Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13023)
Some very basic config targets don't defined the 'shared_target'
attribute at all. This wasn't handled well enough in Configure.
This also cleans away an explicit reference to the ossltest engine in
Configurations/unix-Makefile.tmpl, which isn't necessary since the
build.info attributes were added.
Fixesopenssl/web#197
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13031)
This stops them leaking into other namespaces in a static build.
They remain internal.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13013)
Return immediately on matched cipher. Without this patch the code only breaks out of the inner for loop, meaning for a matched TLS13 cipher the code will still loop through 160ish SSL3 ciphers.
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13000)
We now have decoder support for SM2, so the cheats that were in place
for the sake of lacking decoders aren't needed any more.
Fixes#12982
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12986)
The pkey created in one loop was being fed into the keygen of the next loop - since it was not set to NULL after the
free. This meant that the 2 EVP_MD_CTX objects that still had ref counts to this key were getting confused.
All other tests clear the key after freeing the key if they loop (some do this by declaring/initing the pkey inside the loop).
The offending code is a recent addition to the speed app.
This was found using the -async_jobs option.
Similar code was tried for an RSA key using 111 which resulted in the same issue.
Found while trying to test issue #128867 (It is not known if this will fix that issue yet).
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12975)
Fixes#12635
As discussed in the issue, supporting the set0-like semantics long-term is not necessarily desirable, although necessary for short-term compatibility concerns. So I've deprecated the original method and added an equivalent that is explicitly labelled as set1.
I tried to audit existing usages of the (now-deprecated) API and update them to use set1 if that appeared to align with their expectations.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12917)
Added Keymanager, signatures, kem, asymciphers and keyexchange.
Added -select option so that specific algorithms are easier to view when using -verbose
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
CLA: Permission is granted by the author to the OpenSSL team to use these modifications.
Fixes#12903
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12923)
Now that we have full SM2 support, we can remove some TODOs from the tests.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12913)
We can now re-enable test/recipes/01-test_symbol_presence.t for NonStop.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12962)
We already test EVP_PKEY_set_alias_type() quite thoroughly in
test/ecdsatest.c, that should be enough.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12920)
This also deprecates the function, as it is not necessary any more,
and should fall out of use.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12920)
The NonStop config attributes mean that there's no separate "simple"
and "full" shared library name, they are the same. Because we assumed
that they would always differ, we ended up with this dependency:
libcrypto.so: libcrypto.so
A simple fix was all that was needed to clear that.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12960)
Some compilers / linkers allow arguments to be given in a file instead
of on the command line. We make it possible to specify this by giving
the compiler / linker flag for it, using the config attribute
'shared_argfileflag'.
This currently only impacts the build of shared libraries, as those
are potentially made up of a massive amount of object files, which has
been reported to overwhelm the command line on some platforms.
Fixes#12797
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12960)
ECX_KEY was not meant for public consumption, it was only to be
accessed indirectly via EVP routines. However, we still need internal
access for our decoders.
This partially reverts 7c664b1f1bFixes#12880
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12956)
Also improve credentials loading diagnostics for many apps.
Fixes#12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
This streamlines with all other config targets, and draws from the
'sys_id' config attribute.
Fixes#12858
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)
Because there are many combinations and much repetition, we add a large
number of templates to cover all aspects, and make the actual config
entries inherit from the templates combined.
Fixes#12858
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)
The original names were more intuitive: the generate_counter counts the
number of generate requests, and the reseed_counter counts the number
of reseedings (of the principal DRBG).
reseed_gen_counter -> generate_counter
reseed_prop_counter -> reseed_counter
This is the anologue to commit 8380f453ec on the 1.1.1 stable branch.
The only difference is that the second renaming has already been reverted
on the master branch.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12941)
The removal of certain types of files we structured like this:
-$(RM) `find . {{options}} -print`
This isn't very kind for shells with limited command line lengths
(even when that limit is generous, in our case), so we rewrite those
like this:
-find . {{options}} -exec $(RM) {} \;
Fixes#12938
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12939)
