openssl.git
5 months agoStandardize progress callback for dhparam, dsaparam, etc.
Philip Prindeville [Wed, 22 Dec 2021 05:00:38 +0000 (22:00 -0700)]
Standardize progress callback for dhparam, dsaparam, etc.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17359)

5 months agoLEGACY PROV: Reimplement the ERR building blocks in upcall terms
Richard Levitte [Tue, 11 Jan 2022 17:30:20 +0000 (18:30 +0100)]
LEGACY PROV: Reimplement the ERR building blocks in upcall terms

This involves the following functions:

ERR_new(), ERR_set_debug(), ERR_set_error(), ERR_vset_error(),
ERR_set_mark(), ERR_clear_last_mark(), ERR_pop_to_mark(void)

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17474)

5 months agoERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()
Richard Levitte [Tue, 11 Jan 2022 17:27:23 +0000 (18:27 +0100)]
ERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()

Move them to their own source file, so they end up in a separate
object file.  This allows providers to override their implementation
to use the corresponding OSSL_FUNC upcalls without having to
reimplement everything from crypto/err/err.c.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17474)

5 months agocrypto/bio: drop float formating for UEFI
Gerd Hoffmann [Wed, 12 Jan 2022 09:30:15 +0000 (10:30 +0100)]
crypto/bio: drop float formating for UEFI

Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.

Avoid those problems by not compiling the formating code for floating
point numbers.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)

5 months agoRevert "crypto/bio: fix build on UEFI"
Gerd Hoffmann [Wed, 12 Jan 2022 11:35:16 +0000 (12:35 +0100)]
Revert "crypto/bio: fix build on UEFI"

This reverts commit 328bf5adf9e23da523d4195db309083aa02403c4.

Turned out it isn't that simple, the fix is incomplete.
So revert and try again with another approach.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)

5 months agoFix the same BIO_FLAGS macro definition
yangyangtiantianlonglong [Wed, 19 Jan 2022 03:19:52 +0000 (11:19 +0800)]
Fix the same BIO_FLAGS macro definition

Also add comment to the public header to avoid
making another conflict in future.

Fixes #17545

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17546)

5 months agoTEST: Add a test of the new BN_signed set of functions in test/bntest.c
Richard Levitte [Thu, 25 Nov 2021 17:00:16 +0000 (18:00 +0100)]
TEST: Add a test of the new BN_signed set of functions in test/bntest.c

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)

5 months agoAdd signed bn2bin and bin2bn functions
Richard Levitte [Thu, 25 Nov 2021 16:55:41 +0000 (17:55 +0100)]
Add signed bn2bin and bin2bn functions

This adds the functions BN_signed_bin2bn(), BN_signed_bn2bin(),
BN_signed_lebin2bn(), BN_signed_bn2lebin(), BN_signed_native2bn(),
and BN_signed_bn2native(), all essentially doing the same job as
BN_bin2bn(), BN_bn2binpad(), BN_lebin2bn(), BN_bn2lebinpad(),
BN_native2bn(), and BN_bn2nativepad(), except that the 'signed'
ones operate on signed number bins in 2's complement form.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)

5 months ago[refactor] BIGNUM: Modify bin2bn() to work from least to most significant chunk
Richard Levitte [Wed, 24 Nov 2021 07:23:02 +0000 (08:23 +0100)]
[refactor] BIGNUM: Modify bin2bn() to work from least to most significant chunk

This will make it easier to introduce the possibility for signed input
numbers.

We also refactor the inner loop to simplify the calculation of each
bignum chunk.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)

5 months agoBIGNUM: Add a comment on chunk order in struct bignum_st
Richard Levitte [Wed, 24 Nov 2021 06:19:00 +0000 (07:19 +0100)]
BIGNUM: Add a comment on chunk order in struct bignum_st

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)

5 months ago[refactor] BIGNUM: Modify bn2binpad()'s setup to be more like bin2bn()'s
Richard Levitte [Wed, 24 Nov 2021 06:16:09 +0000 (07:16 +0100)]
[refactor] BIGNUM: Modify bn2binpad()'s setup to be more like bin2bn()'s

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)

5 months ago[refactor] BIGNUM: collapse BN_bin2bn() and BN_lebin2bn() into one
Richard Levitte [Wed, 24 Nov 2021 06:10:13 +0000 (07:10 +0100)]
[refactor] BIGNUM: collapse BN_bin2bn() and BN_lebin2bn() into one

BN_lebin2bn() is a block copy of BN_bin2bn() with just a couple of
very minute details changed.  For better maintainability, we collapse
them into the internal function bn2bin(), and change BN_bin2bn() and
BN_lebin2bn() to become simple wrappers.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)

5 months agoClarify flags argument of X509_check_ip
Tobias Nießen [Mon, 17 Jan 2022 15:31:39 +0000 (15:31 +0000)]
Clarify flags argument of X509_check_ip

Because no supported flag affects the behavior of X509_check_ip, the
flags argument currently has no effect.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17536)

5 months agos_server: correctly handle 2^14 byte long records
Hubert Kario [Mon, 17 Jan 2022 19:55:04 +0000 (20:55 +0100)]
s_server: correctly handle 2^14 byte long records

as the code uses BIO_gets, and it always null terminates the
strings it reads, when it reads a record 2^14 byte long, it actually
returns 2^14-1 bytes to the calling application, in general it returns
size-1 bytes to the caller

This makes the code sub-optimal (as every 2^14 record will need two
BIO_gets() calls) and makes it impossible to use -rev option to test
all plaintext lengths (like in openssl#15706)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17538)

5 months agoSimpler square-root computation for Ed25519
James Muir [Tue, 18 Jan 2022 20:04:33 +0000 (15:04 -0500)]
Simpler square-root computation for Ed25519

Description:
Mark Wooden and Franck Rondepierre noted that the square-root-mod-p
operations used in the EdDSA RFC (RFC 8032) can be simplified.  For
Ed25519, instead of computing u*v^3 * (u * v^7)^((p-5)/8), we can
compute u * (u*v)^((p-5)/8).  This saves 3 multiplications and 2
squarings.  For more details (including a proof), see the following
message from the CFRG mailing list:

  https://mailarchive.ietf.org/arch/msg/cfrg/qlKpMBqxXZYmDpXXIx6LO3Oznv4/

Note that the Ed448 implementation (see
ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio() in
./crypto/ec/curve448/curve448.c) appears to already use this simpler
method (i.e. it does not follow the method suggested in RFC 8032).

Testing:
Build and then run the test suite:

  ./Configure -Werror --strict-warnings
  make update
  make
  make test

Numerical testing of the square-root computation can be done using the
following sage script:

  def legendre(x,p):
      return kronecker(x,p)

  # Ed25519
  p = 2**255-19
  # -1 is a square
  if legendre(-1,p)==1:
      print("-1 is a square")

  # suppose u/v is a square.
  # to compute one of its square roots, find x such that
  #    x**4 == (u/v)**2 .
  # this implies
  #    x**2 ==  u/v, or
  #    x**2 == -(u/v) ,
  # which implies either x or i*x is a square-root of u/v (where i is a square root of -1).
  # we can take x equal to u * (u*v)**((p-5)/8).

  # 2 is a generator
  # this can be checked by factoring p-1
  # and then showing 2**((p-1)/q) != 1 (mod p)
  # for all primes q dividing p-1.
  g = 2
  s = p>>2  # s = (p-1)/4
  i = power_mod(g, s, p)

  t = p>>3  # t = (p-5)/8
  COUNT = 1<<18
  while COUNT > 0:
      COUNT -= 1

      r = randint(0,p-1)   # r = u/v
      v = randint(1,p-1)
      u = mod(r*v,p)

      # compute x = u * (u*v)**((p-5)/8)
      w = mod(u*v,p)
      x = mod(u*power_mod(w, t, p), p)

      # check that x**2 == r, or (i*x)**2 == r, or r is not a square
      rr = power_mod(x, 2, p)
      if rr==r:
          continue

      rr = power_mod(mod(i*x,p), 2, p)
      if rr==r:
          continue

      if legendre(r,p) != 1:
          continue

      print("failure!")
      exit()

  print("passed!")

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17544)

5 months agoFix sm3ss1 translation issue in sm3-armv8.pl
fangming.fang [Tue, 18 Jan 2022 02:58:08 +0000 (02:58 +0000)]
Fix sm3ss1 translation issue in sm3-armv8.pl

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17542)

5 months agossl: better support TSAN operations
Pauli [Thu, 13 Jan 2022 01:19:23 +0000 (12:19 +1100)]
ssl: better support TSAN operations

For platforms that do not have native TSAN support, locking needs to be used
instead.  This adds the locking.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17489)

5 months agotest: add cipher context dup test
Pauli [Mon, 17 Jan 2022 02:09:41 +0000 (13:09 +1100)]
test: add cipher context dup test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

5 months agotest: add digest context dup tests
Pauli [Fri, 7 Jan 2022 00:47:20 +0000 (11:47 +1100)]
test: add digest context dup tests

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

5 months agodoc: document digest and cipher dup functions
Pauli [Fri, 7 Jan 2022 00:47:02 +0000 (11:47 +1100)]
doc: document digest and cipher dup functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

5 months agoAdd context dup functions for digests and ciphers
Pauli [Fri, 7 Jan 2022 00:46:33 +0000 (11:46 +1100)]
Add context dup functions for digests and ciphers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

5 months agofix indentation
Pauli [Fri, 7 Jan 2022 00:45:33 +0000 (11:45 +1100)]
fix indentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

5 months agoSM4 optimization for ARM by HW instruction
Daniel Hu [Tue, 19 Oct 2021 21:49:05 +0000 (22:49 +0100)]
SM4 optimization for ARM by HW instruction

This patch implements the SM4 optimization for ARM processor,
using SM4 HW instruction, which is an optional feature of
crypto extension for aarch64 V8.

Tested on some modern ARM micro-architectures with SM4 support, the
performance uplift can be observed around 8X~40X over existing
C implementation in openssl. Algorithms that can be parallelized
(like CTR, ECB, CBC decryption) are on higher end, with algorithm
like CBC encryption on lower end (due to inter-block dependency)

Perf data on Yitian-710 2.75GHz hardware, before and after optimization:

Before:
  type      16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes  16384 bytes
  SM4-CTR  105787.80k   107837.87k   108380.84k   108462.08k   108549.46k   108554.92k
  SM4-ECB  111924.58k   118173.76k   119776.00k   120093.70k   120264.02k   120274.94k
  SM4-CBC  106428.09k   109190.98k   109674.33k   109774.51k   109827.41k   109827.41k

After (7.4x - 36.6x faster):
  type      16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes  16384 bytes
  SM4-CTR  781979.02k  2432994.28k  3437753.86k  3834177.88k  3963715.58k  3974556.33k
  SM4-ECB  937590.69k  2941689.02k  3945751.81k  4328655.87k  4459181.40k  4468692.31k
  SM4-CBC  890639.88k  1027746.58k  1050621.78k  1056696.66k  1058613.93k  1058701.31k

Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17455)

5 months agodh_exch.c: Correct gettable parameters for DH key exchange
Tomas Mraz [Fri, 14 Jan 2022 15:19:33 +0000 (16:19 +0100)]
dh_exch.c: Correct gettable parameters for DH key exchange

Fixes #17510

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17515)

5 months agoe_dasync: remove empty statement
Pauli [Mon, 17 Jan 2022 05:51:03 +0000 (16:51 +1100)]
e_dasync: remove empty statement

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

5 months agodemo: remove end of line whitespace
Pauli [Mon, 17 Jan 2022 05:50:16 +0000 (16:50 +1100)]
demo: remove end of line whitespace

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

5 months agospeed: rework if condition to avoid empty statement
Pauli [Mon, 17 Jan 2022 05:49:58 +0000 (16:49 +1100)]
speed: rework if condition to avoid empty statement

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

5 months agoreplace ;; with ; as statement separator
Pauli [Sun, 16 Jan 2022 23:37:20 +0000 (10:37 +1100)]
replace ;; with ; as statement separator

Fixes #17525

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

5 months agoapps/ca: replace ;; with ; as statement separator
Pauli [Sun, 16 Jan 2022 23:36:46 +0000 (10:36 +1100)]
apps/ca: replace ;; with ; as statement separator

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

5 months agossl: replace ;; with ; as statement separator
Pauli [Sun, 16 Jan 2022 23:36:06 +0000 (10:36 +1100)]
ssl: replace ;; with ; as statement separator

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

5 months agoFix mistake in ERR_peek_error_all documentation.
Kevin Jones [Sat, 15 Jan 2022 01:38:41 +0000 (01:38 +0000)]
Fix mistake in ERR_peek_error_all documentation.

The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17522)

5 months agobn_ppc.c: Fix build failure on AIX with XLC/XLCLANG
Tomas Mraz [Thu, 13 Jan 2022 17:07:08 +0000 (18:07 +0100)]
bn_ppc.c: Fix build failure on AIX with XLC/XLCLANG

These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.

Fixes #17087

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17497)

5 months agodhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
Tomas Mraz [Thu, 13 Jan 2022 18:02:31 +0000 (19:02 +0100)]
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid

And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

5 months agoDo not call ossl_ffc_name_to_dh_named_group with NULL argument
Tomas Mraz [Thu, 13 Jan 2022 18:01:33 +0000 (19:01 +0100)]
Do not call ossl_ffc_name_to_dh_named_group with NULL argument

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

5 months agoProperly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114
Tomas Mraz [Thu, 13 Jan 2022 18:00:13 +0000 (19:00 +0100)]
Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114

Fixes #17485

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

5 months agoFix typo in SSL_CTX_set_dh_auto
EasySec [Thu, 13 Jan 2022 22:30:30 +0000 (23:30 +0100)]
Fix typo in SSL_CTX_set_dh_auto

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)

5 months agossl/t1_enc: Fix kTLS RX offload path
Dmytro Podgornyi [Wed, 12 Jan 2022 17:25:23 +0000 (19:25 +0200)]
ssl/t1_enc: Fix kTLS RX offload path

During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)

5 months agoproperty: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.
Pauli [Sat, 1 Jan 2022 01:43:31 +0000 (12:43 +1100)]
property: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.

This takes out the lock step stacks that allow a fast property to name
resolution.  Follow on from #17325.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17388)

5 months agoFix malloc failure handling of X509_ALGOR_set0()
Dr. David von Oheimb [Fri, 6 Aug 2021 10:11:13 +0000 (12:11 +0200)]
Fix malloc failure handling of X509_ALGOR_set0()

Also update and slightly extend the respective documentation and simplify some code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16251)

5 months agoEVP: fix evp_keymgmt_util_match so that it actually tries cross export the other...
manison [Wed, 12 Jan 2022 19:53:48 +0000 (20:53 +0100)]
EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails

Fixes #17482

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)

5 months agoSM3 acceleration with SM3 hardware instruction on aarch64
fangming.fang [Fri, 24 Dec 2021 08:29:04 +0000 (08:29 +0000)]
SM3 acceleration with SM3 hardware instruction on aarch64

SM3 hardware instruction is optional feature of crypto extension for
aarch64. This implementation accelerates SM3 via SM3 instructions. For
the platform not supporting SM3 instruction, the original C
implementation still works. Thanks to AliBaba for testing and reporting
the following perf numbers for Yitian710:

Benchmark on T-Head Yitian-710 2.75GHz:

Before:
type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
sm3   49297.82k   121062.63k   223106.05k   283371.52k   307574.10k   309400.92k

After (33% - 74% faster):
type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
sm3   65640.01k   179121.79k   359854.59k   481448.96k   534055.59k   538274.47k

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17454)

5 months agoAdd a comment to indicate ineffective macro
Shreenidhi Shedi [Wed, 12 Jan 2022 15:25:38 +0000 (20:55 +0530)]
Add a comment to indicate ineffective macro

EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards

CLA: trivial

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17484)

5 months agocoverity 1497107: dereference after null check
Pauli [Thu, 13 Jan 2022 01:30:59 +0000 (12:30 +1100)]
coverity 1497107: dereference after null check

Add null checks to avoid dereferencing a pointer that could be null.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17488)

5 months agoCleansing all the temporary data for s390x
Dmitry Belyavskiy [Wed, 12 Jan 2022 15:54:45 +0000 (16:54 +0100)]
Cleansing all the temporary data for s390x

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17486)

5 months agotest_gendhparam: Drop expected error output
Tomas Mraz [Wed, 12 Jan 2022 08:55:43 +0000 (09:55 +0100)]
test_gendhparam: Drop expected error output

Otherwise it sometimes confuses the TAP parser.

Fixes #17480

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)

5 months agoClear md_data only when necessary
Matt Caswell [Tue, 11 Jan 2022 17:13:39 +0000 (17:13 +0000)]
Clear md_data only when necessary

PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)

5 months agothreadstest: use locking for tsan operations if required
Pauli [Wed, 12 Jan 2022 03:22:29 +0000 (14:22 +1100)]
threadstest: use locking for tsan operations if required

Not all platforms support tsan operations, those that don't need to have an
alternative locking path.

Fixes #17447

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agodrbg: add handling for cases where TSAN isn't available
Pauli [Wed, 12 Jan 2022 04:01:17 +0000 (15:01 +1100)]
drbg: add handling for cases where TSAN isn't available

Most of the DRGB code is run under lock from the EVP layer.  This is relied
on to make the majority of TSAN operations safe.  However, it is still necessary
to enable locking for all DRBGs created.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agolhash: use lock when TSAN not available for statistics gathering
Pauli [Wed, 12 Jan 2022 03:45:07 +0000 (14:45 +1100)]
lhash: use lock when TSAN not available for statistics gathering

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agomem: do not produce usage counts when tsan is unavailable.
Pauli [Wed, 12 Jan 2022 03:25:46 +0000 (14:25 +1100)]
mem: do not produce usage counts when tsan is unavailable.

Doing the tsan operations under lock would be difficult to arrange here (locks
require memory allocation).

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agoobject: use updated tsan lock detection capabilities
Pauli [Wed, 12 Jan 2022 03:25:35 +0000 (14:25 +1100)]
object: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agocore namemap: use updated tsan lock detection capabilities
Pauli [Wed, 12 Jan 2022 03:22:23 +0000 (14:22 +1100)]
core namemap: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agotsan: make detecting the need for locking when using tsan easier
Pauli [Wed, 12 Jan 2022 02:26:38 +0000 (13:26 +1100)]
tsan: make detecting the need for locking when using tsan easier

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agothreadstest: add write check to lock checking
Pauli [Wed, 12 Jan 2022 03:24:49 +0000 (14:24 +1100)]
threadstest: add write check to lock checking

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

5 months agoAvoid using a macro expansion in a macro when statically initialising
Pauli [Wed, 12 Jan 2022 01:28:29 +0000 (12:28 +1100)]
Avoid using a macro expansion in a macro when statically initialising

Circumvents a problem with ancient PA-RISC compilers on HP/UX.

Fixes #17477

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)

5 months agodrop unused callback variable
Gerd Hoffmann [Tue, 11 Jan 2022 07:51:31 +0000 (08:51 +0100)]
drop unused callback variable

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17471)

5 months agoEVP_DigestSignFinal: *siglen should not be read if sigret == NULL
Tomas Mraz [Mon, 10 Jan 2022 16:09:59 +0000 (17:09 +0100)]
EVP_DigestSignFinal: *siglen should not be read if sigret == NULL

This fixes small regression from #16962.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)

5 months agoparam dup: add errors to failure returns
Pauli [Mon, 10 Jan 2022 00:36:24 +0000 (11:36 +1100)]
param dup: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

5 months agoparam build set: add errors to failure returns
Pauli [Mon, 10 Jan 2022 00:33:06 +0000 (11:33 +1100)]
param build set: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

5 months agoparam build: add errors to failure returns
Pauli [Mon, 10 Jan 2022 00:31:45 +0000 (11:31 +1100)]
param build: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

5 months agotest: check for properly raised errors during param conversion
Pauli [Mon, 10 Jan 2022 00:10:34 +0000 (11:10 +1100)]
test: check for properly raised errors during param conversion

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

5 months agoparams: add error messages for built in param conversions
Pauli [Fri, 7 Jan 2022 11:11:10 +0000 (22:11 +1100)]
params: add error messages for built in param conversions

Specifically:
* out of range
* unsigned negatives
* inexact reals
* bad param types
* buffers that are too small
* null function arguments
* unknown sizes of real

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

5 months agoerr: add additional errors
Pauli [Fri, 7 Jan 2022 11:10:38 +0000 (22:10 +1100)]
err: add additional errors

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

5 months agopkeyutl: Fix regression with -kdflen option
Tomas Mraz [Mon, 10 Jan 2022 16:26:33 +0000 (17:26 +0100)]
pkeyutl: Fix regression with -kdflen option

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17461)

5 months agoEnsure we test fetching encoder/decoder/store loader with a query string
Matt Caswell [Mon, 10 Jan 2022 14:46:46 +0000 (14:46 +0000)]
Ensure we test fetching encoder/decoder/store loader with a query string

Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

5 months agoFix Decoder, Encoder and Store loader fetching
Matt Caswell [Mon, 10 Jan 2022 14:45:16 +0000 (14:45 +0000)]
Fix Decoder, Encoder and Store loader fetching

Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()

Fixes #17456

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

5 months agoClarify the int param getter documentation
Matt Caswell [Fri, 7 Jan 2022 17:30:39 +0000 (17:30 +0000)]
Clarify the int param getter documentation

OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)

5 months agoDon't run TLSFuzzer tests when it is not properly set
Dmitry Belyavskiy [Sun, 9 Jan 2022 16:39:41 +0000 (17:39 +0100)]
Don't run TLSFuzzer tests when it is not properly set

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17448)

5 months agoAPPS: Add check for multiple 'unknown' options
Dr. David von Oheimb [Tue, 24 Aug 2021 10:03:12 +0000 (12:03 +0200)]
APPS: Add check for multiple 'unknown' options

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

5 months agoPKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name
Dr. David von Oheimb [Tue, 24 Aug 2021 10:27:12 +0000 (12:27 +0200)]
PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

5 months agoStatically link the legacy provider to endecode_test
Matt Caswell [Thu, 23 Dec 2021 13:59:12 +0000 (13:59 +0000)]
Statically link the legacy provider to endecode_test

We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.

Fixes #17059

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17345)

5 months agoAdd a test for a custom digest created via EVP_MD_meth_new()
Matt Caswell [Wed, 29 Dec 2021 16:39:11 +0000 (16:39 +0000)]
Add a test for a custom digest created via EVP_MD_meth_new()

We check that the init and cleanup functions for the custom method are
called as expected.

Based on an original reproducer by Dmitry Belyavsky from issue #17149.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

5 months agoFix a leak in EVP_DigestInit_ex()
Matt Caswell [Fri, 10 Dec 2021 17:17:27 +0000 (17:17 +0000)]
Fix a leak in EVP_DigestInit_ex()

If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.

Fixes #17149

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

5 months agoEnsure that MDs created via EVP_MD_meth_new() go down the legacy route
Matt Caswell [Fri, 10 Dec 2021 16:53:02 +0000 (16:53 +0000)]
Ensure that MDs created via EVP_MD_meth_new() go down the legacy route

MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

5 months agoEVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt
Tomas Mraz [Wed, 5 Jan 2022 15:50:00 +0000 (16:50 +0100)]
EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt

The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.

Fixes #17424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)

5 months agocrypto/bio: fix build on UEFI
Gerd Hoffmann [Fri, 7 Jan 2022 11:58:27 +0000 (12:58 +0100)]
crypto/bio: fix build on UEFI

When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:

   crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled

Fix that by using EFIAPI calling convention when compiling for UEFI.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)

5 months agoDon't use __ARMEL__/__ARMEB__ in aarch64 assembly
David Benjamin [Wed, 29 Dec 2021 18:05:12 +0000 (13:05 -0500)]
Don't use __ARMEL__/__ARMEB__ in aarch64 assembly

GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.

However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.

Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.

(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17373)

5 months agocheck-format.pl: Fix report on space before ';' and allow it after ')'
Dr. David von Oheimb [Thu, 6 Jan 2022 22:14:27 +0000 (23:14 +0100)]
check-format.pl: Fix report on space before ';' and allow it after ')'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

5 months agocheck-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'
Dr. David von Oheimb [Thu, 6 Jan 2022 21:54:20 +0000 (22:54 +0100)]
check-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

5 months agocheck-format.pl: Fix report on constant on LHS of comparison/assignment
Dr. David von Oheimb [Thu, 6 Jan 2022 21:05:22 +0000 (22:05 +0100)]
check-format.pl: Fix report on constant on LHS of comparison/assignment

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

5 months agocheck_format.pl: Add checks for blank lines within/after local decls
Dr. David von Oheimb [Thu, 6 Jan 2022 20:41:45 +0000 (21:41 +0100)]
check_format.pl: Add checks for blank lines within/after local decls

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

5 months agoDelete unused param about get_construct_message_f
yangyangtiantianlonglong [Fri, 31 Dec 2021 03:00:57 +0000 (11:00 +0800)]
Delete unused param about get_construct_message_f

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17385)

5 months agoAdd a test case for the short password
Bernd Edlinger [Fri, 7 Jan 2022 11:44:27 +0000 (12:44 +0100)]
Add a test case for the short password

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)

5 months agoUpdate alert to common protocol
Kan [Tue, 30 Nov 2021 06:39:49 +0000 (14:39 +0800)]
Update alert to common protocol

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17161)

5 months agoapps.c: fix various coding style nits found by check-format.pl
Dr. David von Oheimb [Thu, 6 Jan 2022 22:26:04 +0000 (23:26 +0100)]
apps.c: fix various coding style nits found by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17435)

5 months agoFix: some patches related to error exiting
Peiwei Hu [Wed, 5 Jan 2022 15:17:53 +0000 (23:17 +0800)]
Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)

5 months agoproviders/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init
Peiwei Hu [Thu, 6 Jan 2022 01:47:05 +0000 (09:47 +0800)]
providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init

There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)

5 months agov2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options
Dr. David von Oheimb [Tue, 17 Aug 2021 17:12:55 +0000 (19:12 +0200)]
v2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16345)

5 months agoapps/cmp.c: fix coding style nits reported by check-format.pl
Dr. David von Oheimb [Tue, 4 Jan 2022 09:48:32 +0000 (10:48 +0100)]
apps/cmp.c: fix coding style nits reported by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

5 months agoasn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code
Dr. David von Oheimb [Fri, 6 Aug 2021 10:11:13 +0000 (12:11 +0200)]
asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

5 months agoAPPS load_key_certs_crls(): Make file access errors much more readable
Dr. David von Oheimb [Fri, 27 Aug 2021 16:36:38 +0000 (18:36 +0200)]
APPS load_key_certs_crls(): Make file access errors much more readable

This reverts part of commit ef0449135c4e4e7f using a less invasive suppression.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

5 months agoOSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file
Dr. David von Oheimb [Fri, 27 Aug 2021 16:33:56 +0000 (18:33 +0200)]
OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

5 months agoTest importing EC key parameters with a bad curve
Tomas Mraz [Tue, 4 Jan 2022 10:57:54 +0000 (11:57 +0100)]
Test importing EC key parameters with a bad curve

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

5 months agoEVP_PKEY_fromdata(): Do not return newly allocated pkey on failure
Tomas Mraz [Tue, 4 Jan 2022 10:53:30 +0000 (11:53 +0100)]
EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure

Fixes #17407

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

5 months agofix the return check of EVP_PKEY_CTX_ctrl() in 5 spots
xkernel [Tue, 4 Jan 2022 14:54:27 +0000 (22:54 +0800)]
fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)

5 months agoproperly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413
xkernel [Wed, 5 Jan 2022 01:38:05 +0000 (09:38 +0800)]
properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)

5 months agoproperly free the resource from CRYPTO_malloc
xkernel [Tue, 4 Jan 2022 13:18:02 +0000 (21:18 +0800)]
properly free the resource from CRYPTO_malloc

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)

5 months agoFix copyright year issues
Bernd Edlinger [Wed, 5 Jan 2022 16:25:02 +0000 (17:25 +0100)]
Fix copyright year issues

Fixes: #13765

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)

5 months agoOSSL_STORE: Prevent spurious error during loading private keys
Dr. David von Oheimb [Fri, 14 May 2021 13:11:00 +0000 (15:11 +0200)]
OSSL_STORE: Prevent spurious error during loading private keys

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)

6 months agoFix typos
Dimitris Apostolou [Sun, 2 Jan 2022 23:00:27 +0000 (01:00 +0200)]
Fix typos

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)