Commit Graph

32222 Commits

Author SHA1 Message Date
Xu Yizhou
2788b56f0c providers: Add SM4 XTS implementation
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)
2022-11-29 16:17:30 +01:00
Xu Yizhou
de8f6a3e29 obj: Add SM4 XTS OID
Add the following OID:

SM4-XTS: 1.2.156.10197.1.104.10

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)
2022-11-29 16:17:30 +01:00
Nicola Tuveri
9fba7d261a Update pyca-cryptography submodule to 38.0.4
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19681)

(cherry picked from commit d656efb9eb)
2022-11-29 16:03:12 +01:00
Nicola Tuveri
a16e86683e Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.

Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).

Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.

This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.

For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.

Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
3.1 change in behavior for our providers.

Fixes #16595

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19681)

(cherry picked from commit 926db476bc)
2022-11-29 16:03:04 +01:00
slontis
450f96e965 Fix Coverity issues in HPKE
CID 1517043 and 1517038: (Forward NULL) - Removed redundant check that is already
done by the caller. It was complaining that it checked for ctlen == NULL
and then did a goto that used this *ctlen.

CID 1517042 and 1517041: (Forward NULL) - Similar to above for ptlen in
hpke_aead_dec()

CID 1517040: Remove unneeded logging. This gets rid of the warning
related to taking the sizeof(&)

CID 1517039: Check returned value of  RAND_bytes_ex() in hpke_test

CID 1517038: Check return result of KEM_INFO_find() in
OSSL_HPKE_get_recomended_ikmelen. Even though this is a false positive,
it should not rely on the internals of other function calls.

Changed some goto's into returns to match OpenSSL coding guidelines.
Removed Raises from calls to _new which fail from malloc calls.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19774)
2022-11-29 13:58:19 +01:00
Tomas Mraz
92a25e24e6 Fix occasional assertion failure when storing properties
Fixes #18631

The store lock does not prevent concurrent access to the
property cache, because there are multiple stores.

We drop the newly created entry and use the exisiting one
if there is one already.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19762)
2022-11-29 08:21:34 +01:00
Rohan McLure
055d029610 Fix accumulated index comments in felem_inv for p521
Comments in felem_inv refer to the logarithm with respect to in of the
element that has just been computed. The last two such annotations are
incorrect. By Fermat's last theorem, we hope to compute in^(p-2) in
GF(2^521-1), as such we expect the final index we reach to be 2^521-3.

CLA: Trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19765)
2022-11-28 09:53:00 +00:00
Tomas Mraz
d5e1fe9c04 Drop incorrect skipping of some evp_test testcases with no-gost
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19739)
2022-11-28 09:50:35 +00:00
Tomas Mraz
667a8501f0 Add test for EVP_PKEY_Q_keygen
Test for #19736

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19761)
2022-11-25 18:38:52 +01:00
Stephen Farrell
ad062480f7 Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.
This supports all the modes, suites and export mechanisms defined
in RFC9180 and should be relatively easily extensible if/as new
suites are added.  The APIs are based on the pseudo-code from the
RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS().  External
APIs are defined in include/openssl/hpke.h and documented in
doc/man3/OSSL_HPKE_CTX_new.pod.  Tests (test/hpke_test.c) include
verifying a number of the test vectors from the RFC as well as
round-tripping for all the modes and suites.  We have demonstrated
interoperability with other HPKE implementations via a fork [1]
that implements TLS Encrypted ClientHello (ECH) which uses HPKE.

@slontis provided huge help in getting this done and this makes
extensive use of the KEM handling code from his PR#19068.

[1] https://github.com/sftcd/openssl/tree/ECH-draft-13c

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17172)
2022-11-25 16:26:55 +00:00
Marco Abbadini
0dbd3a81e4 Fix typos in doc/man3/EVP_EncryptInit.pod
Fixes #19728

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19753)
2022-11-25 13:10:12 +01:00
Tomas Mraz
adb408dc79 When using PEM_read_bio_PrivateKey_ex() the public key is optional
Fixes #19498

However the private key part is not optional which was
mishandled by the legacy routine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19505)
2022-11-25 10:32:18 +01:00
J.W. Jagersma
b484c6268c Disable atomic refcounts with no-threads
This is needed for building with '-march=i386 no-threads', on platforms
where libatomic is not available (djgpp, specifically).  The
implementation now falls back to 'CRYPTO_atomic_add()', which performs
plain lock-free addition in a 'no-threads' build.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19751)
2022-11-25 10:29:44 +01:00
Dr. David von Oheimb
a2ede0396a add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25 09:19:37 +01:00
Dr. David von Oheimb
1c04866c67 OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25 09:19:34 +01:00
Dr. David von Oheimb
7e3034939b CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25 09:15:37 +01:00
Dr. David von Oheimb
60ea150b1f CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)
2022-11-25 09:05:47 +01:00
Dr. David von Oheimb
911045afda CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)
2022-11-25 09:05:47 +01:00
Dr. David von Oheimb
25dd78048b CMS_decrypt*(): fix misconceptions and mem leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)
2022-11-25 09:05:47 +01:00
Jan
0b7ad5d928 Fix typo in openssl-x509.pod.in
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19746)
2022-11-25 11:36:35 +11:00
Jiaxun Yang
3f32d29ad4 Add SM2 support for EVP_PKEY_Q_keygen
There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19736)
2022-11-24 16:29:38 +01:00
Dr. David von Oheimb
cba0e2afd6 CMP: fix handling of unset or missing failInfo PKI status information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
2022-11-24 14:01:47 +01:00
Dr. David von Oheimb
19ddcc4cbb CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages
On this occasion, replace magic constants by mnemonic ones; update doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
2022-11-24 14:00:46 +01:00
Dr. David von Oheimb
33a73e33dc OSSL_CMP_ITAV_set0.pod: fix formatting nits, update example
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
2022-11-24 13:45:06 +01:00
Dr. David von Oheimb
357bfe7345 CMP+CRMF: fix formatting nits in crypto/, include/, and test/
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
2022-11-24 13:45:06 +01:00
Maxim Mikityanskiy
cd715b7e7f Add support for KTLS zerocopy sendfile on Linux
TLS device offload allows to perform zerocopy sendfile transmissions.
FreeBSD provides this feature by default, and Linux 5.19 introduced it
as an opt-in. Zerocopy improves the TX rate significantly, but has a
side effect: if the underlying file is changed while being transmitted,
and a TCP retransmission happens, the receiver may get a TLS record
containing both new and old data, which leads to an authentication
failure and termination of connection. This effect is the reason Linux
makes a copy on sendfile by default.

This commit adds support for TLS zerocopy sendfile on Linux disabled by
default to avoid any unlikely backward compatibility issues on Linux,
although sacrificing consistency in OpenSSL's behavior on Linux and
FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable
the new zerocopy behavior on Linux. This option should be used when the
the application guarantees that the file is not modified during
transmission, or it doesn't care about breaking the connection.

The related documentation is also added in this commit. The unit test
added doesn't test the actual functionality (it would require specific
hardware and a non-local peer), but solely checks that it's possible to
set the new option flag.

Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Boris Pismenny <borisp@nvidia.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18650)
2022-11-24 13:19:37 +01:00
Hugo Landau
394f6f246a QUIC TXP: Fix missing OSSL_NELEM include
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19756)
2022-11-24 09:17:20 +00:00
Daniel Fiala
18af4d154c Make parsing of piped data in speed.c more robust
Fixes openssl#19050

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19238)
2022-11-24 10:10:04 +01:00
Hugo Landau
a73078b79f QUIC TX Packetiser and Streams Mapper
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19346)
2022-11-24 08:15:20 +00:00
slontis
f5060f9b31 Add HISTORY section to EVP_KEM-EC document.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19699)
2022-11-24 06:39:22 +00:00
Everton Constantino
b863e1e4c6 Add two new build targets to enable the possibility of using clang-cl as
an assembler for Windows on Arm builds and also clang-cl as the compiler
as well. Make appropriate changes to armcap source and peralsm scripts.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19523)
2022-11-24 06:36:47 +00:00
FdaSilvaYY
f2a6f83862 Cleanup : directly include of internal/nelem.h when required.
And so clean a few useless includes

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19721)
2022-11-23 18:08:25 +01:00
Dr. David von Oheimb
2da163cb73 CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19715)
2022-11-23 10:57:52 +01:00
slontis
d2f6e66d28 Improve FIPS RSA keygen performance.
Reduce the Miller Rabin counts to the values specified by FIPS 186-5.
The old code was using a fixed value of 64.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19579)
2022-11-23 08:27:08 +01:00
Tomas Mraz
f5e602b550 Fix version mistake in some HISTORY sections
Follow up of PR#19690

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19725)
2022-11-23 08:23:17 +01:00
Tomas Mraz
e0fbaf2a4a Update CHANGES.md and NEWS.md from 3.0.7
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19565)
2022-11-22 18:16:06 +01:00
Daniel Fiala
858b5d12b8 Add an EVP signature demo using DSA
Fixes openssl#14114

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19492)
2022-11-22 17:23:11 +01:00
Richard Levitte
122ea851de test/recipes/80-test_cms.t: Fix the "CAdES ko" test
This test had commands that assumes that runner_loop() is used to perform
the tests.  These tests still run fine because Unix accepts braces in file
names, but other operating systems might not.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19731)

(cherry picked from commit 20d3731006)
2022-11-22 17:15:14 +01:00
Tomas Mraz
c48c32807f Split out thread pool tests into threadpool_test
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19695)
2022-11-22 17:08:23 +01:00
Tomas Mraz
f5a3669c8b Add functions supporting thread pool only when it is enabled
Fixes #19691

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19695)
2022-11-22 17:08:23 +01:00
slontis
26cfa4cd85 Fix coverity issues in X509v3_addr
CID 1516955 : Null pointer deref (REVERSE_INULL)
CID 1516954 : Null pointer deref (REVERSE_INULL)
CID 1516953 : RESOURCE_LEAK of child

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19700)
2022-11-21 12:41:25 +01:00
slontis
4741c80c05 Add missing HISTORY sections for OpenSSL 3.0 related documents.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)
2022-11-21 12:03:10 +01:00
slontis
dd1d7bcb69 Improve FIPS RSA keygen performance.
FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.

Cachegrind was showing that during a RSA keygen operation,
the function BN_gcd() was taking a considerable percentage
of the total cycles.

The default provider uses multiprime keygen, which seemed to
be much faster. This is because it uses BN_mod_inverse()
instead.

For a 4096 bit key, the entropy of a key that was taking a
long time to generate was recorded and fed back into subsequent
runs. Roughly 40% of the cycle time was BN_gcd() with most of the
remainder in the prime testing. Changing to use the inverse
resulted in the cycle count being 96% in the prime testing.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19578)
2022-11-21 11:17:59 +01:00
Matt Caswell
88113f5dc6 Design document for the QUIC-TLS integration
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19683)
2022-11-21 09:53:22 +00:00
Richard Levitte
83c1220ad1 test/timing_load_creds.c: use OPENSSL_SYS_ macros
A previous change was only half done.  To avoid such mistakes again, we
switch to using the OPENSSL_SYS_ macros, as the are clearer than having
to check a pile of very platform and compiler specific macros.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19720)
2022-11-19 13:05:19 +01:00
Richard Levitte
81929ac49a Disable test/timing_load_creds.c on VMS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19713)
2022-11-18 22:32:01 +01:00
Dr. David von Oheimb
a275afc527 test/smime-certs/ca.cnf: clean up comments, simplify settings using SKID and AKID defaults
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19064)
2022-11-18 15:10:02 +01:00
Dr. David von Oheimb
8a2f9a7cc8 x509/v3_purp.c: rename 'require_ca' parameters to the more adequate 'non_leaf'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19064)
2022-11-18 15:10:01 +01:00
Dr. David von Oheimb
3fa6dbd1be x509/v3_purp.c etc.: improve doc/comments on codesign and timestamp purpose checks
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19064)
2022-11-18 15:10:01 +01:00
slontis
ad60cd522b Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.
Removed fields from missingcrypto.txt that are no longer missing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19692)
2022-11-18 14:29:01 +01:00