Jonas Lindstrøm [Wed, 10 May 2023 10:47:10 +0000 (12:47 +0200)]
ecp_nistp256.c: Fix exponent in comment
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20926)
ihciah [Wed, 10 May 2023 15:07:08 +0000 (15:07 +0000)]
fix SSL_get_wbio may return rbio on quic
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20930)
Yuan, Shuai [Wed, 10 May 2023 08:49:54 +0000 (04:49 -0400)]
Fixed TLS1.3 handshake issue for legacy engine API.
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20922)
Dimitri Papadopoulos [Tue, 9 May 2023 10:21:36 +0000 (12:21 +0200)]
Fix a typo found by codespell in a variable name
The change is limited to a single C file.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20912)
Michael Baentsch [Mon, 8 May 2023 04:32:37 +0000 (06:32 +0200)]
restrict rsaBITS algorithm name check in speed
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20898)
Dr. David von Oheimb [Mon, 16 Jan 2023 14:48:24 +0000 (15:48 +0100)]
CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFO
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
Dr. David von Oheimb [Thu, 12 Jan 2023 09:54:50 +0000 (10:54 +0100)]
CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)
Fixes #20031
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
Dimitri Papadopoulos [Tue, 9 May 2023 09:50:06 +0000 (11:50 +0200)]
Fix a typo found by codespell in a Makefile variable
I have no experience with building on Windows, so I don't know the
effect of fixing this typo. I guess that this will fix a bug at worst.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20911)
Dimitri Papadopoulos [Tue, 9 May 2023 06:04:20 +0000 (08:04 +0200)]
DLTS → DTLS
Fix a typo that is confusing for newcomers.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20909)
Kovalev Vasiliy [Thu, 4 May 2023 12:12:33 +0000 (16:12 +0400)]
Fix memory leak in engine_cleanup_add_first()
Fixes #20870
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20880)
JerryDevis [Sat, 11 Mar 2023 10:35:23 +0000 (18:35 +0800)]
aes-gcm-armv8_64 asm support bigdian
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20489)
(cherry picked from commit
32344a74b7ee2693a5bfda361c40ec60ab5be624)
Juergen Christ [Mon, 8 May 2023 09:15:32 +0000 (11:15 +0200)]
Fix stack use-after-free in QUIC
When running test_quicapi on master on a Fedora 38 with santizier, a stack
use-after-free is reported:
```
75-test_quicapi.t ..
=================================================================
==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550
READ of size 8 at 0x03ffa22a2961 thread T0
#0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId:
ce24d4ce2e06892c2e9105155979b957089a182c)
#1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221
#2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813
#3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957
#4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290
#5 0x113d797 in read_state_machine ssl/statem/statem.c:712
#6 0x113d797 in state_machine ssl/statem/statem.c:478
#7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669
#8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717
#9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296
#10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79
#11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160
#12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273
#13 0x102b81d in test_quic_write_read test/quicapitest.c:54
#14 0x12035a9 in run_tests test/testutil/driver.c:370
#15 0x1013203 in main test/testutil/main.c:30
#16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId:
6bd4a775904d85009582d6887da4767128897d0e)
#17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId:
6bd4a775904d85009582d6887da4767128897d0e)
#18 0x101efb9 (/root/openssl/test/quicapitest+0x101efb9) (BuildId:
075e387adf6d0032320aaa18061f13e9565ab481)
Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame
#0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49
This frame has 1 object(s):
[32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId:
ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy
Shadow bytes around the buggy address:
0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28379==ABORTING
../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1
not ok 1 - running quicapitest
```
Fix this be making the protocols to select static constants and thereby moving
them out of the stack frame of the callback function.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20904)
Matt Caswell [Fri, 28 Apr 2023 10:08:33 +0000 (11:08 +0100)]
Update the corpora submodule
We update the corpora submodule to include a fuzz testcase for the conf
timeout.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20839)
Matt Caswell [Wed, 26 Apr 2023 14:04:42 +0000 (15:04 +0100)]
Prevent a fuzzing timeout in the conf fuzzer
The fuzzer was creating a config file with large numbers of includes
which are expensive to process. However this should not cause a security
issue, and should never happen in normal operation so we can ignore it.
Fixes ossfuzz issue 57718.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20839)
Matt Caswell [Fri, 24 Mar 2023 12:02:37 +0000 (12:02 +0000)]
Don't attempt a QUIC connection without specifying ALPN
ALPN is required for a successful QUIC connection, so do not allow the
-quic option for s_client without -alpn
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)
Matt Caswell [Thu, 23 Mar 2023 16:24:52 +0000 (16:24 +0000)]
Add some documentation for the new QUIC mode in s_client
Also mentions the new FIN command in s_client advance mode
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)
Matt Caswell [Tue, 21 Mar 2023 16:52:32 +0000 (16:52 +0000)]
Add the ability to send FIN on a QUIC stream from s_client
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)
Matt Caswell [Thu, 9 Mar 2023 17:06:33 +0000 (17:06 +0000)]
Add QUIC support to s_client
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)
zhangzhilei [Thu, 4 May 2023 12:33:38 +0000 (20:33 +0800)]
remove unused macro in common.h
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20881)
Mathias Berchtold [Tue, 2 May 2023 22:58:02 +0000 (16:58 -0600)]
Revert "win-onecore: Build with /APPCONTAINER for UWP compat"
This reverts commit
2c61a670ebf2f1923a3bd2ef0ee4b2fa6261eaeb.
Not all OneCore based SKUs (or editions) of Windows (Server, XBOX, etc) require /APPCONTAINER. The /APPCONTAINER link option is only relevant for Universal Windows Platform (UWP) apps for which there are already dedicated configurations (VC-WIN32-UWP, VC-WIN64A-UWP, etc) where the /APPCONTAINER link option is added.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20872)
Bernd Edlinger [Thu, 26 Jan 2023 14:45:03 +0000 (15:45 +0100)]
Fix the padlock engine
... after it was broken for almost 5 years,
since the first 1.1.1 release.
Note: The last working version was 1.1.0l release.
Fixes #20073
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20146)
slontis [Tue, 15 Nov 2022 02:38:31 +0000 (12:38 +1000)]
Add libctx to x931 keygen.
Added coverage test that failed without the change.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19677)
Matt Caswell [Fri, 31 Mar 2023 11:02:33 +0000 (12:02 +0100)]
Extend the min/max protocol testing
Add more test cases and ensure we test DTLS and QUIC too
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)
Matt Caswell [Tue, 25 Apr 2023 13:57:02 +0000 (14:57 +0100)]
Be more accurate about what we accept as a valid DTLS version
We accepted more version numbers as valid DTLS then we really should do.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)
Matt Caswell [Tue, 25 Apr 2023 13:49:22 +0000 (14:49 +0100)]
Update the min/max proto function documentation for QUIC
These functions do nothing if used with a QUIC object, so we document
this behaviour.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)
Alois Klink [Tue, 2 May 2023 20:59:45 +0000 (21:59 +0100)]
25-test_x509.t: test dots in CA file path
Test whether dots in the CA file path breaks the default CA serial
number file path.
Tests for:
- https://github.com/openssl/openssl/issues/6203
- https://github.com/openssl/openssl/issues/6489
- https://github.com/openssl/openssl/pull/6566
- https://github.com/openssl/openssl/issues/10442
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20873)
Rajarshi Karmakar [Sat, 29 Apr 2023 07:27:57 +0000 (07:27 +0000)]
feature: openssl req -verify output to stderr instead of stdout #20728
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20858)
Ladislav Marko [Thu, 13 Apr 2023 15:13:36 +0000 (17:13 +0200)]
Fix broken links on asym_cipher manpages
Links were missing starting tags
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20729)
mlitre [Mon, 1 May 2023 09:07:21 +0000 (11:07 +0200)]
Add negative integer check when using ASN1_BIT_STRING
The negative integer check is done to prevent potential overflow.
Fixes #20719.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20862)
Tianjia Zhang [Fri, 21 Apr 2023 03:06:21 +0000 (11:06 +0800)]
apps: silent warning when loading CSR files with vfyopt option
When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:
Warning: CSR self-signature does not match the contents
This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)
Reinhard Urban [Fri, 21 Apr 2023 07:04:57 +0000 (09:04 +0200)]
speed.c: remove unused num print_message args
these num args went unused with the removal of the ifndef SIGALRM
branches, commit
ee1d7f1d25ef24f111f13dc742474cd9c39c2753 Feb 2021
PR #14228
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20795)
Pauli [Thu, 27 Apr 2023 01:25:11 +0000 (11:25 +1000)]
rand: trust user supplied entropy when configured without a random source
Fixes #20841
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20843)
Tomas Mraz [Fri, 21 Apr 2023 15:21:21 +0000 (17:21 +0200)]
Copy min/max_proto_version from SSL_CTX to SSL only for the same method types
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)
Tomas Mraz [Fri, 21 Apr 2023 15:19:27 +0000 (17:19 +0200)]
Do not send the empty renegotiation info SCSV in QUIC
There is no point in sending that when min_proto_version is >= TLS1_3_VERSION.
So we set that during SSL_CTX initialization and skip adding the SCSV.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)
Richard Levitte [Fri, 21 Apr 2023 04:00:47 +0000 (06:00 +0200)]
param->ctrl translation: Fix evp_pkey_ctx_setget_params_to_ctrl()
Ensure that ctx.ctrl_cmd defaults to translation->cmd_num
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)
Richard Levitte [Thu, 20 Apr 2023 05:22:53 +0000 (07:22 +0200)]
param->ctrl translation: Fix fix_ec_paramgen_curve_nid()
This function didn't prepare space to get the param string, which causes
the default_fixup_args() call to fail.
Fixes #20161
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)
Hugo Landau [Fri, 28 Apr 2023 14:48:44 +0000 (15:48 +0100)]
Minor fixups
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Wed, 26 Apr 2023 12:08:11 +0000 (13:08 +0100)]
QUIC CC: Update CC design document
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Fri, 21 Apr 2023 10:19:18 +0000 (11:19 +0100)]
QUIC CHANNEL: Fix bug where time callback arg wasn't passed
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Fri, 21 Apr 2023 09:56:48 +0000 (10:56 +0100)]
QUIC CC: Use OSSL_PARAM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Tue, 28 Mar 2023 07:21:25 +0000 (08:21 +0100)]
QUIC CC: Move dummy method to test code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Tue, 28 Mar 2023 07:00:53 +0000 (08:00 +0100)]
QUIC CC: Tweaks
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Mon, 20 Mar 2023 16:43:38 +0000 (16:43 +0000)]
QUIC CC: Safe multiplication
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Thu, 2 Mar 2023 16:05:36 +0000 (16:05 +0000)]
QUIC CC: Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Thu, 2 Mar 2023 16:04:34 +0000 (16:04 +0000)]
QUIC: Make QUIC_CHANNEL use newreno CC
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Thu, 2 Mar 2023 15:35:10 +0000 (15:35 +0000)]
QUIC Congestion Control: Tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Wed, 1 Mar 2023 17:28:17 +0000 (17:28 +0000)]
QUIC: NewReno congestion controller
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Hugo Landau [Wed, 1 Mar 2023 16:52:40 +0000 (16:52 +0000)]
QUIC CC: Major revisions to CC abstract interface
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
Matt Caswell [Thu, 27 Apr 2023 15:48:48 +0000 (16:48 +0100)]
Update the corpora
Updated the fuzz corpora to include a testcase for the zero length
handshake fragment records issue fixed by the previous commit.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20824)
Matt Caswell [Tue, 25 Apr 2023 10:39:26 +0000 (11:39 +0100)]
Release zero length handshake fragment records
If we are processing a hanshake fragment and we end up with a
zero length record, then we still need to release it to avoid an
infinite loop.
Fixes #20821
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20824)
Pauli [Thu, 27 Apr 2023 01:12:51 +0000 (11:12 +1000)]
doc: note that the stack find functions no longer modify the stack
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
Pauli [Thu, 27 Apr 2023 00:58:50 +0000 (10:58 +1000)]
x509: sort stacks before finds
x509_trust.c, x509_vpm.c and v3_lib.c don't have a lock for their sorts.
This is no worse than the existing code which sorted silently without locks.
Addition is quadratic time in by_dir.c and v3_purp.c. However, this
is an improvement over the older O(n^2 log n) code where each find also
sorted the stack. Also note that v3_purp.c is limited to a maximum of
10 items, so quadratic behaviour isn't terrible.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
Pauli [Thu, 27 Apr 2023 00:57:12 +0000 (10:57 +1000)]
provider_core: sort provider stack on find
Adding all providers is quadratic time because each provider is checked
for being in the stack before adding it. However, this is an improvement
over the older O(n^2 log n) code where each find also sorted the stack.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
Pauli [Thu, 27 Apr 2023 00:55:48 +0000 (10:55 +1000)]
pbe: sort stack before using find
There is no lock for the sort. This is no worse than the
existing code which sorted silently without a lock.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
Pauli [Thu, 27 Apr 2023 00:54:38 +0000 (10:54 +1000)]
asn1: sort stacks before using find
a_strnid.c doesn't have a lock for the sort. This is no worse than the
existing code which sorted silently without a lock.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
Mathias Berchtold [Fri, 21 Apr 2023 23:16:39 +0000 (17:16 -0600)]
build_wincrypt_test.c: Fix compilation with MSVC
Fixes issue https://github.com/openssl/openssl/issues/20805
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20806)
rkarmaka98 [Wed, 26 Apr 2023 07:53:35 +0000 (07:53 +0000)]
Avoid generating RSA keys with p < q
We swap p and q in that case except when ACVP tests are being run.
Fixes #20823
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20833)
Liu-ErMeng [Thu, 27 Apr 2023 03:14:02 +0000 (11:14 +0800)]
fix md5 bug on aarch64 big-endian plantform.
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20829)
rkarmaka98 [Wed, 26 Apr 2023 08:11:01 +0000 (08:11 +0000)]
Improve documentation of -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3 options
Fixes #19014
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20834)
Pauli [Wed, 19 Apr 2023 23:49:13 +0000 (09:49 +1000)]
dependabot: update config to include CLA: trivial, set branches etc
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20775)
Mukesh Bharsakle [Sat, 22 Apr 2023 13:56:35 +0000 (14:56 +0100)]
http proxy handling: Use ossl_safe_getenv() instead of getenv()
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20810)
Vladimir Kotal [Wed, 26 Apr 2023 12:31:25 +0000 (14:31 +0200)]
ASN1_OCTET_STRING_new() calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20838)
Pauli [Fri, 21 Apr 2023 04:24:53 +0000 (14:24 +1000)]
x509: sort stacks prior to searching
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20782)
Pauli [Thu, 20 Apr 2023 06:04:10 +0000 (16:04 +1000)]
stack: fix searching when the stack isn't sorted.
More specifically, don't sort the stack when searching when it isn't sorted.
This avoids a race condition.
Fixes #20135
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20782)
Liu-ErMeng [Fri, 21 Apr 2023 08:04:51 +0000 (16:04 +0800)]
fix aes-xts bug on aarch64 big-endian env.
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20797)
Dr. David von Oheimb [Tue, 14 Feb 2023 12:18:40 +0000 (13:18 +0100)]
APPS/cmp: prevent HTTP client failure on -rspin option with too few filenames
The logic for handling inconsistent use of -rspin etc., -port, -server,
and -use_mock_srv options proved faulty. This is fixed here, updating and
correcting also the documentation and diagnostics of the involved options.
In particular, the case that -rspin (or -rspout. reqin, -reqout) does not
provide enough message file names was not properly described and handled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20295)
Matt Caswell [Tue, 25 Apr 2023 13:06:54 +0000 (14:06 +0100)]
Update the SSL_rstate_string*() return value for QUIC
We make these APIs work more like the TLS versions do.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
Matt Caswell [Tue, 25 Apr 2023 13:05:11 +0000 (14:05 +0100)]
Correct the SSL_rstate_string*() APIs to match reality
The docs mentioned a "RD"/"read done" state that could be returned.
In practice that never happened, so update the docs to match
reality.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
Matt Caswell [Tue, 25 Apr 2023 13:04:06 +0000 (14:04 +0100)]
Ensure that the SSL_rstate_string*() API works as they used to
We initialise the record layer rstate variable to ensure the
SSL_rstate_string*() APIs return values that are consistent with
previous versions.
Fixes #20808
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
Matt Caswell [Tue, 25 Apr 2023 13:01:11 +0000 (14:01 +0100)]
Add a test for the SSL_rstate_string*() APIs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
Dr. David von Oheimb [Fri, 29 Jul 2022 09:31:39 +0000 (11:31 +0200)]
APPS: make sure the -CAfile argument can be in DER format
Note that PKCS#12 input is still not supported here-
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)
Dr. David von Oheimb [Wed, 27 Jul 2022 08:18:17 +0000 (10:18 +0200)]
apps/smime: Point out that the six operations are mutually exclusive and add check
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)
Dr. David von Oheimb [Thu, 28 Jul 2022 19:38:53 +0000 (21:38 +0200)]
openssl-ocsp.pod.in: state for options that they are flexible w.r.t. cert input format
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)
Dr. David von Oheimb [Thu, 28 Jul 2022 19:36:39 +0000 (21:36 +0200)]
apps/ocsp: Tweak some places to make clear they refer to *lists* of certs
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)
Hugo Landau [Fri, 21 Apr 2023 17:14:45 +0000 (18:14 +0100)]
QUIC Glossary
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20803)
Hugo Landau [Wed, 14 Dec 2022 18:10:59 +0000 (18:10 +0000)]
QUIC I/O Architecture Design: Minor updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19770)
Hugo Landau [Mon, 28 Nov 2022 13:18:53 +0000 (13:18 +0000)]
QUIC I/O Architecture Design: Add block diagram, tweak wording
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19770)
Hugo Landau [Fri, 25 Nov 2022 12:47:48 +0000 (12:47 +0000)]
QUIC I/O Architecture Design Document
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19770)
Tomas Mraz [Fri, 21 Apr 2023 08:14:13 +0000 (10:14 +0200)]
Correct the CHANGES entry for CVE-2023-1255
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20798)
Pauli [Thu, 13 Apr 2023 02:20:08 +0000 (12:20 +1000)]
doc: document that the "info" KDF param concatenates
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20724)
Pauli [Thu, 13 Apr 2023 02:19:45 +0000 (12:19 +1000)]
Add "info" concatenation tests
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20724)
Pauli [Thu, 13 Apr 2023 02:19:26 +0000 (12:19 +1000)]
Update KDFs to use shared functions.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20724)
Pauli [Thu, 13 Apr 2023 02:10:50 +0000 (12:10 +1000)]
params: add helper functions to allocate & copy params
Added a function to allocate a buffer and copy a maching param.
Added a function to allocate a buffer and concatenate all matching params.
Fixes #20717
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20724)
Mathias Berchtold [Sat, 22 Apr 2023 23:10:26 +0000 (17:10 -0600)]
Added ability to pass additional ASFLAGS to Configure
This allows additional command line options to be passed to the assembler.
For example:
Configure VC-WIN64A ASFLAGS=--reproducible
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20813)
Tomas Mraz [Thu, 20 Apr 2023 09:41:46 +0000 (11:41 +0200)]
Fix regression of no-posix-io builds
Instead of using stat() to check if a file is a directory
we just skip . and .. as a workaround.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20786)
FdaSilvaYY [Sat, 20 Feb 2021 23:04:07 +0000 (00:04 +0100)]
dtls: code cleanup and refactorization
- factorize BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT calls.
- simplify a return type
- style nits
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20602)
slontis [Mon, 20 Mar 2023 04:48:33 +0000 (14:48 +1000)]
Fixup demo exit status magic numbers
The demo code is quite often block copied for new demos,
so this PR changes demos to use EXIT_SUCCESS & EXIT_FAILURE
instead of using 0 and 1.
Internal functions use the normal notation of 0 = error, 1 = success,
but the value returned by main() must use EXIT_SUCCESS and EXIT_FAILURE.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20545)
Matt Caswell [Fri, 21 Apr 2023 09:17:11 +0000 (10:17 +0100)]
Replace use of strstr with strchr
It is better to use strchr where we are looking for a single character.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20788)
Matt Caswell [Thu, 20 Apr 2023 11:34:04 +0000 (12:34 +0100)]
Coverity
1524619: unexpected control flow
Using "continue" in a do...while(0) loop is pointless. The original intent
was that the loop would continue to a second iteration in this case.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20788)
Mathias Berchtold [Sat, 22 Apr 2023 00:04:49 +0000 (18:04 -0600)]
Revert "Adding Control Flow guard to Windows Builds"
Reasons:
- The patch was missing the linker flag /guard:cf
As a result no binary with CFG was ever built
- /guard:cf is incompatible with NASM
If the linker flag is added, the resulting binary fails with this exception:
Unhandled exception at 0x00007FFFB8B93C90 (ntdll.dll) in openssl.exe: Indirect call guard check detected invalid control transfer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20807)
Petr Mikhalicin [Fri, 21 Apr 2023 09:25:43 +0000 (12:25 +0300)]
Fix calling pthread_key_delete on uninitialized data
default_context_do_init may be never called and CRYPTO_THREAD_init_local
inside it may be never called too. But corresponding
CRYPTO_THREAD_cleanup_local is always called at cleanup stage. This lead
to undefined behavior.
So, add flag to check that default_context_do_init will be called
successfully or not.
Fix: #20697
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20801)
Pauli [Tue, 18 Apr 2023 01:11:17 +0000 (11:11 +1000)]
fips: setup the FIPS provider in pendantic mode for testing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
Pauli [Tue, 18 Apr 2023 04:41:17 +0000 (14:41 +1000)]
test: update ssl_new tests in line with pedantic FIPS policy
Add a new option to the `test' section of SSL test data structure.
This contains a space separated list of version checks, all of which must
pass.
Note that the version checks are as they as because:
- 3.1.0 doesn't have mandatory EMS support, so it can run the old tests.
- 3.1.1 (& later) will have mandatory EMS support, so they can't run them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
Pauli [Tue, 18 Apr 2023 02:59:06 +0000 (12:59 +1000)]
test: update TLS PDF tests in line with pedantic FIPS policy
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
Pauli [Tue, 18 Apr 2023 02:55:25 +0000 (12:55 +1000)]
test: update evprand tests in line with pedantic FIPS policy
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
Pauli [Tue, 18 Apr 2023 07:20:40 +0000 (17:20 +1000)]
sslapi: use correct fipsmodule.cnf
The SSL API tests copies fipsmodule.cnf and modifies it. Unfortunately, it
grabbed the wrong instance of this file.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
dependabot[bot] [Fri, 21 Apr 2023 14:22:29 +0000 (14:22 +0000)]
Bump actions/setup-python from 4.5.0 to 4.6.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.5.0...v4.6.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20792)
Irak Rigia [Wed, 19 Apr 2023 14:08:22 +0000 (19:38 +0530)]
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays
Fixes #20710
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)
Irak Rigia [Wed, 19 Apr 2023 14:06:29 +0000 (19:36 +0530)]
Added a macro OSSL_DISPATCH_END as marker of the end of OSSL_DISPATCH arrays
Also updated the corresponding documentations.
Fixes #20710
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)
Petr Mikhalicin [Wed, 19 Apr 2023 11:43:02 +0000 (14:43 +0300)]
Fix checking return code of EVP_PKEY_get_int_param at check_curve
According to docs, EVP_PKEY_get_int_param should return 1 on Success, and
0 on Failure. So, fix checking of this return value at check_curve
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20770)