Dmitry Belyavskiy [Tue, 21 Dec 2021 15:52:25 +0000 (16:52 +0100)]
openssl speed fails in FIPS mode
...because it uses md5 for HMAC tests. Skip md5 in case of its
unavailability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17331)
(cherry picked from commit
c63e8637fd79c826b3c438cf99cf7f1b293e8318)
Tobias Nießen [Sat, 20 Aug 2022 16:56:21 +0000 (18:56 +0200)]
Fix typo in migration guide
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19032)
(cherry picked from commit
4c10099086dd75d583317056fb5ce0f88825bf0c)
Tomas Mraz [Fri, 19 Aug 2022 13:48:34 +0000 (15:48 +0200)]
Always automatically add -DPEDANTIC with enable-ubsan
To avoid reports like: #19028
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19029)
(cherry picked from commit
83529f07ca66ec288f1c506a673569b9d8de8368)
Todd Short [Mon, 22 Aug 2022 18:12:50 +0000 (14:12 -0400)]
Fix doc-nits
PR #19031 updated options that that were listed as commands, these
options were already in openssl-list.pod.in, so they are redundant
in openssl.pod.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19044)
(cherry picked from commit
a148f864a86ba5f6999825dad9a98280bd054cbc)
Pauli [Tue, 16 Aug 2022 01:05:02 +0000 (11:05 +1000)]
Coverity
1508506: misuse of time_t
Fixes a bug in the cookie code which would have caused problems for ten
minutes before and after the lower 32 bits of time_t rolled over.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19023)
Jeff Croxell [Fri, 19 Aug 2022 02:30:20 +0000 (21:30 -0500)]
Clarify dashes are required for openssl list command
Fixes #19013
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19031)
(cherry picked from commit
63b94b3fc7feb12713fa46d386e10d109f074d28)
Pauli [Tue, 26 Jul 2022 01:46:45 +0000 (11:46 +1000)]
Fix bug in EVP_CIPHER_CTX_get_iv_length()
Out of range values could possibly be returned due to a lack of range checking.
Very unlikely to be exploitable for our provider because sensible values are
returned for all ciphers.
Also fixed the defaulting code so that the cipher's IV length is returned if
the cipher ctx doesn't support getting.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18995)
Pauli [Wed, 26 Jan 2022 04:04:51 +0000 (15:04 +1100)]
evp enc: cache cipher IV length
Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it could
have been modified.
Fixes #17064
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18995)
Pauli [Mon, 15 Aug 2022 04:49:17 +0000 (14:49 +1000)]
Limit the size of various MAXCHUNK definitions
The current code has issues when sizeof(long) <> sizeof(size_t). The two
types are assumed to be interchangeable and them being different will
cause crashes and endless loops.
This fix limits the maximum chunk size for many of the symmetric ciphers
to 2^30 bytes. This chunk size limits the amount of data that will
be encrypted/decrypted in one lump. The code internally handles block
of data later than the chunk limit, so this will present no difference
to the caller. Any loss of efficiency due to limiting the chunking to
1Gbyte rather than more should be insignificant.
Fixes Coverity issues:
1508498,
1508500 -
1508505,
1508507 -
1508527,
1508529 -
1508533,
1508535 -
1508537,
1508539,
1508541 -
1508549,
1508551 -
1508569 &
1508571 -
1508582.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18997)
(cherry picked from commit
709d4be78f64a8ba0707fb5682b90039e848dad4)
Pauli [Tue, 16 Aug 2022 01:05:02 +0000 (11:05 +1000)]
Coverity
1508534 &
1508540: misuses of time_t
Avoid problems when the lower 32 bits of time_t roll over by delaying
the cast to integer until after the time delta has been computed.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19004)
(cherry picked from commit
e8a557dc3c1ed16faff4aeb39268f8f5a3f8b81d)
Matt Caswell [Wed, 10 Aug 2022 08:53:12 +0000 (09:53 +0100)]
Add some documentation for X509_gmtime_adj()
Other very similar functions were documented, but this one was missing.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18974)
(cherry picked from commit
425e972dfaf867affb5b3d438d9ca67bb6aeed65)
Tomas Mraz [Thu, 28 Jul 2022 13:45:02 +0000 (15:45 +0200)]
Clarify documentation in regards to EC key parameters
Also clarify that EVP_PKEY_fromdata ignores parameters that
are unknown or incorrect for given selection.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18902)
(cherry picked from commit
58135cb3c020805354ecc869aca040934d1299c8)
Tomas Mraz [Thu, 28 Jul 2022 12:13:06 +0000 (14:13 +0200)]
Add testcases for EVP_PKEY_get1_encoded_public_key
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18902)
(cherry picked from commit
3a1596f4e3d710c163279a20e6b844d371886e73)
Tomas Mraz [Thu, 28 Jul 2022 11:57:02 +0000 (13:57 +0200)]
ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY
If the public key is not set on the key, return error instead of crash.
Fixes #18495
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18902)
(cherry picked from commit
b5db237def7e22ccea1a540ec777045b3ce4600e)
valdaarhun [Wed, 10 Aug 2022 19:18:05 +0000 (00:48 +0530)]
Fix memory leak in BN_rand_range()
The patch enables BN_rand_range() to exit immediately
if BIGNUM *rnd is NULL.
CLA: trivial
Fixes: #18951
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18982)
(cherry picked from commit
70f589ae41928edda18470ba1c3df82af02a92b3)
Matt Caswell [Mon, 15 Aug 2022 11:07:37 +0000 (12:07 +0100)]
Ensure we build ub sanitizer builds with -DPEDANTIC
Otherwise we may get spurious results from ub sanitizer. For example we
assume we can tolerate some unaligned write without this define that ub
sanitizer will complain about.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18983)
(cherry picked from commit
17b94de3df327e6619e52529e345a340d4a0a100)
Matt Caswell [Thu, 11 Aug 2022 11:02:44 +0000 (12:02 +0100)]
Don't incorrectly skip the multiblock test
sslapitest has a test for multiblock writes. Since multiblock writing is
only available on some platforms the multiblock test checks whether we are
on such a platform first, and skips the test if we are not. Unfortunately
a bug in the check meant that we always skipped the test regardless of the
platform.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18983)
(cherry picked from commit
7c82a7a8f3a66f47f727d31691d6298d88ed158b)
Matt Caswell [Mon, 25 Jul 2022 11:39:52 +0000 (12:39 +0100)]
Test that swapping the first app data record with Finished msg works
If the first app data record arrives before the Finished message we should
be able to buffer it and move on to the Finished message.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18975)
Matt Caswell [Mon, 25 Jul 2022 14:59:38 +0000 (15:59 +0100)]
Fix SSL_pending() and SSL_has_pending() with DTLS
If app data is received before a Finished message in DTLS then we buffer
it to return later. The function SSL_pending() is supposed to tell you
how much processed app data we have already buffered, and SSL_has_pending()
is supposed to tell you if we have any data buffered (whether processed or
not, and whether app data or not).
Neither SSL_pending() or SSL_has_pending() were taking account of this
DTLS specific app data buffer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18975)
slontis [Wed, 22 Jun 2022 05:21:13 +0000 (15:21 +1000)]
SHAKE documentation updates for default output length.
Fixes #18586
In order to not break existing applications the OpenSSL documentation
related to SHAKE has been updated.
Background:
All digests algorithms (including XOF's) use the bitlen as the default output length.
This results in a security strength of bitlen / 2.
This means that SHAKE128 will by default have an output length of 16
bytes and a security strength of 64 bits.
For SHAKE256 the default output length is 32 bytes and has a security
strength of 128 bits.
This behaviour was present in 1.1.1 and has been duplicated in the
provider SHAKE algorithms for 3.0.
The SHAKE XOF algorithms have a security strength of
min(bitlen, output xof length in bits / 2).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18622)
(cherry picked from commit
b7cf9dd2393de8e90a15e83466d9b8b781b18385)
Pauli [Tue, 16 Aug 2022 22:34:50 +0000 (08:34 +1000)]
Avoid using tsan_add
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19009)
Matt Caswell [Tue, 9 Aug 2022 10:59:22 +0000 (11:59 +0100)]
CRYPTO_mem_debug_push() and CRYPTO_mem_debug_pop() should return 0
Those 2 functions historically only ever returned 0 or 1. In OpenSSL 3.0
they were made no-ops and the documentation says they always return 0. In
fact they were returning -1. If any application was actually using these
functions then it may appear that they were actually successful (e.g. -1
could be interpreted as "true").
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18967)
(cherry picked from commit
f868454257560c78570549f6a34d5918f03898a0)
Matt Caswell [Tue, 9 Aug 2022 10:55:45 +0000 (11:55 +0100)]
Correct the documentation for OPENSSL_MALLOC_FD
The documentation was misleading in that it suggests that this environment
variable will record information about all allocations. While this is true
it doesn't record the most useful information that you might expect such
as the requested size of the allocation! It is mainly for use in
conjunction with OPENSSL_MALLOC_FAILURES, and reports information about
what chance an allocation has of failing.
We also clarify that the mem_debug functions are actually no-ops in 3.0.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18967)
(cherry picked from commit
2c35d61790603530d11f52eda9132ff8640f9852)
Clemens Lang [Mon, 4 Jul 2022 15:15:46 +0000 (17:15 +0200)]
APPS: genrsa: Support setting properties
The -provider and -propquery options did not work on genrsa. Fix this
and add a test that checks that operations that would usually fail with
the FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
See also
30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=
2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
(cherry picked from commit
b2ccfd81025fa115f1138123b9aa61657e779352)
Clemens Lang [Mon, 4 Jul 2022 14:15:07 +0000 (16:15 +0200)]
APPS: dgst: Support properties when signing
The -provider and -propquery options did not work on dgst when using it
for signing or signature verification (including HMACs). Fix this and
add tests that check that operations that would usually fail with the
FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
Additionally, modify the behavior of dgst -list to also use the current
library context and property query. This reduces the output below the
headline "Supported digests" to a list of the digest algorithms that
will actually work with the current configuration, which is closer to
what users probably expect with this headline.
See also
30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=
2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
(cherry picked from commit
653a7706781ebbe8a6a4b84d29b39d001c395ffe)
Clemens Lang [Fri, 1 Jul 2022 14:35:44 +0000 (16:35 +0200)]
TEST: Check property query support of apps/pkey
Property query support works correctly for apps/pkey, but there does not
seem to be a test for it yet, so add one.
See also
30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed a similar problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=
2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
(cherry picked from commit
33b9bb45a4d463052aef763cc7c64c91384d4249)
Clemens Lang [Fri, 1 Jul 2022 13:35:22 +0000 (15:35 +0200)]
APPS: pkeyparam: Support setting properties
The -provider and -propquery options did not work on pkeyparam. Fix this
and add tests that check that operations that would usually fail with
the FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
See also
30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=
2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
(cherry picked from commit
0185538799803a1a98823f42ac2402ede04f56da)
Clemens Lang [Fri, 1 Jul 2022 13:22:34 +0000 (15:22 +0200)]
APPS: ecparam: Support setting properties
The -provider and -propquery options did not work on ecparam. Fix this
and add tests that check that operations that would usually fail with
the FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
See also
30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=
2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
(cherry picked from commit
2b8f687d7627a4b15bba6a820825944185980376)
Clemens Lang [Fri, 1 Jul 2022 12:50:59 +0000 (14:50 +0200)]
APPS: dhparam: Support setting properties
The -provider and -propquery options did not work on dhparam. Fix this
and add tests that check that operations that would usually fail with
the FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
See also
30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=
2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
(cherry picked from commit
ae3c30acac17271693e91dcae42c804cd96e8f93)
Pauli [Fri, 29 Jul 2022 01:00:50 +0000 (11:00 +1000)]
property: make cache flushing slight less deterministic
If there is no timer available to seed the stochastic flushing, revert to a
global seed that gets updated each flush.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18906)
(cherry picked from commit
56d4ff6cd7fc200943197dff65146a8864b7df98)
Daiyuu Nobori [Sun, 24 Jul 2022 01:34:05 +0000 (10:34 +0900)]
VC++ 2008 or earlier x86 compilers do not have an inline implementation of InterlockedOr64 for 32bit and will fail to run on Windows XP 32bit.
See: https://docs.microsoft.com/en-us/cpp/intrinsics/interlockedor-intrinsic-functions#requirements
To work around this problem, we implement a manual locking mechanism for only VC++ 2008 or earlier x86 compilers.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18856)
(cherry picked from commit
2d46a44ff24173d2cf5ea2196360cb79470d49c7)
Sebastian Andrzej Siewior [Mon, 1 Aug 2022 20:08:27 +0000 (22:08 +0200)]
test/evp_test: Test if EVP_DigestSign() set signature's length.
Increase the signature's length, that is passed to EVP_DigestSign(). The
implementation should set this parameter back to the actual length, that
has been written.
This (oneshot_digestsign_test_run()) fails for the
ed25519/ ed448
implementation of s390 prio the fix. The change in digestsign_test_run()
follows the same pattern and is for collecting bonus points.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18928)
(cherry picked from commit
fc5888ccb60f33b366972299f30b976c4dc12162)
Sebastian Andrzej Siewior [Mon, 1 Aug 2022 15:42:05 +0000 (17:42 +0200)]
providers: Set the size of EC signature on s390.
The s390x provides its custom implementation for the creation of the
ed448 and
ed25519 signatures. Unfortunately it does not set the size.
Users that rely of this return parameter end up with wrong values and
will compare wrong sizes of signature.
Set the proper size of the returned signature on success. Set an error
if the signing operation fails.
Fixes: #18912
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18928)
(cherry picked from commit
bbedc052973b1c2fab7d7fb891d02aea393ff579)
Tomas Mraz [Mon, 1 Aug 2022 11:08:45 +0000 (13:08 +0200)]
Properly document deprecation of DH_new() and related functions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18925)
(cherry picked from commit
65b41ab31917e3bb25920c4b27017786db668850)
Roberto Hueso Gomez [Mon, 1 Aug 2022 18:11:22 +0000 (20:11 +0200)]
Fix EC_KEY_set_private_key() NULL priv_key docs
Updates the docs to describe EC_KEY_set_private_key() function behavior
when a NULL priv_key argument is passed.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18941)
Roberto Hueso Gomez [Mon, 1 Aug 2022 00:08:47 +0000 (02:08 +0200)]
Add test for EC_KEY_set_private_key()
This tests the behavior and API of the EC_KEY_set_private_key function.
It tests compliance with legacy features related to NULL private keys
too.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18941)
Roberto Hueso Gomez [Tue, 26 Jul 2022 18:41:02 +0000 (20:41 +0200)]
Fix EC_KEY_set_private_key() priv_key regression
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
https://github.com/openssl/openssl/issues/18744#issuecomment-
1195175696
Fixes #18744.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18941)
Matt Caswell [Wed, 3 Aug 2022 08:27:27 +0000 (09:27 +0100)]
Revert "Fix bug in EVP_CIPHER_CTX_get_iv_length()"
This reverts commit
f428e2112c6c795db76d804e0fcb36aac40f1477.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18946)
Matt Caswell [Wed, 3 Aug 2022 08:27:16 +0000 (09:27 +0100)]
Revert "Note that EVP_CIPHER_get_iv_length returns negative values on error"
This reverts commit
2a6275f58bdb2371c603be7f89310f7b4906e5c0.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18946)
Pauli [Thu, 28 Jul 2022 01:20:37 +0000 (11:20 +1000)]
Note that EVP_CIPHER_get_iv_length returns negative values on error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18875)
(cherry picked from commit
0a90577e717f76483525b2d8be6a42a9f04020d8)
Pauli [Tue, 26 Jul 2022 01:46:45 +0000 (11:46 +1000)]
Fix bug in EVP_CIPHER_CTX_get_iv_length()
Out of range values could possibly be returned due to a lack of range checking.
Very unlikely to be exploitable for our provider because sensible values are
returned for all ciphers.
Also fixed the defaulting code so that the cipher's IV length is returned if
the cipher ctx doesn't support getting.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18875)
(cherry picked from commit
e0e338c8c50c226efc92fe79c788c9cdc03fc01f)
Dmitry Belyavskiy [Wed, 27 Jul 2022 10:15:07 +0000 (12:15 +0200)]
Check that IV length is not less than zero
As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error
should be processed. Also the result of this function shouldn't be
assigned to an unsigned variable.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18922)
Todd Short [Fri, 29 Jul 2022 00:05:54 +0000 (20:05 -0400)]
Free up space in the session cache before adding.
Fixes #18690
In some circumstances, it's possible that when using an external
database for the session cache, that pulling in an entry from that
cache to the internal cache will cause the newly added entry to
be deleted from the internal cache. This is likely to happen when
the internal cache is set to have a small size, and the newly added
entry's timeout places it at the end of the cache list.
This could be fixed by updating the timestamp of the session (via
`SSL_SESSION_set_time()` or `SSL_SESSION_set_timeout()`) before
adding to the cache. But that may not be desireable.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18905)
(cherry picked from commit
4842a27b902660b672d72d2ed23e941461ca481c)
Arne Schwabe [Thu, 28 Jul 2022 14:51:58 +0000 (16:51 +0200)]
Fix wrong default algorithm in openssl pkcs12 help
The default that pkcs12 -export uses is SHA256 and not SHA1.
CLA: Trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18904)
(cherry picked from commit
72a85c17aae602e881c917c3f6e93bd7f7260093)
Rob Mc Gee [Wed, 27 Jul 2022 22:30:51 +0000 (15:30 -0700)]
Updating ifdefs to account for xlclang compiler frontend on AIX.
The fallback DEP works fine there. XLC should be unaffected.
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18892)
(cherry picked from commit
df1e33bc8ae67573a3f3488eff82e02fc0310203)
valdaarhun [Mon, 25 Jul 2022 13:19:19 +0000 (18:49 +0530)]
Fixes segfault occurrence in PEM_write()
Checks if header is NULL or not before calling strlen().
CLA: trivial
Fixes #18825
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18865)
(cherry picked from commit
205957405d08ef199e6ab654e333a627bbca9ccc)
GregoryTrzonkowski [Wed, 27 Jul 2022 09:43:25 +0000 (11:43 +0200)]
Correction: uncompressed is the default value
CLA: trivial
The description was incorrect. The uncompressed is the default value.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18889)
(cherry picked from commit
df274c334c523f7375d5aa60ff4b9a846c3e2a6c)
Richard Levitte [Tue, 26 Jul 2022 17:38:02 +0000 (19:38 +0200)]
Fix quotes install_fips in Configurations/windows-makefile.tmpl
Directories and file names with spaces require quoting... again
Fixes #18880
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18881)
(cherry picked from commit
709651c9022e7be7e69cf8a2f6edf2c8722a6a1e)
Alon Bar-Lev [Tue, 26 Jul 2022 12:17:06 +0000 (15:17 +0300)]
Handle SMIME_crlf_copy return code
Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.
This patch handles the SMIME_crlf_copy return code in all occurrences.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)
(cherry picked from commit
67c0460b89cc1b0644a1a59af78284dfd8d720af)
Alon Bar-Lev [Tue, 26 Jul 2022 05:53:48 +0000 (08:53 +0300)]
REGRESSION: CMS_final: do not ignore CMS_dataFinal result
The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning success from CMS_final.
The SMIME_crlf_copy result is returned while it is ignored in the rest
of the openssl code.
Prefer the CMS_dataFinal result.
This is regression from openssl-1.
Blame finds c1669f41ei as root cause of regression.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)
(cherry picked from commit
b03756130dadb3732b460a6efd930f1b226acdad)
Joachim Vandersmissen [Tue, 26 Jul 2022 12:33:43 +0000 (12:33 +0000)]
Update EVP_KDF-X942-ASN1.pod
Replaced OSSL_KDF_PARAM_KEY with OSSL_KDF_PARAM_SECRET as that seems to be the intended value from the code (OSSL_KDF_PARAM_KEY is also supported but looks like a fallback).
Fixed name for OSSL_KDF_PARAM_X942_USE_KEYBITS.
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18878)
(cherry picked from commit
08c00377cb82f7eefcf7433606e687f348b9e7a0)
Pauli [Mon, 25 Jul 2022 06:07:26 +0000 (16:07 +1000)]
GCM: record limit counter gets reset on AAD changes
It shouldn't be. This moves the reset to the init function instead and only
does the reset on a key change.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18860)
(cherry picked from commit
3ebcb2fff56bda788ab1f363eb0023715018a4e5)
Slanterns [Mon, 25 Jul 2022 23:15:40 +0000 (07:15 +0800)]
Remove `no-{ssl|tls|tls1_3|dtls}-method` in INSTALL.md
CLA: trivial
Actually there is no option called `no-{ssl|tls|tls1_3|dtls}-method`.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18872)
(cherry picked from commit
5f18dc7facc9bd477173ae97a1bd84f21758da58)
Dr. David von Oheimb [Sun, 24 Jul 2022 20:44:13 +0000 (22:44 +0200)]
80-test_cmp_http.t: fix adaption of plan on 'certstatus' aspect of Mock server
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18858)
(cherry picked from commit
7a86cb69830bf0a8845cd17e606f612109c7564b)
Bernd Edlinger [Tue, 24 May 2022 16:48:02 +0000 (18:48 +0200)]
Fix visual glitch in non-verbose test output
This fixes a glitch in the non-verbose test output
$ make test
[...]
80-test_ciphername.t .... ok
80-test_cmp_http.t ...... 5/?
80-test_cmp_http.t ...... ok 611
80-test_cms.t ........... ok
80-test_cmsapi.t ........ ok
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18401)
(cherry picked from commit
128d1c3c0a12fe68175a460e06daf1e0d940f681)
Charles Milette [Sat, 14 May 2022 01:42:29 +0000 (21:42 -0400)]
Fix UWP builds by defining VirtualLock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18311)
(cherry picked from commit
ff1efe6e261598c3f71727b796767a8e716bcbe2)
Richard Levitte [Mon, 25 Jul 2022 06:07:33 +0000 (08:07 +0200)]
Configurations/10-main.conf: In the VC-common target, unquote $(CC)
Some of the VC-common attributes have values that use `$(CC)`, wrapped with
quotes. However, `Configurations/windows-makefile.tmpl` already quotes the
`CC` value, like this:
CC="{- $config{CC} -}"
The interaction between that makefile variable and the attributes using
`$(CC)` wrapped with quotes is a command line with the quotes doubled. For
example, the value of `$(CPP)` becomes `""cl""`.
Strangely enough, this appears to be tolerated, at least on some versions of
Windows. However, this has been reported not to be the case.
This is fixed by removing the quotes in `Configurations/10-main.conf`,
making `Configurations/windows-makefile.tmpl` responsible for proper
quoting.
Fixes #18823
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18861)
Pauli [Mon, 25 Jul 2022 03:01:00 +0000 (13:01 +1000)]
Fix error in LHASH documentation
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18859)
(cherry picked from commit
316fad64c1e541a530910a13160d48b7545ac1e0)
Richard Levitte [Wed, 20 Jul 2022 10:49:54 +0000 (12:49 +0200)]
Don't try to make configuration leaner
This partially reverts Github PR #16378:
commit
764cf5b26306a8712e8b3d41599c44dc5ed07a25, titled "Configuration:
only produce a new configdata.pm if it has changed contents"
Unfortunately, the attempt to make configuration leaner didn't take
into account all the files that may or may not affect the outcome of
`configdata.pm`, and most of all, didn't take into account that `Makefile`
has clauses of its own to determined when a reconfiguration is needed, all
based on time stamps.
Something as simple as a changed `Configurations/10-main.conf`, where the
change doesn't affect the resulting `configdata.pm` gets `make` into a
reconfiguration loop, because `configdata.pm` is older than `10-main.conf`.
The lesson to remember is not to try to outsmart `make` in cases like this.
We retain the other parts of the PR mentioned, as they are still valid.
needed to be taken into account (all the Configurations/*.conf
as well as all the build.info)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18832)
(cherry picked from commit
54a84f02998b72fa63cd5309d915e43cfd85a06b)
Todd Short [Thu, 21 Jul 2022 13:45:52 +0000 (09:45 -0400)]
Add test from "Fix re-signing certificates with different key sizes"
Tests for #16080 and #18836
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18842)
Pauli [Thu, 21 Jul 2022 02:46:27 +0000 (12:46 +1000)]
Coverity
1507376: Dereference after null check
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18837)
(cherry picked from commit
93429fc0ce9468242a463ff5878cd53b97e7f13f)
Matt Caswell [Fri, 10 Jun 2022 11:33:45 +0000 (12:33 +0100)]
Fix a crash in v2i_IPAddrBlocks()
If an IP address prefix value is supplied that is too large then a crash
can result. v2i_IPAddrBlocks() should sanity check the prefix value, as
should X509v3_addr_add_prefix().
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18523)
(cherry picked from commit
b91ad3c69c27c35be4fd7f1e8811c33c31b02afd)
Pauli [Wed, 20 Jul 2022 00:09:53 +0000 (10:09 +1000)]
Fix error in example.
Fixes #18828
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18829)
(cherry picked from commit
2752ab2eb61dcfc799775d34eaeda3621b85f95f)
Dr. David von Oheimb [Wed, 20 Jul 2022 06:39:45 +0000 (08:39 +0200)]
X509_STORE_CTX_purpose_inherit(): add missing details to its documentation
Fixes #18801
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18830)
(cherry picked from commit
c00fd2dece8ba54b2597a61c8db6a001025d05d5)
Dr. David von Oheimb [Tue, 12 Jul 2022 21:55:28 +0000 (23:55 +0200)]
check-format.pl: fix detection of missing/extra blank lines in local decls
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(cherry picked from commit
23757b61d49ac3e46440dc34e56b83201106e440)
Dr. David von Oheimb [Tue, 12 Jul 2022 22:05:48 +0000 (00:05 +0200)]
check-format.pl: fix false positive on 'for(;; stmt)'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(cherry picked from commit
4e9fa07121abf3ebaaf7e0367bd9be3a8b273ebf)
Dr. David von Oheimb [Tue, 12 Jul 2022 19:04:53 +0000 (21:04 +0200)]
check-format.pl: improve wording: 'no' -> 'missing'; further minor improvements
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(cherry picked from commit
63263147a3ad55cb26d7cfcdfca474ce324a15ac)
Dr. David von Oheimb [Thu, 6 Jan 2022 22:14:27 +0000 (23:14 +0100)]
check-format.pl: Fix report on space before ';' and allow it after ')'
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit
c30bc4e2093f47a37736944da548653bc08d774d)
Dr. David von Oheimb [Thu, 6 Jan 2022 21:54:20 +0000 (22:54 +0100)]
check-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit
d45c0e1a5e89f01d83f6059c788524e901a11604)
Dr. David von Oheimb [Thu, 6 Jan 2022 21:05:22 +0000 (22:05 +0100)]
check-format.pl: Fix report on constant on LHS of comparison/assignment
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit
15ae69fa7bc0f367edded19bc48e6d9a5ce8d547)
Dr. David von Oheimb [Thu, 6 Jan 2022 20:41:45 +0000 (21:41 +0100)]
check_format.pl: Add checks for blank lines within/after local decls
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit
d8662f2f8716645164a9d4d8795a9c353fe315fb)
Dimitris Apostolou [Sun, 2 Jan 2022 23:00:27 +0000 (01:00 +0200)]
check_format.pl: Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
e304aa87b35fac5ea97c405dd3c21549faa45e78)
Dr. David von Oheimb [Fri, 12 Nov 2021 11:14:45 +0000 (12:14 +0100)]
check-format.pl: Fix report on constant on LHS of comparison or assignment
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit
2e6afe1079c6993868c5d8a813605d16980e8e10)
Dmitry Belyavskiy [Thu, 14 Jul 2022 19:41:48 +0000 (21:41 +0200)]
Fix verify_callback in the openssl s_client/s_server app
We need to check that error cert is available before printing its data
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18805)
(cherry picked from commit
fad0f80eff188ef938fed614245a56ed56110deb)
Richard Levitte [Thu, 14 Apr 2022 15:52:12 +0000 (17:52 +0200)]
"Reserve" the method store when constructing methods
Introducing the concept of reserving the store where a number of
provided operation methods are to be stored.
This avoids racing when constructing provided methods, which is
especially pertinent when multiple threads are trying to fetch the
same method, or even any implementation for the same given operation
type.
This introduces a |biglock| in OSSL_METHOD_STORE, which is separate
from the |lock| which is used for more internal and finer grained
locking.
Fixes #18152
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18153)
(cherry picked from commit
e1eafe8c87612a94552e9ad5df56c489cb6f0ff2)
Pauli [Tue, 19 Jul 2022 01:04:32 +0000 (11:04 +1000)]
Coverity
1507372: explicit null dereference
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18822)
(cherry picked from commit
d768f853bb05b5a49a2aeb5b5702776834e68d06)
Pauli [Tue, 19 Jul 2022 01:01:57 +0000 (11:01 +1000)]
Coverity
1503321 &
1503327: dereference after null check
The earlier fix being inadequate
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18822)
(cherry picked from commit
f913c3cd7e22eecbcc8f84b72c645081fa37fdf4)
Tom Cosgrove [Mon, 18 Jul 2022 09:24:47 +0000 (10:24 +0100)]
Fix aarch64 signed bit shift issue found by UBSAN
Fixes #18813
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Change-Id: Ic543885091ed3ef2ddcbe21de0a4ac0bca1e2494
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18816)
(cherry picked from commit
1efd8533e1ccc5c5e69795eb393a6b79b62e48e2)
Tomas Mraz [Thu, 14 Jul 2022 10:32:03 +0000 (12:32 +0200)]
ossl_ffc_params_copy: Copy the keylength too
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18793)
Tomas Mraz [Wed, 13 Jul 2022 14:04:09 +0000 (16:04 +0200)]
Test that we generate a short private key for known DH prime
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18793)
Tomas Mraz [Fri, 10 Jun 2022 07:46:45 +0000 (09:46 +0200)]
dh_to_text: Print the dh->length if set
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18793)
Tomas Mraz [Wed, 13 Jul 2022 13:06:00 +0000 (15:06 +0200)]
For known safe primes use the minimum key length according to RFC 7919
Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.
This fixes a regression from 1.1.1 where these shorter keys
were generated for the known safe primes.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18793)
Dr. David von Oheimb [Thu, 14 Jul 2022 13:12:55 +0000 (15:12 +0200)]
apps/x509: Improve doc fix for -CAserial anc -CAcreateserial
This follows up on https://github.com/openssl/openssl/pull/18373
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18804)
(cherry picked from commit
7a16f179ab0bc2c474a754c0ad7e35b40534a38e)
Roberto Hueso Gomez [Fri, 15 Jul 2022 09:21:30 +0000 (11:21 +0200)]
Fix memleak in PKCS12_pbe_crypt_ex()
Makes sure that the variable 'out' is free on every error path.
Fixes #18689
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18808)
(cherry picked from commit
af801ec89205aaf6ebf8522d510d0b1fc29e3233)
Shi Pujin [Fri, 15 Jul 2022 07:14:07 +0000 (15:14 +0800)]
Add loongarch64 target
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18807)
Pauli [Thu, 14 Jul 2022 05:22:30 +0000 (15:22 +1000)]
Coverity
1506566: unchecked return value
There isn't much else that can be done here unfortunately.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18799)
(cherry picked from commit
358103b4a651ab3f392f088d86cd30469dccce2e)
Pauli [Thu, 14 Jul 2022 05:17:41 +0000 (15:17 +1000)]
evp: make all _is_a functions accept and handle a NULL argument
Makes life easier for callers.
Fixes Coverity
1503326
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18799)
(cherry picked from commit
ee8db8c5fb5b091f48d29914126d35a7e29cdcf2)
Pauli [Thu, 14 Jul 2022 05:09:36 +0000 (15:09 +1000)]
Coverity
1503321 &
1503327: dereference after null check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18799)
(cherry picked from commit
f80910390cb882f346fe59c9803fc914b9c367c2)
Allan [Wed, 13 Jul 2022 08:55:22 +0000 (01:55 -0700)]
Added paragraph to free objects alloced by X509V3_add1_i2d()
Fixes #18665
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18786)
(cherry picked from commit
17004adacf74f9f7036b623dab31a6d12c32daf1)
Allan [Wed, 13 Jul 2022 08:55:06 +0000 (01:55 -0700)]
Updated X509v3_get_ext_by_NID.pod and X509_CRL_get0_by_serial.pod
Updated these to the current documentation style.
Moved X509v3_delete_ext() under BUGS
to NOTES and added information to call free.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18786)
(cherry picked from commit
1711f4824be2c6b41d26f221d2aa0e2236363995)
xkernel [Wed, 13 Jul 2022 03:07:31 +0000 (11:07 +0800)]
ocspapitest: use TEST_true to report the exact failure
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18774)
(cherry picked from commit
180c8d7ae56378992b90ace9626d6df6ab1d4de8)
xkernel [Mon, 11 Jul 2022 07:12:00 +0000 (15:12 +0800)]
ocspapitest: properly check the return of memory-allocating functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18774)
(cherry picked from commit
ea809510f69e5aebc2ab95aa7530e01060e8a960)
Juergen Christ [Wed, 13 Jul 2022 09:15:43 +0000 (11:15 +0200)]
Fix EC ASM flag passing
Flags for ASM implementations of EC curves were only passed to the FIPS
provider and not to the default or legacy provider. This left some potential
for optimization. Pass the correct flags also to these providers.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18791)
(cherry picked from commit
12186377cb987c4527d286e91e735e8261a45669)
Dr. David von Oheimb [Mon, 11 Jul 2022 11:52:01 +0000 (13:52 +0200)]
http_client.c: 2nd fix for calculation of Content-Length in set1_content()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18779)
(cherry picked from commit
8c65e1f719ecf7ec7ed3094bbd763f88708d26eb)
Dr. David von Oheimb [Tue, 31 May 2022 08:03:10 +0000 (10:03 +0200)]
apps/x509: add warnings for options ignored when -CA is not specified
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
(cherry picked from commit
c54a6a4b0ef664313fb07617d6a8c26a808719e0)
Dr. David von Oheimb [Tue, 31 May 2022 08:02:02 +0000 (10:02 +0200)]
openssl-x509.pod.in: fix description of certificate serial number storage
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
(cherry picked from commit
aa73b7d352c383e415d4d7567b79ce074c6762cd)
Dr. David von Oheimb [Mon, 30 May 2022 14:53:05 +0000 (16:53 +0200)]
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial.
Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
(cherry picked from commit
ec8a3409487c871b440fa52bff7c3ef33378494a)
Dr. David von Oheimb [Fri, 20 May 2022 04:23:54 +0000 (06:23 +0200)]
apps/x509: Fix -CAfile option being neglected with -new or -in
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
(cherry picked from commit
10c7887330bb6ca136cd16fe081639f4462a072e)
Daniel Fiala [Mon, 11 Jul 2022 07:03:58 +0000 (09:03 +0200)]
Add an EVP demo for CMAC
Fixes openssl#14110
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18778)
(cherry picked from commit
cdf0a5c46032ba4c39d93a7bec52494b4808830f)
slontis [Tue, 12 Jul 2022 04:28:37 +0000 (14:28 +1000)]
Check for EVP_MD being NULL inside ssl.
Fix multiple places that could potentially segfault if memory
allocations fail. e.g. ssl_load_ciphers() could fail while calling
ssl_evp_md_fetch().
Found by #18355
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18784)
(cherry picked from commit
b740012f77aed97cb4b3cd8a4f1fb2f668542795)