Richard Levitte [Mon, 23 Aug 2021 07:06:10 +0000 (09:06 +0200)]
Building: For the FIPS module checksum, keep track of configuration,h
The FIPS module checksum needs to know that configuration.h is
generated from configuration.h.in, so that information is conserved.
To make this possible, it's now possible to have attributes with the
GENERATE keyword, and the attribute "skip" is added to make a keyword
a no-op, which makes it informative only.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/16378)
Richard Levitte [Mon, 23 Aug 2021 06:54:37 +0000 (08:54 +0200)]
Configuration: produce include/openssl/configuration.h when configuring
The goal is to avoid having too much of the OpenSSL source rebuilt
because include/openssl/configuration.h, or even because it was a
Makefile target that was called upon (some make implementations
consider the use of a target as an update of that target, even if it
wasn't really updated).
To resolve this, we move the production of include/openssl/configuration.h
to configdata.pm, and only update it if there were any actual changes.
Fixes #16377
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/16378)
Richard Levitte [Mon, 23 Aug 2021 06:48:02 +0000 (08:48 +0200)]
Configuration: only produce a new configdata.pm if it has changed contents
The goal is to avoid having too much of the OpenSSL source rebuilt
because configdata.pm got a new time stamp. The conditions for
updating configdata.pm are now:
1. its time stamp is older than Configure's, or...
2. its contents has changed.
Fixes #16377
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/16378)
Pauli [Fri, 20 May 2022 00:15:55 +0000 (10:15 +1000)]
performance: improve ossl_lh_strcasehash
This improvement seems to roughly halve the time it takes to run the
ossl_lh_strcasehash function.
It should have no impact on the strings we hash and search for often (algorithm
names, property strings).
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18354)
Tomas Mraz [Thu, 19 May 2022 09:38:23 +0000 (11:38 +0200)]
Drop ossl_namemap_add_name_n() and simplify ossl_namemap_add_names()
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18341)
Tomas Mraz [Wed, 18 May 2022 14:45:20 +0000 (16:45 +0200)]
ossl_namemap_name2_num: Avoid unnecessary OPENSSL_strndup().
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18341)
Joshua Arnott [Mon, 16 May 2022 17:53:18 +0000 (18:53 +0100)]
openssl-ca.pod.in: Minor grammar fix
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18324)
Richard Levitte [Thu, 12 May 2022 07:21:15 +0000 (09:21 +0200)]
mdl: Don't enforce one space after list markers
Common markdown styles usually show 4-column indents to separate the
list marker and the list item text. That's a common template for
writing new markdown files.
On the other hand, we do have some files (such as CHANGES.md) where we
use a different style.
From a markdown perspective, both are perfectly OK, and there's no
reason to enforce either.
Therefore, the best thing is to exclude this particular rule.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18297)
Henry Brausen [Fri, 28 Jan 2022 08:57:54 +0000 (01:57 -0700)]
Add BSWAP4/BSWAP8 routines for riscv64 with Zbb
These routines make use of the rev8 instruction in the Zbb extension
to accelerate byte-swapping when OpenSSL is built specifically for
a machine that supports Zbb.
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
Henry Brausen [Fri, 28 Jan 2022 08:53:07 +0000 (01:53 -0700)]
Add clmul-based gmult for riscv64 with Zbb, Zbc
ghash-riscv64.pl implements 128-bit galois field multiplication for
use in the GCM mode using RISC-V carryless multiplication primitives.
The clmul-accelerated routine can be selected by setting the Zbb and
Zbc bits of the OPENSSL_riscvcap environment variable at runtime.
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
Henry Brausen [Fri, 28 Jan 2022 08:28:52 +0000 (01:28 -0700)]
Add basic RISC-V cpuid and OPENSSL_riscvcap
RISC-V cpuid implementation allows bitmanip extensions Zb[abcs] to
be enabled at runtime using OPENSSL_riscvcap environment variable.
For example, to specify 64-bit RISC-V with the G,C,Zba,Zbb,Zbc
extensions, one could write: OPENSSL_riscvcap="rv64gc_zba_zbb_zbc"
Architecture string parsing is still very primitive, but can be
expanded in the future. Currently, only bitmanip extensions Zba, Zbb,
Zbc and Zbs are supported.
Includes implementation of constant-time CRYPTO_memcmp in riscv64 asm,
as well as OPENSSL_cleanse. Assembly implementations are written using
perlasm.
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
Henry Brausen [Fri, 28 Jan 2022 08:13:04 +0000 (01:13 -0700)]
Add AES implementation in generic riscv64 asm
This implementation is based on the four-table approach, along the same
lines as the non-constant-time implementation in aes_core.c The
implementation is in perlasm.
Utility functions are defined to automatically stack/unstack registers
as needed for prologues and epilogues. See riscv-elf-psabi-doc at
https://github.com/riscv-non-isa/riscv-elf-psabi-doc/ for ABI details.
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
Randall S. Becker [Mon, 16 May 2022 22:57:45 +0000 (16:57 -0600)]
Prepare NonStop for fixed-size integer types.
This commit removes platform defines the interfere with loading and resolution
of platform and memory model variants of integer types and includes the
appropriate files, stdint.h and sys/types.h where the types are defined.
Fixes #17669
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18325)
Pauli [Tue, 17 May 2022 00:58:10 +0000 (10:58 +1000)]
Fix coverity
1504433: unchecked return value
Just extending the comment so coveriety knows as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18326)
Hugo Landau [Fri, 13 May 2022 12:11:44 +0000 (13:11 +0100)]
Use --release in dev/release.sh
Fixes #18243.
Fixes #18242.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18305)
Thomas Bellebaum [Tue, 17 May 2022 11:42:05 +0000 (13:42 +0200)]
Documentation: X509_V_ERR_CERT_CHAIN_TOO_LONG is not unused
The Error `X509_V_ERR_CERT_CHAIN_TOO_LONG` is not unused. See e.g. here:
https://github.com/openssl/openssl/blob/
598bd7741568a1aae678e5472f18aae1ab991e8d/crypto/x509/x509_vfy.c#L3318-L3319
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18330)
Hubert Kario [Fri, 6 Aug 2021 11:39:32 +0000 (13:39 +0200)]
add tests for PBKDF2 with SHA-3
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16237)
Hubert Kario [Thu, 5 Aug 2021 20:41:11 +0000 (22:41 +0200)]
add support for SHA-3 based PRF to PBES2
As there are no limitations for HMACs used in PBKDF2 inside PBES2,
as more specifically the SHA-3 hashes are drop-in replacements for
SHA-2 hashes, we can easily add support for SHA-3 here.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16237)
Dmitry Belyavskiy [Thu, 12 May 2022 15:52:21 +0000 (17:52 +0200)]
Missing changes entry about OPENSSL_str[n]casecmp
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18302)
Bernd Edlinger [Mon, 16 May 2022 05:06:42 +0000 (07:06 +0200)]
Fix KTLS with BIO_new_connect
When a socket connection is done using BIO_new_connect,
the ktls_enable is done too early, and fails with ENOTCONN.
Therefore the KLTS ioctl will fail later with ENOPROTOOPT.
Fix that by doing the ktls_enable after the connection
succeeded, not when the socket is created as that will
always fail.
One example where this happens is doit_localhost in
test/ssl_old_test.c, and therefore, contrary to the expectation
the -client_ktls option did never enable the client KTLS
connection, but this was not noticed, because there was no
diagnostic output, and it was only visible with strace output.
Also enhanced the ssl_old_test -client_ktls/-server_ktls
options together with -v option to print a summary line
if and how KTLS was negotiated in server and client.
While I am already there adjusted the usage info of
the -s_cert, -s_key commands, and allow -time to print the
timings of ktls connections.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18318)
Tomas Mraz [Tue, 26 Apr 2022 07:42:01 +0000 (09:42 +0200)]
Fix BIO_get_ktls_send/recv to return 0 or 1 only
Fixes #18176
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/18178)
Zhou Qingyang [Fri, 8 Apr 2022 13:43:37 +0000 (21:43 +0800)]
Add return value check of EVP_PKEY_copy_parameters () in ssl_set_cert_and_key()
It seems the return value of EVP_PKEY_copy_parameters() in
ssl_set_cert_and_key(), and could lead to null pointer dereference in
EVP_PKEY_eq() function.
However those functions are complicated and this fix is suggested by
a static analyzer, so please advise.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18071)
Daniel Fiala [Tue, 10 May 2022 12:39:19 +0000 (14:39 +0200)]
mkdef.pl: Add cmd-line flag to differentiate shared libs and DSO.
Fixes openssl#16984.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18284)
Tomas Mraz [Tue, 10 May 2022 15:22:24 +0000 (17:22 +0200)]
Always try locale initialization from OPENSSL_strcasecmp
Fixes #18172
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
Tomas Mraz [Tue, 10 May 2022 15:00:26 +0000 (17:00 +0200)]
Add fallback in case of locale initialization failure
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
Tomas Mraz [Tue, 10 May 2022 14:46:35 +0000 (16:46 +0200)]
Avoid code duplication for locale initialization
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
Tomas Mraz [Tue, 10 May 2022 14:31:20 +0000 (16:31 +0200)]
Move OPENSSL_strcasecmp() and related to o_str.c
Otherwise the implementation is unnecessarily duplicated in legacy.so.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
Tomas Mraz [Thu, 5 May 2022 10:35:11 +0000 (12:35 +0200)]
Include the e_os.h before string.h
Fixes #18244
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
Tomas Mraz [Wed, 4 May 2022 14:58:06 +0000 (16:58 +0200)]
Fix build on OPENSSL_SYS_TANDEM and older POSIXes
It also allows for passing -DOPENSSL_NO_LOCALE as a workaround
to ./Configure command.
Fixes #18233
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
Tomas Mraz [Tue, 10 May 2022 13:40:58 +0000 (15:40 +0200)]
int_ctx_new(): Revert extra OPENSSL_init_crypto() call
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
Tomas Mraz [Mon, 9 May 2022 11:57:11 +0000 (13:57 +0200)]
Always try to construct methods as new provider might be added
Otherwise optional properties can be incorrectly ignored.
Fixes #18262
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18269)
Tomas Mraz [Mon, 9 May 2022 11:23:10 +0000 (13:23 +0200)]
Add test for query invalidation after new provider added
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18269)
Keith W. Campbell [Wed, 13 Apr 2022 22:14:33 +0000 (18:14 -0400)]
Add quotes around perl scripts
Otherwise, it seems nmake doesn't invoke perl properly.
Signed-off-by: Keith W. Campbell <keithc@ca.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18215)
Hongren (Zenithal) Zheng [Mon, 9 May 2022 11:42:39 +0000 (19:42 +0800)]
Make IV/buf in prov_cipher_ctx_st aligned
Make IV/buf aligned will drastically improve performance
as some architecture performs badly on misaligned memory
access.
Ref to
https://gist.github.com/ZenithalHourlyRate/
7b5175734f87acb73d0bbc53391d7140#file-2-openssl-long-md
Ref to
openssl#18197
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18267)
Henry Brausen [Fri, 28 Jan 2022 08:12:38 +0000 (01:12 -0700)]
Add riscv64 asm_arch to linux64-riscv64 target
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18275)
Pauli [Fri, 6 May 2022 06:59:26 +0000 (16:59 +1000)]
bn_nist: fix strict aliasing problem
As of clang-14 the strict aliasing is causing code to magically disappear.
By explicitly inlining the code, the aliasing problem evaporates.
Fixes #18225
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18258)
Dr. Matthias St. Pierre [Tue, 29 Mar 2022 19:50:21 +0000 (21:50 +0200)]
err: get rid of err_free_strings_int()
Even though the function is not part of the public api, it is not
entirely removed, in order to minimize the chance of breakage,
because it is exported from libcrypto. Instead, we keep a dummy
implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17974)
Dr. Matthias St. Pierre [Mon, 28 Mar 2022 09:47:55 +0000 (11:47 +0200)]
err: fix crash in ERR_load_strings() when configured with no-err
This commit removes the entire initialization and cleanup of the
error string hash table (`int_error_hash`) if `no-err` is configured.
The only operative function remaining is `ERR_get_next_error_library()`.
That is the reason why the `err_string_lock` and hence the
`do_err_strings_init()` function can't be removed entirely.
Fixes #17971
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17974)
basavesh [Sun, 3 Apr 2022 14:04:53 +0000 (16:04 +0200)]
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18033)
Max Bachmann [Fri, 6 May 2022 10:09:27 +0000 (12:09 +0200)]
remove legacy VxWorks workaround
The same workaround was already removed in sockets.h
in
5c8b7b4caa0faedb69277063a7c6b3a8e56c6308
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18260)
Benjamin Kaduk [Mon, 2 May 2022 17:40:57 +0000 (10:40 -0700)]
evp_md: assert digest is provided for algctx reuse
When reusing an algctx (it was always freed on reinitialization,
prior to #18105), assert that the associated digest is provided.
We implicitly rely on this for algctx reuse to be safe (since
an implicit fetch could potentially change the digest object used,
including provider, which accordingly could change the layout of the
algctx object.
From code inspection, this is currently always the case -- the only
way to set an algctx requires the provider to be set, and the only
ways to change or remove a provider without destroying the entier
EVP_MD_CTX will also free the algctx. Adding an assertion will help
ensure that this remains true as the code evolves.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18224)
Tomas Mraz [Thu, 5 May 2022 06:11:24 +0000 (08:11 +0200)]
EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init strcasecmp
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18247)
Dimitry Andric [Thu, 5 May 2022 14:23:16 +0000 (16:23 +0200)]
Correct padding mode flag name for EVP_PKEY_decrypt/encrypt() examples
The example code in EVP_PKEY_decrypt(3) and EVP_PKEY_encrypt(3) and uses
a nonexistent padding mode `RSA_OAEP_PADDING`, which should be
`RSA_PKCS1_OAEP_PADDING` instead.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18255)
Ahmed JELIJLI [Thu, 5 May 2022 09:33:25 +0000 (11:33 +0200)]
doc: Fix RSA public key parameters
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18253)
Tomas Mraz [Thu, 5 May 2022 12:45:23 +0000 (14:45 +0200)]
Add a testcase for OSSL_PROVIDER_unload() being fully effective
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18254)
slontis [Wed, 4 May 2022 02:04:43 +0000 (12:04 +1000)]
Add documentation for key validation that indicates the difference between the
EVP_PKEY_XXX_check() calls for the default and fips providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18235)
Max Bachmann [Thu, 5 May 2022 07:56:10 +0000 (09:56 +0200)]
Exclude IPv6 code using OPENSSL_USE_IPV6 instead of AF_INET6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18250)
Nathan Sidwell [Mon, 25 Apr 2022 17:50:36 +0000 (10:50 -0700)]
Header file cleanup for C++20 header-units
C++20 adds 'header units' as a stepping-stone to modules. Header
units are regular header-files that have a 'self-contained' property
-- they do not require previously-included headers to provide typedefs
and what not.
This addresses 2 problems discovered when using clang modules (as a
proxy for C++20 header-units).
a) Some headers that pay attention to OPENSSL_NO_STDIO to determine
whether to declare certain FILE*-taking functions do not #include
<stdio.h> themselves, relying on their includer already having done
that. That breaks the above mentioned encapuslation requirement.
Fixed by conditionally including stdio.h in those headers. I chose to
always include stdio.h in such headers, even when they included
another such header that transitively included stdio. That way they
do not rely on an artifact of that intermediate header's behaviour.
b) Some headers have #includes inside 'extern "C" { ... }' regions.
That has a bad code-smell, but GCC and clang have extensions to permit
it with implementation-defined effects. Clang needs annotation on the
included files to know that they themselves are entirely inside a
similar region. GCC behavesq as-if there's an extern "C++" region
wrapping the included header (which must therefore wrap its contents
in extern "C", if that is what it wants. In effect the includer's
extern "C" region is just misleading. I didn't audit all the headers
for this, only those I noticed when addressing #a.
\#a is necessary to build the headers as a set of clang-modules. #b
is not necessary, but as I mentioned, avoids potentially
implementation-defined behaviour.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18221)
Pauli [Wed, 16 Mar 2022 03:30:03 +0000 (14:30 +1100)]
Fix Coverity
1201740 &
1201712: uninitialised values
These are both false positives since the `d` array is initialised by
the `DES_cfb_encrypt()` call via the `l2cn` macro. Rather than ignoring them
and having them crop up later, it's easier to just add an initialiser.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17894)
Pauli [Fri, 6 May 2022 07:55:01 +0000 (17:55 +1000)]
Update GOST engine
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
Pauli [Fri, 6 May 2022 00:42:16 +0000 (10:42 +1000)]
doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
Pauli [Wed, 4 May 2022 03:01:35 +0000 (13:01 +1000)]
tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above
This is in line with the NEWS entry (erroneously) announcing such for 3.0.
Fixes #18194
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
Bernd Edlinger [Thu, 5 May 2022 08:07:41 +0000 (10:07 +0200)]
Update .gitignore
add /test/evp_pkey_ctx_new_from_name
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18251)
Daniel Fiala [Thu, 28 Apr 2022 11:35:40 +0000 (13:35 +0200)]
s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18154)
Pauli [Fri, 1 Apr 2022 01:27:15 +0000 (12:27 +1100)]
Fix Coverity
1503322,
1503324,
1503328 memory accesses
These are all false positives result from Coverity not understanding our
up_ref and free pairing.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)
Pauli [Fri, 1 Apr 2022 01:20:26 +0000 (12:20 +1100)]
Fix Coverity
1503325 use after free
Another reference counting false positive, now negated.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)
Pauli [Fri, 1 Apr 2022 01:18:44 +0000 (12:18 +1100)]
Fix Coverity
1503329 use after free
Another false positive tagged as such
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)
Pauli [Fri, 1 Apr 2022 01:12:07 +0000 (12:12 +1100)]
Fix coverity
1503330 use after free
This is a false positive resulting from confusion over up_ref/free.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)
philippe lhardy [Mon, 25 Apr 2022 17:42:16 +0000 (19:42 +0200)]
fix for sslecho in demos echoing garbage #18165
- getline does set &txbufp content at return, make sure it can be done.
- fixes warning 'passing argument 1 of ‘getline’ from incompatible pointer type'
- remove OPENSSL_free on non allocated fixed size array
- fixes 'free(): invalid pointer'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18177)
Pauli [Wed, 4 May 2022 01:26:02 +0000 (11:26 +1000)]
Correct NEWS entry about required security level for old versions of TLS, DTLS and SSL
The entry was incorrect because suites using RSA key exchange without SHA1
were permitted at security level 1.
Partial fix for #18194
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18234)
(cherry picked from commit
3226a37a4875567f2bf49aa44a727bcb67bb7dcd)
Pauli [Wed, 4 May 2022 04:54:13 +0000 (14:54 +1000)]
Remove the _fetch_by_number functions
These functions are unused and untested. They are also implemented rather
inefficiently. If we ever needed them in the future, they'd almost surely
need to be rewritten more efficiently.
Fixes #18227
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18237)
Richard Levitte [Wed, 4 May 2022 07:15:29 +0000 (09:15 +0200)]
Add method store cache flush and method removal to non-EVP operations
evp_method_store_flush() and evp_method_store_remove_all_provided()
only cover EVP operations, but not encoders, decoders and store loaders.
This adds corresponding methods for those as well. Without this, their
method stores are never cleaned up when the corresponding providers are
deactivated or otherwise modified.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
Richard Levitte [Fri, 29 Apr 2022 06:08:06 +0000 (08:08 +0200)]
For child libctx / provider, don't count self-references in parent
In child library contexts, which contain child "clones" of the
providers the application has in store, one of these children will
always be the provider that creates the child library context; let's
call them self-refering child providers.
For these self-refering child providers, we don't increment the parent
provider reference count, nor do we free the parent provider, as those
become self defeating and hinder the teardown and unloading process
when the application cleans up.
For non self-refering child providers, we must retain this propagation
of reference count to the parent, so that aren't torn down too early,
i.e. when there's still a "foreign" reference (fetched algorithm).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
Richard Levitte [Mon, 25 Apr 2022 05:22:27 +0000 (07:22 +0200)]
Complete the cleanup of an algorithm in OSSL_METHOD_STORE
The `alg_cleanup` didn't properly clear the OPENSSL_SA leaf that it
had just freed the contents of. Fortunately, `ossl_sa_ALGORITHM_doall_arg()`
allows us to pass the store pointer itself as an extra argument, which
allows a modified `alg_cleanup` to complete the job.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
Richard Levitte [Fri, 22 Apr 2022 14:44:51 +0000 (16:44 +0200)]
Make it possible to remove methods by the provider that provides them
This adds ossl_method_store_remove_all_provided(), which selectively
removes methods from the given store that are provided by the given
provider.
This also adds the EVP specific evp_method_store_remove_all_provided(),
which matches ossl_method_store_remove_all_provided() but can also
retrieve the correct store to manipulate for EVP functions.
This allows us to modify ossl_provider_self_test() to do the job it's
supposed to do, but through clearly defined functions instead of a
cache flushing call that previously did more than that.
ossl_provider_deactivate() is also modified to remove methods associated
with the deactivated provider, and not just clearing the cache.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
Richard Levitte [Fri, 22 Apr 2022 09:00:36 +0000 (11:00 +0200)]
Don't empty the method store when flushing the query cache
When evp_method_store_flush() flushed the query cache, it also freed
all methods in the EVP method store, through an unfortunate call of
ossl_method_store_flush_cache() with an argument saying that all
methods should indeed be dropped.
To undo some of the confusion, ossl_method_store_flush_cache() is
renamed to ossl_method_store_cache_flush_all(), and limited to do
only that. Some if the items in the internal ALGORITHM structure are
also renamed and commented to clarify what they are for.
Fixes #18150
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
Richard Levitte [Wed, 20 Apr 2022 16:34:09 +0000 (18:34 +0200)]
Refactor method construction pre- and post-condition
The existing pre- and post-condition functions are supposed to check if
methods have already been created and stored, using provider operation
bits. This is supposed to only be done for "permanent" method stores.
However, the way the pre-condition was called, it could not know if the
set of implementations to be stored is likely to end up in a "permanent"
or a temporary store. It needs access to the |no_store| flag returned
by the provider's operation query function, because that call was done
after the pre-condition was called.
This requires a bit of refactoring, primarly of |algorithm_do_this()|,
but also of |ossl_method_construct_precondition()|.
Fixes #18150
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
Richard Levitte [Wed, 20 Apr 2022 14:43:13 +0000 (16:43 +0200)]
Drop ossl_provider_clear_all_operation_bits() and all uses of it
This is a misused function, as it was called during query cache flush,
when the provider operation bits were meant to record if methods for a
certain operation has already been added to the method store.
Fixes #18150
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
Vita Batrla [Fri, 18 Mar 2022 21:02:50 +0000 (22:02 +0100)]
s_client -proxy / -starttls shouldn't be mutually exclusive
The option -proxy of openssl s_client works fine. The option
-starttls also works fine. However, try putting both of them
on command line. It breaks, these options don't work together.
The problem is that -proxy option is implemented using starttls_proto
(the option parsing code sets it to PROTO_CONNECT) and -starttls option
overwrites the same variable again based on argument value.
The suggested fix is to independently handle -proxy option before
-starttls so the s_client can connect through HTTP proxy server and
then use STARTTLS command.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17925)
Dr. David von Oheimb [Wed, 27 Apr 2022 17:07:46 +0000 (19:07 +0200)]
crmf_lib.c: Make sure Ed signature for POPO is called without digest
Fixes #18184
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18230)
Dr. David von Oheimb [Wed, 3 Mar 2021 19:10:34 +0000 (20:10 +0100)]
X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14417)
Dr. David von Oheimb [Tue, 15 Jun 2021 20:06:48 +0000 (22:06 +0200)]
objects.txt: Add newly registered OIDs according to CMP Updates, for use in extended CMPv2
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15778)
Daniel Fiala [Fri, 29 Apr 2022 07:33:49 +0000 (09:33 +0200)]
openssl: dhparam: Print warning if -in argument is ignored
Fixes: openssl#18146
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18206)
Pauli [Thu, 31 Mar 2022 22:59:49 +0000 (09:59 +1100)]
Fix Coverity
1503314 unchecked return value
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18013)
JHH20 [Mon, 2 May 2022 10:50:04 +0000 (19:50 +0900)]
Remove duplicated #include headers
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18220)
Tomas Mraz [Tue, 3 May 2022 12:57:08 +0000 (14:57 +0200)]
CHANGES.md: Attribute the OPENSSL_LH_flush() fix properly
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
Matt Caswell [Tue, 3 May 2022 10:52:38 +0000 (11:52 +0100)]
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
Matt Caswell [Tue, 26 Apr 2022 13:39:34 +0000 (14:39 +0100)]
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
Pauli [Mon, 2 May 2022 08:16:09 +0000 (18:16 +1000)]
Update Paul's pgp key signature
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18219)
Tomas Mraz [Tue, 26 Apr 2022 10:40:24 +0000 (12:40 +0200)]
c_rehash: Do not use shell to invoke openssl
Except on VMS where it is safe.
This fixes CVE-2022-1292.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Fri, 15 Apr 2022 09:22:59 +0000 (10:22 +0100)]
Fix the RC4-MD5 cipher
A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.
CVE-2022-1434
Fixes #18112
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 13 Apr 2022 15:47:35 +0000 (16:47 +0100)]
Test ocsp with invalid responses and the "-no_cert_checks" option
The "-no_cert_checks" option causes the flag OCSP_NOCHECKS to be set.
The bug fixed in the previous commit will cause the ocsp app to respond with
a success result in the case when the OCSP response signing certificate
fails to verify and -no_cert_checks is used - so we test that it fails in
this case.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 13 Apr 2022 15:36:54 +0000 (16:36 +0100)]
Fix OCSP_basic_verify signer certificate validation
The function `OCSP_basic_verify` validates the signer certificate on an OCSP
response. The internal function, ocsp_verify_signer, is responsible for this
and is expected to return a 0 value in the event of a failure to verify.
Unfortunately, due to a bug, it actually returns with a postive success
response in this case. In the normal course of events OCSP_basic_verify
will then continue and will fail anyway in the ocsp_check_issuer function
because the supplied "chain" value will be empty in the case that
ocsp_verify_signer failed to verify the chain. This will cause
OCSP_basic_verify to return with a negative result (fatal error). Normally
in the event of a failure to verify it should return with 0.
However, in the case of the OCSP_NOCHECKS flag being used, OCSP_basic_verify
will return with a positvie result. This could lead to callers trusting an
OCSP Basic response when it should not be.
CVE-2022-1343
Fixes #18053
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Daniel Hu [Mon, 7 Feb 2022 10:17:06 +0000 (10:17 +0000)]
Acceleration of chacha20 on aarch64 by SVE
This patch accelerates chacha20 on aarch64 when Scalable Vector Extension
(SVE) is supported by CPU. Tested on modern micro-architecture with
256-bit SVE, it has the potential to improve performance up to 20%
The solution takes a hybrid approach. SVE will handle multi-blocks that fit
the SVE vector length, with Neon/Scalar to process any tail data
Test result:
With SVE
type 1024 bytes 8192 bytes 16384 bytes
ChaCha20
1596208.13k
1650010.79k
1653151.06k
Without SVE (by Neon/Scalar)
type 1024 bytes 8192 bytes 16384 bytes
chacha20
1355487.91k
1372678.83k
1372662.44k
The assembly code has been reviewed internally by
ARM engineer Fangming.Fang@arm.com
Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17916)
Jonathan Swinney [Wed, 27 Oct 2021 16:50:30 +0000 (16:50 +0000)]
md5: add assembly implementation for aarch64
This change improves md5 performance significantly by using a hand-optimized
assembly implementation of the inner loop of md5 calculation. The instructions
are carefully ordered to separate data dependencies as much as possible.
Test with:
$ openssl speed md5
AWS Graviton 2
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
md5 46990.60k 132778.65k 270376.96k 364718.08k 405962.75k 409201.32k
md5-modified 51725.23k 152236.22k 323469.14k 453869.57k 514102.61k 519056.04k
+10% +15% +20% +24% +27% +27%
Apple M1
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
md5 74634.39k 195561.25k 375434.45k 491004.23k 532361.40k 536636.48k
md5-modified 84637.11k 229017.09k 444609.62k 588069.50k 655114.24k 660850.56k
+13% +17% +18% +20% +23% +23%
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16928)
Dmitry Belyavskiy [Fri, 29 Apr 2022 12:22:24 +0000 (14:22 +0200)]
Improving locale test
Fixes #18205
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18211)
Tomas Mraz [Thu, 28 Apr 2022 15:04:05 +0000 (17:04 +0200)]
fix_dh_paramgen_type: Avoid crash with invalid paramgen type
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18202)
Tomas Mraz [Wed, 13 Apr 2022 14:26:18 +0000 (16:26 +0200)]
evp_md_init_internal: Avoid reallocating algctx if digest unchanged
Fixes #16947
Also refactor out algctx freeing into a separate function.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18105)
Dr. David von Oheimb [Thu, 28 Apr 2022 13:35:13 +0000 (15:35 +0200)]
http_client.c: check expected content type only if HTTP status code is 200 (OK)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18204)
Dmitry Belyavskiy [Fri, 22 Apr 2022 17:26:08 +0000 (19:26 +0200)]
Testing the EVP_PKEY_CTX_new_from_name without preliminary init
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18199)
Dmitry Belyavskiy [Fri, 22 Apr 2022 16:16:56 +0000 (18:16 +0200)]
Ensure we initialized the locale before evp_pkey_name2type
Fixes #18158
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18199)
Richard Levitte [Tue, 26 Apr 2022 09:04:49 +0000 (11:04 +0200)]
Fix memleak in test/provider_test.c
This memory leak is triggered when configuring with 'no-legacy'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18179)
yavtuk [Mon, 11 Apr 2022 20:40:59 +0000 (23:40 +0300)]
Prefer .inst rather than .long for probe instructions in arm64cpuid.pl
Fixes an issue disassembling the functions because the symtab contains
an attribute indicating the presence of data within them.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18086)
Tomas Mraz [Thu, 21 Apr 2022 15:33:26 +0000 (17:33 +0200)]
poly1305: Properly copy the whole context on dup
Also reset the updated flag when Poly1305_Init is called.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18143)
Jan Engelhardt [Mon, 25 Apr 2022 08:51:00 +0000 (10:51 +0200)]
doc: replace "symmetric cipher" phrase in EVP_MD manpages
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18169)
Jon Spillett [Thu, 21 Apr 2022 06:49:04 +0000 (16:49 +1000)]
Prefer GNU library initialization mechanism over platform one
If GNU toolchain is used, use the __attribute__((constructor))
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18147)
Tomas Mraz [Thu, 21 Apr 2022 15:13:44 +0000 (17:13 +0200)]
Test that SipHash_Final() fails on uninited context
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18142)
Tomas Mraz [Thu, 21 Apr 2022 15:09:14 +0000 (17:09 +0200)]
siphash: Properly set mac size in sipcopy
Also fully duplicate the context on dup
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18142)
Tomas Mraz [Thu, 21 Apr 2022 15:07:40 +0000 (17:07 +0200)]
siphash: Fail finalization on uninitialized siphash context
Fixes #18140
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18142)
Mathias Berchtold [Sat, 23 Apr 2022 00:26:18 +0000 (19:26 -0500)]
Move ossl_deinit_casecmp to the end of OPENSSL_cleanup()
Calls like evp_cleanup_int() depend on OPENSSL_strcasecmp().
Fixes https://github.com/openssl/openssl/issues/18160
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18161)