James Muir [Sun, 16 Oct 2022 02:23:39 +0000 (22:23 -0400)]
Support all five EdDSA instances from RFC 8032
Fixes #6277
Description:
Make each of the five EdDSA instances defined in RFC 8032 --
Ed25519,
Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs.
The desired EdDSA instance is specified via an OSSL_PARAM.
All instances, except for
Ed25519, allow context strings as input.
Context strings are passed via an OSSL_PARAM. For Ed25519ctx, the
context string must be nonempty.
Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that
the full message (not a digest) must be passed to sign and verify
operations.
Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input
message is hashed before sign and verify.
Testing:
All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt
(thanks to Shane Lontis for showing how to do that). Those 21 test
vectors are exercised by evp_test.c and cover all five instances.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19705)
Pauli [Mon, 9 Jan 2023 00:25:55 +0000 (11:25 +1100)]
fips: make EdDSA unapproved for FIPS
Likewise for the related ECX key exchanges.
NIST is mandating this until FIPS 186-5 is finalised.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20020)
slontis [Wed, 11 Jan 2023 04:32:07 +0000 (14:32 +1000)]
Make RSA_generate_multi_prime_key() not segfault if e is NULL.
This is not a big problem for higher level keygen, as these set e
beforehand to a default value. But the logic at the lower level is
incorrect since it was doing a NULL check in one place but then
segfaulting during a later BN_copy().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20025)
zhangzhilei [Tue, 10 Jan 2023 08:32:08 +0000 (16:32 +0800)]
remove unused macro in rc2_local.h and rc5_local.h
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20015)
slontis [Tue, 20 Dec 2022 03:44:18 +0000 (13:44 +1000)]
SSKDF with KMAC should return SIZE_MAX when EVP_KDF_CTX_get_kdf_size()
is used.
Fixes #19934
The existing code was looking for the digest size, and then returned
zero.
The example code in EVP_KDF-SS.pod has been corrected to not use a
digest.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19935)
Nobuhiro IMAI [Tue, 10 Jan 2023 09:44:44 +0000 (18:44 +0900)]
fix manpage of `d2i_X509(3)`
* capitalize `X509_NAME`
* add missing suffixes to `i2d_TYPE`
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20016)
Tomas Mraz [Tue, 10 Jan 2023 17:00:59 +0000 (18:00 +0100)]
Do not check definition of a macro and use it in a single condition
The condition evaluation in #if conditions does not tolerate this
if the macro is not defined.
Fixes #19628
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20018)
Richard Levitte [Tue, 10 Jan 2023 07:27:44 +0000 (08:27 +0100)]
OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated
A zero BIGNUM contains zero bytes, while OSSL_PARAMs with an INTEGER (or
UNSIGNED INTEGER) data type are expected to have at least one data byte
allocated, containing a zero. This wasn't handled correctly.
Fixes #20011
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
Richard Levitte [Tue, 10 Jan 2023 11:22:39 +0000 (12:22 +0100)]
In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1
This way, we guarantee that a zero is represented with one byte of data
that's set to zero.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
Richard Levitte [Tue, 10 Jan 2023 06:50:24 +0000 (07:50 +0100)]
test/param_build_test.c: test zero BIGNUM
We also add tests where the zero bignum is the only parameter, to test what
that does with the allocated blocks that the OSSL_PARAM_BLD functionality
handles.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
H. Vetinari [Mon, 9 Jan 2023 04:53:48 +0000 (15:53 +1100)]
Add empty migration guide for 3.1
Fixes #19953
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20008)
slontis [Thu, 22 Dec 2022 08:52:17 +0000 (18:52 +1000)]
Doc: Update history section of EC_GROUP API's.
Fixes #8630
The remaining functions are at least as old as 0.9.8 so it is
not worth documenting this.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19956)
Nikhil Bisht [Thu, 22 Dec 2022 20:56:28 +0000 (02:26 +0530)]
Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19962)
Greg McLearn [Fri, 6 Jan 2023 08:40:04 +0000 (03:40 -0500)]
info.c: Fix typos in seed macro name and description string
Fixes: #19996
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20001)
Tomas Mraz [Thu, 3 Nov 2022 13:01:56 +0000 (14:01 +0100)]
rsaz_exp_x2.c: Remove unused ALIGN64 macro
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
Tomas Mraz [Thu, 3 Nov 2022 12:48:55 +0000 (13:48 +0100)]
rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasing
Fixes #19584
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
Tomas Mraz [Thu, 3 Nov 2022 12:26:22 +0000 (13:26 +0100)]
Revert "Fix an occasional CI failure due to unaligned access"
This reverts commit
8511520842b744d1794ea794c032ce5f78cd874b.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
Xu Yizhou [Thu, 15 Dec 2022 02:21:07 +0000 (10:21 +0800)]
Fix SM4 test failures on big-endian ARM processors
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19910)
zhangzhilei [Tue, 3 Jan 2023 11:12:35 +0000 (19:12 +0800)]
remove extra define for __NR_getrandom and add some comments
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19985)
Tomas Mraz [Wed, 21 Dec 2022 15:49:10 +0000 (16:49 +0100)]
Write SSL_R alerts to error state to keep updated strings
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19950)
Tomas Mraz [Thu, 22 Dec 2022 10:25:16 +0000 (11:25 +0100)]
80-test_cms.t: Fix rsapssSaltlen check on MinGW
Fixes #19907
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19957)
Tomas Mraz [Thu, 22 Dec 2022 10:26:14 +0000 (11:26 +0100)]
25-test_pkcs8.t: Make text comparison ignore extra CR characters
This is needed to pass the test on MinGW.
Fixes #19921
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19957)
slontis [Thu, 22 Dec 2022 02:01:02 +0000 (12:01 +1000)]
Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.
Fixes #9205
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19954)
Semen Zhydenko [Sun, 1 Jan 2023 21:50:11 +0000 (22:50 +0100)]
Fixed typos in documentation and comments
Fixed typo: accomodate -> accommodate
Fixed typo: analagous -> analogous
Fixed typo: auxilliary -> auxiliary
Fixed typo: eigth -> eighth
Fixed typo: explotation -> exploitation
Fixed typo: originaly -> originally
Fixed typo: simplier -> simpler
Fixed typo: sucessful -> successful
Fixed typo: recievers -> receivers
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19977)
dependabot[bot] [Thu, 22 Dec 2022 17:10:52 +0000 (17:10 +0000)]
Bump actions/setup-python from 4.3.1 to 4.4.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.1...v4.4.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19961)
Tomas Mraz [Thu, 22 Dec 2022 14:24:24 +0000 (15:24 +0100)]
INSTALL.md: Remove trailing space
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19960)
Randall S. Becker [Mon, 30 Aug 2021 19:24:39 +0000 (15:24 -0400)]
Support multibin to allow multiple binary models to co-exist.
This change parallels the implementation of multilib and initially
only applies to the NonStop platform's DLL loader limitations.
Fixes: #16460
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16472)
slontis [Tue, 20 Dec 2022 05:54:34 +0000 (15:54 +1000)]
Docs: Move deprecated ECDSA_ functions into a separate file.
Fixes #19829
Examples added for setting/getting ECDSA SIG related r and s values
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19936)
slontis [Fri, 16 Dec 2022 02:26:44 +0000 (12:26 +1000)]
Change HKDF to alloc the info buffer.
Fixes #19909
I have enforced a maximum bound still but it is much higher.
Note also that TLS13 still uses the 2048 buffer size.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19923)
zhailiangliang [Thu, 15 Dec 2022 07:11:14 +0000 (15:11 +0800)]
ssl3_mac(): Fix possible divide by zero bug
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19912)
xkernel [Wed, 14 Dec 2022 16:22:40 +0000 (00:22 +0800)]
ec_kmgmt.c: check the return of BN_CTX_get() in time.
If x and y are all NULL, then it is unnecessary to do subsequent operations.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19905)
Matheus Cunha [Sun, 11 Dec 2022 05:02:48 +0000 (02:02 -0300)]
INSTALL.md: Fix typo
CLA:trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19882)
slontis [Wed, 7 Dec 2022 20:03:26 +0000 (06:03 +1000)]
Add Demos for DSA params/DSA keygen.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19853)
Bernd Edlinger [Sun, 13 Nov 2022 20:34:16 +0000 (21:34 +0100)]
Fix possible UB in init_info_strings
"openssl version -c" may create undefined behavior in the shift:
crypto/info.c:42:50: runtime error: left shift of
4275712515
by 32 places cannot be represented in type 'long long int'
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19668)
Tomas Mraz [Thu, 15 Dec 2022 14:54:54 +0000 (15:54 +0100)]
Add testcase for OSSL_trace_set_callback()
Also test the OSSL_TRACE_CATEGORY_TRACE tracing - this fails
on address sanitizer runs without the fix for #19915
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19917)
Tomas Mraz [Thu, 15 Dec 2022 10:45:48 +0000 (11:45 +0100)]
Avoid ifdefs in trace categories
The trace code assumes all categories are present and
the category numbers are equal to the index in the table.
Fixes #19915
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19917)
Matt Caswell [Tue, 6 Dec 2022 15:12:59 +0000 (15:12 +0000)]
Add a CMS test for a bad encryption algorithm
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Matt Caswell [Tue, 6 Dec 2022 14:51:54 +0000 (14:51 +0000)]
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID
If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an error rather than continuing on
regardless. Continuing on still ends up failing - but later on and with a
more cryptic error message.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Matt Caswell [Tue, 6 Dec 2022 14:35:53 +0000 (14:35 +0000)]
Fix BIO_f_asn1() to properly report some errors
Some things that may go wrong in asn1_bio_write() are serious errors
that should be reported as -1, rather than 0 (which just means "we wrote
no data").
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Matt Caswell [Tue, 6 Dec 2022 14:21:23 +0000 (14:21 +0000)]
Fix SMIME_crlf_copy() to properly report an error
If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not
correctly reporting the error. We modify it to properly propagate the
error condition.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Matt Caswell [Tue, 6 Dec 2022 14:18:53 +0000 (14:18 +0000)]
Fix BIO_f_cipher() flushing
If an error occurs during a flush on a BIO_f_cipher() then in some cases
we could get into an infinite loop. We add a check to make sure we are
making progress during flush and exit if not.
This issue was reported by Octavio Galland who also demonstrated an
infinite loop in CMS encryption as a result of this bug.
The security team has assessed this issue as not a CVE. This occurs on
*encryption* only which is typically processing trusted data. We are not
aware of a way to trigger this with untrusted data.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Bernd Edlinger [Fri, 16 Dec 2022 18:30:29 +0000 (19:30 +0100)]
Fix a logic flaw in test_mod_exp_zero
Due to the logic flaw, possible test failures
in this test case might be ignored.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19929)
Tomas Mraz [Wed, 21 Dec 2022 10:04:43 +0000 (11:04 +0100)]
Add CHANGES.md entry for support for KMAC in KBKDF
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/19943)
(cherry picked from commit
c75203021bd37571c6259317b1d0e63dc7857c45)
Darren J Moffat [Fri, 4 Nov 2022 16:21:57 +0000 (16:21 +0000)]
19607 No need to link explicitly with libpthread on Solaris
CLA: trivial
Reviewed-by: Zdenek.Kotal@oracle.com
Reviewed-by: Ali.Bahrami@oracle.com
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19611)
slontis [Mon, 7 Nov 2022 05:32:07 +0000 (15:32 +1000)]
Update FIPS related build instructions.
This also links back to the new location that lists the cert and
security policy.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19617)
Peiwei Hu [Fri, 2 Dec 2022 07:43:01 +0000 (15:43 +0800)]
Refine the documents of several APIs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19816)
slontis [Thu, 1 Dec 2022 01:34:14 +0000 (11:34 +1000)]
Address coverity issue CID
1517105
The code path for this resource leak indicates that this is a false
positive (if you look at the callers).
Rather than ignoring the warning an extra check has been added, in case
future callers do the wrong thing.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19799)
slontis [Wed, 7 Dec 2022 22:16:03 +0000 (08:16 +1000)]
Update HMAC() documentation.
Fixes #19782
Clarify that EVP_Q_MAC() can be used as an alternative that allows
setting of the libctx.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19855)
Tomas Mraz [Fri, 16 Dec 2022 13:26:18 +0000 (14:26 +0100)]
Update pyca-cryptography submodule to fix CI
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19926)
slontis [Thu, 15 Dec 2022 08:57:09 +0000 (18:57 +1000)]
Add KMAC support to KBKDF.
Now that ACVP test vectors exist, support has been added for this mode.
See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Note that the test vectors used fairly large values for the input key
and the context, so the contraints for these has been increased from
256 to 512 bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19916)
Tomas Mraz [Mon, 5 Dec 2022 14:38:03 +0000 (15:38 +0100)]
timing_load_creds requires POSIX1.2001 due to rusage
Fixes #19838
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19839)
Hugo Landau [Wed, 30 Nov 2022 19:24:15 +0000 (19:24 +0000)]
BIO_s_dgram: add documentation and hazard warnings
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19795)
Pauli [Tue, 13 Dec 2022 22:21:39 +0000 (09:21 +1100)]
Coverity: fix 272011 resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19900)
Tomas Mraz [Mon, 12 Dec 2022 10:49:21 +0000 (11:49 +0100)]
timing_load_creds: Fix typos in the timersub macro
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19865)
(cherry picked from commit
f1b104953af8e3a82f7c5ee33f0403fc067c8516)
Tomas Mraz [Fri, 9 Dec 2022 07:45:48 +0000 (08:45 +0100)]
Do not build P10-specific AES-GCM assembler on AIX
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19865)
(cherry picked from commit
5c92ac52c282dbcb07e3880c2edd3a1bce452396)
Tomas Mraz [Thu, 8 Dec 2022 16:26:19 +0000 (17:26 +0100)]
Do not build P10-specific Chacha20 assembler on AIX
Fixes #18145
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19865)
(cherry picked from commit
cdcc439aa0acba8a50b5e3444fb12d6e1157b991)
Čestmír Kalina [Thu, 8 Dec 2022 15:49:56 +0000 (16:49 +0100)]
test: cmp_vfy_test: fix defined but unused
Building with
./config -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
-DPEDANTIC -Wall -Werror -pedantic
fails since the following test cases are excluded when
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined:
- test_validate_msg_signature_srvcert_missing
- test_validate_msg_mac_alg_protection_wrong
- test_validate_msg_mac_alg_protection_missing
Guard the test cases by the corresponding preprocessor conditionals.
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19868)
Simo Sorce [Wed, 7 Dec 2022 23:50:51 +0000 (18:50 -0500)]
Fix openssl storeutl to allow serial + issuer
storeutl wants to enforce the use of issuer and serial together,
however the current code prevents to use them together and returns an
error if only one of them is specified.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19856)
Hubert Kario [Mon, 12 Dec 2022 15:35:38 +0000 (16:35 +0100)]
rsa: fix merge CI runs with old FIPS providers
Since the fips provider version isn't frozen at 3.0.0, and the first
planned release with the fix in the fips provider is in 3.2.0,
we need to skip all the tests that expect implicit rejection
in all versions below 3.2.0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19890)
Hubert Kario [Mon, 12 Dec 2022 15:25:21 +0000 (16:25 +0100)]
rsa: fix version of rsa implicit rejection introduction
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19889)
Richard Levitte [Fri, 9 Dec 2022 15:57:28 +0000 (16:57 +0100)]
Allow OBJ_create() to create an OBJ and NID with a NULL OID
We already permit this in crypto/objects/objects.txt, but not programatically,
although being able to do so programatically would be beneficial.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19876)
Tomas Mraz [Fri, 9 Dec 2022 12:27:02 +0000 (13:27 +0100)]
Make error reason for disallowed legacy sigalg more specific
The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.
Fixes #19867
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)
fangming.fang [Thu, 8 Dec 2022 10:46:27 +0000 (10:46 +0000)]
Fix SM4-CBC regression on Armv8
Fixes #19858
During decryption, the last ciphertext is not fed to next block
correctly when the number of input blocks is exactly 4. Fix this
and add the corresponding test cases.
Thanks xu-yi-zhou for reporting this issue and proposing the fix.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19872)
James Muir [Sun, 11 Dec 2022 21:35:48 +0000 (16:35 -0500)]
Fix-up to
f3090fc7
Define OSSL_SIGNATURE_PARAM_NONCE_TYPE as "nonce-type" (rather than
"nonce_type") so that it is consistent with the documentation.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19883)
Čestmír Kalina [Fri, 2 Dec 2022 15:53:57 +0000 (16:53 +0100)]
crypto/err: expand on error code generation
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19823)
Hubert Kario [Fri, 9 Dec 2022 19:43:22 +0000 (20:43 +0100)]
rsa: add implicit rejection CHANGES entry
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 22 Nov 2022 17:25:49 +0000 (18:25 +0100)]
smime/pkcs7: disable the Bleichenbacher workaround
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 22 Nov 2022 16:42:11 +0000 (17:42 +0100)]
rsa: add test for the option to disable implicit rejection
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Thu, 3 Nov 2022 16:45:58 +0000 (17:45 +0100)]
rsa: Skip the synthethic plaintext test with old FIPS provider
since the 3.0.0 FIPS provider doesn't implement the Bleichenbacher
workaround, the decryption fails instead of providing a synthetic
plaintext, so skip them then
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Thu, 27 Oct 2022 17:16:58 +0000 (19:16 +0200)]
rsa: Add option to disable implicit rejection
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 12 Jan 2021 13:58:04 +0000 (14:58 +0100)]
rsa: add test vectors for the implicit rejection in RSA PKCS#1 v1.5
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario [Tue, 15 Mar 2022 12:58:08 +0000 (13:58 +0100)]
rsa: add implicit rejection in PKCS#1 v1.5
The RSA decryption as implemented before required very careful handling
of both the exit code returned by OpenSSL and the potentially returned
ciphertext. Looking at the recent security vulnerabilities
(CVE-2020-25659 and CVE-2020-25657) it is unlikely that most users of
OpenSSL do it correctly.
Given that correct code requires side channel secure programming in
application code, we can classify the existing RSA decryption methods
as CWE-676, which in turn likely causes CWE-208 and CWE-385 in
application code.
To prevent that, we can use a technique called "implicit rejection".
For that we generate a random message to be returned in case the
padding check fails. We generate the message based on static secret
data (the private exponent) and the provided ciphertext (so that the
attacker cannot determine that the returned value is randomly generated
instead of result of decryption and de-padding). We return it in case
any part of padding check fails.
The upshot of this approach is that then not only is the length of the
returned message useless as the Bleichenbacher oracle, so are the
actual bytes of the returned message. So application code doesn't have
to perform any operations on the returned message in side-channel free
way to remain secure against Bleichenbacher attacks.
Note: this patch implements a specific algorithm, shared with Mozilla
NSS, so that the attacker cannot use one library as an oracle against the
other in heterogeneous environments.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Tomas Mraz [Fri, 9 Dec 2022 11:13:36 +0000 (12:13 +0100)]
Run-checker merge CI: Memleak test does not work without ubsan
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19874)
Tomas Mraz [Fri, 9 Dec 2022 11:12:35 +0000 (12:12 +0100)]
Revert "Run-checker merge CI: Replace no-shared with no-modules"
This reverts commit
d5696547e46e9ea85fcb7581b9d49c58b7c24eeb.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19874)
wangyuhang [Wed, 7 Dec 2022 08:48:16 +0000 (16:48 +0800)]
unbuffer stdin before get passwd from stdin
commond LD_LIBRARY_PATH= openssl rsa -aes256 -passout stdin <<< "xxxxxx” will get pass(fun app_get_pass()) from stdin first, and then load key(fun load_key()). but it unbuffer stdin before load key, this will cause the load key to fail.
now unbuffer stdin before get pass, this will solve https://github.com/openssl/openssl/issues/19835
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19851)
Tomas Mraz [Thu, 8 Dec 2022 13:24:40 +0000 (14:24 +0100)]
Run-checker merge CI: Replace no-shared with no-modules
ASAN otherwise fails to detect memleaks.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
Tomas Mraz [Thu, 8 Dec 2022 11:28:51 +0000 (12:28 +0100)]
Cross compiles CI: Disable stringop-overflow warning on s390x and m68k
These warnings trigger on false positives on these platforms
with recent compiler update.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
Tomas Mraz [Thu, 8 Dec 2022 10:33:30 +0000 (11:33 +0100)]
Fuzz checker CI: Use more generic include dir for fuzzer includes
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
dependabot[bot] [Thu, 8 Dec 2022 17:13:32 +0000 (17:13 +0000)]
Bump actions/setup-python from 4.3.0 to 4.3.1
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.0...v4.3.1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19866)
Todd Short [Mon, 5 Dec 2022 15:30:27 +0000 (10:30 -0500)]
Fix `no-ec enable-ktls` build
The KTLS test uses a TLSv1.2 cipher that uses ECDHE
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19841)
Pauli [Sun, 13 Nov 2022 23:31:23 +0000 (10:31 +1100)]
test: add test case for deadlock reported in #19643
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19652)
Pauli [Thu, 10 Nov 2022 22:40:19 +0000 (09:40 +1100)]
x509: fix double locking problem
This reverts commit
9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
redundant flag setting.
Fixes #19643
Fixes LOW CVE-2022-3996
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19652)
Clemens Lang [Fri, 18 Nov 2022 11:35:33 +0000 (12:35 +0100)]
signature: Clamp PSS salt len to MD len
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
the hash function output block (in bytes)."
Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the
default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will
not use more than the digest length when signing, so that FIPS 186-4 is
not violated. This value has two advantages when compared with
RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when
verifying signatures for maximum compatibility, where
RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will
work for combinations where the maximum salt length is smaller than the
digest size, which typically happens with large digest sizes (e.g.,
SHA-512) and small RSA keys.
J.-S. Coron shows in "Optimal Security Proofs for PSS and Other
Signature Schemes. Advances in Cryptology – Eurocrypt 2002, volume 2332
of Lecture Notes in Computer Science, pp. 272 – 287. Springer Verlag,
2002." that longer salts than the output size of modern hash functions
do not increase security: "For example,for an application in which at
most one billion signatures will be generated, k0 = 30 bits of random
salt are actually sufficient to guarantee the same level of security as
RSA, and taking a larger salt does not increase the security level."
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19724)
Clemens Lang [Mon, 21 Nov 2022 13:33:57 +0000 (14:33 +0100)]
Obtain PSS salt length from provider
Rather than computing the PSS salt length again in core using
ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
salt length, obtain it from the provider using the
OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
interpretation of the magic constants in the provider differs from that
of OpenSSL core.
Add tests that verify that the rsa_pss_saltlen:max,
rsa_pss_saltlen:<integer> and rsa_pss_saltlen:digest options work and
put the computed digest length into the CMS_ContentInfo struct when
using CMS. Do not add a test for the salt length generated by a provider
when no specific rsa_pss_saltlen option is defined, since that number
could change between providers and provider versions, and we want to
preserve compatibility with older providers.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19724)
Stephen Farrell [Wed, 7 Dec 2022 21:36:46 +0000 (21:36 +0000)]
prevent HPKE sender setting seq unwisely
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19840)
Dr. David von Oheimb [Tue, 22 Nov 2022 07:43:03 +0000 (08:43 +0100)]
OSSL_CMP_validate_msg(): make sure to reject protection type mismatch
Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-based if expected password-based and no trust anchors available.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19729)
Richard Levitte [Mon, 5 Dec 2022 15:59:06 +0000 (16:59 +0100)]
Replace some boldened types with a corresponding man page link
The types OSSL_DISPATCH, OSSL_ITEM, OSSL_ALGORITHM, OSSL_PARAM,
OSSL_CALLBACK, and OSSL_PASSPHRASE_CALLBACK are described in their own
manual page, so we change every mention of them to links to those pages.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
Richard Levitte [Mon, 5 Dec 2022 15:26:39 +0000 (16:26 +0100)]
Move the description of the core types into their own pages
This expands on some of the core type descriptions, and also makes it
easier to find the documentation for each type, at least on Unix, with
a simple call like "man OSSL_ALGORITHM".
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
Richard Levitte [Mon, 5 Dec 2022 15:22:27 +0000 (16:22 +0100)]
Better sorting of util/other.syms
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
Richard Levitte [Fri, 2 Dec 2022 05:59:58 +0000 (06:59 +0100)]
Fix treatment of BUILD_METADATA
According to documentation [^1], the BUILD_METADATA from VERSION.dat should
be prefixed with a plus sign when used. It is given this treatment in
Configure, but not in all other scripts that use VERSION.dat directly.
This change fixes that.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19815)
Dr. David von Oheimb [Tue, 6 Jul 2021 10:23:51 +0000 (12:23 +0200)]
Compensate for CMP-related TODOs removed by PR #15539
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16006)
Daniel Fiala [Wed, 30 Nov 2022 04:59:39 +0000 (05:59 +0100)]
Replace "a RSA" with "an RSA"
Fixes openssl#19771
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19787)
Patrick Mills [Wed, 23 Nov 2022 20:08:51 +0000 (15:08 -0500)]
Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19752)
Tomas Mraz [Fri, 2 Dec 2022 08:00:33 +0000 (09:00 +0100)]
timing_load_creds: Add timersub macro for platforms where it is missing
Fixes #19812
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19817)
Tom Cosgrove [Sat, 3 Dec 2022 12:58:43 +0000 (12:58 +0000)]
Fix the code used to detect aarch64 capabilities when we don't have getauxval()
In addition to a missing prototype there was also a missing closing brace '}'.
Fixes #19825.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19833)
Peiwei Hu [Fri, 2 Dec 2022 08:35:53 +0000 (16:35 +0800)]
Fix the check of BIO_set_write_buffer_size and BIO_set_read_buffer_size
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19819)
Peiwei Hu [Fri, 2 Dec 2022 08:33:02 +0000 (16:33 +0800)]
Fix the check of EVP_PKEY_decrypt_init
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19819)
Peiwei Hu [Fri, 2 Dec 2022 08:31:02 +0000 (16:31 +0800)]
Fix the checks in rsautl_main
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19819)
Matt Caswell [Fri, 2 Dec 2022 09:27:34 +0000 (09:27 +0000)]
Drop a spurious printf in evp_test.c
A spurious printf was added to evp_test.c - probably for debugging
purposes. This actually causes runtime errors in some cases because the
name being printed can be NULL.
Fixes #19814
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19820)
Tomas Mraz [Thu, 1 Dec 2022 15:47:08 +0000 (16:47 +0100)]
Sync CHANGES.md and NEWS.md with 3.1 release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19808)