git.openssl.org Git - openssl.git/log

When using PEM_read_bio_PrivateKey_ex() the public key is optional

Fixes #19498

However the private key part is not optional which was
mishandled by the legacy routine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19505)

(cherry picked from commit adb408dc791e83f59f3a86bd90d8e804c814ac30)

add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function

Fixup for glitch while handling merge conflict in OSSL_CMP_CTX_new.pod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)

(cherry picked from commit a2ede0396addd13f7fe9a629b450a14892152a83)

add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)

(cherry picked from commit a2ede0396addd13f7fe9a629b450a14892152a83)

OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs

Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)

(cherry picked from commit 1c04866c671db4a6db0a1784399b351ea061bc16)

CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)

(cherry picked from commit 7e3034939b40ee15013bdba9ff6178de6bcc26d4)

Fix typo in openssl-x509.pod.in

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19746)

(cherry picked from commit 0b7ad5d928f9ee749cfc670ad08067a961217fea)

Add SM2 support for EVP_PKEY_Q_keygen

There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19736)

(cherry picked from commit 3f32d29ad464591ed968a1e430111e1525280f4c)

CMP: fix handling of unset or missing failInfo PKI status information

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)

(cherry picked from commit cba0e2afd6a222aa041e05f8455e83c9e959d05b)

CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages

On this occasion, replace magic constants by mnemonic ones; update doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)

(cherry picked from commit 19ddcc4cbb43464493a4b82332a1ab96da823451)

Fix coverity issues in X509v3_addr

CID 1516955 : Null pointer deref (REVERSE_INULL)
CID 1516954 : Null pointer deref (REVERSE_INULL)
CID 1516953 : RESOURCE_LEAK of child

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19700)

(cherry picked from commit 26cfa4cd85f6b26dd7a48c2ff06bfa4a2cea4764)

Add missing HISTORY sections for OpenSSL 3.0 related documents.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)

(cherry picked from commit 4741c80c0556653c74252ec91425dcb74066b2ec)

Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.

Removed fields from missingcrypto.txt that are no longer missing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19692)

(cherry picked from commit ad60cd522b4f717a69c690f68f1591371a048591)

evp_extra_test2: Test DH param checks with non-NULL libctx

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19656)

(cherry picked from commit 5e38e0acf4e1681ae32fa1b164adbc08719bd613)

DH_check[_params]() use libctx of the dh for prime checks

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19656)

(cherry picked from commit 7c639f0b8e97b8290b9f935e83d5e948614c5bf7)

ParseC.pm: gracefully handle DOS-style end-of-line in source files

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19686)

(cherry picked from commit c507db9678f50482df5f6c58e42572fe6fe3007c)

Add test to confirm IPAddressFamily_check_len catches invalid len

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19273)

(cherry picked from commit 7489ada9f3fd902c5bc3c58cc03a90de2800d0ab)

Catch incorrect IPAddressFamily lengths

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19273)

(cherry picked from commit 9351f675fab42abbc321f0994bff7e0b27cfbe57)

Drop explicit check for engines in opt_legacy_okay

The providers indication should always indicate that this is not a
legacy request.
This makes a check for engines redundant as the default return is that
legacy is ok if there are no explicit providers.

Fixes #19662

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19671)

(cherry picked from commit 2fea56832780248af2aba2e4433ece2d18428515)

Fix the check of EC_GROUP_check_named_curve

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19678)

(cherry picked from commit 3b6154ccaf3e64bcdfda4859f2b98ef21b08c5b2)

apps/speed.c: fix the wrong checks

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19678)

(cherry picked from commit 9dd009dd513276e602b6592bc337a8563a1a82a1)

Add documentation for CPUID bit #64+17

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19670)

(cherry picked from commit ec7689186f3ea5c1a4d1564089cd8df287dfcf3c)

Add test for EVP_PKEY_eq

This tests that the comparison work even if a provider can only return
a public key.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)

(cherry picked from commit e5202fbd461cb6c067874987998e91c6093e5267)

Update documentation for keymgmt export utils

Change function prototypes and explain how to use the selection
argument.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)

(cherry picked from commit 504427eb5f32108dd64ff7858012863fe47b369b)

Propagate selection all the way on key export

EVP_PKEY_eq() is used to check, among other things, if a certificate
public key corresponds to a private key. When the private key belongs to
a provider that does not allow to export private keys this currently
fails as the internal functions used to import/export keys ignored the
selection given (which specifies that only the public key needs to be
considered) and instead tries to export everything.

This patch allows to propagate the selection all the way down including
adding it in the cache so that a following operation actually looking
for other selection parameters does not mistakenly pick up an export
containing only partial information.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)

(cherry picked from commit 98642df4ba886818900ab7e6b23703544e6addd4)

apps/ocsp.c: Add missing test if make_ocsp_response failed

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19660)

(cherry picked from commit 93e1271eedfe3af0a1c1b14d26899d2c8bde98e9)

fipsinstall test: skip PCT DSA signature test for new providers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19665)

test: add two comparision options to fips version test utility code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19665)

Use the same encryption growth macro consistently

We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.

Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19264)

(cherry picked from commit 3d004cefec5135a3b080dc898d7f7d5452ef309f)

apps/speed.c: add verifying if fdopen returns NULL

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19651)

(cherry picked from commit c9a542e41837ea65671dcd75c448d7113d34a4fd)

Resign test/certs/rootCA.pem to expire in 100 years

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf)

Update the validity period of ed25519 cerificates

Note: The private key is test/certs/root-ed25519.privkey.pem

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba)

Add test for generating safeprime DH parameters

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)

(cherry picked from commit 10119e7475bb198e13b1722b186303b8a7528dfe)

Use libctx when generating DH parameters

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)

(cherry picked from commit 990d280da95d3c955b86f38b01f5b95ea88d42bb)

pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey

Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)

(cherry picked from commit 373d90128042cb0409e347827d80b50a99d3965a)

pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional

The copy of PKEY should be released on the error path.
Easily reproduced with "ED448" context.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)

(cherry picked from commit 608aca8ed2becccfe9c238846834ea2b162fc98b)

Limit size of modulus for BN_mod_exp_mont_consttime()

Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19632)

(cherry picked from commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8)

Release the drbg in the global default context before engines

Fixes #17995
Fixes #18578

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/19390)

Add a test case for the engine crash with AES-256-CTR

Implement the AES-256-CTR cipher in the dasync engine.

Use that to reproduce the reported problems with the
devcrypto engine in our normal test environment.

See #17995 and #17532 for details.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19390)

fips-label.yml: Fix the script after actions/github-script upgrade

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19636)

(cherry picked from commit ada6f0533d3299833b27e623ff1bfe3134e8e466)

Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread

Either suppress the error, or better make smbuf longer.
Detected with -Werror.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19528)

(cherry picked from commit 91b7520e2385a513ad879dfa8fe8e45466315a27)

Fix documentation for some i2d return values.

i2d_XXX_bio and i2d_XXX_fp return either 0 or 1.
Other i2d_XXX functions return the number of bytes or negative on error.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18427)

(cherry picked from commit 943051d0f9ce8dcb38707774a5757a5dc436704f)

Test that signatures using hash name commands work properly

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)

(cherry picked from commit e9e6827445528caf1d9d6647953fbe67a0c78716)

apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name

Fixes #19589

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)

(cherry picked from commit 1e5780dbc79dab14c1ec1584313755fc2fd2cf55)

Check for private key existence before calling eddsa sign functions

Fixes #19524

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19525)

(cherry picked from commit f5a10d5cc19215ab22be55b4a2ee1e41bd38fb14)

crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case

The use case is that uppercase .ASM extension may be used on some platforms,
and we were only testing for the lowercase extension.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19604)

(cherry picked from commit 119b7b5f2ad7efcf273f395e7633747f56ff3f95)

Configurations/*.tmpl: overhaul assembler make rules.

NOTE: Not Configurations/unix-Makefile.tmpl, as that was done 4 years
ago, in commit a23f03166e0ec49ac09b3671e7ab4ba4fa57d42a.

So far assembly modules were intended to be built as .pl->.S->.{asmext}
followed by .{asmext}->.o. This posed a problem in build_all_generated
rule if it was executed on another computer, and also turned out to be
buggy, as .S was also translated to .{asmext} on Windows and VMS.
Both issues are fixed by changing the rule sequence to .pl->.S and then
.S->.s->.o, with the added benefit that the Windows and VMS build file
templates are more in sync with unix-Makefile.tmpl and slightly simpler.

Fixes #19594

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19598)

(cherry picked from commit b8d3cf0954737a9665e3b2bff25bc689a5114010)

Update GitHub actions as suggested by dependabot

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19581)

(cherry picked from commit ec33ed712665ca65cabcd87d446e5db79a64379e)

Coverity 1516624: Fix overrun memory access.

Not possible to hit but good to address.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19576)

(cherry picked from commit ce0a7cadadb973216399e70d3a69f352b0843deb)

Fix the ceiling on how much encryption growth we can have

Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.

Note that this is not a security issue. Even though we can overflow the
amount of bytes reserved in the WPACKET for the encryption, the underlying
buffer is still big enough.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19517)

(cherry picked from commit eaa206007322ab0b1eaf9f83485e56deafc9df80)

providers/common/der/oids_to_c.pm: Remove use of Data::Dumper

This is a development remnant, which should have been remove when finalized.

Fixes #19546

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19548)

(cherry picked from commit 57d2bccdb2112cc09de1bec585da878161b1364f)

Potential null pointer reference

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19429)

(cherry picked from commit 15c8df81083f31dd35aedbe2d58ec702d0c0dc65)

Prepare for 3.0.8

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Prepare for release of 3.0.7

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Update CHANGES.md and NEWS.md for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

punycode: add unit tests

These tests verify basic functionality and specifically test for
CVE-2022-3602.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Fix CVE-2022-3786 in punycode decoder.

Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).

The function also did not NUL-terminate the output in some cases.

The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Fix CVE-2022-3602 in punycode decoder.

An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

tests: clear error queue before executing a testcase

There can be errors in the queue from previous tests and
we look at it to verify we do not add spurious errors in
some testcases.

Fixes #19477

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19483)

Fix parameter names for RSA private key example

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19443)

(cherry picked from commit c8c678e7d91ca2cea41c6c574cf7656a9404646f)

Make openVMS seeding less dependent of OpenVMS version

SYS$GETTIM_PREC is a very new function, only available on OpenVMS v8.4.
OpenSSL binaries built on OpenVMS v8.4 become unusable on older OpenVM
versions, but building for the older CRTL version will make the high
precision time functions unavailable.

Tests have shown that on Alpha and Itanium, the time update granularity
between SYS$GETTIM and SYS$GETTIM_PREC is marginal, so the former plus
a sequence number turns out to be better to guarantee a unique nonce.

Fixes #18727

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18731)

(cherry picked from commit 7056dc9c50baa4af5152c625c4735806d51c67cd)

Use RSA CRT parameters in FIPS self tests.

Fixes #19488

Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)

(cherry picked from commit c7424fe68c65aa2187a8e4028d7dea742b95d81a)
(cherry picked from commit 4215d649e92bc4c42997ec4a1e65beba1055bbe1)

test: driver: fix -Wunused-but-set-variable

The value of 'num_failed_inner' isn't ever used.

Fixes this error with Clang 15:
```
test/testutil/driver.c:341:17: error: variable 'num_failed_inner' set but not used [-Werror,-Wunused-but-set-variable]
int num_failed_inner = 0;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 6a94c5849ea7d1f08d4fcaa9a6fc0a947e19da66)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)

x509: fix -Wunused-but-set-variable

The value of 'l' isn't ever actually used.

Fixes this error with Clang 15:
```
crypto/x509/x_name.c:506:9: error: variable 'l' set but not used [-Werror,-Wunused-but-set-variable]
int l, i;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit c71318668571b3680fe10035a1a350ff46e459af)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)

txt_db: fix -Wunused-but-set-variable

The loop never uses the value of 'ln'.

Fixes this error with Clang 15:
```
crypto/txt_db/txt_db.c:24:10: error: variable 'ln' set but not used [-Werror,-Wunused-but-set-variable]
long ln = 0;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit f9e8e2c0ab73409862bb78a9285c1b72e0511750)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)

pem: fix -Wunused-but-set-variable

The loop never uses the value of 'line'.

Fixes this error with Clang 15:
```
crypto/pem/pem_lib.c:821:14: error: variable 'line' set but not used [-Werror,-Wunused-but-set-variable]
int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 71bc497dc321adeb08e7541556dea019c81c9a87)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)

CI: add Clang 15

We have to use the PPA provided by LLVM because Clang 15 isn't
officially part of Ubuntu 22.04 (or any other Ubuntu release yet),
see https://apt.llvm.org/ for details.

Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 75ecda930e0a961f9605ce090af64d95c98ed161)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)

CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14

Notably, this might have caught #18225, as Clang 14 wasn't - and is not yet
until this commit - in OpenSSL's CI.

It makes sense to ensure CI tests compilers used in newer Linux distributions:
* Fedora 36 ships with GCC 12
* Ubuntu 22.04 ships with Clang 14

We switch from 'ubuntu-latest' (which can change meaning but currently points
to ubuntu-20.04) to ubuntu-20.04 for the older existing compilers, and
ubuntu-22.04 for the newer ones added by this commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit 712c13c57b97e2e25ca23048f3ba6f50115cacd7)
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19500)

CI: add GCC 11

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit 6332f4c4a2c153869b169d250d9736962abe12c6)
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19500)

ssl_cipher_process_rulestr: don't read outside rule_str buffer

If rule_str ended in a "-", "l" was incremented one byte past the
end of the buffer. This resulted in an out-of-bounds read when "l"
is dereferenced at the end of the loop. It is safest to just return
early in this case since the condition occurs inside a nested loop.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19166)

(cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8)

Add missing ERR_R_XXX_LIB codes

Fixes CI regression on 3.0 branch from a cherry-picked commit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19499)

Finer grained error records for provider load/init failures

When a provider is activated, these three cases would record that the
provider init function failed (implying that it was called):

-   failure to load the provider module (in case it's a dynamically
    loadable module)
-   the init function not being present (i.e. being NULL)
-   the init function being called and returning an error indication
    (i.e. returning a false value)

This is confusing.

Separating the three cases so that they record different errors will
make it easier to determine causes of failure.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19419)

(cherry picked from commit 2d23ba14630551ee347acafcab81fa1a290c6504)

Fix a lock in provider_remove_store_methods()

We were taking a read lock. It should have been a write lock.

Fixes #19474

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19481)

(cherry picked from commit 6962e21b7c51480343db1a275f52525754dcbe44)

openssl list: Fix help text about -cipher-algorithms option

Fixes openssl#19133

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19370)

(cherry picked from commit 2eb75291c1357cdaf852e0da613edc14f3d5ae4f)

Workaround egd rand source deficiencies

With egd as the rand source the reseed after fork confuses the egd.

Fixes #19396

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19454)

Checking the return of BIO_new_fp(). If it returns NULL, then it is unnecessary to build the BIO chain and better make the caller directly return NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19445)

(cherry picked from commit fb03e6145961005a6db011d2f36660d2eed734e2)

doc: fix copy/paste error

Fixes #19460

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19461)

(cherry picked from commit 5b9480fc1e814bf8fa2dce0dbbede147f04d477c)

Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

(cherry picked from commit 3a09dfb4f9aace93d2c20d6d1b4968cc583884d6)

Document the stack functions that are forgiving

I.e., those that can be called with NULL stack parameter or invalid index.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

(cherry picked from commit 0778364f8ec1f9702e62e6298aaa212ec40b6111)

stack: Do not add error if pop/shift/value accesses outside of the stack

This partially reverts commit 30eba7f35983a917f1007bce45040c0af3442e42.
This is legitimate use of the stack functions and no error
should be reported apart from the NULL return value.

Fixes #19389

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

(cherry picked from commit a8086e6bfc37355626393751a94bc5c92df7e9d3)

Fix trivial check_docs CI failure

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19442)

Add changes entry for RIPEMD160 in 3.0.7

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19438)

(cherry picked from commit b6553796190ad7401b89c6cd0499bae77b39d1a6)

Replace BIO_free(bio_err) with BIO_free_all(bio_err)

dup_bio_err() can return a BIO chain when 'OPENSSL_SYS_VMS' is defined.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19446)

(cherry picked from commit a73bdc24e14760413a65d478d7c88356b4b95bb5)

update pyca cryptography to 38.0.2

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19439)

(cherry picked from commit efd59f7a37bf1f9034b62b67f730c25dff0e8d8e)

link the pyca tests against the correct openssl

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19439)

(cherry picked from commit 097752da99d9c27702e9e9d51609efedd3a4d0cf)

Fix no longer implicitly refresh the cached TBSCertificate

This reverts commit 9249a34b076df9a9d55ab74ab465d336980cae6a.
Fixes #19388

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19393)

(cherry picked from commit 963e0bc43369a6dbe6644f709630f6c9f63dccf9)

Fix many inconsistencies in doc of CMS_verify() and PKC7_verify() etc.

Also change B< to I< in {CMS,PKCS7}_verify.pod, PKCS7_sign{,_add_signer}.pod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19108)

ripemd: document as being present in the default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)

(cherry picked from commit fdc5043d58900663b493147298e64f11353b35fe)

Avoid putting ripemd_prov.c in libcommon otherwise it is regarded as fips source

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)

(cherry picked from commit 155a82d1fe1c50d859081ff67f26633b9d7dada8)

default provider: include RIPEMD160

Including RIPEMD160 in both the default and legacy providers shouldn't break
anyone and makes the algorithm available more readily.

Fixes #17722

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)

(cherry picked from commit ecd831469919215b0a45693b00ec0fd7d42d5d61)

Add a test for TLSv1.3 only client sending a correct key_share

Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)

Add a test for where a client sends a non-TLSv1.3 key share

This should not happen but we should tolerate and send an HRR

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)

Ensure that the key share group is allowed for our protocol version

We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)

init: fix defined but unused warning/error

The #ifdefs weren't quite correct at times.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18503)

(cherry picked from commit 979575c6ef10ab9b8d74d8c00852b2250eb78f29)

disable 5x interleave on buffers shorter than 512 bytes: 3% speedup on Graviton2

d6e4287c9726691e800bff221be71edd894a3c6a introduced 5x interleaving as an
optimization for ThunderX2, and that leads to some performance degradation on
when encoding short buffers.  We found this performance degradation by measuring
the performance of nginx on Ubuntu 20.04 that comes with OpenSSL 1.1.1f and
Ubuntu 22.04 with OpenSSL 3.0.1.

This patch limits the 5x interleave to buffers larger than 512 bytes.
On Graviton2 we see the following performance with this patch:

$ openssl speed -evp aes-128-gcm -bytes 128

AES-128-GCM   64 bytes     79 bytes     80 bytes     128 bytes    256 bytes    511 bytes    512 bytes    1024 bytes
master        1062564.71k  775113.11k   1069959.33k  1411716.28k  1653114.86k  1585981.16k  1973683.03k  2203214.08k
master+patch  1062729.28k  771915.11k   1103883.42k  1458665.43k  1708701.20k  1647060.84k  1975571.80k  2204038.42k
diff          0%           0%           3%           3%           3%           4%           0%           0%
revert d6e428 1055290.03k  773448.92k   1117411.97k  1441478.57k  1695698.52k  1634598.04k  1981851.65k  2196680.36k

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17984)

(cherry picked from commit 9c140a33663f319ad4000a6a985c3e14297c7389)

Fix documentation for OFB/OCB in the FIPS provider

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19408)

(cherry picked from commit 7d3600a6c906c5f4cf81db95aec7b58b9d018c49)

Add missing include for DH_get0_priv_key()

Fixes #19410

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/19411)

(cherry picked from commit bbaa24b7c5ca4d712ad539d4c5ed16af0dd908f4)

Fix an occasional CI failure due to unaligned access

This happens rarely, but only because very few CI runs
use the exotic CPU type that is necessary to execute
anything within rsaz_exp_x2.c and enable UBSAN at the same time.

crypto/bn/rsaz_exp_x2.c:562:20: runtime error: load of misaligned address 0x612000022cc6 for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
0x612000022cc6: note: pointer points here
84 a3 78 e0 8e 8d 4a a5 51 9c 57 d0 d6 41 f3 26 d1 4e e1 98 42 b5 3a 9f 04 f1 73 d2 1d bf 73 44
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crypto/bn/rsaz_exp_x2.c:562:20 in
../../util/wrap.pl ../../fuzz/server-test ../../fuzz/corpora/server => 1
not ok 2 - Fuzzing server

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19412)

Add translation for ECX group parameter

Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519
and X448. The translation of this parameter resulted in an error. This
caused errors for legacy keys and engines.

Fix this situation by adding a translation that simply checks that the correct
parameter is to be set, but does not actually set anything. This is correct
since the group name is anyway optional for these two curves.

Fixes #19313

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19348)

(cherry picked from commit c048779520d47962316ddb436d08a050d5659666)