It was a temporary measure to deal with the fact that util/progs.pl
didn't work right at all times, but that has now been fixed.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Since they are generated in build time, there's not need to keep them
in the source tree.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
There were some remaining old code and comments that don't serve a
purpose any longer.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
util/progs.pl depends on the build tree (on configdata.pm,
specifically), so it needs to be run from the build tree. But why
stop there? We might as well generate apps/progs.c and apps/progs.h
when building.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Use case: having a variable with multiple source files in its value,
and wanting to refer to the corresponding object file.
$SRCS=foo.c bar.c
SOURCE[program]=$SRCS
DEPEND[${SRCS/.c/.o}]=prog.h
GENERATE[prog.h]=...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
So far, the "index" part of KEYWORD[whatever] could only handle one
item. There are cases, however, where we want to add the exact same
value to multiple items. This is especially helpful if a variable
that may have multi-item values are used in the "index" part.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
This adds evp_keymgmt_util_copy() and affects EVP_PKEY_copy_parameters()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
This adds evp_keymgmt_util_match() and affects EVP_PKEY_cmp() and
EVP_PKEY_cmp_parameters().
The word 'match' was used for the new routines because many associate
'cmp' with comparison functions that allows sorting, i.e. return -1, 0
or 1 depending on the order in which the two compared elements should
be sorted. EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() don't quite
do that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
It turns out that GNU as and Solaris as don't have compatible ideas on
the .section syntax, so we need to check if we're using GNU as or
another assembler and adapt this .section syntax accordingly.
Fixes#11132
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11191)
The parameter got "const" in 9fdcc21fdc but that was not added
to cast. So this throws a -Wcast-qual in user code.
error: cast from 'const DUMMY *' to 'ASN1_VALUE_st *' drops const qualifier [-Werror,-Wcast-qual]
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11210)
This function "upgrades" a key from a legacy key container to a
provider side key container.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
The role of this cache was two-fold:
1. It was a cache of key copies exported to providers with which an
operation was initiated.
2. If the EVP_PKEY didn't have a legacy key, item 0 of the cache was
the corresponding provider side origin, while the rest was the
actual cache.
This dual role for item 0 made the code a bit confusing, so we now
make a separate keymgmt / keydata pair outside of that cache, which is
the provider side "origin" key.
A hard rule is that an EVP_PKEY cannot hold a legacy "origin" and a
provider side "origin" at the same time.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11175)
These are old functions that fell out of use with OpenSL 0.9.7.
It's more than time to deprecate them.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11161)
Provide serializers for X25519 and X448 for text, pem and der. There are
no parameter serializers because there are no parameters for these
algorithms.
Add some documentation about the various import/export types available
Add additional testing for the serializers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11095)
Since we've now switched to use util/wrap.pl to wrap uninstalled
programs everywhere, there's no need to set the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES globally for the tests.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
util/wrap.pl is a script that defines the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES, then calls the command line
that's given as its arguments.
On a POSIX platform, the command line call is done via
util/shlib_wrap.sh to ensure that the shared library paths are
correct. For other platforms, util/wrap.pl currently assumes that
similar things are already in place through other means.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
This only affects __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H,
which are used automatically by HP and VSI C/C++ compilers.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11159)
(cherry picked from commit 605a0c709f)
Up to now, CHANGES entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Up to now, NEWS entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
* Add an OpenSSL logo and CI badges
* Add a table of contents
* Add a lot of links
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
The goal is to transform the standard documents
README, INSTALL, SUPPORT, CONTRIBUTING, ...
from a pure text format into markdown format, but in such a way
that the documentation remains nicely formatted an easy readable
when viewed with an normal text editor.
To achieve this goal, we use a special form of 'minimalistic' markdown
which interferes as little as possible with the reading flow.
* avoid [ATX headings][] and use [setext headings][] instead
(works for `<h1>` and `<h2>` headings only).
* avoid [inline links][] and use [reference links][] instead.
* avoid [fenced code blocks][], use [indented-code-blocks][] instead.
The transformation will take place in several steps. This commit
introduces mostly changes the formatting and does not chang the
content significantly.
[ATX headings]: https://github.github.com/gfm/#atx-headings
[setext headings]: https://github.github.com/gfm/#setext-headings
[inline links]: https://github.github.com/gfm/#inline-link
[reference links]: https://github.github.com/gfm/#reference-link
[fenced code blocks]: https://github.github.com/gfm/#fenced-code-blocks
[indented code blocks]: https://github.github.com/gfm/#indented-code-blocks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
In the first step, we just add the .md extension and move some
files around, without changing any content. These changes will
occur in the following commits.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Remove unused util/process_docs.pl
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10856)
CAkeyform may be set to PEM, DER or ENGINE, but the current options
are not using the proper optionformat 'E' (OPT_FMT_PDE) for this.
Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting
the option value.
This amends 0ab6fc79a9 ("Fix regression on x509 keyform argument") which
did the same thing for keyform and changed the manpage synopsis entries
for both keyform and CAkeyform but did not change the option section.
Hence, change the option section for both of them.
CLA: trivial
Co-developed-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11085)
The example never executes code inside of the while loop, as read()
returns bigger number than 0. Thus the end result is wrong.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11143)
Also reuse one of the arm64 builds as a no-deprecated build
Also include a single ppc64le-build
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11181)
If the user specifies a minimum allocation size that is smaller than
the free list structure (or zero), calculate the minimum possible size rather
than failing.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
Add a note indicating that the minimum size parameter to
CRYPTO_secure_malloc_init() should be small.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
Conditional code readability improvement.
Remove unused macro
Commit #11042 has introduced a new, unused, CRYPTO_EX_INDEX macro.
Remove before version release.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11103)
Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().
This made it difficult for the FIPS DRBG self test to verify that the
internal state had been zeroized, because it had the side effect that
the drbg->data structure was reinitialized immediately.
To solve the problem, RAND_DRBG_set() has been split in two parts
static int rand_drbg_set(RAND_DRBG *drbg, int type, unsigned int flags);
static int rand_drbg_init_method(RAND_DRBG *drbg);
and only the first part is called from RAND_DRBG_uninstantiate().
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
Its entry in Configuration/10-main.conf was dropped in commit
7ead0c8918 ("Configure: fold related configurations more aggressively
and clean-up.") probably because all but one of its bn_ops were removed
(RC4_CHAR remained). Benchmarks on an Alpha EV7 indicate that RC4_INT is
better than RC4_CHAR so rather than restoring the configuation, remove
it from config.
CLA: trivial
Bug: https://bugs.gentoo.org/697840
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11130)
Property "default" no longer exists, replace "default=yes" with
"provider=default"
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11150)
