The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
Matt Caswell [Fri, 11 Sep 2020 15:47:53 +0000 (16:47 +0100)]
Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate
Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx previously
initialised with EVP_DigestSignInit() would retain information about the
key, and re-initialise for another sign operation. To emulate that we
redirect calls to EVP_DigestInit() to EVP_DigestSignInit_ex() if
appropriate.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
Matt Caswell [Thu, 10 Sep 2020 13:46:41 +0000 (14:46 +0100)]
Don't send -1 as the length of the hmac key
The dgst app was using an undocumented behaviour in the
EVP_PKEY_new_raw_private_key() function when setting a key length for
a MAC. The old EVP_PKEY to MAC bridge, probably by accident, converts a
-1 length to a strlen() call, by virtue of the fact that it eventually
calls ASN1_STRING_set() which has this feature.
As noted above this is undocumented, and unexpected since the len
parameter to EVP_PKEY_new_raw_private_key() is an unsigned value (size_t).
In the old bridge it was later (silently) cast to an int, and therefore
the original -1 value was restored. This only works because sizeof(int) <=
sizeof(size_t). If we ever run on a platform where sizeof(int) >
sizeof(size_t) then it would have failed. The behaviour also doesn't hold
for EVP_PKEY_new_raw_private_key() in general - only when the old MAC
bridge was in use.
Rather than restore the original behaviour I think it is best to simply
fix the dgst app to not assume it exists. We should not bake in this
backwards and inconsistent behaviour.
Fixes #12837
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
Annotate potential -Wunused-function violations in err.h
Fixes #12792
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12851)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12863)
When building in the source tree, a rebuilt Makefile detected both
include/openssl/foo.h.in and include/openssl/foo.h, so promptly added
include/openssl/foo.h twice to the list of headers to parse in 'make
update'
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12882)
Richard Levitte [Tue, 15 Sep 2020 15:10:44 +0000 (17:10 +0200)]
OpenSSL::ParseC: recognise inline function bodies
Function bodies in headers weren't a thing when OpenSSL::ParseC was
created, at least not as clearly as they are nowadays. This module
must evolve to recognise them (and promptly ignore them).
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12882)
SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption
using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9
A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt()
are now in the fips module.
Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops().
Added corruption test
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12835)
Pauli [Sun, 13 Sep 2020 21:50:40 +0000 (07:50 +1000)]
free memory use on error in cert verify
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
Pauli [Sun, 13 Sep 2020 21:47:26 +0000 (07:47 +1000)]
generate_cookie_callback: free temporary memory on an error path
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
Pauli [Sun, 13 Sep 2020 21:44:45 +0000 (07:44 +1000)]
PKCS5 PBE: free allocations on unlikely / impossible failure path
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
Pauli [Sun, 13 Sep 2020 21:40:58 +0000 (07:40 +1000)]
PKCS#8: free data on error path in newpass_bag
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
Pauli [Sun, 13 Sep 2020 21:36:02 +0000 (07:36 +1000)]
DTLS: free allocated memory on error paths
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
Richard Levitte [Sat, 29 Aug 2020 07:46:24 +0000 (09:46 +0200)]
EVP: Centralise fetching error reporting
Instead of sometimes, and sometimes not reporting an error in the
caller of EVP_XXX_fetch(), where the error may or may not be very
accurate, it's now centralised to the inner EVP fetch functionality.
It's made in such a way that it can determine if an error occured
because the algorithm in question is not there, or if something else
went wrong, and will report EVP_R_UNSUPPORTED_ALGORITHM for the
former, and EVP_R_FETCH_FAILED for the latter.
This helps our own test/evp_test.c when it tries to figure out why an
EVP_PKEY it tried to load failed to do so.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12857)
Matt Caswell [Thu, 10 Sep 2020 15:34:17 +0000 (16:34 +0100)]
Ignore unused return values from some sk_*() macros
Some compilers are very picky about unused return values.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Fri, 4 Sep 2020 16:00:58 +0000 (17:00 +0100)]
Don't complain about stack related macros
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Richard Levitte [Fri, 4 Sep 2020 06:51:37 +0000 (08:51 +0200)]
Make 'make ordinals' work again
'make ordinals' assumed that all headers reside in the source tree,
which is no longer true, now that we generate a number of them. This
needed some refactoring.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 16:35:41 +0000 (17:35 +0100)]
Streamline the safestack generated code
The safestack code generation was generating a little too much. Some of
it could be done with a normal macro.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 16:22:30 +0000 (17:22 +0100)]
Add a CHANGES entry for the safestack updates
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 16:09:18 +0000 (17:09 +0100)]
Remove some safestack things that are no longer needed
... and add SKM_DEFINE_STACK_OF_INTERNAL
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 15:39:36 +0000 (16:39 +0100)]
Fix safestack issues in ui.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 15:35:20 +0000 (16:35 +0100)]
Fix safestack issues in pkcs12.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 15:24:47 +0000 (16:24 +0100)]
Fix safestack issues in crypto.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 15:14:28 +0000 (16:14 +0100)]
Fix safestack issues in conf.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 15:06:16 +0000 (16:06 +0100)]
Fix safestack issues in bio.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 15:01:51 +0000 (16:01 +0100)]
Fix safestack issues in ess.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 14:56:05 +0000 (15:56 +0100)]
Fix safestack issues in asn1t.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 14:50:09 +0000 (15:50 +0100)]
Fix safestack issues in ct.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 14:45:01 +0000 (15:45 +0100)]
Fix safestack issues in crmf.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 14:37:45 +0000 (15:37 +0100)]
Fix safestack issues in x509_vfy.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 14:31:44 +0000 (15:31 +0100)]
Fix safestack issues in srp.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 14:20:03 +0000 (15:20 +0100)]
Fix safestack issues in pkcs7.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 14:05:30 +0000 (15:05 +0100)]
Fix safestack issues in ocsp.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 13:55:08 +0000 (14:55 +0100)]
Fix safestack issues in cms.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 13:45:54 +0000 (14:45 +0100)]
Fix safestack issues in cmp.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 13:35:41 +0000 (14:35 +0100)]
Fix safestack issues in asn1.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 13:10:41 +0000 (14:10 +0100)]
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 11:46:08 +0000 (12:46 +0100)]
Fix safestack issues in x509v3.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Thu, 3 Sep 2020 09:23:44 +0000 (10:23 +0100)]
Fix safestack issues in x509.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Matt Caswell [Wed, 2 Sep 2020 15:15:06 +0000 (16:15 +0100)]
Fix safestack issues in ssl.h
We fix 3 problems with safestack:
- Including an openssl header file without linking against libcrypto
can cause compilation failures (even if the app does not otherwise need
to link against libcrypto). See issue #8102
- Recent changes means that applications in no-deprecated builds will need
to include additional macro calls in the source code for all stacks that
they need to use - which is an API break. This changes avoids that
necessity.
- It is not possible to write code using stacks that works in both a
no-deprecated and a normal build of OpenSSL. See issue #12707.
Fixes #12707
Contains a partial fix for #8102. A similar PR will be needed for hash to
fully fix.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
HPE NonStop Port Changes for 3.0.0 Includes unthreaded, PUT, and SPT for OSS.
The port changes include wrapping where necessary for FLOSS and
appropriate configuration changes to support that. Two tests
are excluded as being inappropriate for the platform.
The changes are:
* Added /usr/local/include to nonstop-nsx_spt_floss to load floss.h
* Added SPT Floss variant for NonStop
* Wrapped FLOSS definitions in OPENSSL_TANDEM_FLOSS to allow selective enablement.
* SPT build configuration for NonStop
* Skip tests not relevant for NonStop
* PUT configuration changes required for NonStop platforms
* Configurations/50-nonstop.conf: updates for TNS/X platform.
* FLOSS instrumentation for HPE NonStop TNS/X and TNS/E platforms.
* Configurations/50-nonstop.conf: modifications for non-PUT TNS/E platform b
* Fix use of DELAY in ssltestlib.c for HPNS.
* Fixed commit merge issues and added floss to http_server.c
CLA: Permission is granted by the author to the OpenSSL team to use these modifications.
Fixes #5087.
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12800)
Richard Levitte [Sun, 9 Aug 2020 12:22:09 +0000 (14:22 +0200)]
dev/release.sh: Rework to be smoother
It now creates all the necessary feature branches for github in your
repository, making the cloned sub-directory unnecessary for post-release
purposes.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12614)
Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE
Note that although this is a false positive currently, it could become possible if any of the methods called
change behaviour - so it is safer to add the fix than to ignore it. Added a simple test so that I could prove this was the case.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
Richard Levitte [Thu, 10 Sep 2020 11:50:54 +0000 (13:50 +0200)]
OSSL_DECODER 'decode' function must never be NULL.
The conditions for a valid implementation allowed the 'decode'
function to be NULL or the 'export_object' was NULL. That condition
is changed so that 'decode' is checked to be non-NULL by itself.
Fixes #12819
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12849)
Richard Levitte [Sun, 6 Sep 2020 06:51:32 +0000 (08:51 +0200)]
TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t
On most systems, there is no E macro for errcode zero in <errno.h>,
which means that it seldom comes up here. However, reports indicate
that some platforms do have an E macro for errcode zero.
With perl, errcode zero is a bit special. Perl consistently gives
the empty string for that one, while the C strerror() may give back
something else. The easiest way to deal with that possible mismatch
is to skip this errcode.
Fixes #12798
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12799)
Chris Novakovic [Thu, 3 Sep 2020 22:42:56 +0000 (23:42 +0100)]
apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified
When generating a CRL using the "ca" utility, allow values for the
lastUpdate and nextUpdate fields to be specified using the command line
options -crl_lastupdate and -crl_nextupdate respectively.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12784)
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12821)
apps/cmp.c: Improve example given for -geninfo option (also in man page)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
OSSL_CMP_CTX_new.pod: improve doc of OSSL_CMP_CTX_get1_{extraCertsIn,caPubs}
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
openssl-cmp.pod.in: Update Insta Demo CA port number in case needed
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
apps/cmp.c: Improve user guidance on missing -subject etc. options
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
apps/cmp.c: Improve documentation of -secret, -cert, and -key options
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
check_chain_extensions(): Require X.509 v3 if extensions are present
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
x509_vfy.c: Make sure that strict checks are not done for self-issued EE certs
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
check_chain_extensions(): Add check that CA cert includes key usage extension
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
check_chain_extensions(): Add check that on empty Subject the SAN must be marked critical
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
check_chain_extensions(): Add check that AKID and SKID are not marked critical
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
check_chain_extensions(): Add check that Basic Constraints of CA cert are marked critical
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
Extend X509 cert checks and error reporting in v3_{purp,crld}.c and x509_{set,vfy}.c
add various checks for malformedness to static check_chain_extensions() in x509_vfc.c
improve error reporting of X509v3_cache_extensions() in v3_purp.c
add error reporting to x509_init_sig_info() in x509_set.c
improve static setup_dp() and related functions in v3_purp.c and v3_crld.c
add test case for non-conforming cert from https://tools.ietf.org/html/rfc8410#section-10.2
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
If a path is specified with the -module option it will use this path to load the library when the provider is activated,
instead of also having to set the environment variable OPENSSL_MODULES.
Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname().
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12761)
Richard Levitte [Wed, 9 Sep 2020 03:29:56 +0000 (05:29 +0200)]
STORE: Fix OSSL_STORE_attach() to check |ui_method| before use
ossl_pw_set_ui_method() demands that the passed |ui_method| be
non-NULL, and OSSL_STORE_attach() didn't check it beforehand.
While we're at it, we remove the passphrase caching that's set at the
library level, and trust the implementations to deal with that on
their own as needed.
Fixes #12830
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12831)