git.openssl.org Git - openssl.git/log

Fix documentation for tlsext_ticket_key

The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)

(cherry picked from commit b0be101326f369f0dd547556d2f3eb3ef5ed0e33)

X509V3_set_ctx(): Clarify subject/req parameter for constructing SAN email addresses from subject DN

Also slightly improve the style of the respective code in crypto/x509/v3_san.c.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)

(cherry picked from commit 317acac5cc0a2cb31bc4b91353c2b752a3989d8a)

X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey

This does not change the semantics of expected usage because only either one may be given.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)

(cherry picked from commit 15ac84e603678140ba32832c288e5f1745a258f8)

Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions

We should not be freeing the caller's key in the event of error.

Fixes #17196

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17209)

(cherry picked from commit e819b5727312477f8c1f56bf928e611ad7e78315)

OSSL_HTTP_open(): clarify doc of 'server' arg and its use of BIO_new_connect()

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)

(cherry picked from commit 119f8145c3bde29aae5d5b18c44d1663df975ef5)

OSSL_HTTP_open(): Complete documentation of checks for server and proxy args

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)

(cherry picked from commit 59b6b5a94f5a5f756aa323d1fb061697ca9eadf8)

OSSL_HTTP_set1_request(): Fix check for presence of port option and its documentation

For HTTP (not HTTPS) with proxy, server must be given, port is optional

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)

(cherry picked from commit 266383b44c4ebce5ddf551547e73ab6eec47805b)

OBJ_obj2txt(): fix off-by-one documentation of the result

This backports the doc improvements of #17188.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17189)

Don't run the symbol presence test on windows

Fixes #17109

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17119)

(cherry picked from commit d09f4501e47e0b969caec5a3059af52d227e961a)

test_rsa: Test for PVK format conversion

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)

(cherry picked from commit a44eb8421d0e84c069a5fa55ced796878e6b0966)

key_to_type_specific_pem_bio_cb: Use passphrase callback from the arguments

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)

(cherry picked from commit c22b6592135bfba95a315e438ac7bfc6db461407)

PVK decoder: prompt for PVK passphrase and not PEM

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)

(cherry picked from commit 28257d60577932e66934096d0ee8a5dfaca1191e)

Fix pvk encoder to properly query for the passphrase

The passphrase callback data was not properly initialized.

Fixes #17054

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)

(cherry picked from commit baa88d9d170b95fd6f177b3e5f8d8818e024a55d)

CI: Replace windows-2016 with windows-2022

Windows 2016 environment is going to be discontinued.

Fixes #17177

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17183)

(cherry picked from commit c87a4dd7a728288da943cb4e2e51150df5dfd1b8)

Clarify the deprecation warnings in the docs

There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.

https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html

We clarify the wording to make it clear that the warning applies to the
following functions.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)

(cherry picked from commit 3dbf82438004b31258627f324841476c4f586c19)

OSSL_HTTP_REQ_CTX_nbio(): Fix parsing of responses with status code != 200

This way keep-alive is not (needlessly) cancelled on error.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)

(cherry picked from commit 38288f424faa0cf61bd705c497bb1a1657611da1)

parse_http_line1(): Fix diagnostic output on error and return code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)

(cherry picked from commit e2b7dc353b353efccd1d228f743baa7c2d2f9f49)

OSSL_HTTP_transfer.pod: Some clarifications on the BIO connect/disconnect callback function

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)

(cherry picked from commit 2080134ee98a6b23f7456c17901e7b06e4a42ed5)

OSSL_HTTP_transfer.pod: Fix omission documenting the 'ok' parameter of OSSL_HTTP_close()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)

(cherry picked from commit 4ee464cf8e0b8dc39970306bfbb49a6e06863e1c)

BIO_push.pod: fix confusing text and add details on corner cases

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17086)

(cherry picked from commit 7a37fd09a8f3607ed8acf55e03479861595be069)

s_cb.c: check the return value of X509_get0_pubkey()

Check is done to prevent wrong memory access by EVP_PKEY_get0_asn1()

Also fix wrong coding style in the s_cb.c file.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17176)

(cherry picked from commit 5fae09f3d8da7c182c6cfb6a295dcfd15ae828ae)

check the return value of BN_dup() in rsa_lib.c:1248

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17168)

(cherry picked from commit 9d1a27051dcd4e7a621df54a073587c6c4486476)

various kdfs: Always reset buflen after clearing the buffer

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17165)

(cherry picked from commit d2217c88df6e65c756013417e5ee4f470dd12470)

TEST: Enable and fix test_bn2padded() in test/bntest.c

This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.

A few simple changes to update it to the current API is all that was
needed to enable it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17133)

(cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51)

More detailed explanation how do engines work in 3.0

Related: #16868, #17081, #17107

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17115)

(cherry picked from commit 29a27cb2c5c1757831f42117871f8c59058343a9)

No EtM for GOST ciphers in TLS 1.2

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17150)

(cherry picked from commit d724da69389196cdb9ef8db036656882fbc5a6ab)

Return -1 properly from do_X509_REQ_verify and do_X509_verify

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17001)

(cherry picked from commit bc42cf51c8b2a22282bb3cdf6303e230dc7b7873)

Don't include any TLSv1.3 ciphersuites that are disabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16925)

(cherry picked from commit 6cb814de6f276106eea39dbb813b9134b1b72041)

doc: remove non-existent callbacks

These used to exist but were removed before release.
Updating the documentation was missed.

Fixes #17138

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17141)

(cherry picked from commit 6d770c5ba36d43f495b232392cfaa8fa460f17af)

Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value

When an integer value was specified, it was not being passed back via
the orig_p2 weirdness.

Regression test included.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17136)

(cherry picked from commit 6f87463b62f9b2849510d74ff0fd6a62955ea947)

Don't delete the doc/html directories when cleaning

The doc/html sub-dirs get created by Configure. Therefore they should
not be cleaned away by "nmake clean". Otherwise the following sequence
fails:

perl Configure VC-WIN64A
nmake clean
nmake
nmake install

Fixes #17114

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17128)

(cherry picked from commit bc6d9c9395a74a31b4e0c4a8cd729197adbf6a46)

check the return value of OPENSSL_strdup(CRYPTO_strdup) in apps/lib/app_rand.c:32

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17124)

(cherry picked from commit 3e0441520b9a349dc50662919ea18f03dfc0d624)

doc: fix macro name

OSSL_STORE_INFO_X509 doesn't exist. It should be OSSL_STORE_INFO_CERT.

Fixes #17121

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17125)

(cherry picked from commit 01fde90eec721b64bc0e1c01cd94a9fd431adcc6)

check the return value of OPENSSL_strdup(CRYPTO_strdup) to prevent potential memory access error

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17113)

(cherry picked from commit b9648f31a4917b8594caebda3e6d8d313514fe24)

check the return value of OPENSSL_strdup to prevent potential memory access error

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17110)

(cherry picked from commit dc7e42c6a12637bae1660561d3f4cef039001475)

Allow sign extension in OSSL_PARAM_allocate_from_text()

This is done for the data type OSSL_PARAM_INTEGER by checking if the
most significant bit is set, and adding 8 to the number of buffer bits
if that is the case. Everything else is already in place.

Fixes #17103

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)

(cherry picked from commit 946bc0e3ec19ca019fcfa95f93c37f34e12fe0bd)

Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number

When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER,
negative input values should not be accepted.

Fixes #17103

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)

(cherry picked from commit 8585b5bc62d0bf394ca6adf24f8590e9b9b18402)

Test the performance of OSSL_PARAM_allocate_from_text with arbitrary size ints

With arbitrary size ints, we get to know exactly how large the minimum
buffer must be.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)

(cherry picked from commit b556713a6f2884eadc7f56428bc82a844e9a49e0)

Add test for copying uninitialized EVP_MD_CTX

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17118)

(cherry picked from commit 8c86529fe1b9ade0794c6f557ca8936f0c0de431)

EVP_MD_CTX_copy_ex: Allow copying uninitialized digest contexts

Fixes #17117

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17118)

(cherry picked from commit 9ece8323ea2230092227bf20e5d93012d15d92e9)

Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs

The restriction about setting a tag length prior to setting the IV only
applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG
can be called.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17111)

(cherry picked from commit 3607b8ad8ee1980a079e985333a196e0c79f8f00)

Fix detection of ARMv7 and ARM64 CPU features on FreeBSD

OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.

OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT
resulting in all ARM acceleration features being disabled.

CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17082)

(cherry picked from commit c1dabe26e3e96cdce0ffc929e9677840ad089ba5)

DOC: Add a few previously documented functions

d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp()
were documented in OpenSSL 1.0.2. In a grand unification of the
documentation of (almost) all d2i and i2d functions, these were
dropped, most likely by mistake.

This simply adds them back.

Fixes #17091

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17094)

Add test for EVP_PKEY_sign_init_ex with RSA PSS padding

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)

(cherry picked from commit 5321333520b95a4f355916923af6c24dd10ed5dc)

rsa_signverify_init: Set the PARAMS after key is set

Also, default to unrestricted pss parameters until the key is set.

Fixes #17075

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)

(cherry picked from commit eaae5d69eb5a8cd9c054b23cc388397cbb4ffb98)

DOC: OSSL_PARAM_{set,get,construct}_BN() currently only supports nonnegative numbers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17074)

(cherry picked from commit b33fb68a3230b8fc87f6663212ac3ffae0b361c5)

Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers

Adding documentation to that fact as well.

Fixes #17070

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17074)

(cherry picked from commit db65eabefe76e44818ff8bd19c68990e7dcc70d3)

Add a test case for duplicate engine loading

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)

(cherry picked from commit 2595eef82c2b67ea75cc3368529078b643a1ecb6)

Avoid loading of a dynamic engine twice

Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)

(cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0)

SSL_export_keying_material: fix return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit 40649e36c4c0c9438f62e1bf2ccb983f6854c662)

BIO_set_indent: fix return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit a9ed63f1d1d8993a8b30fc978ce09674f97f061d)

BIO_set_prefix: fix return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit ac6568ecc6050bc526adc6a7245835fd95d8dfed)

EVP_RAND_generate: fix return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit a8f4cdd70c9d9ebe4553d7a72c67f73eaf0c169d)

asn1_item_embed_d2i: fix th return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit 7f608e4b1d9473258445144ba66216fb0e63aebe)

TXT_DB_write: fix the return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit aba9943fef8dcc8416ac9a219c97c616c1fd6344)

Fix EVP_PKEY_decrypt return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit 0650ac437b529274aca094c516a5a0127bbaf48c)

ossl_do_blob_header: fix return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit 546b9f6b5cf6d0fde60aa37084eec1bb7d0fbc72)

BIO_gets: fix the incomplete return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

(cherry picked from commit 7264068a15e7c4955efa25753430595a45caa16f)

02-test_errstr.t: print errorcodes in hex (rather than decimal) format

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)

Make ERR_str_reasons in err.c consistent again with err.h

Fixes printing generic reason strings, e.g., 'reason(524550)' vs. 'passed an invalid argument'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)

HTTP client: workaround for #16028 (BIO_gets not supported by connect and SSL BIOs)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17066)

Fix the return check of OBJ_obj2txt

Also update OBJ_nid2obj.pod to document the possible return values.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17005)

(cherry picked from commit 2349d7ba57c9327290df6f7bc18b7f0c3976ca9e)

d2i_PublicKey: Make it work with EC parameters in a provided key

Fixes #16989

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17065)

(cherry picked from commit 615a9b8798e6ec58f1b2e1ec08a0f6b3c8cb7f60)

perlasm/ppc-xlate.pl: Fix build on OS X

vsr2vr1() fails on OS X because the main loop doesn't strip the
non-numeric register prefixes for OS X.

Strip any non-numeric prefix (likely just "v") from registers before
doing numeric calculation, then put the prefix back on the result.

Fixes: #16995
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17026)

(cherry picked from commit e67edf60f2e9be6e5f5465b52d01aa26bf715280)

80-test_cmp_http: Make server diagnostics more verbose to aid debugging

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)

cmp_server.c: Log received request type before checking details

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)

Fix verbosity of CMP client diagnostics

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)

Add documentation for some of the missing environment variables.

Where document already exists, it has been linked to.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17044)

(cherry picked from commit 7f6496275157f8e40f544f75a223c2c0dc6b389e)

BIO_read_filename: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17033)

(cherry picked from commit e3f0362407f6f40e413d6dcb35888514dbaed6f8)

EVP_PKEY_keygen_init: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17031)

(cherry picked from commit bf4ceeded1497c79e72fba4f9ff15febae58108d)

EVP_PKEY_paramgen_init: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17030)

(cherry picked from commit 6e0b05f3008a3f22105fd2bed9314b0bfa381f93)

EVP_DigestVerifyFinal: fix test function and invocation

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17029)

(cherry picked from commit e2e5e72d5aec4d8d633cc5e9930f762da7973ab6)

EVP_Cipher: fix the incomplete return check

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17027)

(cherry picked from commit 6d774732517f1d63b7999c5691fc0bf046023faf)

Add a test for creating ECX private keys that are too short

We expect attempting to create such short keys to fail

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17041)

(cherry picked from commit 8c08c8b37cab0eb66ca74fc65a40af3ccec77c00)

Don't create an ECX key with short keys

If an ECX key is created and the private key is too short, a fromdata
call would create the key, and then later detect the error and report it
after freeing the key. However freeing the key was calling
OPENSSL_secure_clear_free() and assuming that the private key was of the
correct length. If it was actually too short this will write over memory
that it shouldn't.

Fixes #17017

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17041)

(cherry picked from commit 50938aec35fd57fb3bec707ead2eee381fcfaf04)

RAND_bytes_ex: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17032)

(cherry picked from commit c9007bda79291179ed2df31b3dfd9f1311102847)

Clarify the PEM docs

Make it clear how the existing PEM functions can be used to create an
X509, X509_REQ or X509_CRL object with an associated libctx/propq.

Fixes #16966

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17012)

(cherry picked from commit e48fe798409eb22f067f635c62b9a72e18cd4347)

Reset the rwstate before calling ASYNC_start_job()

If an async job pauses while processing a TLS connection then the
rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should
reset the rwstate back to SSL_NOTHING. In fact we can do this
unconditionally since if we're about to call ASYNC_start_job() then either
we are about to start the async job for the first time (in which case the
rwstate should already by SSL_NOTHING), or we are restarting it after a
pause (in which case reseting it to SSL_NOTHING is the correct action).

Fixes #16809

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17013)

(cherry picked from commit 07f620e3acf0dd76a3a03ada9911c544aa483aa7)

Extend the test_multi_load() test

Run more threads and load the legacy provider (which uses a child lib ctx)
in order to hit more possible thread failures.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Hold the flag_lock when calling child callbacks

Not holding the flag lock when creating/removing child providers can
confuse the activation counts if the parent provider is loaded/unloaded
at the same time.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Use a write lock during ossl_provider_find()

A "find" operation on a stack can end up sorting the underlying stack. In
this case it is necessary to use a "write" lock to synchronise access to
the stack across multiple threads.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Correctly activate the provider in OSSL_PROVIDER_try_load

If during OSSL_PROVIDER_try_load() we attempt to load a provider, but
adding to the store gives back a different provider, then we need to
ensure this different provider has its activation count increased.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Stop receiving child callbacks in a child libctx when appropriate

We should stop receiving child callbacks if we're about to free up
the child libctx. Otherwise we can get callbacks when the libctx is half
freed up.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Don't bail out during provider deactivation if we don't have store

A provider may have been activated, but failed when being added to
the store. At this point we still need to deactivate it.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Don't try and do ossl_provider_find in ossl_provider_new

We leave it to the caller to confirm that the provider does not exist
in the store. If it does exist then later adding it to the store will
fail.

It is possible that the provider could be added to the store in
between the caller checking, and the caller calling ossl_provider_new.
We leave it to the caller to properly handle the failure when it
attempts to add the provider to the store. This is simpler than
having ossl_provider_new try to handle it.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Remove the isinited variable from child_prov_globals

This variable might have made sense at some point but it not longer does
so. It was being used to check whether we are still initing or not. If we
are still initing then the assumption was that we already hold the lock.
That assumption was untrue. We need to always take the lock.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Avoid a race in init_thread_stop()

init_thread_stop() is called when a thread is stopping. It calls all
the callbacks that need to know about the demise of this thread. However,
the list of callbacks is also available globally and may be updated by
other threads so we need to make sure we use the right lock.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Don't attempt to deactive child providers if we don't need to

If a provider doesn't have any child providers then there is no need
to attempt to remove them - so we should not do so. This removes some
potentialy thread races.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Don't write to the globals ossl_property_true and ossl_property_false

These global variables were previously overwritten with the same value
every time we created a new OSSL_LIB_CTX. Instead we preinitialise them
with the correct values, and then confirm that settings for each
OSSL_LIB_CTX agree with the preinitialised values.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)

Add null digest implementation to the default provider

This is necessary to keep compatibility with 1.1.1.

Fixes #16660

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17016)

(cherry picked from commit bef9b48e5071cdd2b41a4f486d1bcb5e14b2a5c3)

doc: Document outcome of multiple digestsign/digestverify calls

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)

(cherry picked from commit 3641f04fb06e9679a67da113bab65e5f1bb5e9ba)

evp_extra_test: Add SIPHASH MAC digestsign test with reinitialization

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)

(cherry picked from commit 8cbfc4f67b4e97d423ab4784dbbb54d454c6342a)

providers: Allow possible reinitialization in all signature algorithms

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)

(cherry picked from commit 3ffd23e9529d725903bc97fd45489a77b831876f)

test: Add testing of reinitialization via EVP_DigestSignInit()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)

(cherry picked from commit 816f72d08834ee35ba2615f624b4a29f2717d1c7)

do_sigver_init: Allow reinitialization of an existing operation.

Fixes #16936

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)

(cherry picked from commit ae6b68b761b9c5f30897747487ea943ccfab53ba)

Fix return value checking of BN_check_prime invocations

Negative return value indicates an error so we bail out.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16975)

(cherry picked from commit 680827a15f12c3b37a6335fcb992555cf300730e)

Add return value NULL checks that were missing

Issues located by Brian Carpenter of Geeknik's Farm.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17007)

(cherry picked from commit ed5b26ce0b34ec00bdd53d15854a22bccbb4d415)

Fix sigsize usage in apps/speed.c

In a recent upstream change
(43da9a14f0e73f42f28ae34219929b44df5d1a11)
the parameter sigsize become a read/write input in
EVP_PKEY_sign(), and after signing, sigsize will be overwritten with
the actual size and used in the verify step. As the speed program
calls EVP_PKEY_sign() on the same context repeatedly, sigsize value is
no longer the initial available size, and may fail in later buffer
size checks.

This fix adds a new buflen member in struct loopargs (which is only
used within apps/speed.c), to save available buffer size and
to be used as sigsize input in EVP_PKEY_sign() calls.
Sigsize still contains the signature size for the verify step.

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16991)

(cherry picked from commit e7414634a59aa61c7917193a31382ced95d40eeb)

Fix: invoking X509_self_signed improperly

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16976)

(cherry picked from commit 64c428c35053a101a452c42d5d0a9a8342493606)

Fix DER encoder implementations for output structures "EC" and "SM2"

These DER encoder implementations are supposed to be aliases for the
"type-specific" output structure, but were made different in so far
that they would output a "type specific" public key, which turns out
to be garbage (it called i2o_ECPublicKey()). The "type-specific"
output structure doesn't support that, and shouldn't.

Fixes #16977

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16983)