git.openssl.org Git - openssl.git/log

Change condition to avoid spurious compiler complaints.

X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).

Fixes #17665

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)

(cherry picked from commit b84c6e86dd8ca88444207080808d1d598856041f)

Added checking for buflen overflow due to MAX_MISALIGNMENT.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17646)

(cherry picked from commit 4b3777c9ad4a2058a9b87afb26289039ebf4a6c1)

Fix small typo in EVP_KEYEXCH-ECDH.html doc example

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17657)

(cherry picked from commit 0fdb31669f88cbf5d63ba16d82d95c6c84575dc0)

Add the check after calling OPENSSL_strdup

Since the potential failure of the memory allocation, the
OPENSSL_strdup() could return NULL pointer.
Therefore, it should be better to check it in order to guarantee the
success of the configuration, same as the check for
SSL_CTX_set_srp_username().

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17643)

(cherry picked from commit 09030ee73693411c19b596cb0e0f43eb512ac0e6)

Fix an enginetest failure when compiled with no-deprecated --api=1.1.1

Fixes #17649

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17652)

(cherry picked from commit 29af9fba64fd3e4e086808f2360501b463627ea2)

Send auxiliary messages to bio_err.

Fixes openssl#17613.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17650)

(cherry picked from commit 2a6994cfa08368a710d66caaae4fc07ad35631bf)

rsa: add check after calling BN_BLINDING_lock

As the potential failure of getting lock, we need to check the return
value of the BN_BLINDING_lock() in order to avoid the dirty data.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17642)

(cherry picked from commit aefbcde29166caf851cf388361d70fd0dcf17d87)

Check for presence of 1.1.x openssl runtime

if the newly loaded engine contains the symbol
EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
Abort loading this engine, as it will definitely crash.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17112)

(cherry picked from commit 14db620282bea38dc44479e562cf9bb61a716444)

Prevent crash with engine using different openssl runtime

This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.

Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.

Fixes #15898

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17112)

(cherry picked from commit 9362a1b32b7330e24d3bca230b412557caea095b)

Add testcases for EVP_PKEY_set1_encoded_public_key()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)

(cherry picked from commit eafd3e9d07e99583a1439bb027e4d6af43e2df27)

Replace size check with more meaningful pubkey check

It does not make sense to check the size because this
function can be used in other contexts than in TLS-1.3 and
the value might not be padded to the size of p.

However it makes sense to do the partial pubkey check because
there is no valid reason having the pubkey value outside the
1 < pubkey < p-1 bounds.

Fixes #15465

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)

(cherry picked from commit 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62)

doc: Add hint to use EVP_PKEY_get_bn_param to retrieve big integers

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17423)

(cherry picked from commit f6f4d1cc00a557232955867b6c04f767e8b5a12e)

Fix SIZE_MAX not defined on z/OS etc

Fixes openssl#17629 by including internal/numbers.h which defines SIZE_MAX

CLA: trivial

Fixes #17629

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17632)

(cherry picked from commit 25a0a44dc6223e515f5e91e41798cccf09c5612b)

Correct return type for BIO_ptr_ctrl

Fixes #17549
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17636)

(cherry picked from commit 984cc9a0284ee4800862aa305f9f178827baf459)

evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null

Since the memory allocation may fail, the 'mac_name' and 'controls'
could be NULL.
And the 'mac_name' will be printed in mac_test_run_mac() without check.
Also the result of 'params_n +
sk_OPENSSL_STRING_num(expected->controls)' in
mac_test_run_mac() will be 'params_n - 1' if allocation fails , which
does not make sense.
Therefore, it should be better to check them in order to guarantee the
complete success of initiation.
If fails, we also need to free the 'mdat' to avoid the memory leak.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17628)

(cherry picked from commit b2f90e93a07d992515782511a5770aa7cf7dc28f)

Add missing CRYPTO_THREAD_cleanup_local of default_context_thread_local

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17622)

(cherry picked from commit 8e012cdc896ec6a98b45119b127b230cbbb6e93b)

Fix builds with DJGPP

CLA: trivial

To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.

Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.

In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:

- arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c
- netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17623)

(cherry picked from commit b9b211fcb6b9068ef1d8729a4971fbe693fd2cde)

openssl-dgst.pod.in: Fix documentation of -list option

Mention openssl list -digest-algorithms, NOT -digest-commands.

Move option -list just after the related option -digest.

Fix HTML formatting of section 'Examples' by adding missing
newlines and add 2 examples variant to clarify syntax of the
command.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17626)

(cherry picked from commit 5719dd461fc2cc5d5d29fc3d7e9a6deca3130a7e)

Fix copyrights

Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17606)

(cherry picked from commit 9d987de3aabe54e65a55649a61953966f33b070b)

Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY.

The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17200)

(cherry picked from commit 944f822aadc88b2e25f7695366810c73a53a00c8)

Document purpose and trust setting functions

In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17603)

Add a test for X509_STORE_CTX_set_purpose()

This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17603)

Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose

The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.

Fixes #17367

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17603)

x509: add the check for X509_STORE_lock

Since we may fail to get the lock, for example there is no lock, the
X509_STORE_lock() will return 0.
Therefore, we should check it in order to prevent the dirty data.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17598)

apps/progs.pl: use SOURCE_DATE_EPOCH if defined for copyright year

As with 11d7d903, use SOURCE_DATE_EPOCH for the copyright year if it is
defined, to avoid reproducibility problems.

CLA: trivial

Signed-off-by: Ross Burton <ross.burton@arm.com>
Change-Id: I1bea19070411a69155c43de7082350fb2c499da3

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17601)

(cherry picked from commit 27aca04e13ca8a9bead49de7bc380110ecb7064e)

Fix bad HTML formatting in EVP_KEYEXCH-DH.html because of missing newline in pod file

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17609)

(cherry picked from commit a841d450a443efccf4df02922ebe02e4c2f11a2b)

aes: make the no-asm constant time code path not the default

After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.

The option to use the constant time code exists as it was in OpenSSL 1.1.1.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)

Add the missing check of BN_bn2hex return value

CLA: trivial

Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17578)

(cherry picked from commit 4dd085c03a885580cc945f71187131ea7fb39b70)

BIO_new_from_core_bio: Check for NULL pointer after calling get_globals

The get_globals could return NULL, for example,
CRYPTO_THREAD_read_lock() failed.
Therefore, just checking the member of 'bcgbl' is not enough.
We need to check 'bcgbl' itself too in order to avoid the dereference of
the NULL pointer.
And the caller of ossl_bio_init_core(), OSSL_LIB_CTX_new_from_dispatch()
in `crypto/context.c`, has already checked return value and dealed with
the situation if it returns 0.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17581)

(cherry picked from commit 7f1cb465c1f0e45bde8c1ee54a37e6f7641c70c6)

Ensure ciphers command honours -propquery

Any propquery passed via the -propquery option to the ciphers command was
being ignored.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17595)

(cherry picked from commit 4ed381736b063284bdbd5d302988617aa4366a3f)

lhash: Avoid 32 bit right shift of a 32 bit value

Fixes #17583

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17589)

(cherry picked from commit 2ce0a3d19005271e7e3c351b562d9da93e2d4c80)

Fix IV length of DES EDE ECB implementations

Fixes #17587

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17591)

(cherry picked from commit d450eb84c802b2f78971f905b251a0fb89ebb7d1)

UI: Check for NULL pointer after calling OPENSSL_memdup

The OPENSSL_memdup() is not always success, as the potential failure of
the allocation.
Then the '*pptr'could be NULL pointer but the ui_dup_method_data() will
still return 1.
In CRYPTO_dup_ex_data(), the 'storage[i]->dup_func' will not fail and
'ptr' will be used in CRYPTO_set_ex_data().
Also, if '*pptr' is NULL, I think it should also return 0 to tell the
caller that the duplication fails in order to prevernt using the NULL
pointer.
Therefore, it should be better to add the check and return 1 only if the
duplication succeed.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17582)

(cherry picked from commit 3f6a12a07f52c55dc3f4b0def42680f589f89ed4)

Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()

Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)

(cherry picked from commit 1d28ada1c39997c10fe5392f4235bbd2bc44b40f)

Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()

When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.

Fixes: https://github.com/openssl/openssl/issues/17506
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)

(cherry picked from commit 59ccb72cd5cec3b4e312853621e12a68dacdbc7e)

test/ct_test.c: Add the missing check after calling sk_SCT_new_null

As the potential failure of the allocation, the sk_SCT_new_null() could
return NULL pointer if fails.
And then sk_SCT_push() uses the 'fixture->sct_list' and returns -1 if
fails.
But the return value of the sk_SCT_push() is not checked.
I think it is better to check it just after the allocation.

CLA: trivial

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)

(cherry picked from commit 7625d70ad9e7be0588dd9453e89892c2b24b8175)

evp_test: Add the missing check after calling OPENSSL_malloc

The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() deals
with.

CLA: trivial

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)

(cherry picked from commit 2208ba56ebefe4cf7d924e2ac7044ccd3307250b)

s_server: correctly handle 2^14 byte long records

as the code uses BIO_gets, and it always null terminates the
strings it reads, when it reads a record 2^14 byte long, it actually
returns 2^14-1 bytes to the calling application, in general it returns
size-1 bytes to the caller

This makes the code sub-optimal (as every 2^14 record will need two
BIO_gets() calls) and makes it impossible to use -rev option to test
all plaintext lengths (like in openssl#15706)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17553)

`make clean` should clean up fips provider shared object.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17556)

self_test.h: fix the C++ wrapping

Fixes #17557

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17562)

(cherry picked from commit 1bfd20f08c042072cae44a9eb81626cbfff81116)

crypto/bio: drop float formating for UEFI

Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.

Avoid those problems by not compiling the formating code for floating
point numbers.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)

(cherry picked from commit f59d72f027da90edcccad5cc78c94d3099fadecf)

Revert "crypto/bio: fix build on UEFI"

This reverts commit 328bf5adf9e23da523d4195db309083aa02403c4.

Turned out it isn't that simple, the fix is incomplete.
So revert and try again with another approach.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)

(cherry picked from commit 619c9bad41d041bab2ac6ba3933d526b48ceee2a)

Fix the same BIO_FLAGS macro definition

Also add comment to the public header to avoid
making another conflict in future.

Fixes #17545

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17546)

(cherry picked from commit e278f18563dd3dd67c00200ee30402f48023c6ef)

Clarify flags argument of X509_check_ip

Because no supported flag affects the behavior of X509_check_ip, the
flags argument currently has no effect.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17536)

(cherry picked from commit 2d280fe016a98b57d488f42fd3941bcd61407c5a)

ssl: better support TSAN operations

For platforms that do not have native TSAN support, locking needs to be used
instead. This adds the locking.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17489)

(cherry picked from commit acce055778ecbf72e06a254b3a9bf2a2907e5170)

dh_exch.c: Correct gettable parameters for DH key exchange

Fixes #17510

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17515)

(cherry picked from commit c1167f09d840b109ef1c1c1485e3de64be2fc625)

Fix mistake in ERR_peek_error_all documentation.

The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17522)

(cherry picked from commit f242ce9817157817b19ccb303fd436fe487539b3)

bn_ppc.c: Fix build failure on AIX with XLC/XLCLANG

These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.

Fixes #17087

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17497)

(cherry picked from commit cfbb5fcf4424395a1a23751556ea12c56b80b57e)

dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid

And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit 59d3fd1cc8c938daa6384783a7e5847d6f5201f7)

Do not call ossl_ffc_name_to_dh_named_group with NULL argument

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)

Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114

Fixes #17485

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8)

Fix typo in SSL_CTX_set_dh_auto

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)

(cherry picked from commit 144316d276adf5b8172316f7bc20b372b8e31ac8)

ssl/t1_enc: Fix kTLS RX offload path

During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)

(cherry picked from commit d73a7a3a71270aaadb4e4e678ae9bd3cef8b9cbd)

EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails

Fixes #17482

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)

(cherry picked from commit 37b850738cbab74413d41033b2a4df1d69e1fa4a)

Add a comment to indicate ineffective macro

EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards

CLA: trivial

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17484)

(cherry picked from commit 79704a88eb5aa70fa506e3e59a29fcda21f428af)

coverity 1497107: dereference after null check

Add null checks to avoid dereferencing a pointer that could be null.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17488)

Cleansing all the temporary data for s390x

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17486)

(cherry picked from commit 79c7acc59bb98c2b8451b048ed1dd8cc517df76e)

test_gendhparam: Drop expected error output

Otherwise it sometimes confuses the TAP parser.

Fixes #17480

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)

(cherry picked from commit 3bfb7239daf3d6a89476e163dc925c641d356729)

Clear md_data only when necessary

PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)

(cherry picked from commit 8086b267fb3395c53cd5fc29eea68ba4826b333d)

drbg: add handling for cases where TSAN isn't available

Most of the DRGB code is run under lock from the EVP layer. This is relied
on to make the majority of TSAN operations safe. However, it is still necessary
to enable locking for all DRBGs created.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

lhash: use lock when TSAN not available for statistics gathering

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

mem: do not produce usage counts when tsan is unavailable.

Doing the tsan operations under lock would be difficult to arrange here (locks
require memory allocation).

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

core namemap: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

tsan: make detecting the need for locking when using tsan easier

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

threadstest: add write check to lock checking

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

Avoid using a macro expansion in a macro when statically initialising

Circumvents a problem with ancient PA-RISC compilers on HP/UX.

Fixes #17477

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)

(cherry picked from commit 9c5d1451292566e546d5dd01c7f19950fa34391d)

drop unused callback variable

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17471)

(cherry picked from commit 64a644530e023d3064db9027b0977d33b1d2ad9a)

EVP_DigestSignFinal: *siglen should not be read if sigret == NULL

This fixes small regression from #16962.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)

(cherry picked from commit a4e01187d3648d9ce99507097400902cf21f9b55)

pkeyutl: Fix regression with -kdflen option

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17461)

(cherry picked from commit b82fd89d8bae1445c89ec90d1a6145fe3216d2d7)

Ensure we test fetching encoder/decoder/store loader with a query string

Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

Fix Decoder, Encoder and Store loader fetching

Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()

Fixes #17456

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

(cherry picked from commit cd1981a0dc165ab6af5e2945beaaa9efe4484cee)

Clarify the int param getter documentation

OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)

(cherry picked from commit 254217a4a0c9e64869495447a0e6bdc2323d4cd1)

Fix: some patches related to error exiting

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17443)

Add a test for a custom digest created via EVP_MD_meth_new()

We check that the init and cleanup functions for the custom method are
called as expected.

Based on an original reproducer by Dmitry Belyavsky from issue #17149.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

(cherry picked from commit fbbe7202eba9fba243c18513f4f0316dafb3496d)

Fix a leak in EVP_DigestInit_ex()

If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.

Fixes #17149

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

(cherry picked from commit 357bccc8ba64ec8a5f587b04b5d6b6ca9e8dcbdc)

Ensure that MDs created via EVP_MD_meth_new() go down the legacy route

MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

(cherry picked from commit d9ad5b16b32172df6f7d02cfb1c339cc85d0db01)

EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt

The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.

Fixes #17424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)

(cherry picked from commit 64a8f6008acce93d0bf184559c63e66c0cc0e23d)

crypto/bio: fix build on UEFI

When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:

crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled

Fix that by using EFIAPI calling convention when compiling for UEFI.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)

(cherry picked from commit 328bf5adf9e23da523d4195db309083aa02403c4)

Add a test case for the short password

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)

(cherry picked from commit 21095479c016f2ceaca0f71078fd27f0e9ba9375)

providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init

There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)

(cherry picked from commit 22778abad905536fa6c93cdc6fffc8c736dfee79)

Test importing EC key parameters with a bad curve

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

(cherry picked from commit d4d8f163db1d32c98d8f956e6966263a7a22fac1)

EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure

Fixes #17407

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

(cherry picked from commit 5b03b89f7f925384c2768874c95f1af7053fd16f)

fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)

(cherry picked from commit 7b1264baab7edd82fea8b27d9ddec048bafc0048)

properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)

(cherry picked from commit 949e4f79d202d43519d373b2af6b1a4948bf1a74)

properly free the resource from CRYPTO_malloc

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)

(cherry picked from commit 1b87116a0c43b8b4e1ad88b851d5bcf27c1a5f64)

Fix copyright year issues

Fixes: #13765
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)

(cherry picked from commit fd84b9c3e94be1771d1b34ad857081f7693318aa)

OSSL_STORE: Prevent spurious error during loading private keys

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)

(cherry picked from commit da198adb9c5626f31c52613fe2ae59a7066c3366)

check the return value of OSSL_PARAM_BLD_new in dsa_kmgmt.c:195

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17155)

(cherry picked from commit 0da3b39af3d961486758262ca71d2135d7013048)

sm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17389)

(cherry picked from commit 8582dccc4dd1f1667b0e91a098e2cc78c7146dd7)

apps/passwd.c: free before error exiting

use goto instead of returning directly while error handling

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)

(cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac)

trace.c: Add missing trace category entry

Fixes #17397

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17399)

(cherry picked from commit e06c0a2870c55aa4e66108ca071e7da7fd00b922)

app_http_tls_cb: Fix double-free in case TLS not used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)

(cherry picked from commit 97b8c859c64bc60fcf5bb27ed51489c81fde41b3)

HTTP client: Work around HTTPS proxy use bug due to callback design flaw

See discussion in #17088, where the real solution was postponed to 4.0.

This preliminarily fixes the issue that the HTTP(S) proxy environment vars
were neglected when determining whether a proxy should be used for HTTPS.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17310)

(cherry picked from commit 068549f8db6d792a88bb888118001c4582f79074)

Use USE_SWAPCONTEXT on IA64.

On IA64 the use of setjmp()/ longjmp() does not properly save the
state of the register stack engine (RSE) and requires extra care.
The use of it in the async interface led to a failure in the
test_async.t test since its introduction in 1.1.0 series.

Instead of properly adding the needed assembly bits here use the
swapcontext() function which properly saves the whole context.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17370)

(cherry picked from commit d26b3766a0a35668ee62b839a62acbdcd9ff2a98)

Revert "property: use a stack to efficiently convert index to string"

This reverts commit e4a32f209ce6dcb380a7dc8c10a42946345ff38f.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17403)

Revert "test: add some unit tests for the property to string functions"

This reverts commit e1436d54b9de5012d1716212c7329e46cf21a24a.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17403)

Validate the category in OSSL_trace_end()

OSSL_trace_end() should validate that the category it has been passed
by the caler is valid, and return immediately if not.

Fixes #17353

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17371)

(cherry picked from commit ee8a61e158c42c327c3303101083422b9a7cc504)

Update troublesome copyright years of auto-generated files to 2022

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17398)

(cherry picked from commit 0088ef48c3e7d9c68e5b3c75cb077da601d22f37)

ec.h: Explain use of strstr() for EVP_EC_gen() and add #include <string.h>

Fixes #17362

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17380)

(cherry picked from commit 1d8f18dce1c8ba99693dfaeb1696d625d9f4b7e0)

Check the return value of ossl_bio_new_from_core_bio()

There are missing checks of its return value in 8 different spots.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17154)

(cherry picked from commit 352a0bcaab8eda18cce786d2871e8d4ec6f9cbfe)