Pauli [Tue, 6 Apr 2021 02:25:58 +0000 (12:25 +1000)]
Remove locking in CRYPTO_secure_allocated()
The check for being in secure memory is against the arena. The arena is only
ever modified by sh_init() and sh_done() and in both cases, it is done without
locking. Thus, it is safe for the CRYPTO_secure_allocated() to not lock.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)
Pauli [Tue, 6 Apr 2021 02:24:06 +0000 (12:24 +1000)]
Make the lock in CRYPTO_secure_allocated() a read lock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)
Fangming.Fang [Fri, 2 Apr 2021 11:17:05 +0000 (11:17 +0000)]
Fix AES-CBC perf test failure issue
As ossl_cipher_generic dosen't support to set key length, and
"openssl speed aes-(128|192|256)-cbc" tests fail. A small fix by
adding OSSL_CIPHER_PARAM_KEYLEN params.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14777)
Nan Xiao [Tue, 6 Apr 2021 08:14:46 +0000 (16:14 +0800)]
Fix typo in store_meth.c
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14776)
Nan Xiao [Tue, 30 Mar 2021 08:30:47 +0000 (16:30 +0800)]
Remove unnecessary setting SSL_MODE_AUTO_RETRY
Since SSL_MODE_AUTO_RETRY is enabled by default, no need to set
it explicitly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14742)
Sahana Prasad [Mon, 22 Mar 2021 22:44:22 +0000 (23:44 +0100)]
Adds a new lock to read default_path and uses a strdup() on default_path before using it
Fixes #14483
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14650)
Pauli [Sun, 4 Apr 2021 03:58:22 +0000 (13:58 +1000)]
Ensure that the negative flag is correct set for ASN1 integer types.
Reported by: Scott McPeak <scott.g.mcpeak@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14768)
Pauli [Sun, 4 Apr 2021 03:52:06 +0000 (13:52 +1000)]
Check for integer overflow in i2a_ASN1_OBJECT and error out if found.
Problem reported by Scott McPeak <scott.g.mcpeak@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14768)
Nan Xiao [Thu, 1 Apr 2021 05:55:04 +0000 (13:55 +0800)]
Fix potential double free in sslapitest.c
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14758)
Tomas Mraz [Thu, 1 Apr 2021 15:14:43 +0000 (17:14 +0200)]
Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.
Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.
Fixes #14276
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
Richard Levitte [Wed, 15 Apr 2020 10:54:23 +0000 (12:54 +0200)]
Include BN assembler alongside CPUID code
It turns out that some CPUID code requires the presence of some BN
assembler code, so we make sure it's included in the same manner as
the CPUID code itself.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14755)
Richard Levitte [Wed, 11 Mar 2020 16:38:46 +0000 (17:38 +0100)]
Refactor CPUID code
We were using CPUID coded in several modules, but it was unclear how
it actually got there, and could fail randomly.
To remedy that, this change separates the CPUID C code from the rest
of cryptlib.c, and ensures the right modules get both that and the
assembler sources explicitly.
Fixes #11281
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14755)
Richard Levitte [Tue, 16 Mar 2021 13:45:07 +0000 (14:45 +0100)]
APPS: Replace the use of OBJ_nid2ln() with name or description calls
With new provided algorithms added, we'd rather rely on the names and
descriptions that we get from the providers.
Specifically with the 'openssl list' command, we now display the
description of all algorithms. For '-public-key-algorithms', we
additionally print key type information a bit more like we do for
legacy methods.
We also add descriptions to all our keymgmt functions, because the
built in EVP_PKEY_ASN1_METHODs had them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
Richard Levitte [Tue, 16 Mar 2021 13:23:54 +0000 (14:23 +0100)]
EVP: Add EVP_<TYPE>_description()
The following operation types are covered:
EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF. Also EVP_PKEY.
For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.
For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
Richard Levitte [Tue, 16 Mar 2021 13:30:59 +0000 (14:30 +0100)]
Add OSSL_STORE_LOADER_description()
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
Richard Levitte [Tue, 16 Mar 2021 13:21:42 +0000 (14:21 +0100)]
Add OSSL_DECODER_description() and OSSL_ENCODER_description()
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
Richard Levitte [Tue, 16 Mar 2021 13:14:43 +0000 (14:14 +0100)]
CORE: Add an algorithm_description field to OSSL_ALGORITHM
This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well
as the generic use of OBJ_nid2ln() as a one line description.
We also add the base functionality to make use of this field.
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
Randall S. Becker [Fri, 26 Mar 2021 12:34:49 +0000 (06:34 -0600)]
Corrected missing definitions from NonStop SPT build.
This change includes swapping the PUT and SPT configuration,
includes of sys/stat.h and sys/types.h in the correct scope
to be picked up by SPT definitions.
Fixes: #14698
Fixes: #14734
CLA: The author has the permission to grant the OpenSSL Team the right to use this change.
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14736)
Tomas Mraz [Tue, 30 Mar 2021 11:23:12 +0000 (13:23 +0200)]
DSA_generate_parameters_ex: use the old method for all small keys
Fixes #14733
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14744)
Nan Xiao [Wed, 31 Mar 2021 04:02:32 +0000 (12:02 +0800)]
Fix typos in ssl_lib.c
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14751)
luyahan [Mon, 29 Mar 2021 07:33:23 +0000 (16:33 +0900)]
Add riscv64 target
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14723)
Nan Xiao [Mon, 29 Mar 2021 09:24:01 +0000 (17:24 +0800)]
Remove unnecessary BIO_do_handshake()s
Since BIO_do_connect() and BIO_do_handshake() are same, no
need to invoke BIO_do_handshake() once more after BIO_do_connect().
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14725)
Tomas Mraz [Tue, 30 Mar 2021 15:41:03 +0000 (17:41 +0200)]
Add "save-parameters" encoder parameter
The parameter makes the dsa key encoder to skip saving the DSA
key parameters similarly to what the legacy dsa key encoder did.
Fixes #14362
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14746)
Tomas Mraz [Fri, 26 Mar 2021 16:57:16 +0000 (17:57 +0100)]
Avoid going through NID when unnecessary
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
Tomas Mraz [Fri, 26 Mar 2021 16:53:59 +0000 (17:53 +0100)]
EVP_CIPHER_type: fix misleading argument name
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
Tomas Mraz [Fri, 26 Mar 2021 16:53:00 +0000 (17:53 +0100)]
Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
Fixes #14393
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
Tomas Mraz [Fri, 26 Mar 2021 16:50:03 +0000 (17:50 +0100)]
OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256
The comment is bogus as that call for NID_sha256 does not do
anything else than looking up the string in an internal table.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
Tomas Mraz [Fri, 26 Mar 2021 16:48:31 +0000 (17:48 +0100)]
EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
Shane Lontis [Tue, 30 Mar 2021 05:39:27 +0000 (15:39 +1000)]
Add macosx build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14738)
Shane Lontis [Tue, 30 Mar 2021 03:04:52 +0000 (13:04 +1000)]
Test miminal windows build using Github actions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14737)
Shane Lontis [Mon, 29 Mar 2021 03:38:00 +0000 (13:38 +1000)]
Add a range check (from SP800-56Ar3) to DH key derivation.
Fixes #14401
Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)
Dr. David von Oheimb [Mon, 29 Mar 2021 17:39:57 +0000 (19:39 +0200)]
CHANGES.md: reflect OSSL_HTTP_REQ_CTX_i2d renamed to OSSL_HTTP_REQ_CTX_set1_req
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
Dr. David von Oheimb [Mon, 8 Mar 2021 12:47:33 +0000 (13:47 +0100)]
OSSL_HTTP_REQ_CTX_transfer(): improve distinction of send error vs. receive error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
Dr. David von Oheimb [Mon, 8 Mar 2021 08:59:35 +0000 (09:59 +0100)]
OSSL_parse_url(): Improve handling of IPv6 addresses
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
Dr. David von Oheimb [Mon, 8 Mar 2021 08:26:28 +0000 (09:26 +0100)]
80-test_cmp_http.t: Add diagnostic info on starting/stopping mock server
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
Dr. David von Oheimb [Mon, 8 Mar 2021 08:25:54 +0000 (09:25 +0100)]
http_client.c: Prevent spurious error queue entry on NULL mem argument
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
Dr. David von Oheimb [Sat, 20 Mar 2021 21:04:58 +0000 (22:04 +0100)]
HTTP: Fix method_POST param by moving it to OSSL_HTTP_REQ_CTX_set_request_line()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14699)
Rich Salz [Wed, 6 Jan 2021 01:26:05 +0000 (20:26 -0500)]
Add a local perl module to get year last changed
This is used for generating a more-correct copyright statement
for the "build_generated" targets.
Fixes: #13765
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13791)
Randall S. Becker [Mon, 29 Mar 2021 19:45:40 +0000 (13:45 -0600)]
Split Makefile clean recipe for document sets into individual lines.
This is needed for less capable platforms with limits on the size of
command line argument lists.
Fixes #14732
CLA: The author has the permission to grant the OpenSSL Team the right to use this change.
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14735)
Richard Levitte [Mon, 29 Mar 2021 16:55:01 +0000 (18:55 +0200)]
EVP: One stray comma removed in crypto/evp/ctrl_params_translate.c
Commas at the end of a list of items isn't allowed by ANSI C.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
Randall S. Becker [Mon, 29 Mar 2021 16:26:10 +0000 (10:26 -0600)]
Added guarding #ifndef/#define to avoid duplicate include of crypto/types.h
Fixes #14730
CLA: The author has the permission to grant the OpenSSL Team the right to use this change.
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
Richard Levitte [Mon, 29 Mar 2021 14:04:21 +0000 (16:04 +0200)]
Re-implement ANSI C building with a Github workflow
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
Benjamin Kaduk [Mon, 22 Mar 2021 22:02:04 +0000 (15:02 -0700)]
Increase HKDF_MAXBUF from 1024 to 2048
We've encountered some scenarios that need to use more than 1 kB of
data as the HKDF-Expand() "info" argument (which, per RFC 5869,
contains "optional context and application specific information").
Since HKDF_MAXBUF is used to size an array in the HKDF_PKEY_CTX
structure, this adds 1 kB of memory footprint to each EVP_PKEY_CTX
used for HKDF.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14649)
Matt Caswell [Fri, 26 Mar 2021 16:49:27 +0000 (16:49 +0000)]
Fix change in behaviour of EVP_PKEY_CTRL_RSA_KEYGEN_BITS
In 1.1.1 the ctrl EVP_PKEY_CTRL_RSA_KEYGEN_BITS would fail immediately
if the number of bits was too small. In 3.0 it always succeeds, and only
fails later during the key generation stage.
We fix that so that it fails early like it used to in 1.1.1.
Note that in 1.1.1 it fails with a -2 return code. That is not the case
in 3.0 and has not been addressed here (see #14442)
Fixes #14443
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14702)
Mohamed Akram [Wed, 10 Mar 2021 14:59:13 +0000 (18:59 +0400)]
doc: fix enc -z option documentation
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14499)
Alex Yursha [Tue, 9 Mar 2021 20:07:26 +0000 (10:07 -1000)]
Print correct error message in utils/mkdir-p.pl
Commit
70a56b914772e6b21cda2a5742817ae4bb7290f1 introduced a regression.
If utils/mkdir-p.pl fails to create a target dir because of insufficient file system
permissions, the subsequent test for dir existence always fails and overwrites
the system error. As a result, a user is presented with a misleading error message.
E.g. if a user tries to create a dir under /usr/local and does not have permissions
for it, the reported error message is "Cannot create directory /usr/local/lib: No such file or directory",
whereas the expected error message is "Cannot create directory /usr/local/lib: Permission denied".
This commit introduces a fix by declaring an additional local variable to cache
the original error message from mkdir. If -d check fails and overwrites the system
error, the user is still presented with the original error from mkdir.
CLA: Trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14487)
David Benjamin [Fri, 19 Mar 2021 18:00:35 +0000 (14:00 -0400)]
Merge OFB encrypt and decrypt test vectors.
There's no point in specifying them separately, since they're the same.
Also the OFB-AES192.Decrypt vectors specified the wrong operation, so we
were running some encryption tests twice and missing some decryption
tests.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14625)
Randall S. Becker [Tue, 23 Mar 2021 20:42:36 +0000 (14:42 -0600)]
Add explicit support in util/shlib_wrap.sh.in for NonStop DLL loading.
The NonStop platform uses a proprietary mechanism for specifying DLL
locations.
CLA: Permission is granted by the author to the OpenSSL team to use these modifications.
Fixes #14666
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14669)
Andrey Matyukov [Wed, 24 Mar 2021 07:05:29 +0000 (10:05 +0300)]
Increase minimum clang version requirement for rsaz-avx512.pl
The reason is that clang-6 does not enable proper -march flags by
default for assembly modules (rsaz-avx512.pl requires avx512ifma, avx512dq,
avx512vl, avx512f). This is not true for newer clang versions - clang-7 and
further work ok.
For older clang versions users who want to get optimization from this
file, we have a note in the OPENSSL_ia32cap.pod with the workaround that
proposes having a wrapper that forces using external assembler.
Fixes #14668: clang-6.0.0 build broken
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14671)
Nan Xiao [Sat, 27 Mar 2021 10:23:59 +0000 (18:23 +0800)]
Fix typos in bio.pod
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14706)
Pauli [Mon, 29 Mar 2021 01:19:33 +0000 (11:19 +1000)]
ssl: fix problem where MAC IDs were globally cached.
Instead, they should be cached per SSL_CTX.
This also addresses a threading issue where multiple attempts to write the
same location occur. The last one winning. Under 1.1.1, this wasn't an issue
but under 3.0 with library contexts, the results can and will be different.
Fixes #13456
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14715)
Pauli [Mon, 29 Mar 2021 02:37:43 +0000 (12:37 +1000)]
apps: fix coverity
1474463,
1474465 &
1474467: resource leaks
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
Pauli [Mon, 29 Mar 2021 02:33:02 +0000 (12:33 +1000)]
test: fix coverity
1474468: resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
Pauli [Mon, 29 Mar 2021 02:30:40 +0000 (12:30 +1000)]
evp: fix coverity
1474469: negative return
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
Pauli [Mon, 29 Mar 2021 02:29:10 +0000 (12:29 +1000)]
x509: fix coverity
1474470: NULL pointer dereference
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
Pauli [Mon, 29 Mar 2021 02:28:10 +0000 (12:28 +1000)]
x509: fix coverity
1474471: NULL pointer dereference
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
Nan Xiao [Mon, 29 Mar 2021 04:05:27 +0000 (12:05 +0800)]
Fix typo in BIO_push.pod
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14718)
Nan Xiao [Mon, 29 Mar 2021 04:24:08 +0000 (12:24 +0800)]
Fix BIO_new_ssl_connect() to not leak memory
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14719)
Richard Levitte [Mon, 29 Mar 2021 10:36:34 +0000 (12:36 +0200)]
Android config targets: don't include the SO version in the shlib file name
Reports say that the Android platform(s) don't have the SO version
number in the shared library file name. Reportedly, Android package
managers do complain that our shared libraries do include the SO
version number. That's easy enough to fix.
Fixes #14711
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14727)
Richard Levitte [Mon, 29 Mar 2021 10:23:40 +0000 (12:23 +0200)]
Unix build file template: symlink "simple" to "full" shlib selectively
On Unix-like platforms where the shared library comes in a form with
and a form without SO version number, the one without is symbolically
linked to the one with.
However, we have Unix-like platforms where we don't deal with SO
version numbers, and where the "simple" shlib thereby ends up being
symbolically linked to itself. A simple check of the two shlib file
names is enough to ensure that we only do the symbolic link when
actually necessary.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14726)
Shane Lontis [Mon, 22 Mar 2021 02:04:34 +0000 (12:04 +1000)]
Fix DH gettable OSSL_PKEY_PARAM_DH_PRIV_LEN so that it has the correct
type.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14564)
Shane Lontis [Mon, 15 Mar 2021 23:39:19 +0000 (09:39 +1000)]
Update deprecated API's in the documentation.
The reported issue related to EC_KEY deprecations
Fixes #14545
Searches were done in the pod files for all libcrypto.num
entries containing DEPRECATEDIN_3_0 to find additional missing entries.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14564)
Andrey Matyukov [Thu, 25 Mar 2021 11:46:13 +0000 (14:46 +0300)]
Moved build instructions from the man page
Some requirements and build hints for assembler modules compilation were
moved from doc/man3/OPENSSL_ia32cap.pod to INSTALL.md.
Fixes #14674
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14683)
Randall S. Becker [Thu, 18 Mar 2021 22:45:28 +0000 (16:45 -0600)]
Add $(PERL) to util/wrap.pl execution to avoid env incompatibilities
Using /usr/bin/env on the NonStop ia64 and x86 platforms
causes a translation of - to -i as part of the implicit interpretation
by env of its arguments prior to handing off the arguments to perl.
This causes the FIPS module configuration to be written to a file
named -i instead of going to stdout.
CLA: Trivial
Fixes: #14612
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14613)
Nan Xiao [Sat, 27 Mar 2021 09:56:35 +0000 (17:56 +0800)]
Fix typo in bio.h.in
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14705)
Tomas Mraz [Fri, 19 Mar 2021 17:45:43 +0000 (18:45 +0100)]
Implement EVP_PKEY_dup() function
Fixes #14501
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14624)
Tomas Mraz [Fri, 19 Mar 2021 15:01:55 +0000 (16:01 +0100)]
Remove RSA bignum_data that is not used anywhere
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14624)
Pauli [Fri, 26 Mar 2021 00:05:08 +0000 (10:05 +1000)]
doc: fix style problems with this man page
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
Pauli [Thu, 25 Mar 2021 07:53:57 +0000 (17:53 +1000)]
Fix X509_PUBKEY_dup() to not leak memory
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
Pauli [Thu, 25 Mar 2021 02:05:54 +0000 (12:05 +1000)]
test: add test case for X508_PUBKEY_dup() function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
Pauli [Thu, 25 Mar 2021 01:55:06 +0000 (11:55 +1000)]
doc: add documentation for the X509_PUBKEY_dup() function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
Sahana Prasad [Mon, 22 Mar 2021 10:04:45 +0000 (11:04 +0100)]
Allocates and initializes pubkey in X509_PUBKEY_dup()
Fixes #14617
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
Shane Lontis [Fri, 26 Mar 2021 03:47:39 +0000 (13:47 +1000)]
Fix Build issue on Oracle Linux x64
'typedef struct ecx_key_st ECX_KEY' was defined multiple times.
It is defined inside include/crypto/types.h which is included from include/crypto/ecx.h.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14693)
Shane Lontis [Fri, 26 Mar 2021 03:20:17 +0000 (13:20 +1000)]
Disable cmp_http test on AIX
AIX has permission problems of the form:
lsof: can't open /dev/mem: Permission denied
lsof: can't open /dev/kmem: Permission denied
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14692)
Richard Levitte [Wed, 10 Mar 2021 21:24:11 +0000 (22:24 +0100)]
TEST: Cleanup test recipes
Name mixups cleared, and a few more test case result files that
arent't removed, making forensics on failed tests easier.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14505)
Tomas Mraz [Thu, 25 Mar 2021 13:57:16 +0000 (14:57 +0100)]
Make the SM2 group the default group for the SM2 algorithm
Fixes #14481
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14684)
Tomas Mraz [Thu, 25 Mar 2021 11:46:29 +0000 (12:46 +0100)]
Remove the external BoringSSL test
Fixes #14424
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14682)
Alexander Traud [Tue, 23 Mar 2021 16:32:44 +0000 (17:32 +0100)]
ssl/ssl_ciph.c: update format string, again
Commit
2664810 changed everything except the encoding.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14673)
Dr. David von Oheimb [Sat, 20 Mar 2021 21:49:27 +0000 (22:49 +0100)]
HTTP: Fix mem leak of OSSL_HTTP_REQ_CTX_transfer(), rename to ossl_http_req_ctx_transfer()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14678)
Dr. David von Oheimb [Sat, 20 Mar 2021 21:17:46 +0000 (22:17 +0100)]
HTTP: Rename OSSL_HTTP_REQ_CTX_i2d() to OSSL_HTTP_REQ_CTX_set1_req()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14677)
Richard Levitte [Wed, 24 Mar 2021 18:51:01 +0000 (19:51 +0100)]
RSA-PSS: When printing parameters, always print the trailerfield ASN.1 value
The legacy implementation would print the ASN.1 value of the trailerfield,
except when it wasn't set (i.e. is default).
For better consistency, we now always print the ASN.1 value, both in the
legacy and the provided implementation.
Fixes #14363
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14676)
Pauli [Wed, 24 Mar 2021 04:02:48 +0000 (14:02 +1000)]
doc: life-cycle descritpion for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
Pauli [Wed, 24 Mar 2021 03:38:57 +0000 (13:38 +1000)]
doc: note that MAC lifecycle transitions will be enforced at some point
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
Pauli [Wed, 24 Mar 2021 03:35:41 +0000 (13:35 +1000)]
doc: life-cycle descritpion for RANDs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
Pauli [Wed, 24 Mar 2021 03:12:40 +0000 (13:12 +1000)]
doc: note that RAND lifecycle transitions will be enforced at some point
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
Pauli [Thu, 11 Mar 2021 23:46:56 +0000 (09:46 +1000)]
doc: life-cycle description for KDFs/PRFs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
Pauli [Thu, 11 Mar 2021 23:46:05 +0000 (09:46 +1000)]
doc: note that KDF/PRF transitions will be enforced at some future point
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
Pauli [Thu, 11 Mar 2021 22:46:55 +0000 (08:46 +1000)]
doc: add life-cycle source files
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
Pauli [Thu, 18 Mar 2021 23:46:03 +0000 (09:46 +1000)]
test: fix coverity
1473609 &
1473610: unchecked return values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:43:24 +0000 (09:43 +1000)]
evp: fix coverity
1473378: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:41:34 +0000 (09:41 +1000)]
params: fix coverity
1473069: unchecked return values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:40:05 +0000 (09:40 +1000)]
evp: fix coverity
1467500 &
1467502: unchecked return values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:35:05 +0000 (09:35 +1000)]
apps: fix coverity
1455340: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:30:07 +0000 (09:30 +1000)]
test: fix coverity
1451550: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:22:50 +0000 (09:22 +1000)]
test: fix coverity
1429210: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:19:08 +0000 (09:19 +1000)]
test: fix coverity
1416888: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:14:40 +0000 (09:14 +1000)]
test: fix coverity
1414451: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 23:11:02 +0000 (09:11 +1000)]
apps: fix coverity
1358776,
1451513,
1451519,
1451531 &
1473387: unchecked return values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Thu, 18 Mar 2021 22:44:09 +0000 (08:44 +1000)]
test: fix coverity
1338157: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14615)
Pauli [Fri, 19 Mar 2021 03:05:16 +0000 (13:05 +1000)]
encoder: fix coverity
1473235: null dereference
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14618)