git.openssl.org Git - openssl.git/log

test/crltest.c: Add check for glue2bio

As the glue2bio() could return NULL pointer if fails,
it should be better to check the return value in order
to avoid the use of NULL pointer.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17718)

bio_enc.c: add check for BIO_new_mem_buf

Since the memory allocation may fail, the BIO_new_mem_buf() may
return NULL pointer.
Therefore, it should be better to check it and return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17730)

X509_VERIFY_PARAM_set_flags.pod: fix typos

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17731)

Add -quiet option to pkcs7 for -print_certs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17708)

Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num()

This macro and function were deprecated in the documentation but not in
the source.

Following an OTC vote the deprecation has been removed from the
documentation.

See https://github.com/openssl/technical-policies/issues/26

Fixes #17517

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17750)

doc: Fix KDF example for scrypt

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17745)

Fix a failure in sslapitest

The SNI test in test_cert_cb_int() was always failing because it used
SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the
correct libctx. PR #17739 amended the test to check the return value from
SSL_CTX_new() which made the failure obvious.

Fixes #17757

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17758)

check *libctx which is allocated by OSSL_LIB_CTX_new()

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17740)

test/sslapitest.c: Add check for SSL_CTX_new

As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fails, like SSL_CTX_new_ex().

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17739)

X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)

X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)

CMP: add subject of any provided CSR as default message sender

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17723)

chacha20 performance optimizations for ppc64le with 8x lanes,
Performance increase around 50%.

Co-authored-by: Madhusudhanan Duraisamy <madurais@in.ibm.com>
Co-authored-by: Nilamjyoti Goswami <nilamgoswami@in.ibm.com>
Co-authored-by: Siva Sundar Anbareeswaran <srisivasundar@in.ibm.com>
Reviewed-by: Danny Tsen <dtsen@us.ibm.com>
Tested-by: Danny Tsen <dtsen@us.ibm.com>
Signed-off-by: Danny <dtsen@us.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16637)

x509: handle returns from X509_TRUST_get_by_id() more consistently

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)

rand: Add missing check for rand_get_global

As the potential failure of the rand_get_global(),
for example fail to get lock, 'dgbl' could be NULL
pointer and be dereferenced later.
Therefore, it should be better to check it and return
error if fails, like RAND_get0_primary() and other callers.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17690)

fuzz/asn1.c: Add missing check for BIO_new

Since the BIO_new may fail, the 'bio' could be NULL pointer and be used.
Therefore, it should be better to check it and skip the print if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17690)

test/mdc2test.c: Add check for OSSL_PROVIDER_load

Since the potential failure of the OSSL_PROVIDER_load(),
for example there is no lock, the provider could fail to
be loaded into the library context.
Therefore, it should be better to check it and return error
if fails.
Also, in order to avoid free unknown pointer, 'c' should be
initialized as NULL.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17729)

doc: Refactored the example in crypto.pod

Added return value and error code in the sample

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)

doc: Update "SSL/TLS" old documentation description in openssl.pod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)

Fix typo

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17713)

Add changes logs caption for the next release 1.1.1n

Co-authored-by: Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)

Fixed the date of changes of 1.1.1m

Fixed the date in the heading of "Changes between 1.1.1l and 1.1.1m" to 14 Dec 2021

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)

enc : add support for wrap mode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17691)

Prefix output to avoid random ok to confuse test parser

Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.

Also corrected indent and removed useless comma after last item.

Fixes #17480

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17689)

apps/s_server: Add missing check for BIO_new

As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the dereference of NULL pointer.
And because 'bio_s_msg' is checked before being used everytime, which has no need to add the check.
But 'bio_s_out' is not.
And since the check 'if (bio_s_out == NULL)' is redundant, it can be removed to make the code succincter.
Also the 'sbio' and so forth should be checked like the other places in the same file.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17710)

apps/ocsp: Add check for OPENSSL_strdup

Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
Since OPENSSL_strdup() may fail because of the lack of memory,
the 'itmp' will be NULL and be an valid parameter hashed in
TXT_DB_get_by_index(), returning a wrong result.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17677)

s_server: Add check for OPENSSL_strdup

Since the OPENSSL_strdup() may return NULL if allocation
fails, the 'port' could be NULL.
And then it will be used in do_server(), which can accept
NULL as an valid parameter.
That means that the system could run with a wrong parameter.
Therefore it should be better to check it, like the other
memory allocation.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17673)

Add back check for the DH public key size

This is needed for TLS-1.3.

Also add check for uncompressed point format for ECDHE as
the other formats are not allowed by RFC 8446.

Fixes #17667

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17678)

Add define guards to avoid multi-inclusion

This header files are included by multiple other headers.
It's better to add define guards to prevent multi-inclusion.
Adhere to the coding style, all preprocessor directives inside
the guards gain a space.

Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17666)

test/helpers/handshake.c: Add check for OPENSSL_strdup

As the potential failure of the memory allocation, the OPENSSL_strdup()
could return NULL pointer and then be assigned to 'server_ctx'.
In order to tell the callers the failure of the configuration, it should
be better to return error.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17705)

Force macOS 10.15 or later to be 64-bit

macOS Catalina (10.15) no longer supports 32-bit applications.
Do not wait 5 seconds to give the user the option of using KERNEL_BITS=32
Do not accept the KERNEL_BITS=32 option

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17675)

Add tests for do_updatedb

Fixes #13944

Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.

Added function "asn1_string_to_time_t" including tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)

dh_exch.c: Add check for OPENSSL_strdup

Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17651)

Apply the correct Apache v2 license

There were still a few files mentioning the old OpenSSL license.

Fixes #17684

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17686)

openssl rehash: add check for OPENSSL_strdup

As the potential failure of the memory allocation,
it should be better to check the return value of
OPENSSL_strdup() and return error if fails.
Also, we need to restore the 'ep' to be NULL if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17676)

Implement a new flag for running s_client in a non-interactive mode

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17097)

Use C locale in Bash scripts.

Fixes openssl#17228.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17674)

Cleanup record length checks for KTLS

In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unprocessed packets are still pending.

Add at least some tests for KTLS, since we have
currently not very much test coverage for KTLS.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17504)

Add test of FIPS provider from the master branch with 3.0 build

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)

evp_test: Skip testcase if r parameter is unsupported

The r parameter of the KBKDF is unsupported by 3.0 FIPS module.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)

Add test of FIPS provider from the 3.0 branch with master build

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)

Change condition to avoid spurious compiler complaints.

X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).

Fixes #17665

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)

Added checking for buflen overflow due to MAX_MISALIGNMENT.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17646)

bn_lib.c: Change Endianess check to as a binary condition.

This prevents VS2022 from mis-identify an uninitialized local pointer
variable.

CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17567)

AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.

Vectorized 'stitched' encrypt + ghash implementation of AES-GCM enabled
with AVX512 vAES and vPCLMULQDQ instructions (available starting Intel's
IceLake micro-architecture).

The performance details for representative IceLake Server and Client
platforms are shown below

Performance data:
OpenSSL Speed KBs/Sec
Intel(R) Xeon(R) Platinum 8380 CPU @ 2.30GHz (1Core/1Thread)
Payload in Bytes       16          64        256         1024        8192      16384
AES-128-GCM
  Baseline      478708.27   1118296.96  2428092.52  3518199.4   4172355.99  4235762.07
  Patched       534613.95   2009345.55  3775588.15  5059517.64  8476794.88  8941541.79
  Speedup            1.12         1.80        1.55        1.44        2.03        2.11

AES-256-GCM
  Baseline      399237.27   961699.9    2136377.65  2979889.15  3554823.37  3617757.5
  Patched       475948.13   1720128.51  3462407.12  4696832.2   7532013.16  7924953.91
  Speedup            1.19        1.79         1.62        1.58        2.12        2.19
Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz (1Core/1Thread)
Payload in Bytes       16          64        256         1024        8192      16384
AES-128-GCM
  Baseline      259128.54   570756.43   1362554.16  1990654.57  2359128.88  2401671.58
  Patched       292139.47   1079320.95  2001974.63  2829007.46  4510318.59  4705314.41
  Speedup            1.13        1.89         1.47        1.42        1.91        1.96
AES-256-GCM
  Baseline      236000.34   550506.76   1234638.08  1716734.57  2011255.6   2028099.99
  Patched       247256.32   919731.34   1773270.43  2553239.55  3953115.14  4111227.29
  Speedup            1.05        1.67         1.44        1.49        1.97        2.03

Reviewed-by: TJ O'Dwyer, Marcel Cornu, Pablo de Lara
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17239)

Fix outdated comments

Update the comment "../md32_common.h" to "crypto/md32_common.h".

CLA: trivial

Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17670)

Fix small typo in EVP_KEYEXCH-ECDH.html doc example

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17657)

aarch64: fix branch target indications in arm64cpuid.pl and keccak1600

Add missing AARCH64_VALID_CALL_TARGET to armv8_rng_probe(). Also add
these to the functions defined by gen_random(), and note that this Perl
sub prints the assembler out directly, not going via the $code xlate
mechanism (and therefore coming before the include of arm_arch.h). So
fix this too.

In KeccakF1600_int, AARCH64_SIGN_LINK_REGISTER functions as
AARCH64_VALID_CALL_TARGET on BTI-only builds, so it needs to come before
the 'adr' line.

Change-Id: If241efe71591c88253a3e36647ced00300c3c1a3

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17653)

Add the check after calling OPENSSL_strdup

Since the potential failure of the memory allocation, the
OPENSSL_strdup() could return NULL pointer.
Therefore, it should be better to check it in order to guarantee the
success of the configuration, same as the check for
SSL_CTX_set_srp_username().

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17643)

Fix an enginetest failure when compiled with no-deprecated --api=1.1.1

Fixes #17649

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17652)

Send auxiliary messages to bio_err.

Fixes openssl#17613.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17650)

rsa: add check after calling BN_BLINDING_lock

As the potential failure of getting lock, we need to check the return
value of the BN_BLINDING_lock() in order to avoid the dirty data.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17642)

Check for presence of 1.1.x openssl runtime

if the newly loaded engine contains the symbol
EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
Abort loading this engine, as it will definitely crash.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17112)

Prevent crash with engine using different openssl runtime

This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.

Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.

Fixes #15898

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17112)

Add testcases for EVP_PKEY_set1_encoded_public_key()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)

Replace size check with more meaningful pubkey check

It does not make sense to check the size because this
function can be used in other contexts than in TLS-1.3 and
the value might not be padded to the size of p.

However it makes sense to do the partial pubkey check because
there is no valid reason having the pubkey value outside the
1 < pubkey < p-1 bounds.

Fixes #15465

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)

doc: Add hint to use EVP_PKEY_get_bn_param to retrieve big integers

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17423)

Fix SIZE_MAX not defined on z/OS etc

Fixes openssl#17629 by including internal/numbers.h which defines SIZE_MAX

CLA: trivial

Fixes #17629

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17632)

Correct return type for BIO_ptr_ctrl

Fixes #17549
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17636)

Fixed counter overflow

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17607)

evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null

Since the memory allocation may fail, the 'mac_name' and 'controls'
could be NULL.
And the 'mac_name' will be printed in mac_test_run_mac() without check.
Also the result of 'params_n +
sk_OPENSSL_STRING_num(expected->controls)' in
mac_test_run_mac() will be 'params_n - 1' if allocation fails , which
does not make sense.
Therefore, it should be better to check them in order to guarantee the
complete success of initiation.
If fails, we also need to free the 'mdat' to avoid the memory leak.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17628)

Fix typos

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17634)

evp enc: cache cipher key length

Instead of doing a heavy params based query every time a context is
asked for its key length, this value is cached in the context and only
queried if it could have been modified.

Fixes #17064

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)

evp enc: cache cipher IV length

Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it could
have been modified.

Fixes #17064

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)

aes: avoid accessing key length field directly

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)

Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.

FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13752)

Add missing CRYPTO_THREAD_cleanup_local of default_context_thread_local

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17622)

Fix builds with DJGPP

CLA: trivial

To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.

Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.

In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:

- arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c
- netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17623)

openssl-dgst.pod.in: Fix documentation of -list option

Mention openssl list -digest-algorithms, NOT -digest-commands.

Move option -list just after the related option -digest.

Fix HTML formatting of section 'Examples' by adding missing
newlines and add 2 examples variant to clarify syntax of the
command.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17626)

Fix copyrights

Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17606)

Use opt_int_arg() to parse integers in apps/speed.c

We use opt_int_arg() to prevent malformed processing of
hexadecimal input to some command line options.

Updated help to mention the change.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17585)

Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY.

The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17200)

add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order()

The function/macro allow user get groups/extensions without memory allcations.
So we could calculate the ssl fignerprint(ja3) in low cost.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16910)

apps/progs.pl: use SOURCE_DATE_EPOCH if defined for copyright year

As with 11d7d903, use SOURCE_DATE_EPOCH for the copyright year if it is
defined, to avoid reproducibility problems.

CLA: trivial

Signed-off-by: Ross Burton <ross.burton@arm.com>
Change-Id: I1bea19070411a69155c43de7082350fb2c499da3

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17601)

Update the comment on ssl3_write_pending()

The struct s->s3 has been modified.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17611)

Revert dropped usage of var thiswr in do_ssl3_write()

The var 'thiswr' is an unwanted modification,
it was submitted in #5253.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17610)

indentation fix

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

tls1 prf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pkcs12 kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

test: change pkey kdf dup fail test to a pkey kdf dup success test

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

k942 kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

ss KDF: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

ssh kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

scrypt: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pvk kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

krb5kdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

kbkdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

hkdf: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pbkdf2: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

pbkdf1: implement ctx dup operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

evp_test: add a ctx dup operation to the KDF tests

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

prov: add a safe memdup function for context cloning

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

Fix bad HTML formatting in EVP_KEYEXCH-DH.html because of missing newline in pod file

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17609)

Fix endianness problem in params_api_test

On a big endian machine, we get test failures in params_api_test like

        # ERROR: (memory) 'buf1 == buf2' failed @ test/params_api_test.c:473
        # --- buf1
        # +++ buf2
        # 0000:-e901
        # 0000:+01e9
        #       ^^^^
        #
        # OPENSSL_TEST_RAND_ORDER=1643313367
        not ok 157 - iteration 3

They are due to an additional conversion copy.  Remove this copy to solve the
problem.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17608)

aes: make the no-asm constant time code path not the default

After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.

The option to use the constant time code exists as it was in OpenSSL 1.1.1.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)

Include the modules directory in openssl.pc

Affected file: Configurations/unix-Makefile.tmpl

Fixes #17602

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17605)

apps: Add option -no_ems to s_client/s_server apps

The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910.
And it is valid for versions below (D)TLS 1.2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17597)

Add -verbose/-queit flags to dhparam

Allow dhparam to run quietly in scripts, etc.

For other commands that took a -verbose flag already, also support -quiet.

For genpkey which only supported -quiet, add the -verbose flag.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)

Use progress_cb in genrsa

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)