Matt Caswell [Wed, 29 Nov 2023 11:55:17 +0000 (11:55 +0000)]
Remove some redundant code
We remove a function that was left behind and is no longer called after the
record layer refactor
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
Matt Caswell [Wed, 29 Nov 2023 11:45:12 +0000 (11:45 +0000)]
Don't attempt to set provider params on an ENGINE based cipher
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
Matt Caswell [Wed, 29 Nov 2023 11:30:07 +0000 (11:30 +0000)]
Add a test for late loading of an ENGINE in TLS
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
Randall S. Becker [Wed, 22 Nov 2023 20:45:24 +0000 (20:45 +0000)]
Deprecate SPT threading support on NonStop.
This fix removes explicit support for the SPT threading model in configurations.
This also reverts commit
f63e1b48ac893dd6110452e70ed08f191547cd89 that were
required for SPT but broke other models.
Fixes: #22798
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22807)
Bernd Edlinger [Sun, 10 Dec 2023 09:18:19 +0000 (10:18 +0100)]
Fix a possible memory leak in do_othername
Since the gen->type will not be set in a2i_GENERAL_NAME
the gen->d.otherName will not be automatically
cleaned up by GENERAL_NAME_free.
Also fixed a similar leak in a2i_GENERAL_NAME,
where ASN1_STRING_set may fail but gen->d.ia5
will not be automatically cleaned up.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22996)
Matthias St. Pierre [Wed, 29 Nov 2023 21:12:45 +0000 (22:12 +0100)]
doc: improve documentation of EVP in-place encryption
The EVP interface explicitly allows in-place encryption/decryption,
but this fact is just 'partially' documented in `EVP_EncryptUpdate(3)`
(pun intended): the manual page mentions only operation failure in
case of 'partial' overlaps. This is not even correct, because
the check for partially overlapping buffers is only implemented
in legacy code paths.
Currently, in-place encryption/decryption is only documented for
RSA (`RSA_public_encrypt(3)`) and DES (`DES_ecb_encrypt(3)`), as
well as in the provider interface (`provider-cipher(7)`).
This commit amends `EVP_EncryptUpdate(3)` and `provider-cipher(7)`
to make the front-end and back-end documentation consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22875)
Neil Horman [Tue, 28 Nov 2023 18:54:37 +0000 (13:54 -0500)]
Add overflow checks to parse_number/parse_hex/parse_oct
Test the next arithmetic operation to safely determine if adding the
next digit in the passed property string will overflow
Also, noted a bug in the parse_hex code. When parsing non-digit
characters (i.e. a-f and A-F), we do a tolower conversion (which is
fine), and then subtract 'a' to get the hex value from the ascii (which
is definately wrong). We should subtract 'W' to convert tolower
converted hex digits in the range a-f to their hex value counterparts
Add tests to test_property_parse_error to ensure overflow checks work
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22874)
Richard Levitte [Tue, 28 Nov 2023 22:41:32 +0000 (23:41 +0100)]
Configure: Refuse to make directories in the source tree
Fixes #22907
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22908)
Richard Levitte [Tue, 28 Nov 2023 14:55:43 +0000 (15:55 +0100)]
Modify 'out-of-source-and-install' to work with a read-only source tree
This also adds the configuration options 'enable-quic'.
Fixes #22907
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22908)
Richard Levitte [Tue, 5 Dec 2023 08:26:36 +0000 (09:26 +0100)]
Add the 'run_tests' target to the Windows build file template as well
For some reason, it was added to the Unix and VMS build templates, but
Windows was forgotten.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22947)
Richard Levitte [Tue, 5 Dec 2023 08:21:35 +0000 (09:21 +0100)]
Make sure that the test / tests build target run 'run_tests' last
Fixes #22943
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22947)
Neil Horman [Thu, 30 Nov 2023 16:20:34 +0000 (11:20 -0500)]
Statically link legacy provider to evp_extra_test
Like in #17345, evp_extra_test links libcrypto statically, but also has
a dynamic/shared load via the legacy provider, which leads to ambiguous
behavior in evp_extra_test on some platforms, usually a crash (SIGSEGV)
on exit via the atexit handlers. Statically link the legacy provider to
avoid this.
Fixes #22819
Helped-by: Neil Horman <nhorman@openssl.org>
Helped-by: Tomas Mraz <tomas@openssl.org>
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22905)
Tomas Mraz [Mon, 4 Dec 2023 17:01:28 +0000 (18:01 +0100)]
ossl_decoder_cache_flush(): Do not raise an error if there is no cache
This function can be called during OPENSSL_cleanup() when
the cache was already flushed and deallocated.
Fixes #22939
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22941)
Hugo Landau [Mon, 4 Dec 2023 17:02:39 +0000 (17:02 +0000)]
QUIC LCIDM: Minor updates in response to feedback
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Tue, 28 Nov 2023 07:44:43 +0000 (07:44 +0000)]
QUIC LCIDM: Make robust against LHASH failures
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Tue, 28 Nov 2023 07:39:41 +0000 (07:39 +0000)]
QUIC LCIDM: Always use lcid_obj to refer to QUIC_LCID
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Tue, 28 Nov 2023 07:32:57 +0000 (07:32 +0000)]
QUIC GLOSSARY: Add ODCID
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Thu, 9 Nov 2023 11:11:17 +0000 (11:11 +0000)]
QUIC LCIDM: Minor fixes
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Wed, 8 Nov 2023 16:57:55 +0000 (16:57 +0000)]
QUIC LCIDM: Add debug calls
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Wed, 8 Nov 2023 16:57:41 +0000 (16:57 +0000)]
QUIC LCIDM: Correct documentation
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Mon, 6 Nov 2023 08:43:03 +0000 (08:43 +0000)]
QUIC LCIDM: Enforce and document ODCID peculiarities
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 17:47:49 +0000 (17:47 +0000)]
QUIC: Update glossary to add LCID/RCID concepts
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 17:46:12 +0000 (17:46 +0000)]
QUIC LCIDM: Add test
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 17:16:23 +0000 (17:16 +0000)]
QUIC LCIDM: Add fuzzer
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 16:27:35 +0000 (16:27 +0000)]
QUIC LCIDM: Add LCIDM
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Tomas Mraz [Thu, 30 Nov 2023 14:55:57 +0000 (15:55 +0100)]
rehash.c: Do not use NAME_MAX limit
On some systems it is too small although the system allows longer
filenames.
Fixes #22886
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22889)
Tomas Mraz [Tue, 5 Dec 2023 14:02:52 +0000 (15:02 +0100)]
fips-label.yml: Cleanup the FIPS artifact before downloading and unzipping ABIDIFF one
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22952)
Tomas Mraz [Fri, 1 Dec 2023 15:02:35 +0000 (16:02 +0100)]
Use severity: ABI changed label instead of CI failure for ABIDIFF
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22901)
Richard Levitte [Wed, 29 Nov 2023 13:32:10 +0000 (14:32 +0100)]
Make 'openssl list' less sensitive for providers without params
When a provider can't return parameters, make that a warning instead of an
error, and continue to list further providers.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)
Richard Levitte [Wed, 29 Nov 2023 13:24:18 +0000 (14:24 +0100)]
Add a minimal test provider
We test its validity by trying to load it.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)
Richard Levitte [Wed, 29 Nov 2023 13:06:51 +0000 (14:06 +0100)]
After initializing a provider, check if its output dispatch table is NULL
If the provider's output dispatch table is NULL, trying to parse it causes a
crash. Let's not do that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)
Richard Levitte [Thu, 30 Nov 2023 08:02:25 +0000 (09:02 +0100)]
test/recipes/01-test_symbol_presence.t: Treat common symbols specially
Common symbols (type 'C' in the 'nm' output) are allowed to be defined more
than once. This makes test/recipes/01-test_symbol_presence.t reflect that.
Fixes #22869 (partially)
Fixes #22837
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22880)
Richard Levitte [Thu, 30 Nov 2023 07:48:33 +0000 (08:48 +0100)]
test/recipes/01-test_symbol_presence.t: Ignore symbols starting with '__'
On some platforms, the compiler may add symbols that aren't ours and that we
should ignore.
They are generally expected to start with a double underscore, and thereby
easy to detect.
Fixes #22869 (partially)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22880)
olszomal [Thu, 30 Nov 2023 16:57:45 +0000 (17:57 +0100)]
Add a test for X509_load_cert_file()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22885)
olszomal [Thu, 30 Nov 2023 11:53:40 +0000 (12:53 +0100)]
Fix loading more than one certificate in PEM format in X509_load_cert_file_ex()
Fixes #22895
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22885)
Markus Minichmayr [Thu, 30 Nov 2023 08:46:28 +0000 (09:46 +0100)]
Test various combinations of `SSL_OP_ALLOW_NO_DHE_KEX` and `SSL_OP_PREFER_NO_DHE_KEX`
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22883)
Michael Osipov [Thu, 30 Nov 2023 16:07:03 +0000 (17:07 +0100)]
Fix detection on HP-UX (IA64)
HPE has a weird preference to prefix letters and zero-padding. Properly trim
them before processing.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22891)
James Muir [Fri, 24 Nov 2023 17:37:36 +0000 (12:37 -0500)]
doc: improve display of KECCAK-KMAC128, KECCAK-KMAC256 defs
Do not allow mid-expression line breaks.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22814)
Richard Levitte [Tue, 21 Nov 2023 12:45:13 +0000 (13:45 +0100)]
exporters/cmake/OpenSSLConfig.cmake.in: Detect missing `platform->sharedlib_import`
Some platform implementations are without `sharedlib_import()`, so we need
to check that it exists before using it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22789)
Richard Levitte [Thu, 30 Nov 2023 15:38:43 +0000 (16:38 +0100)]
Remove the source directory .num targets
$(SRCDIR)/util/libcrypto.num and $(SRCDIR)/util/libssl.num were made their
own targets to have 'make ordinals' reproduce them (run mknum.pl) only if
needed.
Unfortunately, because the shared library linker scripts depend on these
.num files, we suddenly have mknum.pl run at random times when building.
Furthermore, this created a diamond dependency, which disturbs parallell
building because multiple mknum.pl on the same file could run at the same
time.
This reverts commit
0e55c3ab8d702ffc897c9beb51d19b14b7896182.
Fixes #21999
Partially fixes #22841
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22890)
Neil Horman [Wed, 22 Nov 2023 17:16:54 +0000 (12:16 -0500)]
Don't free aliased pointers in ctx cmp_ctx tests
Coverity recorded issues
1551739 and
1551737, a potential double free in the
tests. It occurs when the DUP operation fails in such a way val3_read is
returned as the same pointer as val2_read. Ideally it should never
happen, but resetting val3_read to 0 should satisfy coverity that there
is no issue here
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22800)
Neil Horman [Wed, 22 Nov 2023 19:20:39 +0000 (14:20 -0500)]
Add locking to CRYPTO_secure_used
Coverity issue
1551719 noted CRYPTO_secure_used referenced a shared
variable without taking the appropriate read lock. Add that.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22802)
James Muir [Wed, 29 Nov 2023 03:43:52 +0000 (22:43 -0500)]
evp-cmac: do not seg-fault when getting mac-size before init
Add null check to cmac_size(). This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.
Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).
Fixes #22842
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)
Bernd Edlinger [Wed, 15 Nov 2023 18:31:28 +0000 (19:31 +0100)]
Fix a possible memory leak in make_receipt_request
When the CMS_ReceiptRequest cannot be created,
the rct_to and rct_from may be leaked.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22742)
Bernd Edlinger [Wed, 15 Nov 2023 19:49:51 +0000 (20:49 +0100)]
Fix a possible use after free in X509v3_asid_add_id_or_range
And clean up partially created choice objects, which have
still the default type = -1 from ASIdentifierChoice_new().
Fixes #22700
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22745)
James Muir [Wed, 29 Nov 2023 17:37:44 +0000 (12:37 -0500)]
rsa-doc: fix typo
"d_i in RFC8017" -> "d_i" in RFC8017
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22868)
Sean Bright [Mon, 20 Nov 2023 20:08:19 +0000 (15:08 -0500)]
doc: Minor typo in SSL_CTX_set_tmp_dh_callback docs.
well know -> well known
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22778)
lan1120 [Wed, 22 Nov 2023 01:45:25 +0000 (09:45 +0800)]
Initialize dstctx->mgf1_md to NULL in rsa_dupctx function
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22795)
Xi Ruoyao [Sat, 25 Nov 2023 08:14:35 +0000 (16:14 +0800)]
bn_nist: Fix strict-aliasing violations in little-endian optimizations
The little-endian optimization is doing some type-punning in a way
violating the C standard aliasing rule by loading or storing through a
lvalue with type "unsigned int" but the memory location has effective
type "unsigned long" or "unsigned long long" (BN_ULONG). Convert these
accesses to use memcpy instead, as memcpy is defined as-is "accessing
through the lvalues with type char" and char is aliasing with all types.
GCC does a good job to optimize away the temporary copies introduced
with the change. Ideally copying to a temporary unsigned int array,
doing the calculation, and then copying back to `r_d` will make the code
look better, but unfortunately GCC would fail to optimize away this
temporary array then.
I've not touched the LE optimization in BN_nist_mod_224 because it's
guarded by BN_BITS2!=64, then BN_BITS2 must be 32 and BN_ULONG must be
unsigned int, thus there is no aliasing issue in BN_nist_mod_224.
Fixes #12247.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22816)
Markus Minichmayr [Mon, 27 Nov 2023 17:26:51 +0000 (18:26 +0100)]
Fix implementation of `PreferNoDHEKEX` option.
`tls_parse_ctos_key_share()` didn't properly handle the option.
Avoid the need to deal with the option in multiple places by properly
handling it in `tls_parse_ctos_psk_kex_modes()`.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22844)
Jamie Cui [Wed, 29 Nov 2023 01:28:58 +0000 (01:28 +0000)]
Fix EVP_RAND-SEED-SRC documentation example
Fixes #22810
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22857)
Dmitry Misharov [Thu, 23 Nov 2023 13:22:35 +0000 (14:22 +0100)]
Add self-hosted runners
Added self-hosted runners for freebsd-x86_64 and ubuntu-aarch64.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22804)
fisher.yu [Tue, 17 Oct 2023 08:10:34 +0000 (08:10 +0000)]
Optimize AES-CTR for ARM Neoverse V1 and V2.
Unroll AES-CTR loops to a maximum 12 blocks for ARM Neoverse V1 and
V2, to fully utilize their AES pipeline resources.
Improvement on ARM Neoverse V1.
Package Size(Bytes) 16 32 64 128 256 1024
Improvement(%) 3.93 -0.45 11.30 4.31 12.48 37.66
Package Size(Bytes) 1500 8192 16384 61440 65536
Improvement(%) 37.16 38.90 39.89 40.55 40.41
Change-Id: Ifb8fad9af22476259b9ba75132bc3d8010a7fdbd
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22733)
Viktor Dukhovni [Mon, 27 Nov 2023 16:23:54 +0000 (11:23 -0500)]
Add last missing TLSA usage/selector/mtype test case
There were no PKIX-TA(0) SPKI(1) Full(0) (i.e. "0 1 0") test cases in
"danetest.in".
There is now at least a success case, which will exercise freeing the public
key after it is sanity checked, since with PKIX-TA(0) there's nothing we can do
with just the raw public key, a full chain to a local trust anchor is in any
case required.
The failure (to match) code path is already well oiled, but failure to decode
while adding malfored TLSA records could still use some additional tests...
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
Viktor Dukhovni [Sat, 25 Nov 2023 18:26:20 +0000 (13:26 -0500)]
Fix freshly introduced double-free.
We don't need the decoded X.509 Full(0) certificate for the EE usages 1 and 3,
because the leaf certificate is always part of the presented chain, so the
certificate is only validated as well-formed, and then discarded, but the
TLSA record is of course still used after the validation step.
Added DANE test cases for: 3 0 0, 3 1 0, 1 0 0, and 1 1 0
Reported by Claus Assmann.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
Hugo Landau [Tue, 21 Nov 2023 12:53:12 +0000 (12:53 +0000)]
Remove mention of NEWS.md in CONTRIBUTING.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Hugo Landau [Tue, 21 Nov 2023 12:52:56 +0000 (12:52 +0000)]
Add known issues section
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Hugo Landau [Mon, 20 Nov 2023 14:54:10 +0000 (14:54 +0000)]
Add proposed editorial conventions for NEWS.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Bernd Edlinger [Fri, 17 Nov 2023 13:47:36 +0000 (14:47 +0100)]
Fix a possible memory leak in ct_move_scts
Instead of trying to move the doomed sct back
to the src stack, which may fail as well, simply
free the sct object, as the src list will be
deleted anyway.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22762)
Xi Ruoyao [Fri, 24 Nov 2023 08:14:05 +0000 (16:14 +0800)]
Do not define L_ENDIAN (for now) when we guessed linux64-loongarch64
In
160f48941d14 I made L_ENDIAN defined when the system is guessed to be
linux64-loongarch64. Unfortunately now I found it problematic:
1. This should be added into Configurations/10-main.conf, not here.
Having it here causes a different configuration when
linux64-loongarch64 is explicitly specified than guessed.
2. With LTO enabled, this causes many test failures on
linux64-loongarch64 due to #12247.
So I think we should remove it for now (master and 3.2 branch), and
reintroduce it to Configurations/10-main.conf when we finally sort
out #12247.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22812)
Hugo Landau [Mon, 27 Nov 2023 07:57:32 +0000 (07:57 +0000)]
QUIC TSERVER: Fix erroneously static variable
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:55:55 +0000 (07:55 +0000)]
Make scsv read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:52:54 +0000 (07:52 +0000)]
Make nid_to_group read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:52:24 +0000 (07:52 +0000)]
Make bitmask table read only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:51:33 +0000 (07:51 +0000)]
Make ssl_cert_info read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Fri, 24 Nov 2023 10:03:30 +0000 (10:03 +0000)]
Only include winsock2.h for struct timeval if needed
Fixes #22811
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/22813)
(cherry picked from commit
ba58e9f1e22dd9ee2e37078640dcbe9f520a555d)
Hugo Landau [Thu, 23 Nov 2023 15:50:03 +0000 (15:50 +0000)]
QUIC SRT GEN: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
Hugo Landau [Thu, 2 Nov 2023 15:41:23 +0000 (15:41 +0000)]
QUIC SRT GEN: Add SRT generator
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
Tomas Mraz [Mon, 13 Nov 2023 11:17:43 +0000 (12:17 +0100)]
x86_64-xlate.pl: Fix build with icx and nvc compilers
Fixes #22594
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22714)
Markus Minichmayr [Wed, 22 Nov 2023 16:43:27 +0000 (17:43 +0100)]
PreferNoDHEKEX changelog and history anticipating inclusion in OpenSSL version 3.3.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
Markus Minichmayr [Tue, 21 Nov 2023 22:50:54 +0000 (23:50 +0100)]
Document `SSL_OP_PREFER_NO_DHE_KEX` option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
Markus Minichmayr [Tue, 21 Nov 2023 19:42:12 +0000 (20:42 +0100)]
Add option `SSL_OP_PREFER_NO_DHE_KEX`, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option `PreferNoDHEKEX`, server option `prefer_no_dhe_kex`).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
Tomas Mraz [Fri, 10 Nov 2023 15:06:16 +0000 (16:06 +0100)]
When abidiff fails print out the XML diff
This can be useful for fixing the CI if needed
without the necessity to run abidw locally.
Also rename the CI job to make its purpose clearer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22689)
James Muir [Fri, 17 Nov 2023 23:02:51 +0000 (18:02 -0500)]
openssl-speed: support KMAC128 & KMAC256, refactor mac setup/teardown
Add ability to measure performance of the two kmac algorithms, and
reduce code duplication in mac testing by introducing mac_setup() and
mac_teardown(). Also, start accepting "cmac" as an algorithm string
(similar to how "hmac" is accepted).
We can now compare the performance of KMAC128, KMAC256 (mac algs) to
KECCAK-KMAC128, KECCAK-KMAC256 (digest/xof algs).
Fixes #22619
Testing:
$ LD_LIBRARY_PATH=. ./apps/openssl speed kmac cmac hmac
$ LD_LIBRARY_PATH=. ./apps/openssl speed kmac256
$ LD_LIBRARY_PATH=. ./apps/openssl speed -evp KECCAK-KMAC256
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22764)
Dmitry Belyavskiy [Thu, 23 Nov 2023 09:22:36 +0000 (10:22 +0100)]
IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22803)
Tomas Mraz [Mon, 20 Nov 2023 16:46:26 +0000 (17:46 +0100)]
SHA3_squeeze(): The next argument is int
Amend the assembler so it uses only 32bit value.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
Tomas Mraz [Thu, 16 Nov 2023 16:52:39 +0000 (17:52 +0100)]
keccak1600-armv4.pl: Further fix for the DigestSqueeze() support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
Tomas Mraz [Thu, 16 Nov 2023 12:02:20 +0000 (13:02 +0100)]
Cross Compiles CI: Run evp tests on pull requests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
James Muir [Mon, 20 Nov 2023 18:14:12 +0000 (13:14 -0500)]
contributing-doc: give example commit message with "CLA: trivial"
The text "CLA: trivial" should go at the bottom of the commit message.
Also, update the force-push command to include the repository and
branch, which can avoid unexpected force-push results.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22775)
Richard Levitte [Tue, 21 Nov 2023 13:36:37 +0000 (14:36 +0100)]
Adapt C compiler detection for VSI C on x86_64
VSI C on OpenVMS for x86_64 has a bit more information than on other
hardware. This is no doubt because it's based on LLVM which leaves an
opening for cross compilation.
VSI C on Itanium:
$ CC/VERSION
VSI C V7.4-001 on OpenVMS IA64 V8.4-2L3
VSI C on x86_64:
$ CC/VERSION
VSI C x86-64 X7.4-843 (GEM 50XB9) on OpenVMS x86_64 V9.2-1
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22792)
James Muir [Tue, 21 Nov 2023 05:09:38 +0000 (00:09 -0500)]
speed: make hmac(sha256) the default hmac
prefer hmac(sha256) rather than hmac(md5). Also, drop the "skip_hmac"
label. If we are supposed to do hmac(hash_func) and hash_func cannot
be found, then error out immediately.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22793)
Huiyue Xu [Wed, 22 Nov 2023 01:55:27 +0000 (09:55 +0800)]
Fix a possible memory leak in SM2 provider
ctx->propq that strdup from input parameter propq in sm2sig_newctx,
is not released. It should be released in sm2sig_freectx and copied
to dstctx in sm2sig_dupctx. And dstctx->id and dstctx->propq should
be set NULL to avoid releasing id/propq of srcctx when err occurs.
Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22796)
Hugo Landau [Thu, 23 Nov 2023 14:50:03 +0000 (14:50 +0000)]
Update fuzz corpora
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22790)
Hugo Landau [Tue, 14 Nov 2023 11:03:46 +0000 (11:03 +0000)]
QUIC SRTM: Switch to using AES-128-ECB
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Fri, 3 Nov 2023 18:18:36 +0000 (18:18 +0000)]
QUIC SRTM: Harden SRTM in event of allocation failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Fri, 3 Nov 2023 15:38:27 +0000 (15:38 +0000)]
QUIC SRTM: Update fuzz corpora
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Fri, 3 Nov 2023 14:14:14 +0000 (14:14 +0000)]
QUIC SRTM: Amend glossary
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Fri, 3 Nov 2023 12:23:14 +0000 (12:23 +0000)]
QUIC SRTM: Add test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Fri, 3 Nov 2023 11:56:40 +0000 (11:56 +0000)]
Fuzzing: Fix helper shebang on NixOS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Fri, 3 Nov 2023 11:56:29 +0000 (11:56 +0000)]
QUIC SRTM: Add fuzzer for SRTM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Fri, 3 Nov 2023 11:56:14 +0000 (11:56 +0000)]
QUIC SRTM: Add SRTM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
Hugo Landau [Mon, 20 Nov 2023 15:07:09 +0000 (15:07 +0000)]
Make CHANGES.md header more appropriate
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22785)
(cherry picked from commit
d330fef1f1446c968e31803778bc7b3d067c7e99)
Hugo Landau [Mon, 20 Nov 2023 14:06:42 +0000 (14:06 +0000)]
Amend NEWS.md to be more like release notes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22785)
(cherry picked from commit
5e07ea4f82b5250d64183ddda2b56ebf37df126a)
James Muir [Fri, 17 Nov 2023 22:58:24 +0000 (17:58 -0500)]
doc: fix description of mac "block-size" parameter
The macro for "block-size" is OSSL_MAC_PARAM_BLOCK_SIZE, and this
parameter is not settable. Refer to the "customization string" rather
than the "custom value" (in the Blake2 spec, this is called the
personalization string).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22763)
James Muir [Mon, 13 Nov 2023 19:28:23 +0000 (14:28 -0500)]
doc: better description of KECCAK-KMAC XOF
KECCAK-KMAC-128 and KECCAK-KMAC-256 are extendable output functions
that have been defined because they are convenient for implementing
KMAC. Give definitions for them so that users aren't left to figure
that out themselves. KECCAK-KMAC-128 is very similar to SHAKE-128,
and KECCAK-KMAC-256 is very similar to SHAKE-256.
Related to #22619.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22755)
Matt Caswell [Fri, 10 Nov 2023 15:33:21 +0000 (15:33 +0000)]
Update the provider documentation
Make the documentation match reality. Add lots of missing algorithms.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22694)
James Muir [Sun, 5 Nov 2023 03:06:06 +0000 (23:06 -0400)]
Update OpenSSL logos
Add two new files
doc/images/openssl-square.svg
doc/images/openssl-square-nontransparent.png
and update the existing file
doc/images/openssl.svg
The "square" versions of the logo write "Open" and "SSL" on separate
lines, so that less horizontal space is used.
The png file (nontransparent, white background) can be used to update
the profile picture for the OpenSSL organization on GitHub.
For the existing logo, openssl.svg, the subtitle "Cryptography and
SSL/TLS Toolkit" has been dropped and the text-elements have been
converted to paths (so they are no longer dependent on what fonts the
renderer provides).
The svg files were provided by Anton A.
Part of https://github.com/openssl/project/issues/262
Reviewed-by: Anton Arapov <anton@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22626)
Bernd Edlinger [Tue, 14 Nov 2023 01:42:42 +0000 (02:42 +0100)]
Fix possible memleak in PKCS7_add0_attrib_signing_time
When PKCS7_add_signed_attribute fails, the ASN1_TIME
object may be leaked when it was not passed in as
input parameter.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
Bernd Edlinger [Mon, 20 Nov 2023 09:05:49 +0000 (10:05 +0100)]
Fix a possible use-after-free in custom_exts_free
This may happen when ssl_cert_dup calls custom_exts_copy, where
a possible memory allocation error causes custom_exts_free
to be called twice: once in the error handling of custom_exts_copy
and a second time in the error handling of ssl_cert_dup.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
Bernd Edlinger [Fri, 17 Nov 2023 06:12:42 +0000 (07:12 +0100)]
Fix a possible memleak in CMS_sign_receipt
When an error happens after cms_encode_Receipt
the ASN1_OCTET_STRING object "os" may be leaked.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22758)
projects / openssl.git / log