        4.032462227             1.377749511         192.68%
evp-aes-256-xts@16384       4.023293877             1.371558933         193.34%

A53:
                            Before optimization     After optimization  Improve
evp-aes-128-xts@16          18.07842135             13.96980808         29.40%
evp-aes-128-xts@64          7.933818397             6.07159276          30.70%
evp-aes-128-xts@256         5.264604704             2.611155744         101.60%
evp-aes-128-xts@1024        4.606660117             1.722713454         167.40%
evp-aes-128-xts@8192        4.405160115             1.454379201         202.90%
evp-aes-128-xts@16384       4.401592028             1.442279392         205.20%
evp-aes-256-xts@16          20.07084054             16.00803726         25.40%
evp-aes-256-xts@64          9.192647294             6.883876732         33.50%
evp-aes-256-xts@256         6.336143161             3.108140452         103.90%
evp-aes-256-xts@1024        5.62502952              2.097960651         168.10%
evp-aes-256-xts@8192        5.412085608             1.807294191         199.50%
evp-aes-256-xts@16384       5.403062591             1.790135764         201.80%

N1:
                            Before optimization     After optimization  Improve
evp-aes-128-xts@16          6.48147613              4.209415473         53.98%
evp-aes-128-xts@64          2.847744115             1.950757468         45.98%
evp-aes-128-xts@256         2.085711968             1.061903238         96.41%
evp-aes-128-xts@1024        1.842014669             0.798486302         130.69%
evp-aes-128-xts@8192        1.760449052             0.713853939         146.61%
evp-aes-128-xts@16384       1.760763546             0.707702009         148.80%
evp-aes-256-xts@16          7.264142817             5.265970454         37.94%
evp-aes-256-xts@64          3.251356212             2.41176323          34.81%
evp-aes-256-xts@256         2.380488469             1.342095742         77.37%
evp-aes-256-xts@1024        2.08853022              1.041718215         100.49%
evp-aes-256-xts@8192        2.027432668             0.944571334         114.64%
evp-aes-256-xts@16384       2.00740782              0.941991415         113.10%

Add more XTS test cases to cover the cipher stealing mode and cases of different
number of blocks.

CustomizedGitHooks: yes
Change-Id: I93ee31b2575e1413764e27b599af62994deb4c96

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11399)
2020-11-12 11:09:22 +01:00
Pauli
c87a7f31a3 apps/passwd: remove the -crypt option.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13313)
2020-11-12 08:35:47 +10:00
Pauli
93c87f745d rsa_test: add return value check
Fixes #13361

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13362)
2020-11-12 08:21:47 +10:00
Tomas Mraz
d8701e2523 Do not prepend $OPENSSL_CONF_INCLUDE to absolute include paths
Also check for malloc failure and do not add '/' when
$OPENSSL_CONF_INCLUDE already ends with directory separator.

Fixes #13302

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13306)
2020-11-11 16:06:30 +01:00
Tomas Mraz
368d9e030f Add ossl_is_absolute_path function to detect absolute paths
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13306)
2020-11-11 16:06:30 +01:00
Tomas Mraz
69d16b70cf Avoid duplicate ends_with_dirsep functions
Refactor them into inline ossl_ends_with_dirsep function in
internal/cryptlib.h.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13306)
2020-11-11 16:05:56 +01:00
Richard Levitte
122e81f070 test/recipes/30-test_evp_libctx.t: use fips-and-base.cnf
The FIPS provider module doesn't have any encoders, the base provider
is needed for that.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
f49d486075 test/evp_libctx_test.c: use OSSL_ENCODER instead of i2d_PublicKey()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
973a52ce01 test/endecode_test.c: Update to specify output structures
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
4227e504c8 Adapt libcrypto functionality to specify the desired output structure
This also modifies i2d_PublicKey() and i2d_KeyParams() to support
provided keys.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
c319b6276b PROV: Re-implement all the keypair encoders
The base functionality to implement the keypair encoders doesn't
change much, but this results in a more massive amount of
OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained
selection of implementation based on what parts of the keypair
structure (combinations of key parameters, public key and private key)
should be output, the output type ("TEXT", "DER" or "PEM") and the
outermost output structure ("pkcs8", "SubjectPublicKeyInfo", key
type specific structures, ...).

We add support for the generic structure name "type-specific", to
allow selecting that without knowing the exact name of that structure.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
0b9f90f504 ENCODER: Add tracing
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
b9a2afdfe6 ENCODER: Add output structure support for EVP_PKEY encoding
OSSL_ENCODER_CTX_new_by_EVP_PKEY() takes one more argument to express
the desired outermost structure for the output.

This also adds OSSL_ENCODER_CTX_prune_encoders(), which is used to
reduce the stack of encoders found according to criteria formed from
the combination of desired selection, output type and output
structure.

squash! ENCODER: Add output structure support for EVP_PKEY encoding

Replace the paragraph talking about OSSL_ENCODER_CTX_prune_encoders() with:

The encoding processor encoder_process() is enhanced with better
analysis of the stack of encoder implementations.  To avoid having to
keep an on the side array of information, it uses recursion.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
cd861ab73d ENCODER: Add support for OSSL_FUNC_encoder_does_selection()
OSSL_FUNC_encoder_does_selection() is a dispatchable encoder implementation
function that should return 1 if the given |selection| is supported by an
encoder implementation and 0 if not.  This can be used by libcrypto
functionality to figure out if an encoder implementation should be
considered or not.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
8a98a507fb ENCODER: Add support for specifying the outermost output structure
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
45da4a0fc5 CORE: Add support for specifying the outermost object structure
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte
6debc6ab74 Convert all {NAME}err() in providers/ to their corresponding ERR_raise() call
This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13319)
2020-11-11 12:15:48 +01:00
Richard Levitte
c48ffbcca1 SSL: refactor all SSLfatal() calls
Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere.  Also, we convert all combinations of SSLfatal()
and ERR_add_data() to an SSLfatal_data() call.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
2020-11-11 12:12:23 +01:00
Richard Levitte
e92519b5a6 SSL: refactor ossl_statem_fatal() and SSLfatal()
ossl_statem_fatal() is refactored to be an extended ERR_set_error(),
and SSLfatal() is refactored to work like ERR_raise().  We also add
SSLfatal_data() to work like ERR_raise_data().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
2020-11-11 12:12:23 +01:00
Richard Levitte
6849b73ccc Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call
This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
2020-11-11 12:12:11 +01:00
Richard Levitte
9787b5b81f OSSL_STORE: Make sure the called OSSL_DECODER knows what to expect
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)
2020-11-11 11:42:06 +01:00
Richard Levitte
8d8fee6400 PEM: Have pem_read_bio_key() set the OSSL_STORE expected type
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)
2020-11-11 11:42:06 +01:00
Richard Levitte
35426b2f9c Restore the legacy implementation of PEM_read_bio_DHparams()
It was an overstep to have it got through OSSL_STORE just to extract a
DH pointer from the resulting EVP_PKEY.

This partially reverts 1427d33cee

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)
2020-11-11 11:42:06 +01:00