Juergen Christ [Wed, 23 Mar 2022 12:26:13 +0000 (13:26 +0100)]
s390x: Hide internal cpuid symbol and function
The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not
exported by the version script of OpenSSL. However, if someone uses the
static library without the version script, these symbols all of a sudden
become global symbols and their usage in assembler code does not correctly
reflect that for PIC. Since these symbols should never be used outside of
OpenSSL, hide them inside the binary.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17946)
(cherry picked from commit
37816ef5757e458be9648481e56bf698ee3bfbb1)
Tomas Mraz [Thu, 24 Mar 2022 15:18:33 +0000 (16:18 +0100)]
Fix formatting of NOTES-WINDOWS.md and doc-nits failure
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17960)
(cherry picked from commit
bd28a23eb120b4fdfd45d18a1f05cd7366ed8058)
Pauli [Wed, 16 Mar 2022 03:13:25 +0000 (14:13 +1100)]
Fix Coverity
1498612: integer overflow
The assert added cannot ever fail because (current & 0xFFFF) != 0 from the
while loop and the trailing zero bit count therefore cannot be as large as 32.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17892)
(cherry picked from commit
81487b65b9eb8148471e729b8c1959521d62c69e)
Gabor Kertesz [Tue, 22 Mar 2022 17:13:22 +0000 (18:13 +0100)]
Add build note for win-arm64
Windows on Arm is not officially supported by release, but with
x86 emulated Perl it can be built locally.
This method is added to Windows notes.
Locally all tests are passed on win-arm64.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17940)
(cherry picked from commit
288e9680399d3a755861d309058dda2fb48af8bf)
Richard Levitte [Mon, 21 Mar 2022 15:23:09 +0000 (16:23 +0100)]
util/markdownlint.rb: Allow fenced code blocks
We use both indented and fenced styles in diverse markdown files.
We try to do this consistently in each file, though.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17933)
(cherry picked from commit
fb2cd91f27d0cc0bbf1883dd188788016165a458)
Pauli [Wed, 16 Mar 2022 02:48:27 +0000 (13:48 +1100)]
Fix Coverity
1201763 uninitialised pointer read
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17890)
(cherry picked from commit
a0238b7ed87998c48b1c92bad7fa82dcbba507f9)
Pauli [Wed, 16 Mar 2022 03:07:45 +0000 (14:07 +1100)]
Fix Coverity
1498613: resource leak
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17891)
(cherry picked from commit
6889ebff01fa8cd7e5905f3f242edfed55fca443)
Pauli [Wed, 16 Mar 2022 03:21:01 +0000 (14:21 +1100)]
Fix Coverity
1498611 &
1498608: uninitialised read
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17893)
(cherry picked from commit
09134f183f76539aa1294adfef10fcc694e90267)
Daniel Fiala [Wed, 16 Mar 2022 19:30:38 +0000 (20:30 +0100)]
Make `openssl check -rsa ...` to work for both RSA and RSA-PSS.
Fixes openssl#17167
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17920)
Pauli [Wed, 16 Mar 2022 03:45:44 +0000 (14:45 +1100)]
Fix coverity
1498607: uninitialised value
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17897)
(cherry picked from commit
70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63)
Dr. David von Oheimb [Tue, 15 Mar 2022 17:40:32 +0000 (18:40 +0100)]
OSSL_CMP_CTX_new.pod: make references to private key consistent with OSSL_CMP_MSG_get0_header.pod
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17887)
(cherry picked from commit
92cae9b42de1eec3da7ef6ccb36188ff61f3e0df)
Dr. David von Oheimb [Tue, 15 Mar 2022 17:39:13 +0000 (18:39 +0100)]
OSSL_CMP_MSG_get0_header.pod: re-phrase two lenthy otherwise clauses as lists
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17887)
(cherry picked from commit
52a42f54eb9afb599d32c85100d59db46c23ffcc)
Dr. David von Oheimb [Tue, 15 Mar 2022 12:26:23 +0000 (13:26 +0100)]
SSL_CTX_set_verify.pod: move a note further down where it fits better
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17887)
(cherry picked from commit
1aa1bba59da8248113516533aac270fb374a9584)
David Carlier [Wed, 16 Mar 2022 23:21:58 +0000 (23:21 +0000)]
print SSL session, fix build warnings on OpenBSD.
time_t is a 64 bits type on this platform.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17917)
(cherry picked from commit
9362638b080e328ccab43f89048bed27bcf2f11d)
Tomas Mraz [Wed, 16 Mar 2022 11:14:16 +0000 (12:14 +0100)]
eng_dyn: Avoid spurious errors when checking for 1.1.x engine
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17901)
(cherry picked from commit
bd5c91c82cdc4b6ffe4a2970f9512fc5ec7d2d06)
Hugo Landau [Wed, 16 Mar 2022 16:40:14 +0000 (16:40 +0000)]
Fix documentation for provider-signature
Fixes #17909.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17914)
(cherry picked from commit
a07a70c76f0150077ce21ee7655d1e38e4411846)
Hugo Landau [Wed, 16 Mar 2022 16:32:08 +0000 (16:32 +0000)]
Fix declaration inconsistency (Camellia)
Fixes #17911.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17912)
(cherry picked from commit
a12a71fafbe9b0ce90a51098fbf166d9da62b111)
Hugo Landau [Wed, 16 Mar 2022 17:00:32 +0000 (17:00 +0000)]
List missing operations in provider(7)
Fixes #17910.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17915)
(cherry picked from commit
7f039951f3a737bc00ef66c91575e543924b3ab2)
tangyiqun [Wed, 9 Mar 2022 10:06:41 +0000 (18:06 +0800)]
check return value of functions that call BIO_new()
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17850)
(cherry picked from commit
edba19760fa682ed095ca26ba89ba95530003bfe)
Matt Caswell [Tue, 15 Mar 2022 14:30:31 +0000 (14:30 +0000)]
Prepare for 3.0.3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Tue, 15 Mar 2022 14:30:24 +0000 (14:30 +0000)]
Prepare for release of 3.0.2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Tue, 15 Mar 2022 14:30:24 +0000 (14:30 +0000)]
make update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Tue, 15 Mar 2022 13:52:58 +0000 (13:52 +0000)]
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Mon, 14 Mar 2022 16:30:26 +0000 (16:30 +0000)]
Update CHANGES/NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Tomas Mraz [Mon, 28 Feb 2022 17:26:35 +0000 (18:26 +0100)]
Add a negative testcase for BN_mod_sqrt
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
3469282ed2faee747868150089e07a187891b5ee)
Tomas Mraz [Mon, 28 Feb 2022 17:26:30 +0000 (18:26 +0100)]
Add documentation of BN_mod_sqrt()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
03eccd2663e36f8b95ba3ae8c30a63313a38ec0a)
Tomas Mraz [Mon, 28 Feb 2022 17:26:21 +0000 (18:26 +0100)]
Fix possible infinite loop in BN_mod_sqrt()
The calculation in some cases does not finish for non-prime p.
This fixes CVE-2022-0778.
Based on patch by David Benjamin <davidben@google.com>.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
9eafb53614bf65797db25f467946e735e1b43dc9)
Hugo Landau [Fri, 11 Mar 2022 06:57:26 +0000 (06:57 +0000)]
Fix signed integer overflow in evp_enc
Fixes #17869.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17870)
(cherry picked from commit
1832bb0f02e519a48f06a10467c7ce5f7f3feeeb)
Oliver Roberts [Sat, 12 Mar 2022 14:39:01 +0000 (14:39 +0000)]
Fixed typo in inner_evp_generic_fetch() error handling
Fixes #17876
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17877)
(cherry picked from commit
ef9909f3c6471ba39be1e3d18a366044cbf30a19)
Hugo Landau [Thu, 10 Mar 2022 09:38:09 +0000 (09:38 +0000)]
EVP_MD performance fix (refcount cache contention)
Partial fix for #17064. Avoid excessive writes to the cache line
containing the refcount for an EVP_MD object to avoid extreme
cache contention when using a single EVP_MD at high frequency on
multiple threads. This changes performance in 3.0 from being double
that of 1.1 to only slightly higher than that of 1.1.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17857)
(cherry picked from commit
c0b7dac66edde45b8da80918f5b5b62d1e766a0c)
Hugo Landau [Wed, 2 Mar 2022 07:38:15 +0000 (07:38 +0000)]
Add EVP demo for SIPHASH
Fixes #14121.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17793)
(cherry picked from commit
864853988e80517a563d2423d4fb742323995433)
Tomas Mraz [Thu, 10 Mar 2022 17:41:30 +0000 (18:41 +0100)]
evp_test: Add testcases for DH KEX with X9.42 KDF
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)
(cherry picked from commit
4413fe3520da3ad42c417828b1785eeedcde50d3)
Tomas Mraz [Thu, 10 Mar 2022 12:13:40 +0000 (13:13 +0100)]
Fix documentation of parameters for DH and ECDH KEX
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)
(cherry picked from commit
76396ebbd7b67db90a31bb7b017eb2fcfb1c61c9)
Tomas Mraz [Thu, 10 Mar 2022 12:11:21 +0000 (13:11 +0100)]
DH: Make padding always on when X9.42 KDF is used
Fixes #17834
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)
(cherry picked from commit
01b18775676115945956f4de0eb0cafedaf027ab)
Hugo Landau [Fri, 4 Mar 2022 12:53:50 +0000 (12:53 +0000)]
Add manpages for SSL_get_certificate, SSL_get_private_key
This is as I understand these functions from reading the code.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17815)
(cherry picked from commit
2a9219514263454896bdda800b4b811843338bc7)
Jiasheng Jiang [Mon, 7 Mar 2022 09:51:25 +0000 (17:51 +0800)]
crypto/pem/pem_lib.c: Add check for BIO_read
As the potential failure of the BIO_read(),
it should be better to add the check and return
error if fails.
Also, in order to decrease the same code, using
'out_free' will be better.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17754)
(cherry picked from commit
2823e2e1d39479a7835d176862ec15e47a1bdecd)
xkernel [Mon, 7 Mar 2022 08:06:17 +0000 (16:06 +0800)]
check return value of functions that call BIO_new() internally
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17821)
Hugo Landau [Mon, 7 Mar 2022 13:29:49 +0000 (13:29 +0000)]
Add EVP demo for RSA key generation
Fixes #14111.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17824)
(cherry picked from commit
ad083f9b0ab81d094c2dbb8f5e2a5fb7738a0bfe)
Tomas Mraz [Mon, 7 Mar 2022 14:46:58 +0000 (15:46 +0100)]
Replace handling of negative verification result with SSL_set_retry_verify()
Provide a different mechanism to indicate that the application wants
to retry the verification. The negative result of the callback function
now indicates an error again.
Instead the SSL_set_retry_verify() can be called from the callback
to indicate that the handshake should be suspended.
Fixes #17568
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17825)
(cherry picked from commit
dfb39f73132edf56daaad189e6791d1bdb57c4db)
Richard Levitte [Thu, 10 Mar 2022 12:29:25 +0000 (13:29 +0100)]
Make ossltest engine use in test/recipes/20-test_dgst.t platform agnostic
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17861)
(cherry picked from commit
abdb2278d2b65ae87bee3121be83322e4219b396)
Dr. David von Oheimb [Thu, 17 Feb 2022 18:40:29 +0000 (19:40 +0100)]
OSSL_CMP_CTX_setup_CRM(): Fix handling of defaults from CSR and refcert
Also update and complete related documentation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17726)
(cherry picked from commit
c8c923454b52d64234c941553d81143918e502ea)
Dr. Matthias St. Pierre [Wed, 9 Mar 2022 10:55:36 +0000 (11:55 +0100)]
docs: correct manual page links for version 3.0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17852)
Todd Short [Wed, 9 Mar 2022 22:05:45 +0000 (17:05 -0500)]
DOC: TLS compression is disabled by default
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17854)
(cherry picked from commit
2cb52118ddd1d82d7b6028372238eaa2467bbd48)
Dr. Matthias St. Pierre [Wed, 9 Mar 2022 22:58:02 +0000 (23:58 +0100)]
README: add missing link to OpenSSL 3.0 manual pages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17855)
(cherry picked from commit
a20c9b6c13afb71e1dd03bf122673e3093d6c437)
Tomas Mraz [Wed, 9 Mar 2022 08:48:42 +0000 (09:48 +0100)]
Drop ariacbc demo binary
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17848)
(cherry picked from commit
97896f744d9ee4f2e821e3383caac8e8c5f226cf)
xkernel [Tue, 8 Mar 2022 11:48:54 +0000 (19:48 +0800)]
check the return of OPENSSL_sk_new_null
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/17836)
(cherry picked from commit
5266af87379aecb0ae6036dee88c1a0b8083a432)
Todd Short [Tue, 8 Mar 2022 14:36:43 +0000 (09:36 -0500)]
Set protocol in init_client()
If TCP is being used, protocol = 0 is passed to init_client(), then
protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17838)
(cherry picked from commit
54b6755702309487ea860e1cc3e60ccef4cf7878)
Dmitry Belyavskiy [Mon, 7 Mar 2022 16:05:57 +0000 (17:05 +0100)]
Avoid potential memory leak
Resolves #17827
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17828)
(cherry picked from commit
175355923046921a689b500f7a72455f7095708f)
xkernel [Mon, 7 Mar 2022 07:43:16 +0000 (15:43 +0800)]
check the return value of BIO_new_file()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17820)
(cherry picked from commit
625b0990a069a18917341e2f0fbe36327b0883b7)
Dr. Matthias St. Pierre [Tue, 8 Mar 2022 16:36:37 +0000 (17:36 +0100)]
README: add link to migration_guide manual page
which replaces the link to the OpenSSL 3.0 Wiki.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17849)
Matt Caswell [Tue, 8 Mar 2022 17:04:59 +0000 (17:04 +0000)]
Some platforms don't have pthread_atfork
We've had a report of a linker failure on some platforms (this one was
linux ARM) that apparently did not have pthread_atfork. It's strange that
this has not been reported before but the simplest solution is just to
remove this from the library since it isn't really used anyway.
Currently it is called to set up the fork handlers OPENSSL_fork_prepare,
OPENSSL_fork_parent and OPENSSL_fork_child. However all of those functions
are no-ops. This is a remnant from earlier code that got removed. We can
safely remove it now.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17842)
(cherry picked from commit
5979596247a73d1aec7310e4da0b6023ffd79623)
Marcel Raad [Wed, 2 Mar 2022 18:57:24 +0000 (19:57 +0100)]
android-x86 target: Add -latomic
Fixes https://github.com/openssl/openssl/issues/14083 again after being
broken by https://github.com/openssl/openssl/pull/15640.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17833)
(cherry picked from commit
b420e249370c4a85c4edd65fb445d20f9c19c44d)
Hugo Landau [Mon, 7 Mar 2022 10:48:13 +0000 (10:48 +0000)]
Fix test failure when testing with Test::Harness
Fixes an issue where, when the test suite was being run with the older
Test::Harness package, the test suite would not complete correctly due
to evaluation of $harness->runtests()->has_errors, which is only
available for the newer TAP::Parser::Aggregator code path.
Fixes #17818.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17823)
(cherry picked from commit
fe537f89cd6b75c10e717a0eb159f33710729b67)
Pauli [Fri, 25 Feb 2022 02:37:08 +0000 (13:37 +1100)]
fetch: convert a NULL property query to ""
Previously, a NULL property query was never cached and this lead to a
performance degregation. Now, such a query is converted to an empty string
and cached.
Fixes #17752
Fixes https://github.openssl.org/openssl/openssl/issues/26
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17769)
(cherry picked from commit
af788ad6c3624ccc4b49778a9ded2487b9dbeedd)
Hugo Landau [Wed, 2 Mar 2022 17:39:28 +0000 (17:39 +0000)]
Add EVP demos for RSA-PSS signing and verification
Two demos are provided: one using RSA-PSS directly in which a digest
must be provided, and one using RSA-PSS with the EVP_DigestSign APIs
which performs the hashing for you.
Fixes #14113.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17800)
(cherry picked from commit
e9492d1cecf459261f1f5ac0eb03e9c631600537)
Hugo Landau [Wed, 2 Mar 2022 09:50:41 +0000 (09:50 +0000)]
Add EVP demo for Poly1305 demonstrating Poly1305-AES
Fixes #14122.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17796)
(cherry picked from commit
3dafeacef8d7bf82e462cc52659681108db42e43)
Daniel [Mon, 28 Feb 2022 20:57:06 +0000 (20:57 +0000)]
Add demo for ARIA-256-CBC.
Fixes #14104
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17802)
(cherry picked from commit
376972773469e59a19acb9ebdecd3ddc290e391b)
Hugo Landau [Thu, 3 Mar 2022 08:20:05 +0000 (08:20 +0000)]
EVP demo for XOF digest using SHAKE256
This demo optionally accepts a single command line argument, allowing
the output length to be specified.
Fixes #14106.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17803)
(cherry picked from commit
4c8cdcd1cf74747a80b4f7dd323cd83ea6c985d8)
Hugo Landau [Tue, 1 Mar 2022 12:55:03 +0000 (12:55 +0000)]
Enable openssl req -x509 to create certificates from CSRs
`openssl req -x509` has code allowing it to generate certificates from CSRs
as a replacement for `openssl x509`, but a bug prevents it from working
properly. -CA and -CAkey can now be passed to generate a CA-signed
certificate as documented in openssl-req(1).
Regression testing has been added to `openssl req`.
Backport of #17782 to 3.0.
Fixes #17736.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17805)
Richard Levitte [Wed, 23 Feb 2022 10:00:39 +0000 (11:00 +0100)]
Rework dependencies between config files and build files
Before PR #15310, which reworked how build files (Makefile, ...) were
generated, everything was done when configuring, so configdata.pm
could depend on build file templates and we'd get away with it.
However, since building configdata.pm is now independent of the build
file templates, that dependency is unnecessary, and would lead to
surprises of the build file template is updated, with an unexpected
full reconfiguration as a result, when all that's needed is to run
configdata.pm with no flags to get the build file re-generated.
This change is therefore a completion of what was forgotten in #15310.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17756)
(cherry picked from commit
468d15179d6b0d0c2f5674bcbef66743925f2133)
Hugo Landau [Wed, 2 Mar 2022 13:08:53 +0000 (13:08 +0000)]
Add EVP demo for X25519 key exchange
This offers both a known answer test with fixed keys and also
demonstrates a more realistic usage with random keys.
Fixes #14118.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17799)
(cherry picked from commit
2cc7c9b6981d683711e76c3483f813701b686eb9)
Hugo Landau [Tue, 1 Mar 2022 17:48:11 +0000 (17:48 +0000)]
Fix typo in EVP_MD-BLAKE2(7)
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17790)
(cherry picked from commit
a3b4cd1d6e307c1b1607ee9270658b5baf0b9870)
Hugo Landau [Tue, 1 Mar 2022 16:47:03 +0000 (16:47 +0000)]
s_server: Do not use SSL_sendfile when KTLS is not being used
Fix a bug in `openssl s_server -WWW` where it would attempt to invoke
`SSL_sendfile` if `-ktls -sendfile` was passed on the command line, even
if KTLS has not actually been enabled, for example because it is not
supported by the host. Since `SSL_sendfile` is only supported when KTLS
is actually being used, this resulted in a failure to serve requests.
Fixes #17503.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17788)
(cherry picked from commit
aea68b0ddb7113b982ab503bf830d641e8425759)
Tomas Mraz [Thu, 10 Feb 2022 10:49:37 +0000 (11:49 +0100)]
Add back check for the DH public key size
This is needed for TLS-1.3.
Also add check for uncompressed point format for ECDHE as
the other formats are not allowed by RFC 8446.
Fixes #17667
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17785)
Hugo Landau [Tue, 1 Mar 2022 14:08:12 +0000 (14:08 +0000)]
Fix NULL pointer dereference for BN_mod_exp2_mont
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.
Regression test added. Fixes #17648.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17783)
(cherry picked from commit
43135a5d2274c24e97f50e16ce492c22eb717ab2)
Daniel [Mon, 21 Feb 2022 12:25:25 +0000 (13:25 +0100)]
Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.
Fixes #12491.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17744)
(cherry picked from commit
8bfb7506d210841f2ee4eda8afe96441a0e33fa5)
Nicola Tuveri [Wed, 23 Feb 2022 21:05:22 +0000 (23:05 +0200)]
[ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
(cherry picked from commit
d71151ae704847f4ac3f4a5f394ea64f1d229815)
Nicola Tuveri [Tue, 22 Feb 2022 14:26:26 +0000 (16:26 +0200)]
[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3
Fixes #17743
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
(cherry picked from commit
b139a95665eb023b38695d62d9dfc28f3fb89972)
Nicola Tuveri [Tue, 22 Feb 2022 12:47:11 +0000 (14:47 +0200)]
[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
(cherry picked from commit
66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4)
Tom Cosgrove [Mon, 14 Feb 2022 11:23:57 +0000 (11:23 +0000)]
aarch64: Fix async_fibre_swapcontext() on clang BTI builds
Reverting to using swapcontext() when compiling with clang on BTI-enabled
builds fixes the BTI setjmp() failure seen when running asynctest.
The issue with setjmp/longjmp is a known clang bug: see
https://github.com/llvm/llvm-project/issues/48888
Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17698)
(cherry picked from commit
d2d2401aed7ff45f4c013201944e1218dce12da7)
Jiasheng Jiang [Mon, 21 Feb 2022 01:51:54 +0000 (09:51 +0800)]
crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
(cherry picked from commit
366a16263959c0b6599f0b9ec18124d75560c6ef)
Jiasheng Jiang [Mon, 21 Feb 2022 02:10:23 +0000 (10:10 +0800)]
fuzz/fuzz_rand.c: Add check for OSSL_LIB_CTX_new
As the potential failure of the OPENSSL_zalloc(), the OSSL_LIB_CTX_new()
could return NULL.
Therefore, it should be better to check it and return error if fails in
order to guarantee the success of the initialization.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17738)
(cherry picked from commit
885d97fbf84fb9de7548a5f6d4e90798f719022a)
Matt Caswell [Tue, 22 Feb 2022 10:40:33 +0000 (10:40 +0000)]
Correct the UnsafeLegacyServerConnect docs
This option is no longer set by default from OpenSSL 3.0.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17748)
(cherry picked from commit
3d4dd8f272aafb05446c567c0919870880c6ddd1)
xkernel [Mon, 21 Feb 2022 07:17:46 +0000 (15:17 +0800)]
check the return value of CRYPTO_strdup()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17741)
(cherry picked from commit
37be6feeebfec87733e5cb4762fc12bebba9f124)
Pauli [Wed, 23 Feb 2022 22:52:52 +0000 (09:52 +1100)]
Change `strlen' argument name to `strlength' to avoid c++ reserved words.
Fixes #17753
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17764)
(cherry picked from commit
28e141c45d36757e052b72685fb874968f013d43)
Richard Levitte [Wed, 23 Feb 2022 08:05:10 +0000 (09:05 +0100)]
VMS: copy prologue/epilogue headers when header files are generated
This is crucial when the build tree isn't the source tree, as they
only take effect in directories where included header files reside.
The issue only comes up when linking with the static libraries, since
the shared libraries have upper case aliases of all symbols.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17755)
(cherry picked from commit
98b7b74122e66f63c4ec67a74e345c64a55c68db)
Jiasheng Jiang [Thu, 17 Feb 2022 09:47:00 +0000 (17:47 +0800)]
test/crltest.c: Add check for glue2bio
As the glue2bio() could return NULL pointer if fails,
it should be better to check the return value in order
to avoid the use of NULL pointer.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17718)
(cherry picked from commit
18cb1740cc0fd11940836fa2fcaf6d3634c00e90)
Jiasheng Jiang [Fri, 18 Feb 2022 02:13:08 +0000 (10:13 +0800)]
bio_enc.c: add check for BIO_new_mem_buf
Since the memory allocation may fail, the BIO_new_mem_buf() may
return NULL pointer.
Therefore, it should be better to check it and return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17730)
(cherry picked from commit
cf21d1c62dcd92be624ea0fb8a86d91e4fbeed93)
Carlo Teubner [Fri, 18 Feb 2022 10:00:52 +0000 (10:00 +0000)]
X509_VERIFY_PARAM_set_flags.pod: fix typos
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17731)
(cherry picked from commit
cbb6f4dbf0ce42b4cc4385d7b95236710504068d)
Matt Caswell [Tue, 22 Feb 2022 11:49:04 +0000 (11:49 +0000)]
Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num()
This macro and function were deprecated in the documentation but not in
the source.
Following an OTC vote the deprecation has been removed from the
documentation.
See https://github.com/openssl/technical-policies/issues/26
Fixes #17517
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17750)
(cherry picked from commit
42659159f4d4a8c16a0e9b089d40a5831b60cbb6)
msa42 [Mon, 21 Feb 2022 18:23:34 +0000 (18:23 +0000)]
doc: Fix KDF example for scrypt
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17745)
(cherry picked from commit
0bc2fda3d3b76bd07243aef3eb7f824da3820b2d)
Matt Caswell [Wed, 23 Feb 2022 11:16:07 +0000 (11:16 +0000)]
Fix a failure in sslapitest
The SNI test in test_cert_cb_int() was always failing because it used
SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the
correct libctx. PR #17739 amended the test to check the return value from
SSL_CTX_new() which made the failure obvious.
Fixes #17757
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17758)
(cherry picked from commit
7e1eda483ec9ead36c05066b45ecad618475544c)
xkernel [Mon, 21 Feb 2022 07:29:25 +0000 (15:29 +0800)]
check *libctx which is allocated by OSSL_LIB_CTX_new()
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17740)
(cherry picked from commit
8d215738a05350baa583c47a2c52371d9cff3197)
Jiasheng Jiang [Mon, 21 Feb 2022 02:54:29 +0000 (10:54 +0800)]
test/sslapitest.c: Add check for SSL_CTX_new
As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fails, like SSL_CTX_new_ex().
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17739)
(cherry picked from commit
b0317df2311769e02d9ceb4e7afe19521f8ffbf1)
Dr. David von Oheimb [Fri, 18 Feb 2022 08:36:00 +0000 (09:36 +0100)]
X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)
(cherry picked from commit
a044af49c43ec8fe099deeb5d06501ddf70abf7a)
Dr. David von Oheimb [Thu, 17 Feb 2022 18:43:55 +0000 (19:43 +0100)]
X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)
(cherry picked from commit
2455a21f4ef9826b465ba68fd96f26ea25b80b10)
Pauli [Tue, 15 Feb 2022 23:41:58 +0000 (10:41 +1100)]
x509: handle returns from X509_TRUST_get_by_id() more consistently
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)
(cherry picked from commit
7b3041eba1c6e177eede0d6311d53a6b9ff58051)
Jiasheng Jiang [Tue, 15 Feb 2022 09:45:04 +0000 (17:45 +0800)]
rand: Add missing check for rand_get_global
As the potential failure of the rand_get_global(),
for example fail to get lock, 'dgbl' could be NULL
pointer and be dereferenced later.
Therefore, it should be better to check it and return
error if fails, like RAND_get0_primary() and other callers.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17690)
(cherry picked from commit
09dca557332a2187598932388ac7bd7bbf16172b)
Jiasheng Jiang [Sat, 12 Feb 2022 11:27:09 +0000 (19:27 +0800)]
fuzz/asn1.c: Add missing check for BIO_new
Since the BIO_new may fail, the 'bio' could be NULL pointer and be used.
Therefore, it should be better to check it and skip the print if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17690)
(cherry picked from commit
d43597c718dd6e4f2b18d5cec1eb791503a18988)
yangyangtiantianlonglong [Wed, 16 Feb 2022 15:33:17 +0000 (23:33 +0800)]
doc: Refactored the example in crypto.pod
Added return value and error code in the sample
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)
(cherry picked from commit
4a4f446008938775c2bea3001c4c8e7a674992ad)
Armin Fuerst [Fri, 11 Feb 2022 18:46:12 +0000 (19:46 +0100)]
Prefix output to avoid random ok to confuse test parser
Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.
Also corrected indent and removed useless comma after last item.
Fixes #17480
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17689)
(cherry picked from commit
b089d546242bbc073aefb6f6471586e484118863)
Jiasheng Jiang [Wed, 16 Feb 2022 03:27:23 +0000 (11:27 +0800)]
apps/s_server: Add missing check for BIO_new
As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the dereference of NULL pointer.
And because 'bio_s_msg' is checked before being used everytime, which has no need to add the check.
But 'bio_s_out' is not.
And since the check 'if (bio_s_out == NULL)' is redundant, it can be removed to make the code succincter.
Also the 'sbio' and so forth should be checked like the other places in the same file.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17710)
(cherry picked from commit
ba0b60c632ae9c5590b59184281baaf0a39f0c24)
Jiasheng Jiang [Thu, 10 Feb 2022 07:41:40 +0000 (15:41 +0800)]
apps/ocsp: Add check for OPENSSL_strdup
Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
Since OPENSSL_strdup() may fail because of the lack of memory,
the 'itmp' will be NULL and be an valid parameter hashed in
TXT_DB_get_by_index(), returning a wrong result.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17677)
(cherry picked from commit
8f084b43803d53e15d83ed130210f026f84679ff)
Jiasheng Jiang [Wed, 9 Feb 2022 15:04:25 +0000 (23:04 +0800)]
s_server: Add check for OPENSSL_strdup
Since the OPENSSL_strdup() may return NULL if allocation
fails, the 'port' could be NULL.
And then it will be used in do_server(), which can accept
NULL as an valid parameter.
That means that the system could run with a wrong parameter.
Therefore it should be better to check it, like the other
memory allocation.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17673)
(cherry picked from commit
0c5905581e9d1d79d62cac56a0e3c2ed487afecf)
Todd Short [Wed, 9 Feb 2022 20:59:37 +0000 (15:59 -0500)]
Force macOS 10.15 or later to be 64-bit
macOS Catalina (10.15) no longer supports 32-bit applications.
Do not wait 5 seconds to give the user the option of using KERNEL_BITS=32
Do not accept the KERNEL_BITS=32 option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17675)
(cherry picked from commit
b926548b362531e8a64e7482c081611fab7183a8)
Jiasheng Jiang [Mon, 7 Feb 2022 11:13:43 +0000 (19:13 +0800)]
dh_exch.c: Add check for OPENSSL_strdup
Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17651)
(cherry picked from commit
c920020f0bb13f0d2bf0fcad5c7ee63458b633b4)
Tomas Mraz [Fri, 11 Feb 2022 08:44:52 +0000 (09:44 +0100)]
Apply the correct Apache v2 license
There were still a few files mentioning the old OpenSSL license.
Fixes #17684
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17686)
(cherry picked from commit
7585073892af9cffd28b7b5872c2b102b99af807)
Jiasheng Jiang [Thu, 10 Feb 2022 03:21:47 +0000 (11:21 +0800)]
openssl rehash: add check for OPENSSL_strdup
As the potential failure of the memory allocation,
it should be better to check the return value of
OPENSSL_strdup() and return error if fails.
Also, we need to restore the 'ep' to be NULL if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17676)
(cherry picked from commit
79cda38cff834224fb9d86dc7433b4f60688ce49)
Daniel [Wed, 9 Feb 2022 15:23:46 +0000 (16:23 +0100)]
Use C locale in Bash scripts.
Fixes openssl#17228.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17674)
(cherry picked from commit
bd654f7e98e13c0dc3b5c707880b9a77ba9e342f)
Bernd Edlinger [Fri, 14 Jan 2022 09:01:29 +0000 (10:01 +0100)]
Cleanup record length checks for KTLS
In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unprocessed packets are still pending.
Add at least some tests for KTLS, since we have
currently not very much test coverage for KTLS.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17504)
(cherry picked from commit
8fff986d52606e1a33f9404504535e2e2aee3e8b)