summaryrefslogtreecommitdiff
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods.Shane Lontis2019-04-112-5/+70
| | | | | | | | Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8661)
* Make X509_set_sm2_id consistent with other settersPaul Yang2019-04-091-1/+1
| | | | | | | | | | | This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8626)
* Params: add OSSL_PARAM_construct_end()Richard Levitte2019-04-091-0/+1
| | | | | | | | | | OSSL_PARAM_END is a macro that can only be used to initialize an OSSL_PARAM array, not to assign an array element later on. For completion, we add an end constructor to facilitate that kind of assignment. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8704)
* EVP_set_default_properties(): New function to set global propertiesRichard Levitte2019-04-051-0/+1
| | | | | | | | | | | EVP_MD_fetch() can be given a property query string. However, there are cases when it won't, for example in implicit fetches. Therefore, we also need a way to set a global property query string to be used in all subsequent fetches. This also applies to all future algorithm fetching functions. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8681)
* add documentationBoris Pismenny2019-04-011-0/+1
| | | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
* Implement EVP_MD_fetch()Matt Caswell2019-03-211-0/+2
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* Providing missing accessor to EVP_PKEY.engineDmitry Belyavskiy2019-03-191-0/+1
| | | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8329)
* Guard some SM2 functions with OPENSSL_NO_SM2Matt Caswell2019-03-151-2/+2
| | | | | | | Fixes the no-ec build Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8481)
* trace: update the documentationDr. Matthias St. Pierre2019-03-151-0/+6
| | | | | | | | | | | This commit adds some missing symbols and other minor enhancements. In particular, it establishes the term 'channel' as a synonym for a BIO object attached to a trace category, and introduces the concept of a 'simple' channel versus a 'callback' channel. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8463)
* Support SM2 certificate verification杨洋2019-03-131-0/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8321)
* generated filesPauli2019-03-121-0/+46
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8451)
* OSSL_PARAM helper functions.Pauli2019-03-121-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide a number of functions to allow parameters to be set and retrieved in a type safe manner. Functions are provided for many integral types plus double, BIGNUM, UTF8 strings and OCTET strings. All of the integer functions will widen the parameter data as required. This permits a degree of malleability in the parameter definition. For example a type can be changed from a thirty two bit integer to a sixty four bit one without changing application code. Only four and eight byte integral sizes are supported here. A pair of real functions are available for doubles. A pair of functions is available for BIGNUMs. These accept any sized unsigned integer input and convert to/from a BIGNUM. For each OCTET and UTF8 strings, four functions are defined. This provide get and set functionality for string and for pointers to strings. The latter avoiding copies but have other inherent risks. Finally, some utility macros and functions are defined to allow OSSL_PARAM definition arrays to be specified in a simple manner. There are two macro and one function for most types. The exception being BIGNUM, for which there is one macro and one function. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8451)
* 2nd chunk: CRMF code (crypto/crmf/, ) and its integrationDavid von Oheimb2019-03-121-0/+82
| | | | | | | | | in INSTALL, Configure, crypto/build.info, include/openssl/crmferr.h, crypto/err/, include/openssl/err.h, and (to be updated:) util/libcrypto.num Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7646)
* Add documentationRichard Levitte2019-03-111-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
* Add provider module infrastructureRichard Levitte2019-03-111-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
* Replumbing: New public API to load or add providersRichard Levitte2019-03-111-0/+5
| | | | | | | | | | | | | | Adding a provider means creating an internal provier object and adding it to the store. This allows the addition of built in providers, be it in the OpenSSL libraries or in any application. "Loading" a provider is defined broadly. A built in provider is already "loaded" in essence and only needs activating, while a provider in a dynamically loadable module requires actually loading the module itself. In this API, "loading" a provider does both. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
* Replumbing: Add the Provider Object, type OSSL_PROVIDERRichard Levitte2019-03-111-0/+9
| | | | | | | | | The OSSL_PROVIDER is the core object involved in loading a provider module, initialize a provider and do the initial communication of provider wide and core wide dispatch tables. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
* util/mkerr.pl: Add an inclusion of symhacks.h in all error filesRich Salz2019-03-111-3/+5
| | | | | | | | | This does no harm, and ensures that the inclusion isn't mistakenly removed in the generated *err.h where it's actually needed. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8397)
* constify *_dup() and *i2d_*() and related functions as far as possible, ↵David von Oheimb2019-03-061-20/+40
| | | | | | | | introducing DECLARE_ASN1_DUP_FUNCTION Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8029)
* Document the tracing functionalityRichard Levitte2019-03-061-0/+1
| | | | | | | Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
* Add generic trace APIRichard Levitte2019-03-061-0/+9
| | | | | | | | | | | | | | | | | | The idea is that the application shall be able to register output channels or callbacks to print tracing output as it sees fit. OpenSSL internals, on the other hand, want to print thoses texts using normal printing routines, such as BIO_printf() or BIO_dump() through well defined BIOs. When the application registers callbacks, the tracing functionality sets up an internal BIO that simply forwards received text to the appropriate application provided callback. Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
* VMS: fix util/[un]local.com.in to handle attributesRichard Levitte2019-03-052-2/+10
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8382)
* Add section order check in util/find-doc-nitsPaul Yang2019-02-281-0/+14
| | | | | | | | This patch checks if the EXAMPLES section in a pod file is placed before the RETURN VALUES section. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8338)
* OpenSSL::Util::Pod: allow slashes in namesRichard Levitte2019-02-271-1/+1
| | | | | | | | | The names in the NAME section may describe headers, which contain a slash for OpenSSL headers. We deal with that by converting slashes to dashes for the file names. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8286)
* Replumbing: Add include/openssl/core.h, initially with core typesRichard Levitte2019-02-271-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8286)
* Add BN_native2bn and BN_bn2nativepad, for native BIGNUM import/exportRichard Levitte2019-02-261-0/+2
| | | | | | | | | These are a couple of utility functions, to make import and export of BIGNUMs to byte strings in platform native for (little-endian or big-endian) easier. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8346)
* util/find-docs-nits: Recognise SPARSE_ARRAY_OFRichard Levitte2019-02-181-0/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8269)
* util/find-docs-nits: Extend to handle internal documentationRichard Levitte2019-02-181-6/+19
| | | | | | | | While we're at it, we also check for names that contain white-space, as they are invalid. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8269)
* generated filesPauli2019-02-181-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8224)
* Add an OpenSSL library contextRichard Levitte2019-02-162-0/+3
| | | | | | | | The context builds on CRYPTO_EX_DATA, allowing it to be dynamically extended with new data from the different parts of libcrypto. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8225)
* Add CRYPTO_alloc_ex_data()Richard Levitte2019-02-161-0/+1
| | | | | | | | | This allows allocation of items at indexes that were created after the CRYPTO_EX_DATA variable was initialized, using the exact same method that was used then. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8225)
* Add EC_GROUP_get0_fieldDavid Asraf2019-02-151-0/+1
| | | | | | | | New function to return internal pointer for field. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8195)
* Added new EVP/KDF API.David Makepeace2019-02-132-0/+9
| | | | | | | | | | Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6674)
* Remove unnecessary trailing whitespaceSam Roberts2019-02-057-22/+22
| | | | | | | | | | | | Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8092)
* Fix Invalid Argument return code from IP_Factory in connect_to_server().Matthias Kraft2019-02-041-1/+1
| | | | | | | | Fixes #7732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8158)
* Document and add macros for additional DSA optionsDavid Benjamin2019-01-301-0/+2
| | | | | | | | | EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone code (see also issue #1319). Add the missing wrapper macros and document them. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8093)
* crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)Antonio Iacono2019-01-271-25/+30
| | | | | | | | | | | | | | | | | A CAdES Basic Electronic Signature (CAdES-BES) contains, among other specifications, a collection of Signing Certificate reference attributes, stored in the signedData ether as ESS signing-certificate or as ESS signing-certificate-v2. These are described in detail in Section 5.7.2 of RFC 5126 - CMS Advanced Electronic Signatures (CAdES). This patch adds support for adding ESS signing-certificate[-v2] attributes to CMS signedData. Although it implements only a small part of the RFC, it is sufficient many cases to enable the `openssl cms` app to create signatures which comply with legal requirements of some European States (e.g Italy). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7893)
* add an additional async notification communication method based on callbackPing Yu2019-01-273-0/+15
| | | | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Signed-off-by: Ping Yu <ping.yu@intel.com> Signed-off-by: Steven Linsell <stevenx.linsell@intel.com> (Merged from https://github.com/openssl/openssl/pull/7573)
* Build: Change all _NO_INST to use attributes instead.Richard Levitte2019-01-221-2/+2
| | | | | | | | | This means that all PROGRAMS_NO_INST, LIBS_NO_INST, ENGINES_NO_INST and SCRIPTS_NO_INST are changed to be PROGRAM, LIBS, ENGINES and SCRIPTS with the associated attribute 'noinst'. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7581)
* Rework building: adapt some scriptsRichard Levitte2019-01-212-17/+9
| | | | | | | | | | | | | The platform module collection is made in such a way that any Perl script that wants to take part of the available information can use them just as well as the build system. This change adapts test/recipes/90-test_shlibload.t, util/mkdef.pl, and util/shlib_wrap.sh.in Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7473)
* Rework building: VMS changes to handle extensions and product namesRichard Levitte2019-01-212-14/+8
| | | | | | | | | | | | | | | | | Add platform::VMS, which is a generic VMS module. Additional modules to support specific building aspects (such as specific compilers) may be added later, but since we currently work on file names and those are generic enough, this is also enough. This reworks Configurations/descrip.mms.tmpl to work out product names in platform::VMS terms. Something to be noted is that the new functionality ignores the *_extension config attributes, as they were never used. VMS is very consistent in its use of extensions, so there is no reason to believe much will change in this respect. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7473)
* Rework building: initial changesRichard Levitte2019-01-211-1/+11
| | | | | | | | | | | | | | | | | | | | | | | This is the start of a major work to correct some quirks in the buiding system. The base for this is to move certain attributes that lack desired flexibility from Configurations/*.conf to perl modules that can be selected with one single attribute in the config targets. The way this is meant to work is by adding this attribute in select config targets: perl_module => 'Name'; # Name to be replaced Then, in the perl scripts or modules that need the functionality, these lines should be added: use lib catdir($srcdir, 'Configurations'); # Ensure access to platform.pm use lib $blddir; # Ensure access to configdata.pm use platform; # Will load platform::$target{perl_module} Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7473)
* More configurable crypto and ssl library initializationViktor Dukhovni2019-01-071-0/+2
| | | | | | | | | | | | | | | | | | | | | | 1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with INIT_BASE_ONLY. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7986)
* Add a test for correct handling of the cryptopro bug extensionMatt Caswell2019-01-075-21/+14
| | | | | | | | | This was complicated by the fact that we were using this extension for our duplicate extension handling tests. In order to add tests for cryptopro bug the duplicate extension handling tests needed to change first. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7984)
* util/process_docs.pl: handle multiple source directories correctlyRichard Levitte2018-12-211-93/+102
| | | | | | | | | | | | | | The way this script handled multiple source directories wasn't quite right, it ended up giving pod2html 'ARRAY(0xXXXXXXXXX)' as a source directory. This corrects the mistake. Fixes #7742 Fixes #7939 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7911)
* Ignore duplicated undocumented thingsRich Salz2018-12-131-3/+7
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7423)
* Add RFC5297 AES-SIV supportTodd Short2018-12-121-0/+14
| | | | | | | | | | | | | | Based originally on github.com/dfoxfranke/libaes_siv This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR and CMAC code to reduce complexity at the cost of perfomance. The expected use is for short inputs, not TLS-sized records. Add multiple AAD input capacity in the EVP tests. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3540)
* util/mkdef.pl: Remove a ';' that snuck inRichard Levitte2018-12-111-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7868)
* Configuration: $config{shlib_version_number} -> $config{shlib_version}Richard Levitte2018-12-111-1/+1
| | | | | | | | | This was forgotten in a few places Fixes #7862 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7865)
* VMS: fix library compatibility settings in util/mkdef.plRichard Levitte2018-12-101-1/+3
| | | | | | | | | | The regexp to parse the incoming version number was flawed, and since we allow ourselves to add missing APIs in PATCH releases, the compatibility settings still need to include the PATCH part of the version number. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7858)
View Lorry Controller Status