The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.
Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
The OTC decided that all low level APIs should be deprecated. This extends
to SRP, even though at the current time there is no "EVP" interface to it.
This could be added in a future release.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
RFC 8805 Geofeed files can be authenticated with RPKI
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14050)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications
or third party providers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
Add a handler for EBUSY sendfile error in addition to
EAGAIN. With EBUSY returned the data still can be partially
sent and user code has to be notified about it, otherwise it
may try to send data multiple times.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13716)
This 'special' way of specifying the data should only be used for testing
purposes. It should not be used in production environments.
ACVP passes a blob of DER encoded data for some of the fields rather
than passing them as separate fields that need to be DER encoded.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14077)
The functions are obsolete aliases for BN_rand() and BN_rand_range()
since 1.1.0.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14080)
The existing names such as EVP_PKEY_param_fromdata_settable were a bit
confusing since the 'param' referred to key params not OSSL_PARAM. To simplify
the interface a 'selection' parameter will be passed instead. The
changes are:
(1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init().
(2) EVP_PKEY_fromdata() has an additional selection parameter.
(3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable().
EVP_PKEY_fromdata_settable() also uses a selection parameter.
Fixes#12989
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14076)
This fixes a race condition where the index to the cache location was found
under a read lock and a later write lock set the cache entry. The issue being
that two threads could get the same location index and then fight each other
over writing the cache entry. The most likely outcome is a memory leak,
however it would be possible to set up an invalid cache entry.
The operation cache was a fixed sized array, once full an assertion failed.
The other fix here is to convert this to a stack. The code is simplified and
it avoids a cache overflow condition.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14062)
We should no longer be relying on compile time checks in libssl for
the availability of crypto algorithms. The availability of crypto
algorithms should be determined at runtime based on what providers have
been loaded.
Fixes#13616
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
The supported groups code was checking the OPENSSL_NO_EC and
OPENSSL_NO_DH guards in order to work, and the list of default groups was
based on those guards. However we now need it to work even in a no-ec
and no-dh build, because new groups might be added from providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Instead, we preserve all the pre-3.0 _F_ macros in the backward
compatibility headers include/openssl/cryptoerr_legacy.h and
include/openssl/sslerr_legacy.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)
Fixes#13969
- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
reflects the actual parameters set
- when generating keys do not override previously set parameters
with defaults
- tests added to the test_req recipe that should cover the PSS signature
handling
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
The checks of the type of EVP_PKEY were from before we had the macro
evp_pkey_is_provided().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
They were calling evp_keymgmt_set_params() directly. Those calls are
changed to go through EVP_PKEY_set_params().
We take the opportunity to constify these functions. They have to
unconstify internally for the compiler to stop complaining when
placing those pointers in an OSSL_PARAM element, but that's still
better than forcing the callers to do that cast.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
There are no instances of the macros that this comment is referring to
being used anywhere within current master. All of the macros were
deprecated by commit f41ac0e. Therefore this TODO should just be removed.
Fixes#13020
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14038)
It assumed there would always be a non-NULL ctx->pmeth, leading to a
crash when that isn't the case. Since it needs to check 'keytype'
when that one isn't -1, we also add a corresponding check for the
provider backed EVP_PKEY_CTX case.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13973)
There was a remaining function signature declaration, but no
OSSL_DISPATCH number for it nor any way it's ever used. It did exist
once, but was replaced with an OSSL_PARAM item to retrieve.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14048)
They are still used internally in legacy code.
Also fixed up some minor things in EVP_DigestInit.pod
Fixes: #14003
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14008)
The EVP_PKEY operation_cache caches references to provider side key
objects that have previously been exported for this EVP_PKEY, and their
associated key managers. The cache may be updated from time to time as the
EVP_PKEY is exported to more providers. Since an EVP_PKEY may be shared by
multiple threads simultaneously we must be careful to ensure the cache
updates are locked.
Fixes#13818
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds
EVP_PKEY_RSA_PSS to also be accepted.
The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a
function and it is now called in legacy_ctrl_to_param.
Fixes#12384
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13099)
These defines were never used and not needed.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
The client-side cert verification callback function may not only return
as usual for success or 0 for failure, but also -1,
typically on failure verifying the server certificate.
This makes the handshake suspend and return control to the calling application
with SSL_ERROR_WANT_RETRY_VERIFY.
The app can for instance fetch further certificates or cert status information
needed for the verification.
Calling SSL_connect() again resumes the connection attempt
by retrying the server certificate verification step.
This process may even be repeated if need be.
The core implementation of the feature is in ssl/statem/statem_clnt.c,
splitting tls_process_server_certificate() into a preparation step
that just copies the certificates received from the server to s->session->peer_chain
(rather than having them in a local variable at first) and returns to the state machine,
and a post-processing step in tls_post_process_server_certificate() that can be repeated:
Try verifying the current contents of s->session->peer_chain basically as before,
but give the verification callback function the chance to pause connecting and
make the TLS state machine later call tls_post_process_server_certificate() again.
Otherwise processing continues as usual.
The documentation of the new feature is added to SSL_CTX_set_cert_verify_callback.pod
and SSL_want.pod.
This adds two tests:
* A generic test in test/helpers/handshake.c
on the usability of the new server cert verification retry feature.
It is triggered via test/ssl-tests/03-custom_verify.cnf.in (while the bulky auto-
generated changes to test/ssl-tests/03-custom_verify.cnf can be basically ignored).
* A test in test/sslapitest.c that demonstrates the effectiveness of the approach
for augmenting the cert chain provided by the server in between SSL_connect() calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13906)
Since the pointer can be later be modified, the caller should have the
responsibility to supply the address of that.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13951)
libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
to get the conv form and field type. Instead we provide EVP_PKEY level
functions to do this.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d().
Fix a bug (wrong HTTP method selected on req == NULL in OCSP_sendreq_new().
Minor further fixes in OSSL_HTTP_REQ_CTX.pod
Fixes#13873
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
Also update documentation regarding sources of certs and keys,
improve type of OSSL_CMP_exec_RR_ses(),
add tests for CSR-based cert revocation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13841)
EVP_KEY_new_CMAC_key_ex was in the pre-release 3.0 only, so is safe
to remove.
Restore 1.1.1 version of EVP_PKEY_new_CMAC_key documentation.
Also make testing of EVP_PKEY_new_CMAC_key properly #ifdef'd.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13829)
Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13475)
Add internal asn1_time_print_ex() that can return success on invalid time.
This is a workaround for inconsistent error behavior of ASN1_TIME_print(),
used in X509_print_ex().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13714)
Deprecations made:
OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX
OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new
OCSP_REQ_CTX_free->OSSL_HTTP_REQ_CTX_free
OCSP_REQ_CTX_http-> OSSL_HTTP_REQ_CTX_header
OCSP_REQ_CTX_add1_header->OSSL_HTTP_REQ_CTX_add1_header
OCSP_REQ_CTX_i2d->OSSL_HTTP_REQ_CTX_i2d
OCSP_REQ_CTX_get0_mem_bio->OSSL_HTTP_REQ_CTX_get0_mem_bio
OCSP_set_max_response_length->OSSL_HTTP_REQ_CTX_set_max_response_length
OCSP_REQ_CTX_nbio_d2i->OSSL_HTTP_REQ_CTX_sendreq_d2i
OCSP_REQ_CTX_nbio->OSSL_HTTP_REQ_CTX_nbio
Made some editorial changes to man3/OCSP_sendreq.pod; move the NOTES
text inline. Some of the original functions had no documentation:
OCSP_REQ_CTX_new, OCSP_REQ_CTX_http, OCSP_REQ_CTX_get0_mem_bio,
OCSP_REQ_CTX_nbio_d2i, and OCSP_REQ_CTX_nbio. Their new counterparts
are now documented in doc/man3/OSSL_HTTP_REQ_CTX.pod
Fixes#12234
Co-authored-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13742)
To clarify the purpose of these two calls rename them to
EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv.
Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV
to better align with the function name.
Fixes#13411
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13870)
The primary DRBG may be shared across multiple threads and therefore
we must use locking to access it. Previously we were enabling that locking
lazily when we attempted to obtain one of the child DRBGs. Part of the
process of enabling the lock, is to create the lock. But if we create the
lock lazily then it is too late - we may race with other threads where each
thread is independently attempting to enable the locking. This results
in multiple locks being created - only one of which "sticks" and the rest
are leaked.
Instead we enable locking on the primary when we first create it. This is
already locked and therefore we cannot race.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
We've spread around FETCH_FAILED errors in quite a few places, and
that gives somewhat crude error records, as there's no way to tell if
the error was unavailable algorithms or some other error at such high
levels.
As an alternative, we take recording of these kinds of errors down to
the fetching functions, which are in a much better place to tell what
kind of error it was, thereby relieving the higher level calls from
having to guess.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13467)
The openssl code base has only a few occurrences of 'unsigned const char'
(15 occurrences), compared to the more common 'const unsigned char' (4420
occurrences).
While the former is not illegal C, mixing the 'const' keyword (a 'type
qualifier') in between 'unsigned' and 'char' (both 'type specifiers') is a
bit odd.
The background for writing this patch is not to be pedantic, but because
the 'opmock' program (used to mock headers for unit tests) does not accept
the 'unsigned const char' construct. While this definitely is a bug in
opmock or one of its dependencies, openssl is the only piece of software we
are using in combination with opmock that has this construct.
CLA: trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13722)
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.
For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.
Partially fixes https://github.com/openssl/openssl/issues/8435
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
Function SSL_group_to_name() added, together with documentation and tests.
This now permits displaying names of internal and external
provider-implemented groups.
Partial fix of #13767
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13785)
We add an implementation for CRYPTO_atomic_or() and CRYPTO_atomic_load()
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)
Previously we cached the cipher constants in EVP_CIPHER_fetch(). However,
this means we do the caching every time we call that function, even if
the core has previusly fetched the cipher and cached it already. This
means we can end up re-caching the constants even though they are already
present. This also means we could be updating these constants from
multiple threads at the same time.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13730)
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
This introduces a separate activation counter, and the function
ossl_provider_deactivate() for provider deactivation.
Something to be noted is that if the reference count goes down to
zero, we don't care if the activation count is non-zero (i.e. someone
forgot to call ossl_provider_deactivate()). Since there are no more
references to the provider, it doesn't matter.
The important thing is that deactivation doesn't remove the provider
as long as there are references to it, for example because there are
live methods associated with that provider, but still makes the
provider unavailable to create new methods from.
Fixes#13503Fixes#12157
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)
Because decoders are coupled with keymgmts from the same provider,
ours need to produce provider side keys the same way. Since our
keymgmts create key data with the provider library context, so must
our decoders.
We solve with functions to adjust the library context of decoded keys,
and use them.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)
EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
EC_KEY. This change solves that problem by shuffling these functions
to more appropriate places.
Partially fixes#13550
squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available
By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_EC. This requires some re-arrangements of
internal tables to translate between numeric identities and names.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
DH. This change solves that problem by shuffling these functions to
more appropriate places.
By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_DH. This requires some re-arrangements of
internal tables to translate between numeric identities and names.
Partially fixes#13550
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
This allows 15-test_rsa.t to succeed, and provides the same OSSL_ENCODER
support for these formats as for all other formats supported in OpenSSL.
Fixes#13379
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13645)
All these functions are usable with RSA keys, there's no reason why
they should be unaccessible when DSA or RC4 are disabled.
When DSA is disabled, it's not possible to use these functions for
DSA EVP_PKEYs. That's fine, and supported.
When RC4 is disabled, it's not possible to use these functions to
write encrypted PVK output. That doesn't even depend on the
definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible
via EVP, something that isn't known when building libcrypto.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)
This replaces the internal evp_pkey_get_EC_KEY_curve_nid()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13436)
It never makes sense for multi-string or CHOICE types to use implicit
tagging since the content would be ambiguous. It is an error in the
template if this ever happens. If we detect it we should stop parsing.
Thanks to David Benjamin from Google for reporting this issue.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Fixes#10366
The one place that actually used was in the legacy printing of ecparams.
This has been replaced by the pointtobuf variant.
The ecparam app was using one of these functions - this line has just been
removed as another PR will remove all the code generated lines..
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13294)
This also adds the following functions, for completeness:
PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_ex(),
PEM_write_PUBKEY_ex, PEM_write_bio_PUBKEY_ex
Fixes#13542
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13547)
BIO_do_connect() can work even in no-sock builds (non socket based BIOs
have the right ctrls). Therefore we move the macro outside of the
OPENSSL_NO_SOCK guards
Fixes#12207
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13587)
The passed 'pkey' already contains a library context, and the encoder
implementations should be found within the same context, so passing an
explicit library context seems unnecessary, and potentially dangerous.
It should be noted that it's possible to pass an EVP_PKEY with a
legacy internal key. The condition there is that it doesn't have a
library context assigned to it, so the NULL library context is used
automatically, thus requiring that appropriate encoders are available
through that context.
Fixes#13544
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13545)
The X942 KDF had been modified so that it supports all optional fields - not
just the fields used by CMS.
As there are 2 types of KDF for X942 - this has been made a bit clearer
by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an
alias of X963KDF.
This work was instigated as a result of the ACVP tests optionally being
able to use keybits for the supp_pubinfo field.
Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this
to be disabled.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13418)
ERR_get_error_line() is deprecated, and ERR_get_error_func() and
ERR_get_error_data() are removed in favor of ERR_get_error_all(),
since they pop the error record, leaving the caller with only partial
error record data and no way to get the rest if the wish.
If it's desirable to retrieve data piecemeal, the caller should
consider using the diverse ERR_peek functions and finish off with
ERR_get_error().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13466)
Also move the #define(s) for the ASN1_ITYPE_.. before their first use.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12687)
EVP_PKEY_CTX_set_dsa_ functions were only available when DSA was
enabled ('no-dsa' not configured). However, that makes it impossible
to use these functions with an engine or a provider that happens to
implement DSA. This change solves that problem by shuffling these
functions to more appropriate places.
Fixes#13529
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13530)
The functions return a DH object and therefore need to be deprecated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
This deprecates all the ERR_load_ functions, and moves their definition to
separate C source files that can easily be removed when those functions are
finally removed.
This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h,
moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h
to include/openssl/cryptoerr_legacy.h, and finally removes the declaration
of ERR_load_DSO_strings(), which was entirely internal anyway.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)
A OSSL_DEPRECATEDIN_0_9_8 function was surrounded by a
OPENSSL_NO_DEPRECATED_3_0 guard.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13448)
Previously we only ever allowed one mark to be set against an error in the
statck. If we attempted to nest them, then we would end up clearing all
the errors in the stack when we popped to the mark.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13335)
