Tomas Mraz [Thu, 13 Jan 2022 18:02:31 +0000 (19:02 +0100)]
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
Tomas Mraz [Thu, 13 Jan 2022 18:01:33 +0000 (19:01 +0100)]
Do not call ossl_ffc_name_to_dh_named_group with NULL argument
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
Tomas Mraz [Thu, 13 Jan 2022 18:00:13 +0000 (19:00 +0100)]
Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114
Fixes #17485
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
EasySec [Thu, 13 Jan 2022 22:30:30 +0000 (23:30 +0100)]
Fix typo in SSL_CTX_set_dh_auto
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)
Dmytro Podgornyi [Wed, 12 Jan 2022 17:25:23 +0000 (19:25 +0200)]
ssl/t1_enc: Fix kTLS RX offload path
During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)
Pauli [Sat, 1 Jan 2022 01:43:31 +0000 (12:43 +1100)]
property: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.
This takes out the lock step stacks that allow a fast property to name
resolution. Follow on from #17325.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17388)
Dr. David von Oheimb [Fri, 6 Aug 2021 10:11:13 +0000 (12:11 +0200)]
Fix malloc failure handling of X509_ALGOR_set0()
Also update and slightly extend the respective documentation and simplify some code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16251)
manison [Wed, 12 Jan 2022 19:53:48 +0000 (20:53 +0100)]
EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails
Fixes #17482
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)
fangming.fang [Fri, 24 Dec 2021 08:29:04 +0000 (08:29 +0000)]
SM3 acceleration with SM3 hardware instruction on aarch64
SM3 hardware instruction is optional feature of crypto extension for
aarch64. This implementation accelerates SM3 via SM3 instructions. For
the platform not supporting SM3 instruction, the original C
implementation still works. Thanks to AliBaba for testing and reporting
the following perf numbers for Yitian710:
Benchmark on T-Head Yitian-710 2.75GHz:
Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
sm3 49297.82k 121062.63k 223106.05k 283371.52k 307574.10k 309400.92k
After (33% - 74% faster):
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
sm3 65640.01k 179121.79k 359854.59k 481448.96k 534055.59k 538274.47k
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17454)
Shreenidhi Shedi [Wed, 12 Jan 2022 15:25:38 +0000 (20:55 +0530)]
Add a comment to indicate ineffective macro
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards
CLA: trivial
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17484)
Pauli [Thu, 13 Jan 2022 01:30:59 +0000 (12:30 +1100)]
coverity
1497107: dereference after null check
Add null checks to avoid dereferencing a pointer that could be null.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17488)
Dmitry Belyavskiy [Wed, 12 Jan 2022 15:54:45 +0000 (16:54 +0100)]
Cleansing all the temporary data for s390x
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17486)
Tomas Mraz [Wed, 12 Jan 2022 08:55:43 +0000 (09:55 +0100)]
test_gendhparam: Drop expected error output
Otherwise it sometimes confuses the TAP parser.
Fixes #17480
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)
Matt Caswell [Tue, 11 Jan 2022 17:13:39 +0000 (17:13 +0000)]
Clear md_data only when necessary
PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)
Pauli [Wed, 12 Jan 2022 03:22:29 +0000 (14:22 +1100)]
threadstest: use locking for tsan operations if required
Not all platforms support tsan operations, those that don't need to have an
alternative locking path.
Fixes #17447
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 04:01:17 +0000 (15:01 +1100)]
drbg: add handling for cases where TSAN isn't available
Most of the DRGB code is run under lock from the EVP layer. This is relied
on to make the majority of TSAN operations safe. However, it is still necessary
to enable locking for all DRBGs created.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:45:07 +0000 (14:45 +1100)]
lhash: use lock when TSAN not available for statistics gathering
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:25:46 +0000 (14:25 +1100)]
mem: do not produce usage counts when tsan is unavailable.
Doing the tsan operations under lock would be difficult to arrange here (locks
require memory allocation).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:25:35 +0000 (14:25 +1100)]
object: use updated tsan lock detection capabilities
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:22:23 +0000 (14:22 +1100)]
core namemap: use updated tsan lock detection capabilities
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 02:26:38 +0000 (13:26 +1100)]
tsan: make detecting the need for locking when using tsan easier
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 03:24:49 +0000 (14:24 +1100)]
threadstest: add write check to lock checking
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
Pauli [Wed, 12 Jan 2022 01:28:29 +0000 (12:28 +1100)]
Avoid using a macro expansion in a macro when statically initialising
Circumvents a problem with ancient PA-RISC compilers on HP/UX.
Fixes #17477
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)
Gerd Hoffmann [Tue, 11 Jan 2022 07:51:31 +0000 (08:51 +0100)]
drop unused callback variable
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17471)
Tomas Mraz [Mon, 10 Jan 2022 16:09:59 +0000 (17:09 +0100)]
EVP_DigestSignFinal: *siglen should not be read if sigret == NULL
This fixes small regression from #16962.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)
Pauli [Mon, 10 Jan 2022 00:36:24 +0000 (11:36 +1100)]
param dup: add errors to failure returns
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
Pauli [Mon, 10 Jan 2022 00:33:06 +0000 (11:33 +1100)]
param build set: add errors to failure returns
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
Pauli [Mon, 10 Jan 2022 00:31:45 +0000 (11:31 +1100)]
param build: add errors to failure returns
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
Pauli [Mon, 10 Jan 2022 00:10:34 +0000 (11:10 +1100)]
test: check for properly raised errors during param conversion
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
Pauli [Fri, 7 Jan 2022 11:11:10 +0000 (22:11 +1100)]
params: add error messages for built in param conversions
Specifically:
* out of range
* unsigned negatives
* inexact reals
* bad param types
* buffers that are too small
* null function arguments
* unknown sizes of real
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
Pauli [Fri, 7 Jan 2022 11:10:38 +0000 (22:10 +1100)]
err: add additional errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
Tomas Mraz [Mon, 10 Jan 2022 16:26:33 +0000 (17:26 +0100)]
pkeyutl: Fix regression with -kdflen option
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17461)
Matt Caswell [Mon, 10 Jan 2022 14:46:46 +0000 (14:46 +0000)]
Ensure we test fetching encoder/decoder/store loader with a query string
Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)
Matt Caswell [Mon, 10 Jan 2022 14:45:16 +0000 (14:45 +0000)]
Fix Decoder, Encoder and Store loader fetching
Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()
Fixes #17456
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)
Matt Caswell [Fri, 7 Jan 2022 17:30:39 +0000 (17:30 +0000)]
Clarify the int param getter documentation
OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)
Dmitry Belyavskiy [Sun, 9 Jan 2022 16:39:41 +0000 (17:39 +0100)]
Don't run TLSFuzzer tests when it is not properly set
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17448)
Dr. David von Oheimb [Tue, 24 Aug 2021 10:03:12 +0000 (12:03 +0200)]
APPS: Add check for multiple 'unknown' options
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
Dr. David von Oheimb [Tue, 24 Aug 2021 10:27:12 +0000 (12:27 +0200)]
PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
Matt Caswell [Thu, 23 Dec 2021 13:59:12 +0000 (13:59 +0000)]
Statically link the legacy provider to endecode_test
We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.
Fixes #17059
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17345)
Matt Caswell [Wed, 29 Dec 2021 16:39:11 +0000 (16:39 +0000)]
Add a test for a custom digest created via EVP_MD_meth_new()
We check that the init and cleanup functions for the custom method are
called as expected.
Based on an original reproducer by Dmitry Belyavsky from issue #17149.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
Matt Caswell [Fri, 10 Dec 2021 17:17:27 +0000 (17:17 +0000)]
Fix a leak in EVP_DigestInit_ex()
If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.
Fixes #17149
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
Matt Caswell [Fri, 10 Dec 2021 16:53:02 +0000 (16:53 +0000)]
Ensure that MDs created via EVP_MD_meth_new() go down the legacy route
MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
Tomas Mraz [Wed, 5 Jan 2022 15:50:00 +0000 (16:50 +0100)]
EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt
The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.
Fixes #17424
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)
Gerd Hoffmann [Fri, 7 Jan 2022 11:58:27 +0000 (12:58 +0100)]
crypto/bio: fix build on UEFI
When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:
crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled
Fix that by using EFIAPI calling convention when compiling for UEFI.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)
David Benjamin [Wed, 29 Dec 2021 18:05:12 +0000 (13:05 -0500)]
Don't use __ARMEL__/__ARMEB__ in aarch64 assembly
GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.
However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.
Over time, the aarch64 assembly has switched to the correct defines,
such as in
32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.
(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17373)
Dr. David von Oheimb [Thu, 6 Jan 2022 22:14:27 +0000 (23:14 +0100)]
check-format.pl: Fix report on space before ';' and allow it after ')'
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)
Dr. David von Oheimb [Thu, 6 Jan 2022 21:54:20 +0000 (22:54 +0100)]
check-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)
Dr. David von Oheimb [Thu, 6 Jan 2022 21:05:22 +0000 (22:05 +0100)]
check-format.pl: Fix report on constant on LHS of comparison/assignment
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)
Dr. David von Oheimb [Thu, 6 Jan 2022 20:41:45 +0000 (21:41 +0100)]
check_format.pl: Add checks for blank lines within/after local decls
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)
yangyangtiantianlonglong [Fri, 31 Dec 2021 03:00:57 +0000 (11:00 +0800)]
Delete unused param about get_construct_message_f
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17385)
Bernd Edlinger [Fri, 7 Jan 2022 11:44:27 +0000 (12:44 +0100)]
Add a test case for the short password
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)
Kan [Tue, 30 Nov 2021 06:39:49 +0000 (14:39 +0800)]
Update alert to common protocol
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17161)
Dr. David von Oheimb [Thu, 6 Jan 2022 22:26:04 +0000 (23:26 +0100)]
apps.c: fix various coding style nits found by check-format.pl
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17435)
Peiwei Hu [Wed, 5 Jan 2022 15:17:53 +0000 (23:17 +0800)]
Fix: some patches related to error exiting
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)
Peiwei Hu [Thu, 6 Jan 2022 01:47:05 +0000 (09:47 +0800)]
providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init
There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)
Dr. David von Oheimb [Tue, 17 Aug 2021 17:12:55 +0000 (19:12 +0200)]
v2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16345)
Dr. David von Oheimb [Tue, 4 Jan 2022 09:48:32 +0000 (10:48 +0100)]
apps/cmp.c: fix coding style nits reported by check-format.pl
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)
Dr. David von Oheimb [Fri, 6 Aug 2021 10:11:13 +0000 (12:11 +0200)]
asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)
Dr. David von Oheimb [Fri, 27 Aug 2021 16:36:38 +0000 (18:36 +0200)]
APPS load_key_certs_crls(): Make file access errors much more readable
This reverts part of commit
ef0449135c4e4e7f using a less invasive suppression.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)
Dr. David von Oheimb [Fri, 27 Aug 2021 16:33:56 +0000 (18:33 +0200)]
OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)
Tomas Mraz [Tue, 4 Jan 2022 10:57:54 +0000 (11:57 +0100)]
Test importing EC key parameters with a bad curve
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
Tomas Mraz [Tue, 4 Jan 2022 10:53:30 +0000 (11:53 +0100)]
EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure
Fixes #17407
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
xkernel [Tue, 4 Jan 2022 14:54:27 +0000 (22:54 +0800)]
fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)
xkernel [Wed, 5 Jan 2022 01:38:05 +0000 (09:38 +0800)]
properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)
xkernel [Tue, 4 Jan 2022 13:18:02 +0000 (21:18 +0800)]
properly free the resource from CRYPTO_malloc
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)
Bernd Edlinger [Wed, 5 Jan 2022 16:25:02 +0000 (17:25 +0100)]
Fix copyright year issues
Fixes: #13765
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)
Dr. David von Oheimb [Fri, 14 May 2021 13:11:00 +0000 (15:11 +0200)]
OSSL_STORE: Prevent spurious error during loading private keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)
Dimitris Apostolou [Sun, 2 Jan 2022 23:00:27 +0000 (01:00 +0200)]
Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
Dmitry Belyavskiy [Thu, 23 Dec 2021 10:19:07 +0000 (11:19 +0100)]
Run TLSfuzzer tests for CI
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
Dmitry Belyavskiy [Wed, 22 Dec 2021 17:13:40 +0000 (18:13 +0100)]
TLS Fuzzer: initial test infrastructure
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
Dmitry Belyavskiy [Wed, 22 Dec 2021 17:11:21 +0000 (18:11 +0100)]
TLSfuzzer: submodules
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
x2018 [Mon, 29 Nov 2021 11:08:36 +0000 (19:08 +0800)]
check the return value of OSSL_PARAM_BLD_new in dsa_kmgmt.c:195
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17155)
zhaozg [Sat, 1 Jan 2022 14:45:12 +0000 (22:45 +0800)]
sm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17389)
Peiwei Hu [Tue, 4 Jan 2022 01:10:32 +0000 (09:10 +0800)]
apps/passwd.c: free before error exiting
use goto instead of returning directly while error handling
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)
fangming.fang [Tue, 28 Dec 2021 04:13:21 +0000 (04:13 +0000)]
fix building failure when using -Wconditional-uninitialized
Use clang -Wconditional-uninitialized to build, the error "initialize
the variable 'buffer_size' to silence this warning" will be reported.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17375)
Tomas Mraz [Mon, 3 Jan 2022 13:46:52 +0000 (14:46 +0100)]
trace.c: Add missing trace category entry
Fixes #17397
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17399)
Dr. David von Oheimb [Mon, 12 Jul 2021 13:34:20 +0000 (15:34 +0200)]
CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()
Fixes #16041
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
Dr. David von Oheimb [Mon, 12 Jul 2021 13:32:49 +0000 (15:32 +0200)]
X509_cmp.pod: Point out that the X509_NAME_cmp() arguments may be NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
Dr. David von Oheimb [Mon, 3 Jan 2022 16:03:13 +0000 (17:03 +0100)]
app_http_tls_cb: Fix double-free in case TLS not used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)
Dr. David von Oheimb [Fri, 12 Nov 2021 11:14:45 +0000 (12:14 +0100)]
check-format.pl: Fix report on constant on LHS of comparison or assignment
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17396)
Dr. David von Oheimb [Fri, 26 Nov 2021 15:46:13 +0000 (16:46 +0100)]
HTTP client: Work around HTTPS proxy use bug due to callback design flaw
See discussion in #17088, where the real solution was postponed to 4.0.
This preliminarily fixes the issue that the HTTP(S) proxy environment vars
were neglected when determining whether a proxy should be used for HTTPS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17310)
fangming.fang [Wed, 29 Dec 2021 05:09:07 +0000 (05:09 +0000)]
Fix compile error when building with no-asm
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17376)
x2018 [Mon, 29 Nov 2021 07:32:47 +0000 (15:32 +0800)]
check the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17153)
Sebastian Andrzej Siewior [Tue, 28 Dec 2021 22:05:32 +0000 (23:05 +0100)]
Use USE_SWAPCONTEXT on IA64.
On IA64 the use of setjmp()/ longjmp() does not properly save the
state of the register stack engine (RSE) and requires extra care.
The use of it in the async interface led to a failure in the
test_async.t test since its introduction in 1.1.0 series.
Instead of properly adding the needed assembly bits here use the
swapcontext() function which properly saves the whole context.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17370)
Matt Caswell [Wed, 29 Dec 2021 13:42:58 +0000 (13:42 +0000)]
Validate the category in OSSL_trace_end()
OSSL_trace_end() should validate that the category it has been passed
by the caler is valid, and return immediately if not.
Fixes #17353
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17371)
Dr. David von Oheimb [Mon, 3 Jan 2022 12:40:55 +0000 (13:40 +0100)]
Update troublesome copyright years of auto-generated files to 2022
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17398)
Dr. David von Oheimb [Mon, 27 Dec 2021 18:14:03 +0000 (19:14 +0100)]
X509V3_set_ctx(): Improve documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17358)
Dr. David von Oheimb [Thu, 30 Dec 2021 08:30:18 +0000 (09:30 +0100)]
ec.h: Explain use of strstr() for EVP_EC_gen() and add #include <string.h>
Fixes #17362
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17380)
x2018 [Mon, 29 Nov 2021 09:09:36 +0000 (17:09 +0800)]
Check the return value of ossl_bio_new_from_core_bio()
There are missing checks of its return value in 8 different spots.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17154)
Tomas Mraz [Tue, 28 Dec 2021 12:32:57 +0000 (13:32 +0100)]
close_console: Always unlock as the lock is always held
Fixes #17364
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17365)
Tomas Mraz [Wed, 29 Dec 2021 08:26:58 +0000 (09:26 +0100)]
try_pkcs12(): cleanse passphrase so it is not left on the stack
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
Tomas Mraz [Tue, 28 Dec 2021 11:46:31 +0000 (12:46 +0100)]
try_pkcs12(): Correct handling of NUL termination of passphrases
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
Tomas Mraz [Tue, 21 Dec 2021 15:05:52 +0000 (16:05 +0100)]
Test that PEM_BUFSIZE is passed into pem_password_cb
When pem_password_cb is used from SSL_CTX, its size
parameter should be equal to PEM_BUFSIZE.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
Tomas Mraz [Tue, 21 Dec 2021 14:58:44 +0000 (15:58 +0100)]
pem_password_cb: Clarify the documentation on passphrases
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
Tomas Mraz [Tue, 21 Dec 2021 11:26:05 +0000 (12:26 +0100)]
Compensate for UI method always adding NUL termination
The UI method always adds NUL termination and we need to
compensate for that when using it from a pem_password_cb
because the buffer used in pem_password_cb does not account
for that and the returned password should be able fill the
whole buffer.
Fixes #16601
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
Pauli [Tue, 21 Dec 2021 00:44:49 +0000 (11:44 +1100)]
test: add some unit tests for the property to string functions
That is: ossl_property_name_str and ossl_property_value_str.
These only have high level tests during the creation of child library
contexts.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17325)
Pauli [Tue, 21 Dec 2021 00:44:31 +0000 (11:44 +1100)]
property: use a stack to efficiently convert index to string
The existing code does this conversion by searching the hash table for the
appropriate index which is slow and expensive.
Fixes #15867
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17325)
Matt Caswell [Wed, 29 Dec 2021 14:44:00 +0000 (14:44 +0000)]
Fix the symbol_presence test with a shlib_variant
If a shlib_variant is used then the dynamic version information for
symbols will be different from what the symbol presence test was
expecting. We just make it more liberal about what it accepts as dynamic
version information.
Fixes #17366
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17372)
Dr. David von Oheimb [Mon, 6 Dec 2021 13:18:27 +0000 (14:18 +0100)]
APPS/cmp: improve diagnostics for presence of TLS options
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16747)
Dr. David von Oheimb [Wed, 15 Dec 2021 19:28:34 +0000 (20:28 +0100)]
OSSL_CMP_CTX: rename get/set function for trustedStore
This makes the naming more consistent, in a backward-compatible way
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17277)