All invokations of $(PERL) need to be quoted, in case it contains
spaces. That was forgotten in one spot.
Fixes#9060
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9062)
Minor typo.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8866)
Some OSSL_PROVIDER getters took a non-const OSSL_PROVIDER parameter.
There's no reason to do so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9054)
Method name correction.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9052)
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712)
CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
Adds extensive man pages and tests. Integration into build scripts.
Incremental pull request based on OpenSSL commit 1362190b1b of 2018-09-26
3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8669)
Add a page about properties in the man7 section of the public documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9011)
This has been long overdue.
Note that this does not join the X509 and X509V3 error modules, that
will be too many macro changes at this stage.
Fixes#8919
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8925)
openssl_config_int() returns the uninitialized variable `ret`
when compiled with OPENSSL_SYS_UEFI.
Fixes#9026
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9029)
CLA: trivial
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9021)
Rework the test so that it fails far less often.
A number of independent tests are executed and 5% are expected to fail.
The number of such failures follows a binomial distribution which permits
a statistical test a 0.01% expected failure rate.
There is a command line option to enable the stochastic range checking.
It is off by default.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8830)
enabling the 'enable-crypto-mdebug' option and running parameter generation
causes timeouts.
Loading pregenerated params is more suited for these tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9022)
The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.
There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9015)
We add the extra warning and sanitizer options to check our code,
which is entirely in C. We support C++ compilers uniquely for the
sake of certain external test suites, and those projects can probably
sanitize their own code themselves.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9013)
Convert EVP_PKEY Parameters to/from binary.
This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters
in a similar way to Public and Private Keys.
The API's can be used by applications (including openssl apps) that only
want to use EVP_PKEY without needing to access low level key API's.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8903)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9010)
The documentation of what a X509_LOOKUP implementation must do was
unclear and confusing. Most of all, clarification was needed that it
must store away the found objects in the X509_STORE.
Fixes#8707
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8755)
Add a few coverage test case.
Fixes#8949
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)
In all legacy code ctx->cipher is dereferenced without checks, so it
makes no sense to jump there is ctx->cipher is NULL as it will just lead
to a crash. Catch it separately and return an error.
This is simlar to the fix in d2c2e49eab
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9002)
CLA: trivial
Fixes#8904
Commit 48feaceb53 ("Remove the possibility to disable the UI module
entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c"
unconditional, by deleting the preprocessing directive "#ifndef
OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2
(OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ.
Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from
commit 984d6c6052, "Fix no-stdio build", 2015-09-29).
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8922)
e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)
In addition this commit ensures that the "provctx" value is defaulted to the current
library context when we are recurively initialising the FIPS provider when already inside
the FIPS module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)
67c81ec311 forgot about s390x
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)
Add the possibility of a property query clause to be optional by preceding
it with a question mark.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8943)
