Pauli [Wed, 9 Feb 2022 00:17:57 +0000 (11:17 +1100)]
Change condition to avoid spurious compiler complaints.
X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).
Fixes #17665
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)
(cherry picked from commit
b84c6e86dd8ca88444207080808d1d598856041f)
Kevin K Biju [Sat, 5 Feb 2022 12:39:45 +0000 (18:09 +0530)]
Added checking for buflen overflow due to MAX_MISALIGNMENT.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17646)
(cherry picked from commit
4b3777c9ad4a2058a9b87afb26289039ebf4a6c1)
EasySec [Mon, 7 Feb 2022 22:16:39 +0000 (23:16 +0100)]
Fix small typo in EVP_KEYEXCH-ECDH.html doc example
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17657)
(cherry picked from commit
0fdb31669f88cbf5d63ba16d82d95c6c84575dc0)
Jiasheng Jiang [Sat, 5 Feb 2022 11:31:11 +0000 (19:31 +0800)]
Add the check after calling OPENSSL_strdup
Since the potential failure of the memory allocation, the
OPENSSL_strdup() could return NULL pointer.
Therefore, it should be better to check it in order to guarantee the
success of the configuration, same as the check for
SSL_CTX_set_srp_username().
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17643)
(cherry picked from commit
09030ee73693411c19b596cb0e0f43eb512ac0e6)
Matt Caswell [Mon, 7 Feb 2022 10:32:08 +0000 (10:32 +0000)]
Fix an enginetest failure when compiled with no-deprecated --api=1.1.1
Fixes #17649
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17652)
(cherry picked from commit
29af9fba64fd3e4e086808f2360501b463627ea2)
Daniel [Sun, 6 Feb 2022 14:01:14 +0000 (15:01 +0100)]
Send auxiliary messages to bio_err.
Fixes openssl#17613.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17650)
(cherry picked from commit
2a6994cfa08368a710d66caaae4fc07ad35631bf)
Jiasheng Jiang [Sat, 5 Feb 2022 10:00:51 +0000 (18:00 +0800)]
rsa: add check after calling BN_BLINDING_lock
As the potential failure of getting lock, we need to check the return
value of the BN_BLINDING_lock() in order to avoid the dirty data.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17642)
(cherry picked from commit
aefbcde29166caf851cf388361d70fd0dcf17d87)
Bernd Edlinger [Sun, 16 Jan 2022 16:59:17 +0000 (17:59 +0100)]
Check for presence of 1.1.x openssl runtime
if the newly loaded engine contains the symbol
EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
Abort loading this engine, as it will definitely crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17112)
(cherry picked from commit
14db620282bea38dc44479e562cf9bb61a716444)
Bernd Edlinger [Mon, 22 Nov 2021 20:50:04 +0000 (21:50 +0100)]
Prevent crash with engine using different openssl runtime
This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.
Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.
Fixes #15898
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17112)
(cherry picked from commit
9362a1b32b7330e24d3bca230b412557caea095b)
Tomas Mraz [Thu, 3 Feb 2022 15:30:21 +0000 (16:30 +0100)]
Add testcases for EVP_PKEY_set1_encoded_public_key()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)
(cherry picked from commit
eafd3e9d07e99583a1439bb027e4d6af43e2df27)
Tomas Mraz [Wed, 2 Feb 2022 16:47:26 +0000 (17:47 +0100)]
Replace size check with more meaningful pubkey check
It does not make sense to check the size because this
function can be used in other contexts than in TLS-1.3 and
the value might not be padded to the size of p.
However it makes sense to do the partial pubkey check because
there is no valid reason having the pubkey value outside the
1 < pubkey < p-1 bounds.
Fixes #15465
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)
(cherry picked from commit
2c0f7d46b8449423446cfe1e52fc1e1ecd506b62)
Tomas Mraz [Wed, 5 Jan 2022 10:18:27 +0000 (11:18 +0100)]
doc: Add hint to use EVP_PKEY_get_bn_param to retrieve big integers
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17423)
(cherry picked from commit
f6f4d1cc00a557232955867b6c04f767e8b5a12e)
Ankit Das [Wed, 2 Feb 2022 18:08:41 +0000 (23:38 +0530)]
Fix SIZE_MAX not defined on z/OS etc
Fixes openssl#17629 by including internal/numbers.h which defines SIZE_MAX
CLA: trivial
Fixes #17629
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17632)
(cherry picked from commit
25a0a44dc6223e515f5e91e41798cccf09c5612b)
Thomas1664 [Thu, 20 Jan 2022 09:02:59 +0000 (10:02 +0100)]
Correct return type for BIO_ptr_ctrl
Fixes #17549
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17636)
(cherry picked from commit
984cc9a0284ee4800862aa305f9f178827baf459)
Jiasheng Jiang [Wed, 2 Feb 2022 11:45:59 +0000 (19:45 +0800)]
evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null
Since the memory allocation may fail, the 'mac_name' and 'controls'
could be NULL.
And the 'mac_name' will be printed in mac_test_run_mac() without check.
Also the result of 'params_n +
sk_OPENSSL_STRING_num(expected->controls)' in
mac_test_run_mac() will be 'params_n - 1' if allocation fails , which
does not make sense.
Therefore, it should be better to check them in order to guarantee the
complete success of initiation.
If fails, we also need to free the 'mdat' to avoid the memory leak.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17628)
(cherry picked from commit
b2f90e93a07d992515782511a5770aa7cf7dc28f)
Harry Sintonen [Tue, 1 Feb 2022 21:48:19 +0000 (23:48 +0200)]
Add missing CRYPTO_THREAD_cleanup_local of default_context_thread_local
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17622)
(cherry picked from commit
8e012cdc896ec6a98b45119b127b230cbbb6e93b)
Juan Manuel Guerrero [Tue, 1 Feb 2022 23:41:02 +0000 (00:41 +0100)]
Fix builds with DJGPP
CLA: trivial
To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.
Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.
In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:
- arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c
- netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17623)
(cherry picked from commit
b9b211fcb6b9068ef1d8729a4971fbe693fd2cde)
EasySec [Wed, 2 Feb 2022 00:42:27 +0000 (01:42 +0100)]
openssl-dgst.pod.in: Fix documentation of -list option
Mention openssl list -digest-algorithms, NOT -digest-commands.
Move option -list just after the related option -digest.
Fix HTML formatting of section 'Examples' by adding missing
newlines and add 2 examples variant to clarify syntax of the
command.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17626)
(cherry picked from commit
5719dd461fc2cc5d5d29fc3d7e9a6deca3130a7e)
Todd Short [Thu, 27 Jan 2022 19:18:28 +0000 (14:18 -0500)]
Fix copyrights
Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17606)
(cherry picked from commit
9d987de3aabe54e65a55649a61953966f33b070b)
slontis [Sun, 5 Dec 2021 23:27:12 +0000 (09:27 +1000)]
Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY.
The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17200)
(cherry picked from commit
944f822aadc88b2e25f7695366810c73a53a00c8)
Matt Caswell [Thu, 13 Jan 2022 15:16:39 +0000 (15:16 +0000)]
Document purpose and trust setting functions
In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17603)
Matt Caswell [Thu, 30 Dec 2021 16:38:28 +0000 (16:38 +0000)]
Add a test for X509_STORE_CTX_set_purpose()
This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17603)
Matt Caswell [Thu, 30 Dec 2021 16:37:06 +0000 (16:37 +0000)]
Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose
The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.
Fixes #17367
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17603)
Jiasheng Jiang [Thu, 27 Jan 2022 01:49:56 +0000 (09:49 +0800)]
x509: add the check for X509_STORE_lock
Since we may fail to get the lock, for example there is no lock, the
X509_STORE_lock() will return 0.
Therefore, we should check it in order to prevent the dirty data.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17598)
Ross Burton [Thu, 27 Jan 2022 12:03:11 +0000 (12:03 +0000)]
apps/progs.pl: use SOURCE_DATE_EPOCH if defined for copyright year
As with
11d7d903, use SOURCE_DATE_EPOCH for the copyright year if it is
defined, to avoid reproducibility problems.
CLA: trivial
Signed-off-by: Ross Burton <ross.burton@arm.com>
Change-Id: I1bea19070411a69155c43de7082350fb2c499da3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17601)
(cherry picked from commit
27aca04e13ca8a9bead49de7bc380110ecb7064e)
EasySec [Fri, 28 Jan 2022 23:59:24 +0000 (00:59 +0100)]
Fix bad HTML formatting in EVP_KEYEXCH-DH.html because of missing newline in pod file
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17609)
(cherry picked from commit
a841d450a443efccf4df02922ebe02e4c2f11a2b)
Pauli [Thu, 27 Jan 2022 04:05:48 +0000 (15:05 +1100)]
aes: make the no-asm constant time code path not the default
After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.
The option to use the constant time code exists as it was in OpenSSL 1.1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)
Zhou Qingyang [Mon, 24 Jan 2022 17:37:59 +0000 (01:37 +0800)]
Add the missing check of BN_bn2hex return value
CLA: trivial
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17578)
(cherry picked from commit
4dd085c03a885580cc945f71187131ea7fb39b70)
Jiasheng Jiang [Tue, 25 Jan 2022 03:05:13 +0000 (11:05 +0800)]
BIO_new_from_core_bio: Check for NULL pointer after calling get_globals
The get_globals could return NULL, for example,
CRYPTO_THREAD_read_lock() failed.
Therefore, just checking the member of 'bcgbl' is not enough.
We need to check 'bcgbl' itself too in order to avoid the dereference of
the NULL pointer.
And the caller of ossl_bio_init_core(), OSSL_LIB_CTX_new_from_dispatch()
in `crypto/context.c`, has already checked return value and dealed with
the situation if it returns 0.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17581)
(cherry picked from commit
7f1cb465c1f0e45bde8c1ee54a37e6f7641c70c6)
Matt Caswell [Wed, 26 Jan 2022 12:35:30 +0000 (12:35 +0000)]
Ensure ciphers command honours -propquery
Any propquery passed via the -propquery option to the ciphers command was
being ignored.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17595)
(cherry picked from commit
4ed381736b063284bdbd5d302988617aa4366a3f)
Tomas Mraz [Tue, 25 Jan 2022 16:14:52 +0000 (17:14 +0100)]
lhash: Avoid 32 bit right shift of a 32 bit value
Fixes #17583
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17589)
(cherry picked from commit
2ce0a3d19005271e7e3c351b562d9da93e2d4c80)
Tomas Mraz [Tue, 25 Jan 2022 17:10:26 +0000 (18:10 +0100)]
Fix IV length of DES EDE ECB implementations
Fixes #17587
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17591)
(cherry picked from commit
d450eb84c802b2f78971f905b251a0fb89ebb7d1)
Jiasheng Jiang [Tue, 25 Jan 2022 07:51:31 +0000 (15:51 +0800)]
UI: Check for NULL pointer after calling OPENSSL_memdup
The OPENSSL_memdup() is not always success, as the potential failure of
the allocation.
Then the '*pptr'could be NULL pointer but the ui_dup_method_data() will
still return 1.
In CRYPTO_dup_ex_data(), the 'storage[i]->dup_func' will not fail and
'ptr' will be used in CRYPTO_set_ex_data().
Also, if '*pptr' is NULL, I think it should also return 0 to tell the
caller that the duplication fails in order to prevernt using the NULL
pointer.
Therefore, it should be better to add the check and return 1 only if the
duplication succeed.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17582)
(cherry picked from commit
3f6a12a07f52c55dc3f4b0def42680f589f89ed4)
Darshan Sen [Sat, 22 Jan 2022 12:26:05 +0000 (17:56 +0530)]
Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
(cherry picked from commit
1d28ada1c39997c10fe5392f4235bbd2bc44b40f)
Darshan Sen [Fri, 14 Jan 2022 10:52:41 +0000 (16:22 +0530)]
Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()
When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.
Fixes: https://github.com/openssl/openssl/issues/17506
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
(cherry picked from commit
59ccb72cd5cec3b4e312853621e12a68dacdbc7e)
Jiasheng Jiang [Mon, 24 Jan 2022 03:18:38 +0000 (11:18 +0800)]
test/ct_test.c: Add the missing check after calling sk_SCT_new_null
As the potential failure of the allocation, the sk_SCT_new_null() could
return NULL pointer if fails.
And then sk_SCT_push() uses the 'fixture->sct_list' and returns -1 if
fails.
But the return value of the sk_SCT_push() is not checked.
I think it is better to check it just after the allocation.
CLA: trivial
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)
(cherry picked from commit
7625d70ad9e7be0588dd9453e89892c2b24b8175)
Jiasheng Jiang [Mon, 24 Jan 2022 03:06:34 +0000 (11:06 +0800)]
evp_test: Add the missing check after calling OPENSSL_malloc
The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() deals
with.
CLA: trivial
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)
(cherry picked from commit
2208ba56ebefe4cf7d924e2ac7044ccd3307250b)
Hubert Kario [Thu, 20 Jan 2022 16:35:18 +0000 (17:35 +0100)]
s_server: correctly handle 2^14 byte long records
as the code uses BIO_gets, and it always null terminates the
strings it reads, when it reads a record 2^14 byte long, it actually
returns 2^14-1 bytes to the calling application, in general it returns
size-1 bytes to the caller
This makes the code sub-optimal (as every 2^14 record will need two
BIO_gets() calls) and makes it impossible to use -rev option to test
all plaintext lengths (like in openssl#15706)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17553)
Todd Short [Thu, 20 Jan 2022 19:38:33 +0000 (14:38 -0500)]
`make clean` should clean up fips provider shared object.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17556)
Pauli [Fri, 21 Jan 2022 06:09:46 +0000 (17:09 +1100)]
self_test.h: fix the C++ wrapping
Fixes #17557
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17562)
(cherry picked from commit
1bfd20f08c042072cae44a9eb81626cbfff81116)
Gerd Hoffmann [Wed, 12 Jan 2022 09:30:15 +0000 (10:30 +0100)]
crypto/bio: drop float formating for UEFI
Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.
Avoid those problems by not compiling the formating code for floating
point numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)
(cherry picked from commit
f59d72f027da90edcccad5cc78c94d3099fadecf)
Gerd Hoffmann [Wed, 12 Jan 2022 11:35:16 +0000 (12:35 +0100)]
Revert "crypto/bio: fix build on UEFI"
This reverts commit
328bf5adf9e23da523d4195db309083aa02403c4.
Turned out it isn't that simple, the fix is incomplete.
So revert and try again with another approach.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)
(cherry picked from commit
619c9bad41d041bab2ac6ba3933d526b48ceee2a)
yangyangtiantianlonglong [Wed, 19 Jan 2022 03:19:52 +0000 (11:19 +0800)]
Fix the same BIO_FLAGS macro definition
Also add comment to the public header to avoid
making another conflict in future.
Fixes #17545
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17546)
(cherry picked from commit
e278f18563dd3dd67c00200ee30402f48023c6ef)
Tobias Nießen [Mon, 17 Jan 2022 15:31:39 +0000 (15:31 +0000)]
Clarify flags argument of X509_check_ip
Because no supported flag affects the behavior of X509_check_ip, the
flags argument currently has no effect.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17536)
(cherry picked from commit
2d280fe016a98b57d488f42fd3941bcd61407c5a)
Pauli [Thu, 13 Jan 2022 01:19:23 +0000 (12:19 +1100)]
ssl: better support TSAN operations
For platforms that do not have native TSAN support, locking needs to be used
instead. This adds the locking.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17489)
(cherry picked from commit
acce055778ecbf72e06a254b3a9bf2a2907e5170)
Tomas Mraz [Fri, 14 Jan 2022 15:19:33 +0000 (16:19 +0100)]
dh_exch.c: Correct gettable parameters for DH key exchange
Fixes #17510
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17515)
(cherry picked from commit
c1167f09d840b109ef1c1c1485e3de64be2fc625)
Kevin Jones [Sat, 15 Jan 2022 01:38:41 +0000 (01:38 +0000)]
Fix mistake in ERR_peek_error_all documentation.
The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17522)
(cherry picked from commit
f242ce9817157817b19ccb303fd436fe487539b3)
Tomas Mraz [Thu, 13 Jan 2022 17:07:08 +0000 (18:07 +0100)]
bn_ppc.c: Fix build failure on AIX with XLC/XLCLANG
These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.
Fixes #17087
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17497)
(cherry picked from commit
cfbb5fcf4424395a1a23751556ea12c56b80b57e)
Tomas Mraz [Thu, 13 Jan 2022 18:02:31 +0000 (19:02 +0100)]
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit
59d3fd1cc8c938daa6384783a7e5847d6f5201f7)
Tomas Mraz [Thu, 13 Jan 2022 18:01:33 +0000 (19:01 +0100)]
Do not call ossl_ffc_name_to_dh_named_group with NULL argument
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit
3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)
Tomas Mraz [Thu, 13 Jan 2022 18:00:13 +0000 (19:00 +0100)]
Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114
Fixes #17485
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit
f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8)
EasySec [Thu, 13 Jan 2022 22:30:30 +0000 (23:30 +0100)]
Fix typo in SSL_CTX_set_dh_auto
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)
(cherry picked from commit
144316d276adf5b8172316f7bc20b372b8e31ac8)
Dmytro Podgornyi [Wed, 12 Jan 2022 17:25:23 +0000 (19:25 +0200)]
ssl/t1_enc: Fix kTLS RX offload path
During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)
(cherry picked from commit
d73a7a3a71270aaadb4e4e678ae9bd3cef8b9cbd)
manison [Wed, 12 Jan 2022 19:53:48 +0000 (20:53 +0100)]
EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails
Fixes #17482
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)
(cherry picked from commit
37b850738cbab74413d41033b2a4df1d69e1fa4a)
Shreenidhi Shedi [Wed, 12 Jan 2022 15:25:38 +0000 (20:55 +0530)]
Add a comment to indicate ineffective macro
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards
CLA: trivial
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17484)
(cherry picked from commit
79704a88eb5aa70fa506e3e59a29fcda21f428af)
Pauli [Thu, 13 Jan 2022 01:30:59 +0000 (12:30 +1100)]
coverity
1497107: dereference after null check
Add null checks to avoid dereferencing a pointer that could be null.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17488)
Dmitry Belyavskiy [Wed, 12 Jan 2022 15:54:45 +0000 (16:54 +0100)]
Cleansing all the temporary data for s390x
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17486)
(cherry picked from commit
79c7acc59bb98c2b8451b048ed1dd8cc517df76e)
Tomas Mraz [Wed, 12 Jan 2022 08:55:43 +0000 (09:55 +0100)]
test_gendhparam: Drop expected error output
Otherwise it sometimes confuses the TAP parser.
Fixes #17480
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)
(cherry picked from commit
3bfb7239daf3d6a89476e163dc925c641d356729)
Matt Caswell [Tue, 11 Jan 2022 17:13:39 +0000 (17:13 +0000)]
Clear md_data only when necessary
PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)
(cherry picked from commit
8086b267fb3395c53cd5fc29eea68ba4826b333d)
Pauli [Wed, 12 Jan 2022 04:01:17 +0000 (15:01 +1100)]
drbg: add handling for cases where TSAN isn't available
Most of the DRGB code is run under lock from the EVP layer. This is relied
on to make the majority of TSAN operations safe. However, it is still necessary
to enable locking for all DRBGs created.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:45:07 +0000 (14:45 +1100)]
lhash: use lock when TSAN not available for statistics gathering
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:25:46 +0000 (14:25 +1100)]
mem: do not produce usage counts when tsan is unavailable.
Doing the tsan operations under lock would be difficult to arrange here (locks
require memory allocation).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:22:23 +0000 (14:22 +1100)]
core namemap: use updated tsan lock detection capabilities
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 02:26:38 +0000 (13:26 +1100)]
tsan: make detecting the need for locking when using tsan easier
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:24:49 +0000 (14:24 +1100)]
threadstest: add write check to lock checking
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 01:28:29 +0000 (12:28 +1100)]
Avoid using a macro expansion in a macro when statically initialising
Circumvents a problem with ancient PA-RISC compilers on HP/UX.
Fixes #17477
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)
(cherry picked from commit
9c5d1451292566e546d5dd01c7f19950fa34391d)
Gerd Hoffmann [Tue, 11 Jan 2022 07:51:31 +0000 (08:51 +0100)]
drop unused callback variable
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17471)
(cherry picked from commit
64a644530e023d3064db9027b0977d33b1d2ad9a)
Tomas Mraz [Mon, 10 Jan 2022 16:09:59 +0000 (17:09 +0100)]
EVP_DigestSignFinal: *siglen should not be read if sigret == NULL
This fixes small regression from #16962.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)
(cherry picked from commit
a4e01187d3648d9ce99507097400902cf21f9b55)
Tomas Mraz [Mon, 10 Jan 2022 16:26:33 +0000 (17:26 +0100)]
pkeyutl: Fix regression with -kdflen option
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17461)
(cherry picked from commit
b82fd89d8bae1445c89ec90d1a6145fe3216d2d7)
Matt Caswell [Mon, 10 Jan 2022 14:46:46 +0000 (14:46 +0000)]
Ensure we test fetching encoder/decoder/store loader with a query string
Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)
Matt Caswell [Mon, 10 Jan 2022 14:45:16 +0000 (14:45 +0000)]
Fix Decoder, Encoder and Store loader fetching
Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()
Fixes #17456
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)
(cherry picked from commit
cd1981a0dc165ab6af5e2945beaaa9efe4484cee)
Matt Caswell [Fri, 7 Jan 2022 17:30:39 +0000 (17:30 +0000)]
Clarify the int param getter documentation
OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)
(cherry picked from commit
254217a4a0c9e64869495447a0e6bdc2323d4cd1)
Peiwei Hu [Wed, 5 Jan 2022 15:17:53 +0000 (23:17 +0800)]
Fix: some patches related to error exiting
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17443)
Matt Caswell [Wed, 29 Dec 2021 16:39:11 +0000 (16:39 +0000)]
Add a test for a custom digest created via EVP_MD_meth_new()
We check that the init and cleanup functions for the custom method are
called as expected.
Based on an original reproducer by Dmitry Belyavsky from issue #17149.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
(cherry picked from commit
fbbe7202eba9fba243c18513f4f0316dafb3496d)
Matt Caswell [Fri, 10 Dec 2021 17:17:27 +0000 (17:17 +0000)]
Fix a leak in EVP_DigestInit_ex()
If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.
Fixes #17149
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
(cherry picked from commit
357bccc8ba64ec8a5f587b04b5d6b6ca9e8dcbdc)
Matt Caswell [Fri, 10 Dec 2021 16:53:02 +0000 (16:53 +0000)]
Ensure that MDs created via EVP_MD_meth_new() go down the legacy route
MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
(cherry picked from commit
d9ad5b16b32172df6f7d02cfb1c339cc85d0db01)
Tomas Mraz [Wed, 5 Jan 2022 15:50:00 +0000 (16:50 +0100)]
EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt
The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.
Fixes #17424
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)
(cherry picked from commit
64a8f6008acce93d0bf184559c63e66c0cc0e23d)
Gerd Hoffmann [Fri, 7 Jan 2022 11:58:27 +0000 (12:58 +0100)]
crypto/bio: fix build on UEFI
When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:
crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled
Fix that by using EFIAPI calling convention when compiling for UEFI.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)
(cherry picked from commit
328bf5adf9e23da523d4195db309083aa02403c4)
Bernd Edlinger [Fri, 7 Jan 2022 11:44:27 +0000 (12:44 +0100)]
Add a test case for the short password
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)
(cherry picked from commit
21095479c016f2ceaca0f71078fd27f0e9ba9375)
Peiwei Hu [Thu, 6 Jan 2022 01:47:05 +0000 (09:47 +0800)]
providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init
There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)
(cherry picked from commit
22778abad905536fa6c93cdc6fffc8c736dfee79)
Tomas Mraz [Tue, 4 Jan 2022 10:57:54 +0000 (11:57 +0100)]
Test importing EC key parameters with a bad curve
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
(cherry picked from commit
d4d8f163db1d32c98d8f956e6966263a7a22fac1)
Tomas Mraz [Tue, 4 Jan 2022 10:53:30 +0000 (11:53 +0100)]
EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure
Fixes #17407
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
(cherry picked from commit
5b03b89f7f925384c2768874c95f1af7053fd16f)
xkernel [Tue, 4 Jan 2022 14:54:27 +0000 (22:54 +0800)]
fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)
(cherry picked from commit
7b1264baab7edd82fea8b27d9ddec048bafc0048)
xkernel [Wed, 5 Jan 2022 01:38:05 +0000 (09:38 +0800)]
properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)
(cherry picked from commit
949e4f79d202d43519d373b2af6b1a4948bf1a74)
xkernel [Tue, 4 Jan 2022 13:18:02 +0000 (21:18 +0800)]
properly free the resource from CRYPTO_malloc
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)
(cherry picked from commit
1b87116a0c43b8b4e1ad88b851d5bcf27c1a5f64)
Bernd Edlinger [Wed, 5 Jan 2022 16:25:02 +0000 (17:25 +0100)]
Fix copyright year issues
Fixes: #13765
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)
(cherry picked from commit
fd84b9c3e94be1771d1b34ad857081f7693318aa)
Dr. David von Oheimb [Fri, 14 May 2021 13:11:00 +0000 (15:11 +0200)]
OSSL_STORE: Prevent spurious error during loading private keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)
(cherry picked from commit
da198adb9c5626f31c52613fe2ae59a7066c3366)
x2018 [Mon, 29 Nov 2021 11:08:36 +0000 (19:08 +0800)]
check the return value of OSSL_PARAM_BLD_new in dsa_kmgmt.c:195
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17155)
(cherry picked from commit
0da3b39af3d961486758262ca71d2135d7013048)
zhaozg [Sat, 1 Jan 2022 14:45:12 +0000 (22:45 +0800)]
sm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17389)
(cherry picked from commit
8582dccc4dd1f1667b0e91a098e2cc78c7146dd7)
Peiwei Hu [Tue, 4 Jan 2022 01:10:32 +0000 (09:10 +0800)]
apps/passwd.c: free before error exiting
use goto instead of returning directly while error handling
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)
(cherry picked from commit
ea4d16bc60dee53feb71997c1e78379eeb69b7ac)
Tomas Mraz [Mon, 3 Jan 2022 13:46:52 +0000 (14:46 +0100)]
trace.c: Add missing trace category entry
Fixes #17397
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17399)
(cherry picked from commit
e06c0a2870c55aa4e66108ca071e7da7fd00b922)
Dr. David von Oheimb [Mon, 3 Jan 2022 16:03:13 +0000 (17:03 +0100)]
app_http_tls_cb: Fix double-free in case TLS not used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)
(cherry picked from commit
97b8c859c64bc60fcf5bb27ed51489c81fde41b3)
Dr. David von Oheimb [Fri, 26 Nov 2021 15:46:13 +0000 (16:46 +0100)]
HTTP client: Work around HTTPS proxy use bug due to callback design flaw
See discussion in #17088, where the real solution was postponed to 4.0.
This preliminarily fixes the issue that the HTTP(S) proxy environment vars
were neglected when determining whether a proxy should be used for HTTPS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17310)
(cherry picked from commit
068549f8db6d792a88bb888118001c4582f79074)
Sebastian Andrzej Siewior [Tue, 28 Dec 2021 22:05:32 +0000 (23:05 +0100)]
Use USE_SWAPCONTEXT on IA64.
On IA64 the use of setjmp()/ longjmp() does not properly save the
state of the register stack engine (RSE) and requires extra care.
The use of it in the async interface led to a failure in the
test_async.t test since its introduction in 1.1.0 series.
Instead of properly adding the needed assembly bits here use the
swapcontext() function which properly saves the whole context.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17370)
(cherry picked from commit
d26b3766a0a35668ee62b839a62acbdcd9ff2a98)
Pauli [Mon, 3 Jan 2022 23:52:52 +0000 (10:52 +1100)]
Revert "property: use a stack to efficiently convert index to string"
This reverts commit
e4a32f209ce6dcb380a7dc8c10a42946345ff38f.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17403)
Pauli [Mon, 3 Jan 2022 23:52:49 +0000 (10:52 +1100)]
Revert "test: add some unit tests for the property to string functions"
This reverts commit
e1436d54b9de5012d1716212c7329e46cf21a24a.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17403)
Matt Caswell [Wed, 29 Dec 2021 13:42:58 +0000 (13:42 +0000)]
Validate the category in OSSL_trace_end()
OSSL_trace_end() should validate that the category it has been passed
by the caler is valid, and return immediately if not.
Fixes #17353
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17371)
(cherry picked from commit
ee8a61e158c42c327c3303101083422b9a7cc504)
Dr. David von Oheimb [Mon, 3 Jan 2022 12:40:55 +0000 (13:40 +0100)]
Update troublesome copyright years of auto-generated files to 2022
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17398)
(cherry picked from commit
0088ef48c3e7d9c68e5b3c75cb077da601d22f37)
Dr. David von Oheimb [Thu, 30 Dec 2021 08:30:18 +0000 (09:30 +0100)]
ec.h: Explain use of strstr() for EVP_EC_gen() and add #include <string.h>
Fixes #17362
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17380)
(cherry picked from commit
1d8f18dce1c8ba99693dfaeb1696d625d9f4b7e0)
x2018 [Mon, 29 Nov 2021 09:09:36 +0000 (17:09 +0800)]
Check the return value of ossl_bio_new_from_core_bio()
There are missing checks of its return value in 8 different spots.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17154)
(cherry picked from commit
352a0bcaab8eda18cce786d2871e8d4ec6f9cbfe)