We use a fake EVP_KEYMGMT import function with the newly modified
EVP_PKEY_ASN1_METHOD export_to function to pass the exported
OSSL_PARAM array directly to the EVP_PKEY_export() callback instead of
exporting to an actual provided key and then getting the OSSL_PARAM
array from there, just to throw away that key again.
Fixes#15290
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15293)
We previously took an EVP_KEYMGMT pointer, but now found it necessary
to use a different import function in some cases. Since that's the
only thing we use from EVP_KEYMGMT, we might as well pass the import
function directly, allowing for some flexibility in how export_to is
used.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15293)
We now have a migration guide which should be the definitive source of
information for upgrading from a previous version of OpenSSL.
Fixes#15186
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15373)
In 1.1.1 when installing the man pages we created symlinks to the base
page for all functions described on the page. We need to continue doing
this.
Fixes#14846
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15312)
If the global properties are updated after a provider with a child libctx
has already started we need to make sure those updates are mirrored in
that child.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)
Where a child libctx is in use it needs to know what the current global
properties are.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)
We have the ability to parse a string into a PROPERTY_LIST already. Now
we have the ability to go the other way.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)
Almost all were notes about wanting to deprecate CTRLs/utility functions.
Fixes#15325
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15328)
Now that we can become "in init" directly after the call, test the
various scenarios where explicit SSL_do_handshake() calls can come
into play.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)
The initial implementation always deferred the generation of the
requested ticket(s) until the next application write, but this
is not a great fit for what it actually does, architecturally wise.
A request to send a session ticket means entering back into the
handshake state machine (or "in init", as it's known in the
implementation). The state machine transition is not something that
only occurs at an application-data write, and in general could occur at
any time. The only constraint is that we can't enter "init" while in
the middle of writing application data. In such cases we will need to
wait until the next TLS record boundary to enter the state machine,
as is currently done.
However, there is no reason why we cannot enter the handshake state
machine immediately in SSL_new_session_ticket() if there are no
application writes pending. Doing so provides a cleaner API surface to
the application, as then calling SSL_do_handshake() suffices to drive
the actual ticket generation. In the previous state of affairs a dummy
zero-length SSL_write() would be needed to trigger the ticket
generation, which is a logical mismatch in the type of operation being
performed.
This commit should only change whether SSL_do_handshake() vs zero-length
SSL_write() is needed to immediately generate a ticket after the
SSL_new_session_ticket() call -- the default behavior is still to defer
the actual write until there is other application data to write, unless
the application requests otherwise.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)
apps/progs.pl will have apps/progs.c as output, and on some systems,
the output file of a program is locked against reading.
Unfortunately, apps/progs.c is also part of the sources that make up
apps/openssl, so it's necessary to mark that file in a way that makes
progs.pl skip over it.
Fortunately, this is easily done with a special attribute in
apps/build.info and a simple adaptation of apps/progs.pl.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15316)
Current VMS C-RTL does not have <sys/select.h>. <sys/socket.h> is
a good enough replacement to get fd_set.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
It would try to define OPENSSL_SYS_VMS if that macro is defined.
That's just not right.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
We have pretty long symbol names, so they need to be shortened to fit
in the linker's 31 character limit on symbols.
Symbol name shortening with the VMS C compiler works in such a way
that a symbol name that's longer than 31 characters is mangled into
its first original 22 characters, followed by a dollar sign and the
32-bit CRC of the original symbol name in hexadecimal.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
crypto/ec/curve448/ has a series of inclusions that throws VMS C
off, so we compensate for it the same way as we have done before.
Fixes#14247
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
Instead of what we used to do, put all include directories in a number
of DCL variables and generate the /INCLUDE qualifier value on the
command line, we instead generate VMS C specific header files with
include directory pragmas, to be used with the VMS C's /FIRST_INCLUDE
qualifier. This also shortens the command line, the size of which is
limited.
VMS C needs to have those include directories specified in a Unix
form, to be able to safely merge #include paths with them when
searching through them.
Fixes#14247
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
`use lib` needs Unix formatted paths. For VMS, it means that we must
make sure to convert paths, and we may as well generalise it.
In this case, we need to adapt the functions sourcedir() and sourcefile()
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
It was looking in the wrong place in %unified_info to determine if the
library would be installed or not.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
