openssl.git
2 hours agoFix sm3ss1 translation issue in sm3-armv8.pl master
fangming.fang [Tue, 18 Jan 2022 02:58:08 +0000 (02:58 +0000)]
Fix sm3ss1 translation issue in sm3-armv8.pl

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17542)

17 hours agossl: better support TSAN operations
Pauli [Thu, 13 Jan 2022 01:19:23 +0000 (12:19 +1100)]
ssl: better support TSAN operations

For platforms that do not have native TSAN support, locking needs to be used
instead.  This adds the locking.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17489)

17 hours agotest: add cipher context dup test
Pauli [Mon, 17 Jan 2022 02:09:41 +0000 (13:09 +1100)]
test: add cipher context dup test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

17 hours agotest: add digest context dup tests
Pauli [Fri, 7 Jan 2022 00:47:20 +0000 (11:47 +1100)]
test: add digest context dup tests

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

17 hours agodoc: document digest and cipher dup functions
Pauli [Fri, 7 Jan 2022 00:47:02 +0000 (11:47 +1100)]
doc: document digest and cipher dup functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

17 hours agoAdd context dup functions for digests and ciphers
Pauli [Fri, 7 Jan 2022 00:46:33 +0000 (11:46 +1100)]
Add context dup functions for digests and ciphers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

17 hours agofix indentation
Pauli [Fri, 7 Jan 2022 00:45:33 +0000 (11:45 +1100)]
fix indentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

41 hours agoSM4 optimization for ARM by HW instruction
Daniel Hu [Tue, 19 Oct 2021 21:49:05 +0000 (22:49 +0100)]
SM4 optimization for ARM by HW instruction

This patch implements the SM4 optimization for ARM processor,
using SM4 HW instruction, which is an optional feature of
crypto extension for aarch64 V8.

Tested on some modern ARM micro-architectures with SM4 support, the
performance uplift can be observed around 8X~40X over existing
C implementation in openssl. Algorithms that can be parallelized
(like CTR, ECB, CBC decryption) are on higher end, with algorithm
like CBC encryption on lower end (due to inter-block dependency)

Perf data on Yitian-710 2.75GHz hardware, before and after optimization:

Before:
  type      16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes  16384 bytes
  SM4-CTR  105787.80k   107837.87k   108380.84k   108462.08k   108549.46k   108554.92k
  SM4-ECB  111924.58k   118173.76k   119776.00k   120093.70k   120264.02k   120274.94k
  SM4-CBC  106428.09k   109190.98k   109674.33k   109774.51k   109827.41k   109827.41k

After (7.4x - 36.6x faster):
  type      16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes  16384 bytes
  SM4-CTR  781979.02k  2432994.28k  3437753.86k  3834177.88k  3963715.58k  3974556.33k
  SM4-ECB  937590.69k  2941689.02k  3945751.81k  4328655.87k  4459181.40k  4468692.31k
  SM4-CBC  890639.88k  1027746.58k  1050621.78k  1056696.66k  1058613.93k  1058701.31k

Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17455)

41 hours agodh_exch.c: Correct gettable parameters for DH key exchange
Tomas Mraz [Fri, 14 Jan 2022 15:19:33 +0000 (16:19 +0100)]
dh_exch.c: Correct gettable parameters for DH key exchange

Fixes #17510

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17515)

2 days agoe_dasync: remove empty statement
Pauli [Mon, 17 Jan 2022 05:51:03 +0000 (16:51 +1100)]
e_dasync: remove empty statement

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

2 days agodemo: remove end of line whitespace
Pauli [Mon, 17 Jan 2022 05:50:16 +0000 (16:50 +1100)]
demo: remove end of line whitespace

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

2 days agospeed: rework if condition to avoid empty statement
Pauli [Mon, 17 Jan 2022 05:49:58 +0000 (16:49 +1100)]
speed: rework if condition to avoid empty statement

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

2 days agoreplace ;; with ; as statement separator
Pauli [Sun, 16 Jan 2022 23:37:20 +0000 (10:37 +1100)]
replace ;; with ; as statement separator

Fixes #17525

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

2 days agoapps/ca: replace ;; with ; as statement separator
Pauli [Sun, 16 Jan 2022 23:36:46 +0000 (10:36 +1100)]
apps/ca: replace ;; with ; as statement separator

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

2 days agossl: replace ;; with ; as statement separator
Pauli [Sun, 16 Jan 2022 23:36:06 +0000 (10:36 +1100)]
ssl: replace ;; with ; as statement separator

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)

2 days agoFix mistake in ERR_peek_error_all documentation.
Kevin Jones [Sat, 15 Jan 2022 01:38:41 +0000 (01:38 +0000)]
Fix mistake in ERR_peek_error_all documentation.

The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17522)

2 days agobn_ppc.c: Fix build failure on AIX with XLC/XLCLANG
Tomas Mraz [Thu, 13 Jan 2022 17:07:08 +0000 (18:07 +0100)]
bn_ppc.c: Fix build failure on AIX with XLC/XLCLANG

These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.

Fixes #17087

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17497)

2 days agodhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
Tomas Mraz [Thu, 13 Jan 2022 18:02:31 +0000 (19:02 +0100)]
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid

And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

2 days agoDo not call ossl_ffc_name_to_dh_named_group with NULL argument
Tomas Mraz [Thu, 13 Jan 2022 18:01:33 +0000 (19:01 +0100)]
Do not call ossl_ffc_name_to_dh_named_group with NULL argument

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

2 days agoProperly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114
Tomas Mraz [Thu, 13 Jan 2022 18:00:13 +0000 (19:00 +0100)]
Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114

Fixes #17485

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

3 days agoFix typo in SSL_CTX_set_dh_auto
EasySec [Thu, 13 Jan 2022 22:30:30 +0000 (23:30 +0100)]
Fix typo in SSL_CTX_set_dh_auto

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)

3 days agossl/t1_enc: Fix kTLS RX offload path
Dmytro Podgornyi [Wed, 12 Jan 2022 17:25:23 +0000 (19:25 +0200)]
ssl/t1_enc: Fix kTLS RX offload path

During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)

5 days agoproperty: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.
Pauli [Sat, 1 Jan 2022 01:43:31 +0000 (12:43 +1100)]
property: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.

This takes out the lock step stacks that allow a fast property to name
resolution.  Follow on from #17325.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17388)

5 days agoFix malloc failure handling of X509_ALGOR_set0()
Dr. David von Oheimb [Fri, 6 Aug 2021 10:11:13 +0000 (12:11 +0200)]
Fix malloc failure handling of X509_ALGOR_set0()

Also update and slightly extend the respective documentation and simplify some code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16251)

5 days agoEVP: fix evp_keymgmt_util_match so that it actually tries cross export the other...
manison [Wed, 12 Jan 2022 19:53:48 +0000 (20:53 +0100)]
EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails

Fixes #17482

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)

5 days agoSM3 acceleration with SM3 hardware instruction on aarch64
fangming.fang [Fri, 24 Dec 2021 08:29:04 +0000 (08:29 +0000)]
SM3 acceleration with SM3 hardware instruction on aarch64

SM3 hardware instruction is optional feature of crypto extension for
aarch64. This implementation accelerates SM3 via SM3 instructions. For
the platform not supporting SM3 instruction, the original C
implementation still works. Thanks to AliBaba for testing and reporting
the following perf numbers for Yitian710:

Benchmark on T-Head Yitian-710 2.75GHz:

Before:
type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
sm3   49297.82k   121062.63k   223106.05k   283371.52k   307574.10k   309400.92k

After (33% - 74% faster):
type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
sm3   65640.01k   179121.79k   359854.59k   481448.96k   534055.59k   538274.47k

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17454)

5 days agoAdd a comment to indicate ineffective macro
Shreenidhi Shedi [Wed, 12 Jan 2022 15:25:38 +0000 (20:55 +0530)]
Add a comment to indicate ineffective macro

EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards

CLA: trivial

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17484)

5 days agocoverity 1497107: dereference after null check
Pauli [Thu, 13 Jan 2022 01:30:59 +0000 (12:30 +1100)]
coverity 1497107: dereference after null check

Add null checks to avoid dereferencing a pointer that could be null.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17488)

6 days agoCleansing all the temporary data for s390x
Dmitry Belyavskiy [Wed, 12 Jan 2022 15:54:45 +0000 (16:54 +0100)]
Cleansing all the temporary data for s390x

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17486)

6 days agotest_gendhparam: Drop expected error output
Tomas Mraz [Wed, 12 Jan 2022 08:55:43 +0000 (09:55 +0100)]
test_gendhparam: Drop expected error output

Otherwise it sometimes confuses the TAP parser.

Fixes #17480

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)

6 days agoClear md_data only when necessary
Matt Caswell [Tue, 11 Jan 2022 17:13:39 +0000 (17:13 +0000)]
Clear md_data only when necessary

PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)

6 days agothreadstest: use locking for tsan operations if required
Pauli [Wed, 12 Jan 2022 03:22:29 +0000 (14:22 +1100)]
threadstest: use locking for tsan operations if required

Not all platforms support tsan operations, those that don't need to have an
alternative locking path.

Fixes #17447

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agodrbg: add handling for cases where TSAN isn't available
Pauli [Wed, 12 Jan 2022 04:01:17 +0000 (15:01 +1100)]
drbg: add handling for cases where TSAN isn't available

Most of the DRGB code is run under lock from the EVP layer.  This is relied
on to make the majority of TSAN operations safe.  However, it is still necessary
to enable locking for all DRBGs created.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agolhash: use lock when TSAN not available for statistics gathering
Pauli [Wed, 12 Jan 2022 03:45:07 +0000 (14:45 +1100)]
lhash: use lock when TSAN not available for statistics gathering

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agomem: do not produce usage counts when tsan is unavailable.
Pauli [Wed, 12 Jan 2022 03:25:46 +0000 (14:25 +1100)]
mem: do not produce usage counts when tsan is unavailable.

Doing the tsan operations under lock would be difficult to arrange here (locks
require memory allocation).

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agoobject: use updated tsan lock detection capabilities
Pauli [Wed, 12 Jan 2022 03:25:35 +0000 (14:25 +1100)]
object: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agocore namemap: use updated tsan lock detection capabilities
Pauli [Wed, 12 Jan 2022 03:22:23 +0000 (14:22 +1100)]
core namemap: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agotsan: make detecting the need for locking when using tsan easier
Pauli [Wed, 12 Jan 2022 02:26:38 +0000 (13:26 +1100)]
tsan: make detecting the need for locking when using tsan easier

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agothreadstest: add write check to lock checking
Pauli [Wed, 12 Jan 2022 03:24:49 +0000 (14:24 +1100)]
threadstest: add write check to lock checking

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

6 days agoAvoid using a macro expansion in a macro when statically initialising
Pauli [Wed, 12 Jan 2022 01:28:29 +0000 (12:28 +1100)]
Avoid using a macro expansion in a macro when statically initialising

Circumvents a problem with ancient PA-RISC compilers on HP/UX.

Fixes #17477

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)

6 days agodrop unused callback variable
Gerd Hoffmann [Tue, 11 Jan 2022 07:51:31 +0000 (08:51 +0100)]
drop unused callback variable

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17471)

7 days agoEVP_DigestSignFinal: *siglen should not be read if sigret == NULL
Tomas Mraz [Mon, 10 Jan 2022 16:09:59 +0000 (17:09 +0100)]
EVP_DigestSignFinal: *siglen should not be read if sigret == NULL

This fixes small regression from #16962.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)

7 days agoparam dup: add errors to failure returns
Pauli [Mon, 10 Jan 2022 00:36:24 +0000 (11:36 +1100)]
param dup: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

7 days agoparam build set: add errors to failure returns
Pauli [Mon, 10 Jan 2022 00:33:06 +0000 (11:33 +1100)]
param build set: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

7 days agoparam build: add errors to failure returns
Pauli [Mon, 10 Jan 2022 00:31:45 +0000 (11:31 +1100)]
param build: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

7 days agotest: check for properly raised errors during param conversion
Pauli [Mon, 10 Jan 2022 00:10:34 +0000 (11:10 +1100)]
test: check for properly raised errors during param conversion

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

7 days agoparams: add error messages for built in param conversions
Pauli [Fri, 7 Jan 2022 11:11:10 +0000 (22:11 +1100)]
params: add error messages for built in param conversions

Specifically:
* out of range
* unsigned negatives
* inexact reals
* bad param types
* buffers that are too small
* null function arguments
* unknown sizes of real

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

7 days agoerr: add additional errors
Pauli [Fri, 7 Jan 2022 11:10:38 +0000 (22:10 +1100)]
err: add additional errors

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

8 days agopkeyutl: Fix regression with -kdflen option
Tomas Mraz [Mon, 10 Jan 2022 16:26:33 +0000 (17:26 +0100)]
pkeyutl: Fix regression with -kdflen option

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17461)

8 days agoEnsure we test fetching encoder/decoder/store loader with a query string
Matt Caswell [Mon, 10 Jan 2022 14:46:46 +0000 (14:46 +0000)]
Ensure we test fetching encoder/decoder/store loader with a query string

Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

8 days agoFix Decoder, Encoder and Store loader fetching
Matt Caswell [Mon, 10 Jan 2022 14:45:16 +0000 (14:45 +0000)]
Fix Decoder, Encoder and Store loader fetching

Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()

Fixes #17456

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

8 days agoClarify the int param getter documentation
Matt Caswell [Fri, 7 Jan 2022 17:30:39 +0000 (17:30 +0000)]
Clarify the int param getter documentation

OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)

8 days agoDon't run TLSFuzzer tests when it is not properly set
Dmitry Belyavskiy [Sun, 9 Jan 2022 16:39:41 +0000 (17:39 +0100)]
Don't run TLSFuzzer tests when it is not properly set

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17448)

8 days agoAPPS: Add check for multiple 'unknown' options
Dr. David von Oheimb [Tue, 24 Aug 2021 10:03:12 +0000 (12:03 +0200)]
APPS: Add check for multiple 'unknown' options

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

8 days agoPKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name
Dr. David von Oheimb [Tue, 24 Aug 2021 10:27:12 +0000 (12:27 +0200)]
PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

8 days agoStatically link the legacy provider to endecode_test
Matt Caswell [Thu, 23 Dec 2021 13:59:12 +0000 (13:59 +0000)]
Statically link the legacy provider to endecode_test

We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.

Fixes #17059

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17345)

9 days agoAdd a test for a custom digest created via EVP_MD_meth_new()
Matt Caswell [Wed, 29 Dec 2021 16:39:11 +0000 (16:39 +0000)]
Add a test for a custom digest created via EVP_MD_meth_new()

We check that the init and cleanup functions for the custom method are
called as expected.

Based on an original reproducer by Dmitry Belyavsky from issue #17149.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

9 days agoFix a leak in EVP_DigestInit_ex()
Matt Caswell [Fri, 10 Dec 2021 17:17:27 +0000 (17:17 +0000)]
Fix a leak in EVP_DigestInit_ex()

If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.

Fixes #17149

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

9 days agoEnsure that MDs created via EVP_MD_meth_new() go down the legacy route
Matt Caswell [Fri, 10 Dec 2021 16:53:02 +0000 (16:53 +0000)]
Ensure that MDs created via EVP_MD_meth_new() go down the legacy route

MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

9 days agoEVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt
Tomas Mraz [Wed, 5 Jan 2022 15:50:00 +0000 (16:50 +0100)]
EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt

The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.

Fixes #17424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)

10 days agocrypto/bio: fix build on UEFI
Gerd Hoffmann [Fri, 7 Jan 2022 11:58:27 +0000 (12:58 +0100)]
crypto/bio: fix build on UEFI

When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:

   crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled

Fix that by using EFIAPI calling convention when compiling for UEFI.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)

10 days agoDon't use __ARMEL__/__ARMEB__ in aarch64 assembly
David Benjamin [Wed, 29 Dec 2021 18:05:12 +0000 (13:05 -0500)]
Don't use __ARMEL__/__ARMEB__ in aarch64 assembly

GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.

However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.

Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.

(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17373)

11 days agocheck-format.pl: Fix report on space before ';' and allow it after ')'
Dr. David von Oheimb [Thu, 6 Jan 2022 22:14:27 +0000 (23:14 +0100)]
check-format.pl: Fix report on space before ';' and allow it after ')'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

11 days agocheck-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'
Dr. David von Oheimb [Thu, 6 Jan 2022 21:54:20 +0000 (22:54 +0100)]
check-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

11 days agocheck-format.pl: Fix report on constant on LHS of comparison/assignment
Dr. David von Oheimb [Thu, 6 Jan 2022 21:05:22 +0000 (22:05 +0100)]
check-format.pl: Fix report on constant on LHS of comparison/assignment

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

11 days agocheck_format.pl: Add checks for blank lines within/after local decls
Dr. David von Oheimb [Thu, 6 Jan 2022 20:41:45 +0000 (21:41 +0100)]
check_format.pl: Add checks for blank lines within/after local decls

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

11 days agoDelete unused param about get_construct_message_f
yangyangtiantianlonglong [Fri, 31 Dec 2021 03:00:57 +0000 (11:00 +0800)]
Delete unused param about get_construct_message_f

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17385)

11 days agoAdd a test case for the short password
Bernd Edlinger [Fri, 7 Jan 2022 11:44:27 +0000 (12:44 +0100)]
Add a test case for the short password

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)

11 days agoUpdate alert to common protocol
Kan [Tue, 30 Nov 2021 06:39:49 +0000 (14:39 +0800)]
Update alert to common protocol

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17161)

11 days agoapps.c: fix various coding style nits found by check-format.pl
Dr. David von Oheimb [Thu, 6 Jan 2022 22:26:04 +0000 (23:26 +0100)]
apps.c: fix various coding style nits found by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17435)

12 days agoFix: some patches related to error exiting
Peiwei Hu [Wed, 5 Jan 2022 15:17:53 +0000 (23:17 +0800)]
Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)

12 days agoproviders/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init
Peiwei Hu [Thu, 6 Jan 2022 01:47:05 +0000 (09:47 +0800)]
providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init

There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)

12 days agov2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options
Dr. David von Oheimb [Tue, 17 Aug 2021 17:12:55 +0000 (19:12 +0200)]
v2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16345)

12 days agoapps/cmp.c: fix coding style nits reported by check-format.pl
Dr. David von Oheimb [Tue, 4 Jan 2022 09:48:32 +0000 (10:48 +0100)]
apps/cmp.c: fix coding style nits reported by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

12 days agoasn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code
Dr. David von Oheimb [Fri, 6 Aug 2021 10:11:13 +0000 (12:11 +0200)]
asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

12 days agoAPPS load_key_certs_crls(): Make file access errors much more readable
Dr. David von Oheimb [Fri, 27 Aug 2021 16:36:38 +0000 (18:36 +0200)]
APPS load_key_certs_crls(): Make file access errors much more readable

This reverts part of commit ef0449135c4e4e7f using a less invasive suppression.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

12 days agoOSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file
Dr. David von Oheimb [Fri, 27 Aug 2021 16:33:56 +0000 (18:33 +0200)]
OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

12 days agoTest importing EC key parameters with a bad curve
Tomas Mraz [Tue, 4 Jan 2022 10:57:54 +0000 (11:57 +0100)]
Test importing EC key parameters with a bad curve

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

12 days agoEVP_PKEY_fromdata(): Do not return newly allocated pkey on failure
Tomas Mraz [Tue, 4 Jan 2022 10:53:30 +0000 (11:53 +0100)]
EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure

Fixes #17407

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

12 days agofix the return check of EVP_PKEY_CTX_ctrl() in 5 spots
xkernel [Tue, 4 Jan 2022 14:54:27 +0000 (22:54 +0800)]
fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)

12 days agoproperly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413
xkernel [Wed, 5 Jan 2022 01:38:05 +0000 (09:38 +0800)]
properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)

13 days agoproperly free the resource from CRYPTO_malloc
xkernel [Tue, 4 Jan 2022 13:18:02 +0000 (21:18 +0800)]
properly free the resource from CRYPTO_malloc

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)

13 days agoFix copyright year issues
Bernd Edlinger [Wed, 5 Jan 2022 16:25:02 +0000 (17:25 +0100)]
Fix copyright year issues

Fixes: #13765

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)

13 days agoOSSL_STORE: Prevent spurious error during loading private keys
Dr. David von Oheimb [Fri, 14 May 2021 13:11:00 +0000 (15:11 +0200)]
OSSL_STORE: Prevent spurious error during loading private keys

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)

2 weeks agoFix typos
Dimitris Apostolou [Sun, 2 Jan 2022 23:00:27 +0000 (01:00 +0200)]
Fix typos

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)

2 weeks agoRun TLSfuzzer tests for CI
Dmitry Belyavskiy [Thu, 23 Dec 2021 10:19:07 +0000 (11:19 +0100)]
Run TLSfuzzer tests for CI

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)

2 weeks agoTLS Fuzzer: initial test infrastructure
Dmitry Belyavskiy [Wed, 22 Dec 2021 17:13:40 +0000 (18:13 +0100)]
TLS Fuzzer: initial test infrastructure

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)

2 weeks agoTLSfuzzer: submodules
Dmitry Belyavskiy [Wed, 22 Dec 2021 17:11:21 +0000 (18:11 +0100)]
TLSfuzzer: submodules

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)

2 weeks agocheck the return value of OSSL_PARAM_BLD_new in dsa_kmgmt.c:195
x2018 [Mon, 29 Nov 2021 11:08:36 +0000 (19:08 +0800)]
check the return value of OSSL_PARAM_BLD_new in dsa_kmgmt.c:195

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17155)

2 weeks agosm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2
zhaozg [Sat, 1 Jan 2022 14:45:12 +0000 (22:45 +0800)]
sm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17389)

2 weeks agoapps/passwd.c: free before error exiting
Peiwei Hu [Tue, 4 Jan 2022 01:10:32 +0000 (09:10 +0800)]
apps/passwd.c: free before error exiting

use goto instead of returning directly while error handling

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)

2 weeks agofix building failure when using -Wconditional-uninitialized
fangming.fang [Tue, 28 Dec 2021 04:13:21 +0000 (04:13 +0000)]
fix building failure when using -Wconditional-uninitialized

Use clang -Wconditional-uninitialized to build, the error "initialize
the variable 'buffer_size' to silence this warning" will be reported.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17375)

2 weeks agotrace.c: Add missing trace category entry
Tomas Mraz [Mon, 3 Jan 2022 13:46:52 +0000 (14:46 +0100)]
trace.c: Add missing trace category entry

Fixes #17397

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17399)

2 weeks agoCMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()
Dr. David von Oheimb [Mon, 12 Jul 2021 13:34:20 +0000 (15:34 +0200)]
CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()

Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)

2 weeks agoX509_cmp.pod: Point out that the X509_NAME_cmp() arguments may be NULL
Dr. David von Oheimb [Mon, 12 Jul 2021 13:32:49 +0000 (15:32 +0200)]
X509_cmp.pod: Point out that the X509_NAME_cmp() arguments may be NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)

2 weeks agoapp_http_tls_cb: Fix double-free in case TLS not used
Dr. David von Oheimb [Mon, 3 Jan 2022 16:03:13 +0000 (17:03 +0100)]
app_http_tls_cb: Fix double-free in case TLS not used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)

2 weeks agocheck-format.pl: Fix report on constant on LHS of comparison or assignment
Dr. David von Oheimb [Fri, 12 Nov 2021 11:14:45 +0000 (12:14 +0100)]
check-format.pl: Fix report on constant on LHS of comparison or assignment

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17396)

2 weeks agoHTTP client: Work around HTTPS proxy use bug due to callback design flaw
Dr. David von Oheimb [Fri, 26 Nov 2021 15:46:13 +0000 (16:46 +0100)]
HTTP client: Work around HTTPS proxy use bug due to callback design flaw

See discussion in #17088, where the real solution was postponed to 4.0.

This preliminarily fixes the issue that the HTTP(S) proxy environment vars
were neglected when determining whether a proxy should be used for HTTPS.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17310)

2 weeks agoFix compile error when building with no-asm
fangming.fang [Wed, 29 Dec 2021 05:09:07 +0000 (05:09 +0000)]
Fix compile error when building with no-asm

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17376)

2 weeks agocheck the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347
x2018 [Mon, 29 Nov 2021 07:32:47 +0000 (15:32 +0800)]
check the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17153)