git.openssl.org Git - openssl.git/log

Modified OSSL_parse_url to initialize pport_num to 0.

This change is intended to provide some safety for uninitialized stack failures
that have appeared in 80-test_cmp_http on NonStop x86 when run in a complex
CI/CD Jenkins environment. This change also adds init_pint() to handle the
initialization of a pointer to int value.

Fixes: #21083
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21109)

Bump actions/setup-python from 4.6.1 to 4.7.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21455)

(cherry picked from commit dbe36351dc3fcb5bd3582075b40d34e0b103b15c)

Add FIPS build instructions

If you are building the latest release source code with enable-fips configured
then the FIPS provider you are using is not likely to be FIPS compliant.

This update demonstrates how to build a FIPS provider that is compliant
and use it with the latest source code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20907)

(cherry picked from commit 2b42290f08c0a75695021aeb7d5cd16068b3edc3)

Move Keccak rhotates tables to rodata

rhotates tables are placed to .text section which confuses tools such as BOLT.
Move them to rodata to unbreak and avoid polluting icache/iTLB with data.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21440)

(cherry picked from commit 2fd82c228363cfd16c5047a348e7c853defa42eb)

Add a NEWS entry covering the FIPS related changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21386)

EVP_PKEY_{en,de}capsulate.pod: fix glitches and add some detail and hints

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21397)

(cherry picked from commit 5be8233d2be306a2906d3da16e59aa15a4559dd2)

fips: make installations FIPS compliant by default

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21363)

(cherry picked from commit dc6f3b9b8d6e54ea7d8669a158fd73b451862c7d)

fips: use correct field names when generating fipsmodule.cnf

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21327)

(cherry picked from commit 89111cbc3238dcdf47e921af38d6b12c4b32d326)

conf/conf_sap.c: correct return of ossl_config_int() in UEFI system

FIX: https://github.com/openssl/openssl/issues/21299

ret in ossl_config_int() only used to check return value of
CONF_modules_load_file(), should set it to 1 if in UEFI system.

Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21300)

(cherry picked from commit 500e479db1beae5fa5691d40b866329d2fdc62e7)

Fix OSSL_PROVIDER_try_load() retain_fallbacks doc

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21319)

(cherry picked from commit 063cdca61adfd4d418affe850f8bebbf528d05d9)

openssl-rsautl.pod: Add missing comma

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21318)

(cherry picked from commit 83f9d03e7c4913c3eb34edd4a8feb3833650b58f)

Do not use stitched AES-GCM implementation on PPC32

The implementation is not usable there at all.
Fixes #21301

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21312)

Add some test_ssl_new tests for the ffdhe groups

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21295)

Fix supported_groups handing in TLSv1.2

In TLSv1.2 we should not attempt to use a supported_group value that is
intended for use with TLSv1.3 - even if both the server and the client
support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but
not for TLSv1.2.

Fixes #21081

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21295)

openssl speed -multi -evp prints wrong algorithm name

When running `openssl speed -evp md5` the result shows `md5` as algorithm
name. But when adding the option `-multi 2` it gives `evp` as algorithm
name.

Signed-off-by: Jörg Sommer <joerg@jo-so.de>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21216)

(cherry picked from commit 33c09341bb081682535be0450ff6032df47ea141)

s390xcap.c: Avoid copying structure on initialization

This is problematic on old compilers. It also avoids duplicating
the read-only data.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21284)

CONF_modules_load_file_ex(): Do not try to load an empty file name

Fixes #21258

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/21282)

(cherry picked from commit 8b7d5ea7dd602eb7c2c4bc5ad45489dc5fc711f6)

Add a test for pkeyutl encrypt/decrypt using SM2

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)

(cherry picked from commit 810f7dc1c7cc5441097b398f753e33652848a4cc)

Don't truncate the input when decrypting in pkeyutl

The pkeyutl app was truncating the input file for decryption leading to
incorrect results. This was probably ok historically when RSA was being
used for decryption which has short maximum sizes. This is not ok with SM2.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)

(cherry picked from commit 849450746f38a5658ef783abb0a8c79ae2861464)

Check for 0 modulus in BN_RECP_CTX_set.

The function BN_RECP_CTX_set did not check whether arg d is zero,
in which case an early failure should be returned to the invoker.
This is a similar fix to the cognate defect of CVE-2015-1794.

Fixes #21111

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21255)

(cherry picked from commit 43596b306b1fe06da3b1a99e07c0cf235898010d)

add note about retrieving error stack

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21220)

(cherry picked from commit a7c54dde5189f11c046f638e5aaf2004aee34202)

Add a test case for the password prompt on garbage PKCS#12 file

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)

(cherry picked from commit 1a27cc3626bd15f8fd9a26a2dbc59a681d505321)

OSSL_STORE and PKCS#12: Check if there is a MAC to verify before prompting

When a DER object with unknown contents comes all the way to
ossl_store_handle_load_result(), and it attempts to decode them as different
objects, the PKCS#12 decoding attempt would (almost) always prompt for a
passphrase, even if there isn't a MAC to verify it against in the PKCS#12
object.

This change checks if there is a MAC to verify against before attempting to
prompt for a passphrase, leading to less surprising behavior.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)

(cherry picked from commit 7a520619c997146639f42ce8595162ac34c2ad41)

Don't do SIGILL capability detection on Apple Silicon

Fixes #20753

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21261)

Add a test for an invalid group in the HRR

Test that if the client sends a key share for a group in the server's
supported_group list but is otherwise invalid, that we don't select it
in the HRR.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)

(cherry picked from commit adf33f9e268b17ec1b4739707abb40b03b21ea6a)

Don't ask for an invalid group in an HRR

If the client sends us a group in a key_share that is in our
supported_groups list but is otherwise not suitable (e.g. not compatible
with TLSv1.3) we reject it. We should not ask for that same group again
in a subsequent HRR.

Fixes #21157

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)

(cherry picked from commit 7a949ae5f1799a6629cf6deb44ae0f38455a73dd)

return immediately if namemap is NULL

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21223)

(cherry picked from commit 307cd045dccbd9ea589ff47682e39504d79644d4)

Fix new typos found by codespell

Fix only typos in doc/man* for inclusion in 3.* branches.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21211)

fips: use tsan counter instead of tsan_add to increment

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21199)

(cherry picked from commit ff934cfdc85a7b8ddb4bdebf9ab68d518bf68b7f)

apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"

EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't been documented, and the meaning has been
left undefined, until now.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20460)

(cherry picked from commit af99d55078582fb2ac35787043d56e0c10b1fe97)

fips: update DSA security check to fix legacy verify strengths

Refer SP 800-131Ar2 table 2:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final

Fixes #21185

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21186)

(cherry picked from commit 71cf587ea21c1422640847e358019a51806d2811)

crypto/params: drop float for UEFI

Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.

Avoid those problems by not compiling the related code for floating
point numbers.

Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21189)

fips: use memory ordering rather than locks

The FIPS provider accesses it's current state under lock.
This is overkill, little or no synchronisation is actually required in
practice (because it's essentially a read only setting). Switch to using
TSAN operations in preference.

Fixes #21179

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21187)

(cherry picked from commit 8e9ca334528e0a923c4deb0af250a60510974be0)

APPS: remove spurious errors when certain config file entries are not provided

This backports the functional essence of #20971.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21050)

(cherry picked from commit 1737fb8f455963b0956c81504a2bec4304bd902d)

rand_lib: RAND_poll: Reseed in non-"no-deprecated" builds.

In a non-"no-deprecated" libcrypto build with a default configuration,
RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to
the RAND_seed call (used in "no-deprecated" builds) to perform a reseed.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21167)

(cherry picked from commit cc343d047c147e0a395fb101efbe9dedf458aa17)

X509_NAME_cmp fix for empty name

CLA: trivial

Fixes #21156

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21155)

(cherry picked from commit ec59752835f616860cd9451d6cfcea16bfc3ad05)

INSTALL: document shared library pinning for static builds

The libcrypto library uses shared library pinning to prevent its
cleanup handlers from crashing at program termination because of a
premature unloading of the shared library.

However, shared library pinning is enabled also for static builds,
which may lead to surpising behaviour if libcrypto is linked
statically to a shared third-party library, because in this case
the third-party library gets pinned.

This surprising behaviour is caused by the fact that the `no-shared`
configure option does not imply `no-pinshared`. Since this quirk
can't be changed without potentially breaking existing code, we just
document it here and provide a workaround.

Fixes #20977

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20985)

(cherry picked from commit ce451fb86141fedad607bd68840639b06616047e)

Fix incorrect ERR_raise() calls

A few ERR_raise() calls in v3_purp.c use the wrong library. For example,
in OpenSSL 3.1.1 we get

00000000:error:0580009E:x509 certificate routines:ossl_x509v3_cache_extensions:reason(158):crypto/x509/v3_purp.c:635:

instead of

00000000:error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate:crypto/x509/v3_purp.c:635:

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21168)

(cherry picked from commit 959c150a1dcc4535c2d94ac6f3310566723911f1)

Set RC4 defines on libcrypto/liblegacy

Also add missing prototype for rc4_md5_enc.

Fixes #21150

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21153)

(cherry picked from commit 58e8af4cecd23dbea2e6b061ab68190b38d64145)

Cast the argument to unsigned char when calling isspace()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21151)

(cherry picked from commit 8a2e74d0536c91585fbe789e0ab7b06cab0289c2)

Cast the argument to unsigned char when calling isdigit()

Fixes #21123

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21127)

(cherry picked from commit 8229874476cc2955e6947cf6d3fee09e13b8c160)

Make link to RFC 1578 in CHANGES.md be a proper link

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21130)

(cherry picked from commit 18f82df5b14b3fba078c6c5f0f4a0bb8eee6c954)

doc: note that out ChaCha20 isn't standard compliant.

Fixes #21095

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21098)

(cherry picked from commit c69756e7a0133b67df50525e89206c9cc4a7d2b8)

Don't take a write lock to retrieve a value from a stack

ossl_x509_store_ctx_get_by_subject() was taking a write lock for the
store, but was only (usually) retrieving a value from the stack of
objects. We take a read lock instead.

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)

(cherry picked from commit 80935bf5ad309bf6c03591acf1d48fe1db57b78f)

Avoid an unneccessary lock if we didn't add anything to the store

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)

(cherry picked from commit 50001e0e15d4a96213c2eea7c56f80087afa89fd)

Fix documentation where openssl-genrsa is listed as deprecated since OpenSSL 3.0

openssl-genrsa is not deprecated however the OpenSSL documentation
states that it is the case from OpenSSL 3.0. This has been fixed in the
documentation, specifically in manpage 1.

Fixes #21055

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21059)

(cherry picked from commit 4ad2dd43d0959b850c06c5a681d34aeb78d7c4b9)

CMS_ContentInfo_free(): fix mem leak on encrypted content key

Fixes #21026

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21058)

(cherry picked from commit 7a1857483938b6b6eec5b8760c68c71a71296cd2)

SMIME_crlf_copy(): check for NULL pointer arguments

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21058)

(cherry picked from commit 23450cfb9204615e97467e8be6a709141523a59e)

Ignore the fetch error when a legacy algorithm is found

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21035)

(cherry picked from commit cb1f87f59d0b290eca9207ec4ef36d8073e6feec)

doc: update FIPS provider version information

With 3.0.8 validated, we need to note this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21049)

(cherry picked from commit 73f59aa8ebee4231ef8d4072b474974c571efb96)

Compute RSA-PSS algorithm params in libcrypto for legacy

Fixes regression of RSA signatures for legacy keys caused
by quering the provider for the algorithm id with parameters.

Legacy keys do not have a method that would create the
algorithm id. So we revert to what was done in 3.0.7 and
earlier versions for these keys.

Fixes #21008

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21019)

(cherry picked from commit 3410a72dce57651e08d5d2143409cde0205a8f3b)

Fix arm64 asm code back compatible issue with gcc 4.9.4

Fix: #20963

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20967)

(cherry picked from commit 09bd0d05a6ab9eb4965763c100edf9b86ae03d2b)

Bump actions/setup-python from 4.6.0 to 4.6.1

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21047)

(cherry picked from commit a1c8edcfc907a84d2595bc52ea7a43f4b33c7339)

When we're just reading EX_CALLBACK data just get a read lock

The crypto_ex_data code was always obtaining a write lock in all functions
regardless of whether we were only reading EX_CALLBACK data or actually
changing it. Changes to the EX_CALLBACK data are rare, with many reads so
we should change to a read lock where we can.

We hit this every time we create or free any object that can have ex_data
associated with it (e.g. BIOs, SSL, etc)

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20943)

(cherry picked from commit 6d15357aeb893c6e8b4c7a8188c18f4db54c0612)

Prepare for 3.1.2

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Prepare for release of 3.1.1

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate

OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes otc/security#96
Fixes CVE-2023-2650

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

x509: Handle ossl_policy_level_add_node errors

The invocation of ossl_policy_level_add_node in tree_calculate_user_set
did not have any error handling. Add it to prevent a memory leak for the
allocated extra policy data.

Also add error handling to sk_X509_POLICY_NODE_push to ensure that if
a new node was allocated, but could not be added to the stack, it is
freed correctly.

Fix error handling if tree->user_policies cannot be allocated by
returning 0, indicating failure, rather than 1.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21040)

(cherry picked from commit 95a8aa6dc0e283b1560dd3258d2e9115c02659b1)

x509: Fix possible use-after-free when OOM

ossl_policy_level_add_node() first adds the new node to the level->nodes
stack, and then attempts to add extra data if extra_data is true. If
memory allocation or adding the extra data to tree->extra_data fails,
the allocated node (that has already been added to the level->nodes
stack) is freed using ossl_policy_node_free(), which leads to
a potential use after free.

Additionally, the tree's node count and the parent's child count would
not be updated, despite the new node being added.

Fix this by either performing the function's purpose completely, or not
at all by reverting the changes on error.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21040)

(cherry picked from commit de53817ec386ea9e943d8f33716945dd9dbe1f31)

Add missing CHANGES.md entries

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21057)

Replace __attribute__((malloc)) with __attribute__((__malloc__)) in macros.h

Fix macro attribute conflict with cmocka
Fixes #20776

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20869)

(cherry picked from commit 0bf7e94c10f1b00510b8a36cdcbedc02a66468be)

Clarify how to return string data

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21004)

(cherry picked from commit eab96453bb145cde8e447f420a4ba099a5fa7004)

Fix a bug where the result of rehash is unstable

The root cause is that the file entries targeted for rehash are not actually sorted.
Sort was skipped because the compare function was null.
So a compare function has been implemented to allow file entries to be sorted.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21013)

(cherry picked from commit 31c94b5e1159b5435b2354e6525355ec33683ecc)

Fix incorrect parameter verification in EVP_MD_CTX_get_params

Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21022)

(cherry picked from commit b501df3cefebcdaaeb7d6480b7a7b82d68927873)

doc/fingerprints.txt: Add the OpenSSL OMC PGP key fingerprint

We want to move to using this key for tarball and announcement signatures.
It won't happen immediately, though, as we must have it specified in the
latest update of each release branch, so people can verify properly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21015)

(cherry picked from commit f925bfebbb287321133b9251e72bee869a0f58b4)

If oaep_md is not initialized, correctly initialize it

Fixes #20993

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20994)

(cherry picked from commit c5aa719502f1ef456b27347e5f7b15c07817da4e)

fips.module.sources: Add missing cpuid and related .c sources for other architectures

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)

(cherry picked from commit c509c040223aebd2a681fb64b60177c3c21f76d1)

Add information on the 'ias' port for OpenVMS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)

(cherry picked from commit d500f04400d0acc83fe5270da860764a7d19deee)

Update VMS configurations

A native x86_64 C compiler has appeared.

We preserve the previous config target with a new name to indicate that it's
for cross compilation, at least for the time being.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)

(cherry picked from commit d6175dcca746f0996db18ab2b6b37a4152097afe)

Update hkdf.c to avoid potentially vulnerable code pattern

The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.

This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.

It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)

(cherry picked from commit 56a51b5a1ecd54eadc80bed4bfe5044a340787c1)

Fix stack corruption in ui_read

This is an alternative to #20893

Additionally this fixes also a possible issue in UI_UTIL_read_pw:

When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)

(cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)

Fixed EVP_PKEY_CTX_set_ec_paramgen_curve_nid() for SM2 in ENGINEs

The CTRL translation is missing for SM2 key types.

Fixes #20899
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20900)

(cherry picked from commit 43d5dac9d00ac486823d949f85ee3ad650b62af8)

CMP client: fix checking new cert enrolled with oldcert and without private key

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)

(cherry picked from commit e0f1ec3b2ec1b137695abc3199a62def5965351f)

CMP client: fix error response on -csr without private key, also in docs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)

(cherry picked from commit 2d6585986f3b754750b25e7a296a08e7129a5320)

apps/openssl.cnf: fix reference to insta.ca.crt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)

(cherry picked from commit 14ca1b6f4694ad27b1163bcafda1683f4dd05a30)

provider: return error if buf too small when getting ec pubkey param

Fixes #20889

There was an incorrect value passed to EC_POINT_point2oct() for the
buffer size of the param passed-in.

Added testcases.

Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20890)

(cherry picked from commit 91070877adb905f51eb4b19b730d42fc257bae13)

Fix typos found by codespell

Fix only typos in doc/man* for inclusion in 3.* branches.

Other typos have been fixed in a different commit.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20924)

(cherry picked from commit 9a271795f84eb5402ce1ecfbcfd21392ad1560d0)

Clarify documentation of SSL_SESSION_dup

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20848)

(cherry picked from commit 25bab273ccc9b517cc4c1783950e3f95421cb570)

Clear ownership when duplicating sessions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20848)

(cherry picked from commit 9fdf9a44bbe3827fe653165a07281ccae8ab0947)

Fixed TLS1.3 handshake issue for legacy engine API.

Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20922)

(cherry picked from commit be6497aa208948c960a28363bac98a429677bd9d)

CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFO

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)

(cherry picked from commit 20d4dc8898edc12806ead2100ac09b907662aff6)

CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)

Fixes #20031

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)

(cherry picked from commit 30b9a6ec89d97152b5a564b3acf3a94ee57185a7)

Fix a typo found by codespell in a Makefile variable

I have no experience with building on Windows, so I don't know the
effect of fixing this typo. I guess that this will fix a bug at worst.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20911)

(cherry picked from commit e5a054b7fcafc98a1dbf4358da390dc6e7759de5)

DLTS → DTLS

Fix a typo that is confusing for newcomers.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20909)

(cherry picked from commit 2913b5c09fcc4e5d493589ded2c22a3116127ed0)

Fix memory leak in engine_cleanup_add_first()

Fixes #20870

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20880)

(cherry picked from commit 8c63b14296f117b07781509ced529a8955d78fb9)

aes-gcm-armv8_64 asm support bigdian

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20489)

(cherry picked from commit 32344a74b7ee2693a5bfda361c40ec60ab5be624)

Prevent a fuzzing timeout in the conf fuzzer

The fuzzer was creating a config file with large numbers of includes
which are expensive to process. However this should not cause a security
issue, and should never happen in normal operation so we can ignore it.

Fixes ossfuzz issue 57718.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20839)

(cherry picked from commit 5f3adf396b06ee3b81938468995e69cff4ca64d1)

Fix the padlock engine

... after it was broken for almost 5 years,
since the first 1.1.1 release.
Note: The last working version was 1.1.0l release.

Fixes #20073

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20146)

(cherry picked from commit 849ed515c7838943eab42de5c29d6a1f91079a11)

Fix broken links on asym_cipher manpages

Links were missing starting tags

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20729)

(cherry picked from commit 010333be5362a07508888124c83efac35b28760f)

Add negative integer check when using ASN1_BIT_STRING

The negative integer check is done to prevent potential overflow.
Fixes #20719.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20862)

(cherry picked from commit 1258a8e4361320cd3cfaf9ede692492ce01034c8)

rand: trust user supplied entropy when configured without a random source

Fixes #20841

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20843)

(cherry picked from commit 56547da9d3fa24f54b439497d322b12beb004c80)

param->ctrl translation: Fix evp_pkey_ctx_setget_params_to_ctrl()

Ensure that ctx.ctrl_cmd defaults to translation->cmd_num

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)

(cherry picked from commit 1009940c14716ac03d5f161bdb4ae626ec6fe729)

param->ctrl translation: Fix fix_ec_paramgen_curve_nid()

This function didn't prepare space to get the param string, which causes
the default_fixup_args() call to fail.

Fixes #20161

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)

(cherry picked from commit ac52fe5f5ae7a1d062f09adab7744e3a3b2ddbcf)

Avoid generating RSA keys with p < q

We swap p and q in that case except when ACVP tests are being run.

Fixes #20823

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20833)

(cherry picked from commit dc231eb598460aec239c7f597f560bca47d9f72a)

fix md5 bug on aarch64 big-endian plantform.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20829)

(cherry picked from commit 004bd8f97d11bb7ac5f2de89f7060e03222b60fe)

Improve documentation of -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3 options

Fixes #19014

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20834)

(cherry picked from commit 06565f36e78e6155834875ad544bb48838a812e4)

http proxy handling: Use ossl_safe_getenv() instead of getenv()

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20810)

(cherry picked from commit e7cbb09fdf8d835bd0d88b4b288edfd525be569c)

ASN1_OCTET_STRING_new() calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20838)

(cherry picked from commit 26f0150fce64dd878b77eddc4504fd441cbdef87)