Age | Commit message (Collapse) | Author |
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17556)
|
|
Fixes #17557
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17562)
(cherry picked from commit 1bfd20f08c042072cae44a9eb81626cbfff81116)
|
|
Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.
Avoid those problems by not compiling the formating code for floating
point numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)
(cherry picked from commit f59d72f027da90edcccad5cc78c94d3099fadecf)
|
|
This reverts commit 328bf5adf9e23da523d4195db309083aa02403c4.
Turned out it isn't that simple, the fix is incomplete.
So revert and try again with another approach.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)
(cherry picked from commit 619c9bad41d041bab2ac6ba3933d526b48ceee2a)
|
|
Also add comment to the public header to avoid
making another conflict in future.
Fixes #17545
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17546)
(cherry picked from commit e278f18563dd3dd67c00200ee30402f48023c6ef)
|
|
Because no supported flag affects the behavior of X509_check_ip, the
flags argument currently has no effect.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17536)
(cherry picked from commit 2d280fe016a98b57d488f42fd3941bcd61407c5a)
|
|
For platforms that do not have native TSAN support, locking needs to be used
instead. This adds the locking.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17489)
(cherry picked from commit acce055778ecbf72e06a254b3a9bf2a2907e5170)
|
|
Fixes #17510
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17515)
(cherry picked from commit c1167f09d840b109ef1c1c1485e3de64be2fc625)
|
|
The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17522)
(cherry picked from commit f242ce9817157817b19ccb303fd436fe487539b3)
|
|
These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.
Fixes #17087
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17497)
(cherry picked from commit cfbb5fcf4424395a1a23751556ea12c56b80b57e)
|
|
And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit 59d3fd1cc8c938daa6384783a7e5847d6f5201f7)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)
|
|
EVP_PKEY_CTX_set_dhx_rfc5114
Fixes #17485
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)
(cherry picked from commit 144316d276adf5b8172316f7bc20b372b8e31ac8)
|
|
During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)
(cherry picked from commit d73a7a3a71270aaadb4e4e678ae9bd3cef8b9cbd)
|
|
other way if the first attempt fails
Fixes #17482
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)
(cherry picked from commit 37b850738cbab74413d41033b2a4df1d69e1fa4a)
|
|
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards
CLA: trivial
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17484)
(cherry picked from commit 79704a88eb5aa70fa506e3e59a29fcda21f428af)
|
|
Add null checks to avoid dereferencing a pointer that could be null.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17488)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17486)
(cherry picked from commit 79c7acc59bb98c2b8451b048ed1dd8cc517df76e)
|
|
Otherwise it sometimes confuses the TAP parser.
Fixes #17480
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)
(cherry picked from commit 3bfb7239daf3d6a89476e163dc925c641d356729)
|
|
PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)
(cherry picked from commit 8086b267fb3395c53cd5fc29eea68ba4826b333d)
|
|
Most of the DRGB code is run under lock from the EVP layer. This is relied
on to make the majority of TSAN operations safe. However, it is still necessary
to enable locking for all DRBGs created.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
|
|
Doing the tsan operations under lock would be difficult to arrange here (locks
require memory allocation).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)
|
|
Circumvents a problem with ancient PA-RISC compilers on HP/UX.
Fixes #17477
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)
(cherry picked from commit 9c5d1451292566e546d5dd01c7f19950fa34391d)
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17471)
(cherry picked from commit 64a644530e023d3064db9027b0977d33b1d2ad9a)
|
|
This fixes small regression from #16962.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)
(cherry picked from commit a4e01187d3648d9ce99507097400902cf21f9b55)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17461)
(cherry picked from commit b82fd89d8bae1445c89ec90d1a6145fe3216d2d7)
|
|
Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)
|
|
Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()
Fixes #17456
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)
(cherry picked from commit cd1981a0dc165ab6af5e2945beaaa9efe4484cee)
|
|
OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)
(cherry picked from commit 254217a4a0c9e64869495447a0e6bdc2323d4cd1)
|
|
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17443)
|
|
We check that the init and cleanup functions for the custom method are
called as expected.
Based on an original reproducer by Dmitry Belyavsky from issue #17149.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
(cherry picked from commit fbbe7202eba9fba243c18513f4f0316dafb3496d)
|
|
If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.
Fixes #17149
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
(cherry picked from commit 357bccc8ba64ec8a5f587b04b5d6b6ca9e8dcbdc)
|
|
MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)
(cherry picked from commit d9ad5b16b32172df6f7d02cfb1c339cc85d0db01)
|
|
The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.
Fixes #17424
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)
(cherry picked from commit 64a8f6008acce93d0bf184559c63e66c0cc0e23d)
|
|
When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:
crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled
Fix that by using EFIAPI calling convention when compiling for UEFI.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)
(cherry picked from commit 328bf5adf9e23da523d4195db309083aa02403c4)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)
(cherry picked from commit 21095479c016f2ceaca0f71078fd27f0e9ba9375)
|
|
There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)
(cherry picked from commit 22778abad905536fa6c93cdc6fffc8c736dfee79)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
(cherry picked from commit d4d8f163db1d32c98d8f956e6966263a7a22fac1)
|
|
Fixes #17407
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
(cherry picked from commit 5b03b89f7f925384c2768874c95f1af7053fd16f)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)
(cherry picked from commit 7b1264baab7edd82fea8b27d9ddec048bafc0048)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)
(cherry picked from commit 949e4f79d202d43519d373b2af6b1a4948bf1a74)
|
|
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)
(cherry picked from commit 1b87116a0c43b8b4e1ad88b851d5bcf27c1a5f64)
|
|
Fixes: #13765
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)
(cherry picked from commit fd84b9c3e94be1771d1b34ad857081f7693318aa)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)
(cherry picked from commit da198adb9c5626f31c52613fe2ae59a7066c3366)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17155)
(cherry picked from commit 0da3b39af3d961486758262ca71d2135d7013048)
|