This is in gmac_final(), where the cipher is known to be fetched.
It's more suitable to use OSSL_PARAMs than _ctrl functions, as the
latter are expected to become obsolete.
Fixes#14359
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14484)
Providers (particularly the FIPS provider) needs access to BIOs from libcrypto.
Libcrypto is allowed to change the internal format of the BIO structure and it
is still expected to work with providers that were already built. This means
that the libcrypto BIO must be distinct from and not castable to the provider
side OSSL_CORE_BIO.
Unfortunately, this requirement was broken in both directions. This fixes
things by forcing the two to be different and any casts break loudly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)
Fixes#13185Fixes#13352
Removed the existing code in file_store that was trying to figure out the
input type.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
providers/fipsmodule.cnf is generated using 'openssl fipsinstall' with
the openssl program in the build directory.
Fixes#14315
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
The FIPS provider no longer has seeding sources inside the boundary, the
related conditional code can therefore be removed.
Fixes#14358
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14382)
This allows making the signature operations return different
settable params when the context is initialized with
EVP_DigestSign/VerifyInit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14338)
Those TODOs do not really apply to 3.0 as the legacy internal
keys will stay.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Added some error reporting in dh_exch.c and unified error reporting
with it in other key exchange methods.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Those TODOs are not relevant anymore as the headers
are now in providers.
Also make the header guard defines better reflect the
header placement.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
The DER writing errors can be ignored safely.
Document that the EVP_MAX_MD_SIZE is a hardcoded limit
for digest sizes.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
Partial fix for #12964
This adds ossl_ names for the following symbols:
ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
Partial fix for #12964
This adds ossl_ names for the following symbols:
dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, dsa_check_pub_key, dsa_check_pub_key_partial,
dsa_do_sign_int, dsa_ffc_params_fromdata,
dsa_generate_ffc_parameters, dsa_generate_public_key,
dsa_get0_params, dsa_key_fromdata, dsa_new_with_ctx, dsa_pkey_method, dsa_sign_int
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
