[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  413ffdd1b6b6345f1b8891d1865fa090bcde5957 (commit)
  from  66d422c5738b74c6bd9d8b34e219eb98b6fcd60a (commit)


- Log -
commit 413ffdd1b6b6345f1b8891d1865fa090bcde5957
Author: Jiasheng Jiang 
Date:   Thu Feb 17 17:47:00 2022 +0800

test/crltest.c: Add check for glue2bio

As the glue2bio() could return NULL pointer if fails,
it should be better to check the return value in order
to avoid the use of NULL pointer.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17718)

(cherry picked from commit 18cb1740cc0fd11940836fa2fcaf6d3634c00e90)

---

Summary of changes:
 test/crltest.c | 24 ++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/test/crltest.c b/test/crltest.c
index 5d255d368a..f258c75efe 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -200,9 +200,16 @@ static BIO *glue2bio(const char **pem, char **out)
  */
 static X509_CRL *CRL_from_strings(const char **pem)
 {
+X509_CRL *crl;
 char *p;
 BIO *b = glue2bio(pem, );
-X509_CRL *crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL);
+
+if (b == NULL) {
+OPENSSL_free(p);
+return NULL;
+}
+
+crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL);
 
 OPENSSL_free(p);
 BIO_free(b);
@@ -214,9 +221,16 @@ static X509_CRL *CRL_from_strings(const char **pem)
  */
 static X509 *X509_from_strings(const char **pem)
 {
+X509 *x;
 char *p;
 BIO *b = glue2bio(pem, );
-X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL);
+
+if (b == NULL) {
+OPENSSL_free(p);
+return NULL;
+}
+
+x = PEM_read_bio_X509(b, NULL, NULL, NULL);
 
 OPENSSL_free(p);
 BIO_free(b);
@@ -363,6 +377,12 @@ static int test_reuse_crl(void)
 char *p;
 BIO *b = glue2bio(kRevokedCRL, );
 
+if (b == NULL) {
+OPENSSL_free(p);
+X509_CRL_free(reused_crl);
+return 0;
+}
+
 reused_crl = PEM_read_bio_X509_CRL(b, _crl, NULL, NULL);
 
 OPENSSL_free(p);

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  66d422c5738b74c6bd9d8b34e219eb98b6fcd60a (commit)
  from  e19edf7361b952674135b8500144df6afec18319 (commit)


- Log -
commit 66d422c5738b74c6bd9d8b34e219eb98b6fcd60a
Author: Jiasheng Jiang 
Date:   Fri Feb 18 10:13:08 2022 +0800

bio_enc.c: add check for BIO_new_mem_buf

Since the memory allocation may fail, the BIO_new_mem_buf() may
return NULL pointer.
Therefore, it should be better to check it and return error if fails.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17730)

(cherry picked from commit cf21d1c62dcd92be624ea0fb8a86d91e4fbeed93)

---

Summary of changes:
 test/bio_enc_test.c | 52 +---
 1 file changed, 37 insertions(+), 15 deletions(-)

diff --git a/test/bio_enc_test.c b/test/bio_enc_test.c
index b383cdce1c..d3f914b656 100644
--- a/test/bio_enc_test.c
+++ b/test/bio_enc_test.c
@@ -38,7 +38,7 @@ static const unsigned char IV[] = {
 static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key,
 const unsigned char* iv)
 {
-BIO *b;
+BIO *b, *mem;
 static unsigned char inp[BUF_SIZE] = { 0 };
 unsigned char out[BUF_SIZE], ref[BUF_SIZE];
 int i, lref, len;
@@ -54,8 +54,11 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const 
unsigned char* key,
 if (!TEST_ptr(b))
 return 0;
 if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT)))
-return 0;
-BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE));
+goto err;
+mem = BIO_new_mem_buf(inp, DATA_SIZE);
+if (!TEST_ptr(mem))
+goto err;
+BIO_push(b, mem);
 lref = BIO_read(b, ref, sizeof(ref));
 BIO_free_all(b);
 
@@ -66,16 +69,19 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const 
unsigned char* key,
 return 0;
 if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) {
 TEST_info("Split encrypt failed @ operation %d", i);
-return 0;
+goto err;
 }
-BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE));
+mem = BIO_new_mem_buf(inp, DATA_SIZE);
+if (!TEST_ptr(mem))
+goto err;
+BIO_push(b, mem);
 memset(out, 0, sizeof(out));
 out[i] = ~ref[i];
 len = BIO_read(b, out, i);
 /* check for overstep */
 if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) {
 TEST_info("Encrypt overstep check failed @ operation %d", i);
-return 0;
+goto err;
 }
 len += BIO_read(b, out + len, sizeof(out) - len);
 BIO_free_all(b);
@@ -95,9 +101,12 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const 
unsigned char* key,
 return 0;
 if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) {
 TEST_info("Small chunk encrypt failed @ operation %d", i);
-return 0;
+goto err;
 }
-BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE));
+mem = BIO_new_mem_buf(inp, DATA_SIZE);
+if (!TEST_ptr(mem))
+goto err;
+BIO_push(b, mem);
 memset(out, 0, sizeof(out));
 for (len = 0; (delta = BIO_read(b, out + len, i)); ) {
 len += delta;
@@ -117,9 +126,12 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const 
unsigned char* key,
 if (!TEST_ptr(b))
 return 0;
 if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT)))
-return 0;
+goto err;
 /* Use original reference output as input */
-BIO_push(b, BIO_new_mem_buf(ref, lref));
+mem = BIO_new_mem_buf(ref, lref);
+if (!TEST_ptr(mem))
+goto err;
+BIO_push(b, mem);
 (void)BIO_flush(b);
 memset(out, 0, sizeof(out));
 len = BIO_read(b, out, sizeof(out));
@@ -135,16 +147,19 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const 
unsigned char* key,
 return 0;
 if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) {
 TEST_info("Split decrypt failed @ operation %d", i);
-return 0;
+goto err;
 }
-BIO_push(b, BIO_new_mem_buf(ref, lref));
+mem = BIO_new_mem_buf(ref, lref);
+if (!TEST_ptr(mem))
+goto err;
+BIO_push(b, mem);
 memset(out, 0, sizeof(out));
 out[i] = ~ref[i];
 len = BIO_read(b, out, i);
 /* check for overstep */
 if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) {
 TEST_info("Decrypt overstep check failed @ operation %d", i);
-return 0;
+goto err;
 }
 len += BIO_read(b, out + len, sizeof(out) - len);
 BIO_free_all(b);
@@ -164,9 +179,12 @@ static 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  e19edf7361b952674135b8500144df6afec18319 (commit)
  from  6f4a98ce2157aca169709c80ea579e80e39011b6 (commit)


- Log -
commit e19edf7361b952674135b8500144df6afec18319
Author: Carlo Teubner <435950+c4...@users.noreply.github.com>
Date:   Fri Feb 18 10:00:52 2022 +

X509_VERIFY_PARAM_set_flags.pod: fix typos

CLA: trivial

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17731)

(cherry picked from commit cbb6f4dbf0ce42b4cc4385d7b95236710504068d)

---

Summary of changes:
 doc/man3/X509_VERIFY_PARAM_set_flags.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod 
b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 1213627be7..55bdf877b3 100644
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -249,8 +249,8 @@ certificate. An error occurs if a suitable CRL cannot be 
found.
 B enables CRL checking for the entire certificate
 chain.
 
-B disabled critical extension checking. By default
-any unhandled critical extensions in certificates or (if checked) CRLs results
+B disables critical extension checking. By default
+any unhandled critical extensions in certificates or (if checked) CRLs result
 in a fatal error. If this flag is set unhandled critical extensions are
 ignored. B setting this option for anything other than debugging
 purposes can be a security risk. Finer control over which extensions are

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  6f4a98ce2157aca169709c80ea579e80e39011b6 (commit)
  from  06c20d437ba2554da33a47b9e62b1da5559a38f7 (commit)


- Log -
commit 6f4a98ce2157aca169709c80ea579e80e39011b6
Author: Matt Caswell 
Date:   Tue Feb 22 11:49:04 2022 +

Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num()

This macro and function were deprecated in the documentation but not in
the source.

Following an OTC vote the deprecation has been removed from the
documentation.

See https://github.com/openssl/technical-policies/issues/26

Fixes #17517

Reviewed-by: Tim Hudson 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17750)

(cherry picked from commit 42659159f4d4a8c16a0e9b089d40a5831b60cbb6)

---

Summary of changes:
 doc/man3/OpenSSL_version.pod | 52 +---
 util/other.syms  |  2 +-
 2 files changed, 21 insertions(+), 33 deletions(-)

diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod
index 034bd718fe..a0a9021431 100644
--- a/doc/man3/OpenSSL_version.pod
+++ b/doc/man3/OpenSSL_version.pod
@@ -38,8 +38,6 @@ OpenSSL_version_num, OPENSSL_info
 
  const char *OPENSSL_info(int t);
 
-Deprecated:
-
  /* from openssl/opensslv.h */
  #define OPENSSL_VERSION_NUMBER 0xL
 
@@ -81,6 +79,25 @@ version for the headers in use is at least at the given 
pre-requisite major
 header version number (B.B) is
 greater than or equal to B.B.
 
+B is a combination of the major, minor and
+patch version into a single integer 0xMNN00PP0L, where:
+
+=over 4
+
+=item M
+
+is the number from B, in hexadecimal notation
+
+=item NN
+
+is the number from B, in hexadecimal notation
+
+=item PP
+
+is the number from B, in hexadecimal notation
+
+=back
+
 =head2 Functions
 
 OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(),
@@ -198,35 +215,6 @@ For x86 the string looks like 
C.
 
 For an unknown I, NULL is returned.
 
-=head1 BACKWARD COMPATIBILITY
-
-For compatibility, some older macros and functions are retained or
-synthesised.
-They are all considered deprecated.
-
-=head2 Macros
-
-B is a combination of the major, minor and
-patch version into a single integer 0xMNN00PP0L, where:
-
-=over 4
-
-=item M
-
-is the number from B, in hexadecimal notation
-
-=item NN
-
-is the number from B, in hexadecimal notation
-
-=item PP
-
-is the number from B, in hexadecimal notation
-
-=back
-
-=head2 Functions
-
 OpenSSL_version_num() returns the value of B.
 
 =head1 RETURN VALUES
@@ -248,7 +236,7 @@ L
 =head1 HISTORY
 
 The macros and functions described here were added in OpenSSL 3.0,
-with the exception of the L ones.
+except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num().
 
 =head1 COPYRIGHT
 
diff --git a/util/other.syms b/util/other.syms
index 1ebffd1d26..0c0d147b33 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -362,7 +362,7 @@ OPENSSL_MSTRdefine
 OPENSSL_MSTR_HELPER define
 OPENSSL_VERSION_MAJOR   define
 OPENSSL_VERSION_MINOR   define
-OPENSSL_VERSION_NUMBER  define deprecated 3.0.0
+OPENSSL_VERSION_NUMBER  define
 OPENSSL_VERSION_PATCH   define
 OPENSSL_VERSION_PRE_RELEASE define
 OPENSSL_VERSION_PREREQ  define

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  06c20d437ba2554da33a47b9e62b1da5559a38f7 (commit)
  from  9c1973e1c57d7de4d57f10545b3e9c921b34df23 (commit)


- Log -
commit 06c20d437ba2554da33a47b9e62b1da5559a38f7
Author: msa42 
Date:   Mon Feb 21 18:23:34 2022 +

doc: Fix KDF example for scrypt

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17745)

(cherry picked from commit 0bc2fda3d3b76bd07243aef3eb7f824da3820b2d)

---

Summary of changes:
 doc/man1/openssl-kdf.pod.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in
index 2880d1ff9d..548f69c707 100644
--- a/doc/man1/openssl-kdf.pod.in
+++ b/doc/man1/openssl-kdf.pod.in
@@ -166,7 +166,7 @@ Use PBKDF2 to create a hex-encoded derived key from a 
password and salt:
 Use scrypt to create a hex-encoded derived key from a password and salt:
 
 openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \
--kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \
+-kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 \
 -kdfopt maxmem_bytes:10485760 SCRYPT
 
 =head1 NOTES

[openssl] openssl-3.0 update

[Matt Caswell]

The branch openssl-3.0 has been updated
   via  9c1973e1c57d7de4d57f10545b3e9c921b34df23 (commit)
  from  0ec286a62840c2a0de4b7a1b5063ace3338a925f (commit)


- Log -
commit 9c1973e1c57d7de4d57f10545b3e9c921b34df23
Author: Matt Caswell 
Date:   Wed Feb 23 11:16:07 2022 +

Fix a failure in sslapitest

The SNI test in test_cert_cb_int() was always failing because it used
SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the
correct libctx. PR #17739 amended the test to check the return value from
SSL_CTX_new() which made the failure obvious.

Fixes #17757

Reviewed-by: Richard Levitte 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17758)

(cherry picked from commit 7e1eda483ec9ead36c05066b45ecad618475544c)

---

Summary of changes:
 test/sslapitest.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index b2f3471548..de2eeec3e8 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8075,7 +8075,7 @@ static int test_cert_cb_int(int prot, int tst)
 cert_cb_cnt = 0;
 
 if (tst == 2) {
-snictx = SSL_CTX_new(TLS_server_method());
+snictx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
 if (!TEST_ptr(snictx))
 goto end;
 }

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  0ec286a62840c2a0de4b7a1b5063ace3338a925f (commit)
  from  46119286c16341734b3cb60945fb07d1ea30eb81 (commit)


- Log -
commit 0ec286a62840c2a0de4b7a1b5063ace3338a925f
Author: xkernel 
Date:   Mon Feb 21 15:29:25 2022 +0800

check *libctx which is allocated by OSSL_LIB_CTX_new()

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17740)

(cherry picked from commit 8d215738a05350baa583c47a2c52371d9cff3197)

---

Summary of changes:
 test/tls-provider.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/tls-provider.c b/test/tls-provider.c
index 9ac1db51b3..3b7be54331 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -840,6 +840,9 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle,
 {
 OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
 
+if (libctx == NULL)
+return 0;
+
 *provctx = libctx;
 
 /*

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  46119286c16341734b3cb60945fb07d1ea30eb81 (commit)
  from  ad910cc482c8e06d04a141a9f5f79172a6e56f66 (commit)


- Log -
commit 46119286c16341734b3cb60945fb07d1ea30eb81
Author: Jiasheng Jiang 
Date:   Mon Feb 21 10:54:29 2022 +0800

test/sslapitest.c: Add check for SSL_CTX_new

As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fails, like SSL_CTX_new_ex().

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17739)

(cherry picked from commit b0317df2311769e02d9ceb4e7afe19521f8ffbf1)

---

Summary of changes:
 test/sslapitest.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 9056fa28f1..b2f3471548 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8074,8 +8074,12 @@ static int test_cert_cb_int(int prot, int tst)
 else
 cert_cb_cnt = 0;
 
-if (tst == 2)
+if (tst == 2) {
 snictx = SSL_CTX_new(TLS_server_method());
+if (!TEST_ptr(snictx))
+goto end;
+}
+
 SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
 
 if (!TEST_true(create_ssl_objects(sctx, cctx, , ,

[openssl] openssl-3.0 update

[dev]

The branch openssl-3.0 has been updated
   via  ad910cc482c8e06d04a141a9f5f79172a6e56f66 (commit)
   via  3138402278b3fc3ce67edc01e6198b9840ca7d9b (commit)
  from  5675a5aaf6a2e489022bcfc18330dae9263e598e (commit)


- Log -
commit ad910cc482c8e06d04a141a9f5f79172a6e56f66
Author: Dr. David von Oheimb 
Date:   Fri Feb 18 09:36:00 2022 +0100

X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17724)

(cherry picked from commit a044af49c43ec8fe099deeb5d06501ddf70abf7a)

commit 3138402278b3fc3ce67edc01e6198b9840ca7d9b
Author: Dr. David von Oheimb 
Date:   Thu Feb 17 19:43:55 2022 +0100

X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17724)

(cherry picked from commit 2455a21f4ef9826b465ba68fd96f26ea25b80b10)

---

Summary of changes:
 doc/man3/X509V3_get_d2i.pod | 66 +++--
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod
index 981eab14b8..a94e92191d 100644
--- a/doc/man3/X509V3_get_d2i.pod
+++ b/doc/man3/X509V3_get_d2i.pod
@@ -2,11 +2,12 @@
 
 =head1 NAME
 
-X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
 X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
-X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
-X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
-X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions
+X509_get_ext_d2i, X509_add1_ext_i2d,
+X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d,
+X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d,
+X509_get0_extensions, X509_CRL_get0_extensions,
+X509_REVOKED_get0_extensions - X509 extension decode and encode functions
 
 =head1 SYNOPSIS
 
@@ -38,37 +39,37 @@ X509_REVOKED_add1_ext_i2d - X509 extension decode and 
encode functions
 
 =head1 DESCRIPTION
 
-X509V3_get_ext_d2i() looks for an extension with OID B in the extensions
-B and, if found, decodes it. If B is B then only one
+X509V3_get_d2i() looks for an extension with OID I in the extensions
+I and, if found, decodes it. If I is NULL then only one
 occurrence of an extension is permissible otherwise the first extension after
-index B<*idx> is returned and B<*idx> updated to the location of the extension.
-If B is not B then B<*crit> is set to a status value: -2 if the
-extension occurs multiple times (this is only returned if B is B),
+index I<*idx> is returned and I<*idx> updated to the location of the extension.
+If I is not NULL then I<*crit> is set to a status value: -2 if the
+extension occurs multiple times (this is only returned if I is NULL),
 -1 if the extension could not be found, 0 if the extension is found and is
 not critical and 1 if critical. A pointer to an extension specific structure
-or B is returned.
+or NULL is returned.
 
-X509V3_add1_i2d() adds extension B to STACK B<*x> (allocating a new
-STACK if necessary) using OID B and criticality B according
-to B.
+X509V3_add1_i2d() adds extension I to STACK I<*x> (allocating a new
+STACK if necessary) using OID I and criticality I according
+to I.
 
 X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension
-B and returns a pointer to an extension specific structure or B
+I and returns a pointer to an extension specific structure or NULL
 if the extension could not be decoded (invalid syntax or not supported).
 
-X509V3_EXT_i2d() encodes the extension specific structure B
-with OID B and criticality B.
+X509V3_EXT_i2d() encodes the extension specific structure I
+with OID I and criticality I.
 
 X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of
-certificate B, they are otherwise identical to X509V3_get_d2i() and
+certificate I, they are otherwise identical to X509V3_get_d2i() and
 X509V3_add_i2d().
 
 X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions
-of CRL B, they are otherwise identical to X509V3_get_d2i() and
+of CRL I, they are otherwise identical to X509V3_get_d2i() and
 X509V3_add_i2d().
 
 X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
-extensions of B structure B (i.e for CRL entry extensions),
+extensions of B structure I (i.e for CRL entry extensions),
 they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().
 
 X509_get0_extensions(), X509_CRL_get0_extensions() and
@@ -78,9 +79,9 @@ of a certificate a CRL or a CRL entry respectively.
 =head1 NOTES
 
 In almost all cases an extension can occur at most once and multiple
-occurrences is an error. Therefore, the B parameter is usually B.
+occurrences is 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  5675a5aaf6a2e489022bcfc18330dae9263e598e (commit)
  from  eee4287febb296afae3de9e21c5d9cbae14a9802 (commit)


- Log -
commit 5675a5aaf6a2e489022bcfc18330dae9263e598e
Author: Pauli 
Date:   Wed Feb 16 10:41:58 2022 +1100

x509: handle returns from X509_TRUST_get_by_id() more consistently

Reviewed-by: Bernd Edlinger 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17709)

(cherry picked from commit 7b3041eba1c6e177eede0d6311d53a6b9ff58051)

---

Summary of changes:
 crypto/x509/x509_trust.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index 0888e16c15..fa30c738a7 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -72,7 +72,7 @@ int X509_check_trust(X509 *x, int id, int flags)
 return obj_trust(NID_anyExtendedKeyUsage, x,
  flags | X509_TRUST_DO_SS_COMPAT);
 idx = X509_TRUST_get_by_id(id);
-if (idx == -1)
+if (idx < 0)
 return default_trust(id, x, flags);
 pt = X509_TRUST_get0(idx);
 return pt->check_trust(pt, x, flags);
@@ -112,7 +112,7 @@ int X509_TRUST_get_by_id(int id)
 
 int X509_TRUST_set(int *t, int trust)
 {
-if (X509_TRUST_get_by_id(trust) == -1) {
+if (X509_TRUST_get_by_id(trust) < 0) {
 ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST);
 return 0;
 }
@@ -162,7 +162,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST 
*, X509 *, int),
 trtmp->arg2 = arg2;
 
 /* If its a new entry manage the dynamic table */
-if (idx == -1) {
+if (idx < 0) {
 if (trtable == NULL
 && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
 ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
@@ -175,7 +175,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST 
*, X509 *, int),
 }
 return 1;
  err:
-if (idx == -1) {
+if (idx < 0) {
 OPENSSL_free(trtmp->name);
 OPENSSL_free(trtmp);
 }

[openssl] openssl-3.0 update

[matthias . st . pierre]

The branch openssl-3.0 has been updated
   via  eee4287febb296afae3de9e21c5d9cbae14a9802 (commit)
  from  d1ce1b5df602e4fc64bd27b65b4b1343229007af (commit)


- Log -
commit eee4287febb296afae3de9e21c5d9cbae14a9802
Author: Jiasheng Jiang 
Date:   Tue Feb 15 17:45:04 2022 +0800

rand: Add missing check for rand_get_global

As the potential failure of the rand_get_global(),
for example fail to get lock, 'dgbl' could be NULL
pointer and be dereferenced later.
Therefore, it should be better to check it and return
error if fails, like RAND_get0_primary() and other callers.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/17690)

(cherry picked from commit 09dca557332a2187598932388ac7bd7bbf16172b)

---

Summary of changes:
 crypto/rand/rand_lib.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 8f76c8a5f0..1cb6f78296 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -529,6 +529,8 @@ static EVP_RAND_CTX *rand_new_seed(OSSL_LIB_CTX *libctx)
 EVP_RAND_CTX *ctx;
 char *name;
 
+if (dgbl == NULL)
+return NULL;
 name = dgbl->seed_name != NULL ? dgbl->seed_name : "SEED-SRC";
 rand = EVP_RAND_fetch(libctx, name, dgbl->seed_propq);
 if (rand == NULL) {
@@ -560,6 +562,8 @@ static EVP_RAND_CTX *rand_new_drbg(OSSL_LIB_CTX *libctx, 
EVP_RAND_CTX *parent,
 OSSL_PARAM params[7], *p = params;
 char *name, *cipher;
 
+if (dgbl == NULL)
+return NULL;
 name = dgbl->rng_name != NULL ? dgbl->rng_name : "CTR-DRBG";
 rand = EVP_RAND_fetch(libctx, name, dgbl->rng_propq);
 if (rand == NULL) {
@@ -759,6 +763,9 @@ static int random_conf_init(CONF_IMODULE *md, const CONF 
*cnf)
 return 0;
 }
 
+if (dgbl == NULL)
+return 0;
+
 for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
 cval = sk_CONF_VALUE_value(elist, i);
 if (strcasecmp(cval->name, "random") == 0) {

[openssl] openssl-3.0 update

[matthias . st . pierre]

The branch openssl-3.0 has been updated
   via  d1ce1b5df602e4fc64bd27b65b4b1343229007af (commit)
  from  18e046c8a2e562cf947aa2b5b4cce31bb0ff75a1 (commit)


- Log -
commit d1ce1b5df602e4fc64bd27b65b4b1343229007af
Author: Jiasheng Jiang 
Date:   Sat Feb 12 19:27:09 2022 +0800

fuzz/asn1.c: Add missing check for BIO_new

Since the BIO_new may fail, the 'bio' could be NULL pointer and be used.
Therefore, it should be better to check it and skip the print if fails.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/17690)

(cherry picked from commit d43597c718dd6e4f2b18d5cec1eb791503a18988)

---

Summary of changes:
 fuzz/asn1.c | 25 -
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 8ce9a57c25..1db219c358 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -218,8 +218,10 @@ static ASN1_PCTX *pctx;
 int len2; \
 BIO *bio = BIO_new(BIO_s_null()); \
 \
-PRINT(bio, type); \
-BIO_free(bio); \
+if (bio != NULL) { \
+PRINT(bio, type); \
+BIO_free(bio); \
+} \
 len2 = I2D(type, ); \
 if (len2 != 0) {} \
 OPENSSL_free(der); \
@@ -235,8 +237,10 @@ static ASN1_PCTX *pctx;
 if (type != NULL) { \
 BIO *bio = BIO_new(BIO_s_null()); \
 \
-PRINT(bio, type, 0); \
-BIO_free(bio); \
+if (bio != NULL) { \
+PRINT(bio, type, 0); \
+BIO_free(bio); \
+} \
 I2D(type, ); \
 OPENSSL_free(der); \
 TYPE ## _free(type); \
@@ -251,8 +255,10 @@ static ASN1_PCTX *pctx;
 if (type != NULL) { \
 BIO *bio = BIO_new(BIO_s_null()); \
 \
-PRINT(bio, type, 0, pctx); \
-BIO_free(bio); \
+if (bio != NULL) { \
+PRINT(bio, type, 0, pctx); \
+BIO_free(bio); \
+} \
 I2D(type, ); \
 OPENSSL_free(der); \
 TYPE ## _free(type); \
@@ -307,9 +313,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
 if (o != NULL) {
 BIO *bio = BIO_new(BIO_s_null());
-
-ASN1_item_print(bio, o, 4, i, pctx);
-BIO_free(bio);
+if (bio != NULL) {
+ASN1_item_print(bio, o, 4, i, pctx);
+BIO_free(bio);
+}
 ASN1_item_i2d(o, , i);
 OPENSSL_free(der);
 ASN1_item_free(o, i);

[openssl] openssl-3.0 update

[matthias . st . pierre]

The branch openssl-3.0 has been updated
   via  18e046c8a2e562cf947aa2b5b4cce31bb0ff75a1 (commit)
  from  6ff03e39189b4b1767157d1e1035365036f4f907 (commit)


- Log -
commit 18e046c8a2e562cf947aa2b5b4cce31bb0ff75a1
Author: yangyangtiantianlonglong 
Date:   Wed Feb 16 23:33:17 2022 +0800

doc: Refactored the example in crypto.pod

Added return value and error code in the sample

Reviewed-by: Tomas Mraz 
Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/17721)

(cherry picked from commit 4a4f446008938775c2bea3001c4c8e7a674992ad)

---

Summary of changes:
 doc/man7/crypto.pod | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod
index 2b09ad8903..a0cdca4fb3 100644
--- a/doc/man7/crypto.pod
+++ b/doc/man7/crypto.pod
@@ -380,6 +380,7 @@ encryption/decryption, signatures, message authentication 
codes, etc.
  #include 
  #include 
  #include 
+ #include 
 
  int main(void)
  {
@@ -390,6 +391,7 @@ encryption/decryption, signatures, message authentication 
codes, etc.
  };
  unsigned int len = 0;
  unsigned char *outdigest = NULL;
+ int ret = 1;
 
  /* Create a context for the digest operation */
  ctx = EVP_MD_CTX_new();
@@ -430,11 +432,16 @@ encryption/decryption, signatures, message authentication 
codes, etc.
  /* Print out the digest result */
  BIO_dump_fp(stdout, outdigest, len);
 
+ ret = 0;
+
   err:
  /* Clean up all the resources we allocated */
  OPENSSL_free(outdigest);
  EVP_MD_free(sha256);
  EVP_MD_CTX_free(ctx);
+ if (ret != 0)
+ERR_print_errors_fp(stderr);
+ return ret;
  }
 
 =head1 CONFIGURATION

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  6ff03e39189b4b1767157d1e1035365036f4f907 (commit)
  from  c6a0cb82bf0772722617a9d1e8c30523452fc52c (commit)


- Log -
commit 6ff03e39189b4b1767157d1e1035365036f4f907
Author: Armin Fuerst 
Date:   Fri Feb 11 19:46:12 2022 +0100

Prefix output to avoid random ok to confuse test parser

Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.

Also corrected indent and removed useless comma after last item.

Fixes #17480

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17689)

(cherry picked from commit b089d546242bbc073aefb6f6471586e484118863)

---

Summary of changes:
 test/recipes/15-test_gendhparam.t | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/recipes/15-test_gendhparam.t 
b/test/recipes/15-test_gendhparam.t
index b95695b4dc..37178af643 100644
--- a/test/recipes/15-test_gendhparam.t
+++ b/test/recipes/15-test_gendhparam.t
@@ -118,12 +118,12 @@ my @testdata = (
 #expect => [ 'BEGIN DH PARAMETERS', 'G:5' ],
 #message   => 'DH safe prime generator using an alias',
 #},
- {
+{
 algorithm => 'DHX',
 pkeyopts => [ 'type:generator', 'safeprime-generator:5'],
 expect => [ 'ERROR' ],
 message   => 'safe prime generator should fail for DHX',
-},
+}
 );
 
 plan skip_all => "DH isn't supported in this build" if disabled("dh");
@@ -165,7 +165,7 @@ sub compareline {
 }
 print "-\n";
 foreach (@lines) {
-print $_;
+print "# ".$_;
 }
 print "-\n";
 foreach my $ex (@expected) {

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  c6a0cb82bf0772722617a9d1e8c30523452fc52c (commit)
  from  22b3f72ed6ee2676f791fbd4e3a060cfcf1cb71a (commit)


- Log -
commit c6a0cb82bf0772722617a9d1e8c30523452fc52c
Author: Jiasheng Jiang 
Date:   Wed Feb 16 11:27:23 2022 +0800

apps/s_server: Add missing check for BIO_new

As the potential failure of the BIO_new(), it should be better to check the 
return value and return error if fails in order to avoid the dereference of 
NULL pointer.
And because 'bio_s_msg' is checked before being used everytime, which has 
no need to add the check.
But 'bio_s_out' is not.
And since the check 'if (bio_s_out == NULL)' is redundant, it can be 
removed to make the code succincter.
Also the 'sbio' and so forth should be checked like the other places in the 
same file.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17710)

(cherry picked from commit ba0b60c632ae9c5590b59184281baaf0a39f0c24)

---

Summary of changes:
 apps/s_server.c | 54 ++
 1 file changed, 50 insertions(+), 4 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 864a15f69b..5ab58aebfa 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1804,10 +1804,13 @@ int s_server_main(int argc, char *argv[])
 if (s_msg && bio_s_msg == NULL)
 bio_s_msg = dup_bio_out(FORMAT_TEXT);
 } else {
-if (bio_s_out == NULL)
-bio_s_out = dup_bio_out(FORMAT_TEXT);
+bio_s_out = dup_bio_out(FORMAT_TEXT);
 }
 }
+
+if (bio_s_out == NULL)
+goto end;
+
 if (nocert) {
 s_cert_file = NULL;
 s_key_file = NULL;
@@ -2345,6 +2348,11 @@ static int sv_body(int s, int stype, int prot, unsigned 
char *context)
 else
 # endif
 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+BIO_printf(bio_err, "Unable to create BIO\n");
+ERR_print_errors(bio_err);
+goto err;
+}
 
 if (enable_timeouts) {
 timeout.tv_sec = 0;
@@ -2394,6 +2402,13 @@ static int sv_body(int s, int stype, int prot, unsigned 
char *context)
 BIO *test;
 
 test = BIO_new(BIO_f_nbio_test());
+if (test == NULL) {
+BIO_printf(bio_err, "Unable to create BIO\n");
+ret = -1;
+BIO_free(sbio);
+goto err;
+}
+
 sbio = BIO_push(test, sbio);
 }
 
@@ -2979,6 +2994,9 @@ static int www_body(int s, int stype, int prot, unsigned 
char *context)
 int width;
 fd_set readfds;
 const char *opmode;
+#ifdef CHARSET_EBCDIC
+BIO *filter;
+#endif
 
 /* Set width for a select call if needed */
 width = s + 1;
@@ -3018,10 +3036,21 @@ static int www_body(int s, int stype, int prot, 
unsigned char *context)
 }
 
 sbio = BIO_new_socket(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+SSL_free(con);
+goto err;
+}
+
 if (s_nbio_test) {
 BIO *test;
 
 test = BIO_new(BIO_f_nbio_test());
+if (test == NULL) {
+SSL_free(con);
+BIO_free(sbio);
+goto err;
+}
+
 sbio = BIO_push(test, sbio);
 }
 SSL_set_bio(con, sbio, sbio);
@@ -3032,7 +3061,11 @@ static int www_body(int s, int stype, int prot, unsigned 
char *context)
 BIO_push(io, ssl_bio);
 ssl_bio = NULL;
 #ifdef CHARSET_EBCDIC
-io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+filter = BIO_new(BIO_f_ebcdic_filter());
+if (filter == NULL)
+goto err;
+
+io = BIO_push(filter, io);
 #endif
 
 if (s_debug) {
@@ -3403,6 +3436,9 @@ static int rev_body(int s, int stype, int prot, unsigned 
char *context)
 int ret = 1;
 SSL *con;
 BIO *io, *ssl_bio, *sbio;
+#ifdef CHARSET_EBCDIC
+BIO *filter;
+#endif
 
 /* as we use BIO_gets(), and it always null terminates data, we need
  * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
@@ -3432,6 +3468,12 @@ static int rev_body(int s, int stype, int prot, unsigned 
char *context)
 }
 
 sbio = BIO_new_socket(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+SSL_free(con);
+ERR_print_errors(bio_err);
+goto err;
+}
+
 SSL_set_bio(con, sbio, sbio);
 SSL_set_accept_state(con);
 
@@ -3440,7 +3482,11 @@ static int rev_body(int s, int stype, int prot, unsigned 
char *context)
 BIO_push(io, ssl_bio);
 ssl_bio = NULL;
 #ifdef CHARSET_EBCDIC
-io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+filter = BIO_new(BIO_f_ebcdic_filter());
+if (filter == NULL)
+goto err;
+
+io = BIO_push(filter, io);
 #endif
 
 if 

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  22b3f72ed6ee2676f791fbd4e3a060cfcf1cb71a (commit)
  from  edd8ea5da7854d3b70a7b12833ac20e734cc2b42 (commit)


- Log -
commit 22b3f72ed6ee2676f791fbd4e3a060cfcf1cb71a
Author: Jiasheng Jiang 
Date:   Thu Feb 10 15:41:40 2022 +0800

apps/ocsp: Add check for OPENSSL_strdup

Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
Since OPENSSL_strdup() may fail because of the lack of memory,
the 'itmp' will be NULL and be an valid parameter hashed in
TXT_DB_get_by_index(), returning a wrong result.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17677)

(cherry picked from commit 8f084b43803d53e15d83ed130210f026f84679ff)

---

Summary of changes:
 apps/ocsp.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 7a5f84e527..3d2c668017 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1176,10 +1176,12 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER 
*ser)
 bn = ASN1_INTEGER_to_BN(ser, NULL);
 OPENSSL_assert(bn); /* FIXME: should report an error at this
  * point and abort */
-if (BN_is_zero(bn))
+if (BN_is_zero(bn)) {
 itmp = OPENSSL_strdup("00");
-else
+OPENSSL_assert(itmp);
+} else {
 itmp = BN_bn2hex(bn);
+}
 row[DB_serial] = itmp;
 BN_free(bn);
 rrow = TXT_DB_get_by_index(db->db, DB_serial, row);

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  edd8ea5da7854d3b70a7b12833ac20e734cc2b42 (commit)
  from  59de5a5e8603fb5e2e7b0aa78224152700ad905a (commit)


- Log -
commit edd8ea5da7854d3b70a7b12833ac20e734cc2b42
Author: Jiasheng Jiang 
Date:   Wed Feb 9 23:04:25 2022 +0800

s_server: Add check for OPENSSL_strdup

Since the OPENSSL_strdup() may return NULL if allocation
fails, the 'port' could be NULL.
And then it will be used in do_server(), which can accept
NULL as an valid parameter.
That means that the system could run with a wrong parameter.
Therefore it should be better to check it, like the other
memory allocation.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17673)

(cherry picked from commit 0c5905581e9d1d79d62cac56a0e3c2ed487afecf)

---

Summary of changes:
 apps/s_server.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 813c56592c..864a15f69b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1006,7 +1006,7 @@ int s_server_main(int argc, char *argv[])
 int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
 int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0;
 char *host = NULL;
-char *port = OPENSSL_strdup(PORT);
+char *port = NULL;
 unsigned char *context = NULL;
 OPTION_CHOICE o;
 EVP_PKEY *s_key2 = NULL;
@@ -1069,9 +1069,10 @@ int s_server_main(int argc, char *argv[])
 async = 0;
 use_sendfile = 0;
 
+port = OPENSSL_strdup(PORT);
 cctx = SSL_CONF_CTX_new();
 vpm = X509_VERIFY_PARAM_new();
-if (cctx == NULL || vpm == NULL)
+if (port == NULL || cctx == NULL || vpm == NULL)
 goto end;
 SSL_CONF_CTX_set_flags(cctx,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  59de5a5e8603fb5e2e7b0aa78224152700ad905a (commit)
  from  3948abaf4458aac66bf47546874d0fb5a73a78a0 (commit)


- Log -
commit 59de5a5e8603fb5e2e7b0aa78224152700ad905a
Author: Todd Short 
Date:   Wed Feb 9 15:59:37 2022 -0500

Force macOS 10.15 or later to be 64-bit

macOS Catalina (10.15) no longer supports 32-bit applications.
Do not wait 5 seconds to give the user the option of using KERNEL_BITS=32
Do not accept the KERNEL_BITS=32 option

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17675)

(cherry picked from commit b926548b362531e8a64e7482c081611fab7183a8)

---

Summary of changes:
 util/perl/OpenSSL/config.pm | 8 
 1 file changed, 8 insertions(+)

diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm
index 81e9a03b48..17786defad 100755
--- a/util/perl/OpenSSL/config.pm
+++ b/util/perl/OpenSSL/config.pm
@@ -485,6 +485,14 @@ EOF
   [ 'x86_64-apple-darwin.*',
 sub {
 my $KERNEL_BITS = $ENV{KERNEL_BITS} // '';
+# macOS >= 10.15 is 64-bit only
+my $SW_VERS = `sw_vers -productVersion 2>/dev/null`;
+if ($SW_VERS =~ /^(\d+)\.(\d+)\.(\d+)$/) {
+if ($1 > 10 || ($1 == 10 && $2 >= 15)) {
+die "32-bit applications not supported on macOS 10.15 or 
later\n" if $KERNEL_BITS eq '32';
+return { target => "darwin64-x86_64" };
+}
+}
 return { target => "darwin-i386" } if $KERNEL_BITS eq '32';
 
 print <

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  3948abaf4458aac66bf47546874d0fb5a73a78a0 (commit)
  from  88177b8092fb592508bb3798a05025c8bf341cc3 (commit)


- Log -
commit 3948abaf4458aac66bf47546874d0fb5a73a78a0
Author: Jiasheng Jiang 
Date:   Mon Feb 7 19:13:43 2022 +0800

dh_exch.c: Add check for OPENSSL_strdup

Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17651)

(cherry picked from commit c920020f0bb13f0d2bf0fcad5c7ee63458b633b4)

---

Summary of changes:
 providers/implementations/exchange/dh_exch.c | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/providers/implementations/exchange/dh_exch.c 
b/providers/implementations/exchange/dh_exch.c
index cd92f26957..3cfb580687 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -292,7 +292,12 @@ static void *dh_dupctx(void *vpdhctx)
 if (dstctx->kdf_ukm == NULL)
 goto err;
 }
-dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg);
+
+if (srcctx->kdf_cekalg != NULL) {
+dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg);
+if (dstctx->kdf_cekalg == NULL)
+goto err;
+}
 
 return dstctx;
 err:
@@ -389,9 +394,16 @@ static int dh_set_ctx_params(void *vpdhctx, const 
OSSL_PARAM params[])
 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG);
 if (p != NULL) {
 str = name;
-if (!OSSL_PARAM_get_utf8_string(p, , sizeof(name)))
-return 0;
-pdhctx->kdf_cekalg = OPENSSL_strdup(name);
+
+OPENSSL_free(pdhctx->kdf_cekalg);
+pdhctx->kdf_cekalg = NULL;
+if (p->data != NULL && p->data_size != 0) {
+if (!OSSL_PARAM_get_utf8_string(p, , sizeof(name)))
+return 0;
+pdhctx->kdf_cekalg = OPENSSL_strdup(name);
+if (pdhctx->kdf_cekalg == NULL)
+return 0;
+}
 }
 return 1;
 }

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  88177b8092fb592508bb3798a05025c8bf341cc3 (commit)
  from  e2387e6bd4ee69e0702d1a489045b72632b91e48 (commit)


- Log -
commit 88177b8092fb592508bb3798a05025c8bf341cc3
Author: Tomas Mraz 
Date:   Fri Feb 11 09:44:52 2022 +0100

Apply the correct Apache v2 license

There were still a few files mentioning the old OpenSSL license.

Fixes #17684

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17686)

(cherry picked from commit 7585073892af9cffd28b7b5872c2b102b99af807)

---

Summary of changes:
 crypto/ec/asm/ecp_nistp521-ppc64.pl | 4 ++--
 doc/man1/openssl-cmp.pod.in | 4 ++--
 test/dane-cross.in  | 4 ++--
 test/recipes/03-test_internal_sm3.t | 4 ++--
 test/sm3_internal_test.c| 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/crypto/ec/asm/ecp_nistp521-ppc64.pl 
b/crypto/ec/asm/ecp_nistp521-ppc64.pl
index e97d803d26..4260e24a1f 100755
--- a/crypto/ec/asm/ecp_nistp521-ppc64.pl
+++ b/crypto/ec/asm/ecp_nistp521-ppc64.pl
@@ -1,7 +1,7 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index a1d80dad40..0c2762f0a0 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -1231,9 +1231,9 @@ The B<-engine option> was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L.
diff --git a/test/dane-cross.in b/test/dane-cross.in
index 81252a110e..63c37fbf33 100644
--- a/test/dane-cross.in
+++ b/test/dane-cross.in
@@ -1,6 +1,6 @@
-# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/test/recipes/03-test_internal_sm3.t 
b/test/recipes/03-test_internal_sm3.t
index 9cda58d66e..574a7c4121 100644
--- a/test/recipes/03-test_internal_sm3.t
+++ b/test/recipes/03-test_internal_sm3.t
@@ -1,8 +1,8 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright 2021 [UnionTech](https://www.uniontech.com). All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/test/sm3_internal_test.c b/test/sm3_internal_test.c
index 1497f8476f..7680d0242e 100644
--- a/test/sm3_internal_test.c
+++ b/test/sm3_internal_test.c
@@ -2,7 +2,7 @@
  * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2021 UnionTech. All Rights Reserved.
  *
- * Licensed under the Apche License 2.0 (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  e2387e6bd4ee69e0702d1a489045b72632b91e48 (commit)
  from  cfbcfe86c2ccdd308fc6fa3d3245dd6eb5774b0e (commit)


- Log -
commit e2387e6bd4ee69e0702d1a489045b72632b91e48
Author: Jiasheng Jiang 
Date:   Thu Feb 10 11:21:47 2022 +0800

openssl rehash: add check for OPENSSL_strdup

As the potential failure of the memory allocation,
it should be better to check the return value of
OPENSSL_strdup() and return error if fails.
Also, we need to restore the 'ep' to be NULL if fails.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17676)

(cherry picked from commit 79cda38cff834224fb9d86dc7433b4f60688ce49)

---

Summary of changes:
 apps/rehash.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/apps/rehash.c b/apps/rehash.c
index 7fe01de11c..ae91654fe9 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -168,6 +168,12 @@ static int add_entry(enum Type type, unsigned int hash, 
const char *filename,
 *ep = nilhentry;
 ep->old_id = ~0;
 ep->filename = OPENSSL_strdup(filename);
+if (ep->filename == NULL) {
+OPENSSL_free(ep);
+ep = NULL;
+BIO_printf(bio_err, "out of memory\n");
+return 1;
+}
 if (bp->last_entry)
 bp->last_entry->next = ep;
 if (bp->first_entry == NULL)

[openssl] openssl-3.0 update

[Richard Levitte]

The branch openssl-3.0 has been updated
   via  cfbcfe86c2ccdd308fc6fa3d3245dd6eb5774b0e (commit)
  from  b5bcce5df1951ba2d7dd6a167826a3fe88f1dfd9 (commit)


- Log -
commit cfbcfe86c2ccdd308fc6fa3d3245dd6eb5774b0e
Author: Daniel 
Date:   Wed Feb 9 16:23:46 2022 +0100

Use C locale in Bash scripts.

Fixes openssl#17228.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/17674)

(cherry picked from commit bd654f7e98e13c0dc3b5c707880b9a77ba9e342f)

---

Summary of changes:
 dev/release.sh | 4 
 1 file changed, 4 insertions(+)

diff --git a/dev/release.sh b/dev/release.sh
index 4b778f3b75..d60779d161 100755
--- a/dev/release.sh
+++ b/dev/release.sh
@@ -9,6 +9,10 @@
 # This is the most shell agnostic way to specify that POSIX rules.
 POSIXLY_CORRECT=1
 
+# Force C locale because some commands (like date +%b) relies
+# on the current locale.
+export LC_ALL=C
+
 usage () {
 cat <

[openssl] openssl-3.0 update

[bernd . edlinger]

The branch openssl-3.0 has been updated
   via  b5bcce5df1951ba2d7dd6a167826a3fe88f1dfd9 (commit)
  from  fc27d9f3af95aa33e5028c6cef8d56d1c7f17436 (commit)


- Log -
commit b5bcce5df1951ba2d7dd6a167826a3fe88f1dfd9
Author: Bernd Edlinger 
Date:   Fri Jan 14 10:01:29 2022 +0100

Cleanup record length checks for KTLS

In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unprocessed packets are still pending.

Add at least some tests for KTLS, since we have
currently not very much test coverage for KTLS.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17504)

(cherry picked from commit 8fff986d52606e1a33f9404504535e2e2aee3e8b)

---

Summary of changes:
 ssl/record/ssl3_record.c   | 27 +--
 test/recipes/80-test_ssl_old.t | 22 --
 test/ssl_old_test.c| 11 +++
 3 files changed, 48 insertions(+), 12 deletions(-)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index d4101618c6..4229c9c392 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -191,7 +191,7 @@ int ssl3_get_record(SSL *s)
 
 rr = RECORD_LAYER_get_rrec(>rlayer);
 rbuf = RECORD_LAYER_get_rbuf(>rlayer);
-is_ktls_left = (rbuf->left > 0);
+is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0);
 max_recs = s->max_pipelines;
 if (max_recs == 0)
 max_recs = 1;
@@ -408,7 +408,11 @@ int ssl3_get_record(SSL *s)
 len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 #endif
 
-if (thisrr->length > len && !BIO_get_ktls_recv(s->rbio)) {
+/* KTLS may use all of the buffer */
+if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left)
+len = SSL3_BUFFER_get_left(rbuf);
+
+if (thisrr->length > len) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW,
  SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
 return -1;
@@ -711,16 +715,27 @@ int ssl3_get_record(SSL *s)
 goto end;
 }
 
+/*
+ * Usually thisrr->length is the length of a single record, but when
+ * KTLS handles the decryption, thisrr->length may be larger than
+ * SSL3_RT_MAX_PLAIN_LENGTH because the kernel may have coalesced
+ * multiple records.
+ * Therefore we have to rely on KTLS to check the plaintext length
+ * limit in the kernel.
+ */
 if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH
-&& !BIO_get_ktls_recv(s->rbio)) {
+&& (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 goto end;
 }
 
-/* If received packet overflows current Max Fragment Length setting */
+/*
+ * Check if the received packet overflows the current
+ * Max Fragment Length setting.
+ * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive.
+ */
 if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
-&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)
-&& !BIO_get_ktls_recv(s->rbio)) {
+&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 goto end;
 }
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index b144bc9fb9..c1fb30f6b2 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -346,11 +346,9 @@ sub testssl {
 }
 
 
-# plan tests => 11;
-
 subtest 'standard SSL tests' => sub {
 ##
-plan tests => 13;
+plan tests => 19;
 
   SKIP: {
   skip "SSLv3 is not supported by this OpenSSL build", 4
@@ -378,7 +376,7 @@ sub testssl {
 }
 
   SKIP: {
-  skip "Neither SSLv3 nor any TLS version are supported by this 
OpenSSL build", 8
+  skip "Neither SSLv3 nor any TLS version are supported by this 
OpenSSL build", 14
   if $no_anytls;
 
 SKIP: {
@@ -406,17 +404,29 @@ sub testssl {
  'test sslv2/sslv3 with both client and server authentication via 
BIO pair and app verify');
 
 SKIP: {
-skip "No IPv4 available on this machine", 1
+skip "No IPv4 available on this machine", 4
 unless !disabled("sock") && have_IPv4();
 ok(run(test([@ssltest, "-ipv4"])),
'test TLS via IPv4');
+ok(run(test([@ssltest, "-ipv4", "-client_ktls"])),
+   'test TLS via IPv4 + ktls(client)');
+

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  fc27d9f3af95aa33e5028c6cef8d56d1c7f17436 (commit)
  from  b32b2167155cafc4ac133f49d9cd04a249e443c8 (commit)


- Log -
commit fc27d9f3af95aa33e5028c6cef8d56d1c7f17436
Author: Pauli 
Date:   Wed Feb 9 11:17:57 2022 +1100

Change condition to avoid spurious compiler complaints.

X509_TRUST_get0() is checking < 0, the code here was checking == -1.  Both 
are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).

Fixes #17665

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17668)

(cherry picked from commit b84c6e86dd8ca88444207080808d1d598856041f)

---

Summary of changes:
 crypto/x509/x509_trust.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index ff578aee73..0888e16c15 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -134,7 +134,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST 
*, X509 *, int),
 /* Get existing entry if any */
 idx = X509_TRUST_get_by_id(id);
 /* Need a new entry */
-if (idx == -1) {
+if (idx < 0) {
 if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
 ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
 return 0;

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  b32b2167155cafc4ac133f49d9cd04a249e443c8 (commit)
  from  09ade84a4a9e082c785cb51a9db2e85a45097cbd (commit)


- Log -
commit b32b2167155cafc4ac133f49d9cd04a249e443c8
Author: Kevin K Biju 
Date:   Sat Feb 5 18:09:45 2022 +0530

Added checking for buflen overflow due to MAX_MISALIGNMENT.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17646)

(cherry picked from commit 4b3777c9ad4a2058a9b87afb26289039ebf4a6c1)

---

Summary of changes:
 apps/speed.c  | 8 ++--
 doc/man1/openssl-speed.pod.in | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 9be01bb4b2..b730a5c2b5 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -452,7 +452,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = {
 static double sm2_results[SM2_NUM][2];/* 2 ops: sign then verify */
 #endif /* OPENSSL_NO_SM2 */
 
-#define COND(unused_cond) (run && count < 0x7fff)
+#define COND(unused_cond) (run && count < INT_MAX)
 #define COUNT(d) (count)
 
 typedef struct loopargs_st {
@@ -1775,6 +1775,10 @@ int speed_main(int argc, char **argv)
 buflen = lengths[size_num - 1];
 if (buflen < 36)/* size of random vector in RSA benchmark */
 buflen = 36;
+if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
+BIO_printf(bio_err, "Error: buffer size too large\n");
+goto end;
+}
 buflen += MAX_MISALIGNMENT + 1;
 loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
 loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
@@ -3618,7 +3622,7 @@ static void multiblock_speed(const EVP_CIPHER 
*evp_cipher, int lengths_single,
 for (j = 0; j < num; j++) {
 print_message(alg_name, 0, mblengths[j], seconds->sym);
 Time_F(START);
-for (count = 0; run && count < 0x7fff; count++) {
+for (count = 0; run && count < INT_MAX; count++) {
 unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
 size_t len = mblengths[j];
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index bfe992797a..29181ea970 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -101,6 +101,8 @@ Run benchmarks for I seconds.
 =item B<-bytes> I
 
 Run benchmarks on I-byte buffers. Affects ciphers, digests and the CSPRNG.
+The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit 
+int would be 2147483583 bytes.
 
 =item B<-mr>
 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  09ade84a4a9e082c785cb51a9db2e85a45097cbd (commit)
  from  828bbe3795c82fe060f823ff117a753e81fb48d3 (commit)


- Log -
commit 09ade84a4a9e082c785cb51a9db2e85a45097cbd
Author: EasySec 
Date:   Mon Feb 7 23:16:39 2022 +0100

Fix small typo in EVP_KEYEXCH-ECDH.html doc example

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17657)

(cherry picked from commit 0fdb31669f88cbf5d63ba16d82d95c6c84575dc0)

---

Summary of changes:
 doc/man7/EVP_KEYEXCH-ECDH.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man7/EVP_KEYEXCH-ECDH.pod b/doc/man7/EVP_KEYEXCH-ECDH.pod
index a710625f22..69d0d87b35 100644
--- a/doc/man7/EVP_KEYEXCH-ECDH.pod
+++ b/doc/man7/EVP_KEYEXCH-ECDH.pod
@@ -88,7 +88,7 @@ key but also using X963KDF with a user key material:
 size_t secret_len = out_len;
 unsigned int pad = 1;
 OSSL_PARAM params[6];
-EVP_PKET_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL);
+EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL);
 
 EVP_PKEY_derive_init(dctx);
 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  828bbe3795c82fe060f823ff117a753e81fb48d3 (commit)
  from  ebdec62c38494739d9cb4cdd6b1c4a511d169a90 (commit)


- Log -
commit 828bbe3795c82fe060f823ff117a753e81fb48d3
Author: Jiasheng Jiang 
Date:   Sat Feb 5 19:31:11 2022 +0800

Add the check after calling OPENSSL_strdup

Since the potential failure of the memory allocation, the
OPENSSL_strdup() could return NULL pointer.
Therefore, it should be better to check it in order to guarantee the
success of the configuration, same as the check for
SSL_CTX_set_srp_username().

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17643)

(cherry picked from commit 09030ee73693411c19b596cb0e0f43eb512ac0e6)

---

Summary of changes:
 test/helpers/handshake_srp.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/test/helpers/handshake_srp.c b/test/helpers/handshake_srp.c
index f18e5c81a6..11825d1dca 100644
--- a/test/helpers/handshake_srp.c
+++ b/test/helpers/handshake_srp.c
@@ -49,6 +49,13 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, 
SSL_CTX *server2_ctx,
 SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
 server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
 server_ctx_data->srp_password = 
OPENSSL_strdup(extra->server.srp_password);
+if (server_ctx_data->srp_user == NULL || server_ctx_data->srp_password 
== NULL) {
+OPENSSL_free(server_ctx_data->srp_user);
+OPENSSL_free(server_ctx_data->srp_password);
+server_ctx_data->srp_user = NULL;
+server_ctx_data->srp_password = NULL;
+return 0;
+}
 SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
 }
 if (extra->server2.srp_user != NULL) {
@@ -57,6 +64,13 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, 
SSL_CTX *server2_ctx,
 SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
 server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
 server2_ctx_data->srp_password = 
OPENSSL_strdup(extra->server2.srp_password);
+if (server2_ctx_data->srp_user == NULL || 
server2_ctx_data->srp_password == NULL) {
+OPENSSL_free(server2_ctx_data->srp_user);
+OPENSSL_free(server2_ctx_data->srp_password);
+server2_ctx_data->srp_user = NULL;
+server2_ctx_data->srp_password = NULL;
+return 0;
+}
 SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
 }
 if (extra->client.srp_user != NULL) {
@@ -65,6 +79,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, 
SSL_CTX *server2_ctx,
 return 0;
 SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
 client_ctx_data->srp_password = 
OPENSSL_strdup(extra->client.srp_password);
+if (client_ctx_data->srp_password == NULL)
+return 0;
 SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
 }
 return 1;

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  ebdec62c38494739d9cb4cdd6b1c4a511d169a90 (commit)
  from  e44b212bdce225fd2d7e2349a7f787e7c9ade4fd (commit)


- Log -
commit ebdec62c38494739d9cb4cdd6b1c4a511d169a90
Author: Matt Caswell 
Date:   Mon Feb 7 10:32:08 2022 +

Fix an enginetest failure when compiled with no-deprecated --api=1.1.1

Fixes #17649

Reviewed-by: Tomas Mraz 
Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17652)

(cherry picked from commit 29af9fba64fd3e4e086808f2360501b463627ea2)

---

Summary of changes:
 test/enginetest.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/enginetest.c b/test/enginetest.c
index 04e61743a1..c00e1f82c4 100644
--- a/test/enginetest.c
+++ b/test/enginetest.c
@@ -24,6 +24,7 @@
 # include 
 # include 
 # include 
+# include 
 
 static void display_engine_list(void)
 {

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  e44b212bdce225fd2d7e2349a7f787e7c9ade4fd (commit)
  from  53234cb0f408bbfbb04ea0e12f1fc61feb2aa600 (commit)


- Log -
commit e44b212bdce225fd2d7e2349a7f787e7c9ade4fd
Author: Daniel 
Date:   Sun Feb 6 15:01:14 2022 +0100

Send auxiliary messages to bio_err.

Fixes openssl#17613.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17650)

(cherry picked from commit 2a6994cfa08368a710d66caaae4fc07ad35631bf)

---

Summary of changes:
 apps/x509.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index 2880ae792a..c9c10c260e 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -706,9 +706,9 @@ int x509_main(int argc, char **argv)
: "Certificate request self-signature did not match the 
contents\n");
 goto end;
 }
-BIO_printf(out, "Certificate request self-signature ok\n");
+BIO_printf(bio_err, "Certificate request self-signature ok\n");
 
-print_name(out, "subject=", X509_REQ_get_subject_name(req));
+print_name(bio_err, "subject=", X509_REQ_get_subject_name(req));
 } else if (!x509toreq && ext_copy != EXT_COPY_UNSET) {
 BIO_printf(bio_err, "Warning: ignoring -copy_extensions since neither 
-x509toreq nor -req is given\n");
 }

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  53234cb0f408bbfbb04ea0e12f1fc61feb2aa600 (commit)
  from  db40ffab8dbf3ae0e932bb737ff787c6c1eb3ca2 (commit)


- Log -
commit 53234cb0f408bbfbb04ea0e12f1fc61feb2aa600
Author: Jiasheng Jiang 
Date:   Sat Feb 5 18:00:51 2022 +0800

rsa: add check after calling BN_BLINDING_lock

As the potential failure of getting lock, we need to check the return
value of the BN_BLINDING_lock() in order to avoid the dirty data.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17642)

(cherry picked from commit aefbcde29166caf851cf388361d70fd0dcf17d87)

---

Summary of changes:
 crypto/rsa/rsa_ossl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index c417a4b8f6..de4a580032 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -213,7 +213,9 @@ static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, 
BIGNUM *unblind,
  */
 int ret;
 
-BN_BLINDING_lock(b);
+if (!BN_BLINDING_lock(b))
+return 0;
+
 ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
 BN_BLINDING_unlock(b);
 

[openssl] openssl-3.0 update

[bernd . edlinger]

The branch openssl-3.0 has been updated
   via  db40ffab8dbf3ae0e932bb737ff787c6c1eb3ca2 (commit)
  from  01d4f5cdd4125bd81878257ae357ff191bc31dd1 (commit)


- Log -
commit db40ffab8dbf3ae0e932bb737ff787c6c1eb3ca2
Author: Bernd Edlinger 
Date:   Sun Jan 16 17:59:17 2022 +0100

Check for presence of 1.1.x openssl runtime

if the newly loaded engine contains the symbol
EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
Abort loading this engine, as it will definitely crash.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/17112)

(cherry picked from commit 14db620282bea38dc44479e562cf9bb61a716444)

---

Summary of changes:
 crypto/engine/eng_dyn.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index c8a54f7d44..68b9ac311d 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -451,8 +451,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
  * We fail if the version checker veto'd the load *or* if it is
  * deferring to us (by returning its version) and we think it is too
  * old.
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 1.1.x will cause a fatal
+ * error.  Detect such engines, since EVP_PKEY_base_id is exported
+ * as a function in openssl 1.1.x, while it is a macro in openssl 3.x,
+ * and therefore only the symbol EVP_PKEY_get_base_id is available
+ * in openssl 3.x.
  */
-if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+if (vcheck_res < OSSL_DYNAMIC_OLDEST
+|| DSO_bind_func(ctx->dynamic_dso,
+ "EVP_PKEY_base_id") != NULL) {
 /* Fail */
 ctx->bind_engine = NULL;
 ctx->v_check = NULL;

[openssl] openssl-3.0 update

[bernd . edlinger]

The branch openssl-3.0 has been updated
   via  01d4f5cdd4125bd81878257ae357ff191bc31dd1 (commit)
  from  d7975674e5aaded44a6845d3d1beac08477a22ad (commit)


- Log -
commit 01d4f5cdd4125bd81878257ae357ff191bc31dd1
Author: Bernd Edlinger 
Date:   Mon Nov 22 21:50:04 2021 +0100

Prevent crash with engine using different openssl runtime

This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.

Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.

Fixes #15898

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/17112)

(cherry picked from commit 9362a1b32b7330e24d3bca230b412557caea095b)

---

Summary of changes:
 include/openssl/engine.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index 25c3cf7c19..70c856a9cd 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -801,6 +801,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char 
*id,
 CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
  fns->mem_fns.realloc_fn, \
  fns->mem_fns.free_fn); \
+OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
 skip_cbs: \
 if (!fn(e, id)) return 0; \
 return 1; }

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  780bd905ed8684a62b0c3be90c904dac405780fb (commit)
  from  71efa57da1cc6ae6ab731b9127189c101ce6f908 (commit)


- Log -
commit 780bd905ed8684a62b0c3be90c904dac405780fb
Author: Tomas Mraz 
Date:   Wed Jan 5 11:18:27 2022 +0100

doc: Add hint to use EVP_PKEY_get_bn_param to retrieve big integers

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17423)

(cherry picked from commit f6f4d1cc00a557232955867b6c04f767e8b5a12e)

---

Summary of changes:
 doc/man3/EVP_PKEY_gettable_params.pod | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/man3/EVP_PKEY_gettable_params.pod 
b/doc/man3/EVP_PKEY_gettable_params.pod
index 29b8ec822b..3a2a59c36a 100644
--- a/doc/man3/EVP_PKEY_gettable_params.pod
+++ b/doc/man3/EVP_PKEY_gettable_params.pod
@@ -47,10 +47,12 @@ value that is negative or does not fit into a native C 
B type using
 EVP_PKEY_get_size_t_param() will also fail.
 
 EVP_PKEY_get_int_param() retrieves a key I integer value I<*out>
-associated with a name of I.
+associated with a name of I if it fits into C type. For
+parameters that do not fit into C use EVP_PKEY_get_bn_param().
 
 EVP_PKEY_get_size_t_param() retrieves a key I size_t value I<*out>
-associated with a name of I.
+associated with a name of I if it fits into C type. For
+parameters that do not fit into C use EVP_PKEY_get_bn_param().
 
 EVP_PKEY_get_bn_param() retrieves a key I BIGNUM value I<**bn>
 associated with a name of I. If I<*bn> is NULL then the BIGNUM

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  d7975674e5aaded44a6845d3d1beac08477a22ad (commit)
   via  b5766832988aac5848de16fb9801f5954ffb188b (commit)
  from  780bd905ed8684a62b0c3be90c904dac405780fb (commit)


- Log -
commit d7975674e5aaded44a6845d3d1beac08477a22ad
Author: Tomas Mraz 
Date:   Thu Feb 3 16:30:21 2022 +0100

Add testcases for EVP_PKEY_set1_encoded_public_key()

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17630)

(cherry picked from commit eafd3e9d07e99583a1439bb027e4d6af43e2df27)

commit b5766832988aac5848de16fb9801f5954ffb188b
Author: Tomas Mraz 
Date:   Wed Feb 2 17:47:26 2022 +0100

Replace size check with more meaningful pubkey check

It does not make sense to check the size because this
function can be used in other contexts than in TLS-1.3 and
the value might not be padded to the size of p.

However it makes sense to do the partial pubkey check because
there is no valid reason having the pubkey value outside the
1 < pubkey < p-1 bounds.

Fixes #15465

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17630)

(cherry picked from commit 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62)

---

Summary of changes:
 crypto/dh/dh_key.c   |  11 +--
 test/evp_pkey_dparams_test.c | 183 +--
 2 files changed, 181 insertions(+), 13 deletions(-)

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 6b8cd550f2..c78ed618bf 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, 
size_t len)
 int err_reason = DH_R_BN_ERROR;
 BIGNUM *pubkey = NULL;
 const BIGNUM *p;
-size_t p_size;
+int ret;
 
 if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
 goto err;
 DH_get0_pqg(dh, , NULL, NULL);
-if (p == NULL || (p_size = BN_num_bytes(p)) == 0) {
+if (p == NULL || BN_num_bytes(p) == 0) {
 err_reason = DH_R_NO_PARAMETERS_SET;
 goto err;
 }
-/*
- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's
- * public key is of size not equal to size of p
- */
-if (BN_is_zero(pubkey) || p_size != len) {
+/* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */
+if (!ossl_dh_check_pub_key_partial(dh, pubkey, )) {
 err_reason = DH_R_INVALID_PUBKEY;
 goto err;
 }
diff --git a/test/evp_pkey_dparams_test.c b/test/evp_pkey_dparams_test.c
index 2b6bd31a66..c6eea7548e 100644
--- a/test/evp_pkey_dparams_test.c
+++ b/test/evp_pkey_dparams_test.c
@@ -26,6 +26,13 @@
 #endif
 
 #ifndef OPENSSL_NO_KEYPARAMS
+
+struct pubkey {
+int bad;
+const unsigned char *key_bin;
+size_t key_bin_len;
+};
+
 # ifndef OPENSSL_NO_DH
 static const unsigned char dhparam_bin[] = {
 
0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01,0x00,0xc0,0xd1,0x2e,0x14,0x18,0xbd,0x03,
@@ -46,6 +53,79 @@ static const unsigned char dhparam_bin[] = {
 
0x06,0x7f,0x7f,0xd7,0x7b,0x42,0x5b,0xba,0x93,0x7a,0xeb,0x43,0x5f,0xce,0x59,0x26,
 0xe8,0x76,0xdc,0xee,0xe2,0xbe,0x36,0x7a,0x83,0x02,0x01,0x02
 };
+static const unsigned char dhkey_1[] = {
+0x7a, 0x49, 0xcb, 0xc3, 0x25, 0x67, 0x7a, 0x61,
+0xd0, 0x60, 0x81, 0x0f, 0xf6, 0xbd, 0x38, 0x82,
+0xe7, 0x38, 0x8c, 0xe9, 0xd1, 0x04, 0x33, 0xbf,
+0x8a, 0x03, 0x63, 0xb3, 0x05, 0x04, 0xb5, 0x1f,
+0xba, 0x9f, 0x1a, 0x5f, 0x31, 0x3e, 0x96, 0x79,
+0x88, 0x7d, 0x3f, 0x59, 0x6d, 0x3b, 0xf3, 0x2f,
+0xf2, 0xa6, 0x43, 0x48, 0x64, 0x5a, 0x6a, 0x32,
+0x1f, 0x24, 0x37, 0x62, 0x54, 0x3a, 0x7d, 0xab,
+0x26, 0x77, 0x7c, 0xec, 0x57, 0x3c, 0xa4, 0xbd,
+0x96, 0x9d, 0xaa, 0x3b, 0x0e, 0x9a, 0x55, 0x7e,
+0x1d, 0xb4, 0x47, 0x5b, 0xea, 0x20, 0x3c, 0x6d,
+0xbe, 0xd6, 0x70, 0x7d, 0xa8, 0x9e, 0x84, 0xb4,
+0x03, 0x52, 0xf2, 0x08, 0x4c, 0x98, 0xd3, 0x4f,
+0x58, 0xb3, 0xdf, 0xb4, 0xe6, 0xdc, 0x2c, 0x43,
+0x55, 0xd1, 0xce, 0x2a, 0xb3, 0xfc, 0xe0, 0x29,
+0x97, 0xd8, 0xd8, 0x62, 0xc6, 0x87, 0x0a, 0x1b,
+0xfd, 0x72, 0x74, 0xe0, 0xa9, 0xfb, 0xfa, 0x91,
+0xf2, 0xc1, 0x09, 0x93, 0xea, 0x63, 0xf6, 0x9a,
+0x4b, 0xdf, 0x4e, 0xdf, 0x6b, 0xf9, 0xeb, 0xf6,
+0x66, 0x3c, 0xfd, 0x6f, 0x68, 0xcb, 0xdb, 0x6e,
+0x40, 0x65, 0xf7, 0xf2, 0x46, 0xe5, 0x0d, 0x9a,
+0xd9, 0x6f, 0xcf, 0x28, 0x22, 0x8f, 0xca, 0x0b,
+0x30, 0xa0, 0x9e, 0xa5, 0x13, 0xba, 0x72, 0x7f,
+0x85, 0x3d, 0x02, 0x9c, 0x97, 0x8e, 0x6f, 0xea,
+0x6d, 0x35, 0x4e, 0xd1, 0x78, 0x7d, 0x73, 0x60,
+0x92, 0xa9, 0x12, 0xf4, 0x2a, 0xac, 0x17, 0x97,
+0xf3, 0x7b, 0x79, 0x08, 0x69, 0xd1, 0x9e, 0xb5,
+0xf8, 0x2a, 0x0a, 0x2b, 0x00, 0x7b, 0x16, 0x8d,
+0x41, 0x82, 0x3a, 0x72, 0x58, 0x57, 0x80, 0x65,
+0xae, 0x17, 0xbc, 0x3a, 0x5b, 0x7e, 0x5c, 0x2d,
+0xae, 0xb2, 0xc2, 0x26, 0x20, 0x9a, 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  71efa57da1cc6ae6ab731b9127189c101ce6f908 (commit)
  from  25e02422374d4c5e7327320513230339db9b180b (commit)


- Log -
commit 71efa57da1cc6ae6ab731b9127189c101ce6f908
Author: Ankit Das 
Date:   Wed Feb 2 23:38:41 2022 +0530

Fix SIZE_MAX not defined on z/OS etc

Fixes openssl#17629 by including internal/numbers.h which defines SIZE_MAX

CLA: trivial

Fixes #17629

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17632)

(cherry picked from commit 25a0a44dc6223e515f5e91e41798cccf09c5612b)

---

Summary of changes:
 apps/speed.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/speed.c b/apps/speed.c
index ada559228d..9be01bb4b2 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -29,6 +29,7 @@
 #include 
 #include "apps.h"
 #include "progs.h"
+#include "internal/numbers.h"
 #include 
 #include 
 #include 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  25e02422374d4c5e7327320513230339db9b180b (commit)
  from  25ee18e7f8803f6aaaeca15b49ba46d3e4d3f817 (commit)


- Log -
commit 25e02422374d4c5e7327320513230339db9b180b
Author: Thomas1664 <46387399+thomas1...@users.noreply.github.com>
Date:   Thu Jan 20 10:02:59 2022 +0100

Correct return type for BIO_ptr_ctrl

Fixes #17549
CLA: trivial

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17636)

(cherry picked from commit 984cc9a0284ee4800862aa305f9f178827baf459)

---

Summary of changes:
 doc/man3/BIO_ctrl.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod
index bcdeac6f7b..cfb505e314 100644
--- a/doc/man3/BIO_ctrl.pod
+++ b/doc/man3/BIO_ctrl.pod
@@ -17,7 +17,7 @@ BIO_get_ktls_recv
 
  long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
  long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);
- char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+ void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
  long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
 
  int BIO_reset(BIO *b);

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  25ee18e7f8803f6aaaeca15b49ba46d3e4d3f817 (commit)
  from  6e47da6363e9e32c14f0c3a750ca04cd189c85fe (commit)


- Log -
commit 25ee18e7f8803f6aaaeca15b49ba46d3e4d3f817
Author: Jiasheng Jiang 
Date:   Wed Feb 2 19:45:59 2022 +0800

evp_test: Add the missing check after calling OPENSSL_strdup and 
sk_OPENSSL_STRING_new_null

Since the memory allocation may fail, the 'mac_name' and 'controls'
could be NULL.
And the 'mac_name' will be printed in mac_test_run_mac() without check.
Also the result of 'params_n +
sk_OPENSSL_STRING_num(expected->controls)' in
mac_test_run_mac() will be 'params_n - 1' if allocation fails , which
does not make sense.
Therefore, it should be better to check them in order to guarantee the
complete success of initiation.
If fails, we also need to free the 'mdat' to avoid the memory leak.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17628)

(cherry picked from commit b2f90e93a07d992515782511a5770aa7cf7dc28f)

---

Summary of changes:
 test/evp_test.c | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/test/evp_test.c b/test/evp_test.c
index f2b0924e2f..5e69b37b9b 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1181,9 +1181,18 @@ static int mac_test_init(EVP_TEST *t, const char *alg)
 return 0;
 
 mdat->type = type;
-mdat->mac_name = OPENSSL_strdup(alg);
+if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
+OPENSSL_free(mdat);
+return 0;
+}
+
 mdat->mac = mac;
-mdat->controls = sk_OPENSSL_STRING_new_null();
+if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
+OPENSSL_free(mdat->mac_name);
+OPENSSL_free(mdat);
+return 0;
+}
+
 mdat->output_size = mdat->block_size = -1;
 t->data = mdat;
 return 1;

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  6e47da6363e9e32c14f0c3a750ca04cd189c85fe (commit)
  from  e2f06af9cfc59f5447ac645430cab1f9fa6a1071 (commit)


- Log -
commit 6e47da6363e9e32c14f0c3a750ca04cd189c85fe
Author: Harry Sintonen 
Date:   Tue Feb 1 23:48:19 2022 +0200

Add missing CRYPTO_THREAD_cleanup_local of default_context_thread_local

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17622)

(cherry picked from commit 8e012cdc896ec6a98b45119b127b230cbbb6e93b)

---

Summary of changes:
 crypto/context.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/context.c b/crypto/context.c
index a05009a3ef..b50761dd8f 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -156,6 +156,7 @@ DEFINE_RUN_ONCE_STATIC(default_context_do_init)
 void ossl_lib_ctx_default_deinit(void)
 {
 context_deinit(_context_int);
+CRYPTO_THREAD_cleanup_local(_context_thread_local);
 }
 
 static OSSL_LIB_CTX *get_thread_default_context(void)

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  e2f06af9cfc59f5447ac645430cab1f9fa6a1071 (commit)
  from  821a2c72220e6b4a208979eb53ea4f6fb0260b75 (commit)


- Log -
commit e2f06af9cfc59f5447ac645430cab1f9fa6a1071
Author: Juan Manuel Guerrero 
Date:   Wed Feb 2 00:41:02 2022 +0100

Fix builds with DJGPP

CLA: trivial

To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.

Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.

In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:

  -  arpa/inet.h: to provide declaration of inet_ntoa required in 
crypto/bio/b_addr.c
  -  netinet/tcp.h: to provide defintion of TCP_NODELAY required in 
crypto/bio/b_sock2.c

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17623)

(cherry picked from commit b9b211fcb6b9068ef1d8729a4971fbe693fd2cde)

---

Summary of changes:
 crypto/bio/bio_addr.c  | 2 +-
 include/internal/sockets.h | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c
index d18c849ade..7aec346fb3 100644
--- a/crypto/bio/bio_addr.c
+++ b/crypto/bio/bio_addr.c
@@ -752,7 +752,7 @@ int BIO_lookup_ex(const char *host, const char *service, 
int lookup_type,
 # pragma pointer_size 32
 #endif
 /* Windows doesn't seem to have in_addr_t */
-#ifdef OPENSSL_SYS_WINDOWS
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 static uint32_t he_fallback_address;
 static const char *he_fallback_addresses[] =
 { (char *)_fallback_address, NULL };
diff --git a/include/internal/sockets.h b/include/internal/sockets.h
index 6e882fa6aa..b3e42e04d1 100644
--- a/include/internal/sockets.h
+++ b/include/internal/sockets.h
@@ -32,6 +32,8 @@
 #   include 
 #   include 
 #   include 
+#   include 
+#   include 
 #  elif defined(_WIN32_WCE) && _WIN32_WCE<410
 #   define getservbyname _masked_declaration_getservbyname
 #  endif

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  821a2c72220e6b4a208979eb53ea4f6fb0260b75 (commit)
  from  73c55cc89a98a7e9aa3287ffa2faad19ffd78685 (commit)


- Log -
commit 821a2c72220e6b4a208979eb53ea4f6fb0260b75
Author: EasySec 
Date:   Wed Feb 2 01:42:27 2022 +0100

openssl-dgst.pod.in: Fix documentation of -list option

Mention openssl list -digest-algorithms, NOT -digest-commands.

Move option -list just after the related option -digest.

Fix HTML formatting of section 'Examples' by adding missing
newlines and add 2 examples variant to clarify syntax of the
command.

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17626)

(cherry picked from commit 5719dd461fc2cc5d5d29fc3d7e9a6deca3130a7e)

---

Summary of changes:
 doc/man1/openssl-dgst.pod.in | 24 +++-
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in
index f493e83b41..b85305606c 100644
--- a/doc/man1/openssl-dgst.pod.in
+++ b/doc/man1/openssl-dgst.pod.in
@@ -9,11 +9,11 @@ openssl-dgst - perform digest operations
 
 B B|I
 [B<-I>]
+[B<-list>]
 [B<-help>]
 [B<-c>]
 [B<-d>]
 [B<-debug>]
-[B<-list>]
 [B<-hex>]
 [B<-binary>]
 [B<-xoflen> I]
@@ -47,7 +47,7 @@ The generic name, B, may be used with an option 
specifying the
 algorithm to be used.
 The default digest is B.
 A supported I name may also be used as the sub-command name.
-To see the list of supported algorithms, use C
+To see the list of supported algorithms, use C
 
 =head1 OPTIONS
 
@@ -59,8 +59,11 @@ Print out a usage message.
 
 =item B<-I>
 
-Specifies name of a supported digest to be used. To see the list of
-supported digests, use the command C.
+Specifies name of a supported digest to be used. See option B<-list> below :
+
+=item B<-list>
+
+Prints out a list of supported message digests.
 
 =item B<-c>
 
@@ -71,10 +74,6 @@ the B<-hex> option is given as well.
 
 Print out BIO debugging information.
 
-=item B<-list>
-
-Prints out a list of supported message digests.
-
 =item B<-hex>
 
 Digest is to be output as a hex dump. This is the default case for a "normal"
@@ -206,12 +205,19 @@ used.
 =head1 EXAMPLES
 
 To create a hex-encoded message digest of a file:
+
  openssl dgst -md5 -hex file.txt
+ or
+ openssl md5 file.txt
 
 To sign a file using SHA-256 with binary file output:
+
  openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt
+ or
+ openssl sha256 -sign privatekey.pem -out signature.sign file.txt
 
 To verify a signature:
+
  openssl dgst -sha256 -verify publickey.pem \
  -signature signature.sign \
  file.txt
@@ -221,7 +227,7 @@ To verify a signature:
 
 The digest mechanisms that are available will depend on the options
 used when building OpenSSL.
-The C command can be used to list them.
+The C command can be used to list them.
 
 New or agile applications should use probably use SHA-256. Other digests,
 particularly SHA-1 and MD5, are still widely used for interoperating

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  73c55cc89a98a7e9aa3287ffa2faad19ffd78685 (commit)
  from  86818e77bc46916db99bda6962c79dd11215e886 (commit)


- Log -
commit 73c55cc89a98a7e9aa3287ffa2faad19ffd78685
Author: Todd Short 
Date:   Thu Jan 27 14:18:28 2022 -0500

Fix copyrights

Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17606)

(cherry picked from commit 9d987de3aabe54e65a55649a61953966f33b070b)

---

Summary of changes:
 Configurations/unix-Makefile.tmpl   | 2 +-
 apps/include/engine_loader.h| 4 ++--
 apps/lib/engine_loader.c| 2 +-
 crypto/ec/curve448/arch_64/arch_intrinsics.h| 4 ++--
 crypto/ec/curve448/arch_64/f_impl.h | 4 ++--
 crypto/ec/curve448/arch_64/f_impl64.c   | 4 ++--
 crypto/evp/mac_meth.c   | 9 +
 crypto/objects/obj_compat.h | 8 
 include/crypto/pem.h| 4 ++--
 os-dep/haiku.h  | 9 +
 providers/common/der/DIGESTS.asn1   | 7 +++
 providers/common/der/DSA.asn1   | 7 +++
 providers/common/der/EC.asn1| 7 +++
 providers/common/der/ECX.asn1   | 6 ++
 providers/common/der/NIST.asn1  | 7 +++
 providers/common/der/RSA.asn1   | 7 +++
 providers/common/der/SM2.asn1   | 7 +++
 providers/common/der/wrap.asn1  | 7 +++
 providers/implementations/keymgmt/ec_kmgmt_imexport.inc | 9 +
 test/defltfips_test.c   | 9 +
 test/pbetest.c  | 4 ++--
 test/sm3_internal_test.c| 4 ++--
 22 files changed, 115 insertions(+), 16 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 6d4039c33f..6be0018fc3 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1153,7 +1153,7 @@ generate_crypto_objects:
crypto/objects/obj_mac.num \
crypto/objects/obj_xref.txt \
> crypto/objects/obj_xref.h )
-   ( cd $(SRCDIR); cat crypto/objects/obj_compat.h >> 
include/openssl/obj_mac.h )
+   ( cd $(SRCDIR); sed -e '1,8d' crypto/objects/obj_compat.h >> 
include/openssl/obj_mac.h )
 
 generate_crypto_conf:
( cd $(SRCDIR); $(PERL) crypto/conf/keysets.pl \
diff --git a/apps/include/engine_loader.h b/apps/include/engine_loader.h
index 11598639a5..fa80fc9656 100644
--- a/apps/include/engine_loader.h
+++ b/apps/include/engine_loader.h
@@ -1,7 +1,7 @@
 /*
- * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
diff --git a/apps/lib/engine_loader.c b/apps/lib/engine_loader.c
index b2a11d438d..4d3a397b41 100644
--- a/apps/lib/engine_loader.c
+++ b/apps/lib/engine_loader.c
@@ -1,7 +1,7 @@
 /*
  * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
diff --git a/crypto/ec/curve448/arch_64/arch_intrinsics.h 
b/crypto/ec/curve448/arch_64/arch_intrinsics.h
index 2d9d5c7931..e12b8cf226 100644
--- a/crypto/ec/curve448/arch_64/arch_intrinsics.h
+++ b/crypto/ec/curve448/arch_64/arch_intrinsics.h
@@ -1,8 +1,8 @@
 /*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2016 Cryptography Research, Inc.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file 

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  86818e77bc46916db99bda6962c79dd11215e886 (commit)
  from  99a8af3049661e84c52be79ed9cf377a845ab158 (commit)


- Log -
commit 86818e77bc46916db99bda6962c79dd11215e886
Author: slontis 
Date:   Mon Dec 6 09:27:12 2021 +1000

Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY.

The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17200)

(cherry picked from commit 944f822aadc88b2e25f7695366810c73a53a00c8)

---

Summary of changes:
 crypto/dh/dh_ameth.c  |   2 +-
 crypto/dh/dh_backend.c|  17 ++-
 crypto/dsa/dsa_ameth.c|   2 +-
 crypto/dsa/dsa_backend.c  |  11 +-
 crypto/rsa/rsa_ameth.c|   4 +-
 crypto/rsa/rsa_backend.c  |  12 +-
 include/crypto/dh.h   |   5 +-
 include/crypto/dsa.h  |   3 +-
 include/crypto/rsa.h  |   5 +-
 providers/implementations/keymgmt/dh_kmgmt.c  |  19 +++-
 providers/implementations/keymgmt/dsa_kmgmt.c |  24 ++--
 providers/implementations/keymgmt/ecx_kmgmt.c |  20 ++--
 providers/implementations/keymgmt/rsa_kmgmt.c |  18 ++-
 test/evp_extra_test2.c| 152 ++
 14 files changed, 245 insertions(+), 49 deletions(-)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 38d8e7a38f..6a004ff2e4 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -511,7 +511,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM 
params[], void *vpctx,
 DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
 
 if (!ossl_dh_params_fromdata(dh, params)
-|| !ossl_dh_key_fromdata(dh, params)
+|| !ossl_dh_key_fromdata(dh, params, 1)
 || !EVP_PKEY_assign(pkey, type, dh)) {
 DH_free(dh);
 return 0;
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 7bd5c617de..98881a75f9 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -63,7 +63,7 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
 return 1;
 }
 
-int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
+int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[], int 
include_private)
 {
 const OSSL_PARAM *param_priv_key, *param_pub_key;
 BIGNUM *priv_key = NULL, *pub_key = NULL;
@@ -74,10 +74,13 @@ int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
 param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
 param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
 
-if ((param_priv_key != NULL
- && !OSSL_PARAM_get_BN(param_priv_key, _key))
-|| (param_pub_key != NULL
-&& !OSSL_PARAM_get_BN(param_pub_key, _key)))
+if (include_private
+&& param_priv_key != NULL
+&& !OSSL_PARAM_get_BN(param_priv_key, _key))
+goto err;
+
+if (param_pub_key != NULL
+&& !OSSL_PARAM_get_BN(param_pub_key, _key))
 goto err;
 
 if (!DH_set0_key(dh, pub_key, priv_key))
@@ -103,7 +106,8 @@ int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, 
OSSL_PARAM params[])
 return 1;
 }
 
-int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
+int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
+   int include_private)
 {
 const BIGNUM *priv = NULL, *pub = NULL;
 
@@ -112,6 +116,7 @@ int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, 
OSSL_PARAM params[])
 
 DH_get0_key(dh, , );
 if (priv != NULL
+&& include_private
 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, 
priv))
 return 0;
 if (pub != NULL
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 53417bff6a..f0a2bdb149 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -485,7 +485,7 @@ static int dsa_pkey_import_from(const OSSL_PARAM params[], 
void *vpctx)
 }
 
 if (!ossl_dsa_ffc_params_fromdata(dsa, params)
-|| !ossl_dsa_key_fromdata(dsa, params)
+|| !ossl_dsa_key_fromdata(dsa, params, 1)
 || !EVP_PKEY_assign_DSA(pkey, dsa)) {
 DSA_free(dsa);
 return 0;
diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c
index 5e3ff85154..9c3cede91a 100644
--- a/crypto/dsa/dsa_backend.c
+++ b/crypto/dsa/dsa_backend.c
@@ -27,16 +27,19 @@
  * implementations alike.
  */
 
-int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[])
+int 

[openssl] openssl-3.0 update

[Matt Caswell]

The branch openssl-3.0 has been updated
   via  99a8af3049661e84c52be79ed9cf377a845ab158 (commit)
   via  d6e0042de87f9b2de4edd7152c391ab2a77b61ef (commit)
   via  75d6cb0d925c66b5b1f86d287c4ee1be3376cb05 (commit)
  from  41d979c7f5f70ab06fcf5a4880c252e40e99ad98 (commit)


- Log -
commit 99a8af3049661e84c52be79ed9cf377a845ab158
Author: Matt Caswell 
Date:   Thu Jan 13 15:16:39 2022 +

Document purpose and trust setting functions

In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();

Reviewed-by: Shane Lontis 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/17603)

commit d6e0042de87f9b2de4edd7152c391ab2a77b61ef
Author: Matt Caswell 
Date:   Thu Dec 30 16:38:28 2021 +

Add a test for X509_STORE_CTX_set_purpose()

This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.

Reviewed-by: Shane Lontis 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/17603)

commit 75d6cb0d925c66b5b1f86d287c4ee1be3376cb05
Author: Matt Caswell 
Date:   Thu Dec 30 16:37:06 2021 +

Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose

The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.

Fixes #17367

Reviewed-by: Shane Lontis 
Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/17603)

---

Summary of changes:
 crypto/x509/x509_vfy.c  |  11 ++--
 doc/man3/X509_STORE_CTX_new.pod |  69 +++-
 test/recipes/70-test_verify_extra.t |   8 +--
 test/verify_extra_test.c| 121 
 util/missingcrypto.txt  |   3 -
 5 files changed, 185 insertions(+), 27 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ff3ca83de6..b407c4abf5 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2230,6 +2230,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, 
int def_purpose,
 /* If purpose not set use default */
 if (purpose == 0)
 purpose = def_purpose;
+/*
+ * If purpose is set but we don't have a default then set the default to
+ * the current purpose
+ */
+else if (def_purpose == 0)
+def_purpose = purpose;
 /* If we have a purpose then check it is valid */
 if (purpose != 0) {
 X509_PURPOSE *ptmp;
@@ -2242,11 +2248,6 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, 
int def_purpose,
 ptmp = X509_PURPOSE_get0(idx);
 if (ptmp->trust == X509_TRUST_DEFAULT) {
 idx = X509_PURPOSE_get_by_id(def_purpose);
-/*
- * XXX: In the two callers above def_purpose is always 0, which is
- * not a known value, so idx will always be -1.  How is the
- * X509_TRUST_DEFAULT case actually supposed to be handled?
- */
 if (idx == -1) {
 ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID);
 return 0;
diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod
index 56a36bfecd..3bf964e802 100644
--- a/doc/man3/X509_STORE_CTX_new.pod
+++ b/doc/man3/X509_STORE_CTX_new.pod
@@ -11,7 +11,10 @@ X509_STORE_CTX_get_num_untrusted,
 X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain,
 X509_STORE_CTX_set_default,
 X509_STORE_CTX_set_verify,
-X509_STORE_CTX_verify_fn
+X509_STORE_CTX_verify_fn,
+X509_STORE_CTX_set_purpose,
+X509_STORE_CTX_set_trust,
+X509_STORE_CTX_purpose_inherit
 - X509_STORE_CTX initialisation
 
 =head1 SYNOPSIS
@@ -45,6 +48,11 @@ X509_STORE_CTX_verify_fn
  typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
  void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn 
verify);
 
+ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+int purpose, int trust);
+
 =head1 DESCRIPTION
 
 These functions initialise an B structure for subsequent use
@@ -155,6 +163,65 @@ following signature:
 This function should receive the current X509_STORE_CTX as a parameter and
 return 1 on success or 0 on failure.
 
+X509 certificates may contain information about what purposes keys contained
+within them can be used for. For example "TLS WWW Server Authentication" or
+"Email Protection". This "key usage" information is held internally to the
+certificate itself. In addition the trust store 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  41d979c7f5f70ab06fcf5a4880c252e40e99ad98 (commit)
  from  1fdd4da451a8e11b58f8a16c18d3d85e68c18188 (commit)


- Log -
commit 41d979c7f5f70ab06fcf5a4880c252e40e99ad98
Author: Jiasheng Jiang 
Date:   Thu Jan 27 09:49:56 2022 +0800

x509: add the check for X509_STORE_lock

Since we may fail to get the lock, for example there is no lock, the
X509_STORE_lock() will return 0.
Therefore, we should check it in order to prevent the dirty data.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17598)

---

Summary of changes:
 crypto/x509/x509_lu.c | 32 +---
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 3b76b92f71..cd6207b1ed 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -321,7 +321,9 @@ int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
 stmp.type = X509_LU_NONE;
 stmp.data.ptr = NULL;
 
-X509_STORE_lock(store);
+if (!X509_STORE_lock(store))
+return 0;
+
 tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name);
 X509_STORE_unlock(store);
 
@@ -371,7 +373,12 @@ static int x509_store_add(X509_STORE *store, void *x, int 
crl) {
 return 0;
 }
 
-X509_STORE_lock(store);
+if (!X509_STORE_lock(store)) {
+obj->type = X509_LU_NONE;
+X509_OBJECT_free(obj);
+return 0;
+}
+
 if (X509_OBJECT_retrieve_match(store->objs, obj)) {
 ret = 1;
 } else {
@@ -553,7 +560,9 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
 }
 if ((sk = sk_X509_new_null()) == NULL)
 return NULL;
-X509_STORE_lock(store);
+if (!X509_STORE_lock(store))
+goto out_free;
+
 objs = X509_STORE_get0_objects(store);
 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
 X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
@@ -567,6 +576,7 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
 
  err:
 X509_STORE_unlock(store);
+ out_free:
 sk_X509_pop_free(sk, X509_free);
 return NULL;
 }
@@ -583,7 +593,9 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX 
*ctx,
 if (store == NULL)
 return NULL;
 
-X509_STORE_lock(store);
+if (!X509_STORE_lock(store))
+return NULL;
+
 idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, );
 if (idx < 0) {
 /*
@@ -601,7 +613,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX 
*ctx,
 return NULL;
 }
 X509_OBJECT_free(xobj);
-X509_STORE_lock(store);
+if (!X509_STORE_lock(store))
+return NULL;
 idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, );
 if (idx < 0) {
 X509_STORE_unlock(store);
@@ -642,7 +655,10 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const 
X509_STORE_CTX *ctx,
 return NULL;
 }
 X509_OBJECT_free(xobj);
-X509_STORE_lock(store);
+if (!X509_STORE_lock(store)) {
+sk_X509_CRL_free(sk);
+return NULL;
+}
 idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, );
 if (idx < 0) {
 X509_STORE_unlock(store);
@@ -744,7 +760,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, 
X509_STORE_CTX *ctx, X509 *x)
 
 /* Find index of first currently valid cert accepted by 'check_issued' */
 ret = 0;
-X509_STORE_lock(store);
+if (!X509_STORE_lock(store))
+return 0;
+
 idx = x509_object_idx_cnt(store->objs, X509_LU_X509, xn, );
 if (idx != -1) { /* should be true as we've had at least one match */
 /* Look through all matching certs for suitable issuer */

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  1fdd4da451a8e11b58f8a16c18d3d85e68c18188 (commit)
  from  b882e1bb0b520f264f2ea1f53e753a5ef1a5974a (commit)


- Log -
commit 1fdd4da451a8e11b58f8a16c18d3d85e68c18188
Author: Ross Burton 
Date:   Thu Jan 27 12:03:11 2022 +

apps/progs.pl: use SOURCE_DATE_EPOCH if defined for copyright year

As with 11d7d903, use SOURCE_DATE_EPOCH for the copyright year if it is
defined, to avoid reproducibility problems.

CLA: trivial

Signed-off-by: Ross Burton 
Change-Id: I1bea19070411a69155c43de7082350fb2c499da3

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17601)

(cherry picked from commit 27aca04e13ca8a9bead49de7bc380110ecb7064e)

---

Summary of changes:
 apps/progs.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/progs.pl b/apps/progs.pl
index 8a5759a961..77054902b4 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -21,7 +21,7 @@ die "Unrecognised option, must be -C or -H\n"
 my %commands = ();
 my $cmdre= qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
 my $apps_openssl = shift @ARGV;
-my $YEAR = [localtime()]->[5] + 1900;
+my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900;
 
 # because the program apps/openssl has object files as sources, and
 # they then have the corresponding C files as source, we need to chain

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  b882e1bb0b520f264f2ea1f53e753a5ef1a5974a (commit)
  from  1f7c5c56c7365fefd9cff9bea4d3d27346ca44d1 (commit)


- Log -
commit b882e1bb0b520f264f2ea1f53e753a5ef1a5974a
Author: EasySec 
Date:   Sat Jan 29 00:59:24 2022 +0100

Fix bad HTML formatting in EVP_KEYEXCH-DH.html because of missing newline 
in pod file

Reviewed-by: Shane Lontis 
Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17609)

(cherry picked from commit a841d450a443efccf4df02922ebe02e4c2f11a2b)

---

Summary of changes:
 doc/man7/EVP_KEYEXCH-DH.pod | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/man7/EVP_KEYEXCH-DH.pod b/doc/man7/EVP_KEYEXCH-DH.pod
index fc38531ae9..44811f1e37 100644
--- a/doc/man7/EVP_KEYEXCH-DH.pod
+++ b/doc/man7/EVP_KEYEXCH-DH.pod
@@ -58,6 +58,7 @@ To convert the received peer's public key from DER format on 
the host:
 
 To derive a shared secret on the host using the host's key and the peer's 
public
 key:
+
 /* It is assumed that the host_key and peer_pub_key are set up */
 void derive_secret(EVP_KEY *host_key, EVP_PKEY *peer_pub_key)
 {

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  1f7c5c56c7365fefd9cff9bea4d3d27346ca44d1 (commit)
  from  cb7e50ba3f250a9c9978a964e98a8c8940833595 (commit)


- Log -
commit 1f7c5c56c7365fefd9cff9bea4d3d27346ca44d1
Author: Pauli 
Date:   Thu Jan 27 15:05:48 2022 +1100

aes: make the no-asm constant time code path not the default

After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.

The option to use the constant time code exists as it was in OpenSSL 1.1.1.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17600)

---

Summary of changes:
 CHANGES.md| 7 +++
 crypto/aes/aes_core.c | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 50002e0af6..a7980daaeb 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,13 @@ breaking changes, and mappings for the large list of 
deprecated functions.
 
 ### Changes between 3.0.1 and 3.0.2 [xx XXX ]
 
+ * Made the AES constant time code for no-asm configurations
+   optional due to the resulting 95% performance degradation.
+   The AES constant time code can be enabled, for no assembly
+   builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME
+
+   *Paul Dale*
+
  * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty
passphrase strings.
 
diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
index 7b9989fd47..d3eaab349f 100644
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -50,7 +50,7 @@
 #include 
 #include "aes_local.h"
 
-#if !defined(OPENSSL_NO_AES_CONST_TIME) && !defined(AES_ASM)
+#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM)
 
 # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
 #  define U64(C) C##UI64

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  cb7e50ba3f250a9c9978a964e98a8c8940833595 (commit)
  from  e3b57c84320dae0aaa20aa0b4c356f10efae146b (commit)


- Log -
commit cb7e50ba3f250a9c9978a964e98a8c8940833595
Author: Zhou Qingyang 
Date:   Tue Jan 25 01:37:59 2022 +0800

Add the missing check of BN_bn2hex return value

CLA: trivial

Signed-off-by: Zhou Qingyang 

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17578)

(cherry picked from commit 4dd085c03a885580cc945f71187131ea7fb39b70)

---

Summary of changes:
 providers/implementations/encode_decode/encode_key2text.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/providers/implementations/encode_decode/encode_key2text.c 
b/providers/implementations/encode_decode/encode_key2text.c
index f8f9712e96..9455f97c4a 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -80,6 +80,9 @@ static int print_labeled_bignum(BIO *out, const char *label, 
const BIGNUM *bn)
 }
 
 hex_str = BN_bn2hex(bn);
+if (hex_str == NULL)
+return 0;
+
 p = hex_str;
 if (*p == '-') {
 ++p;

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  e3b57c84320dae0aaa20aa0b4c356f10efae146b (commit)
  from  d259be3fe23a6af97fb901699b096d6fb329b357 (commit)


- Log -
commit e3b57c84320dae0aaa20aa0b4c356f10efae146b
Author: Jiasheng Jiang 
Date:   Tue Jan 25 11:05:13 2022 +0800

BIO_new_from_core_bio: Check for NULL pointer after calling get_globals

The get_globals could return NULL, for example,
CRYPTO_THREAD_read_lock() failed.
Therefore, just checking the member of 'bcgbl' is not enough.
We need to check 'bcgbl' itself too in order to avoid the dereference of
the NULL pointer.
And the caller of ossl_bio_init_core(), OSSL_LIB_CTX_new_from_dispatch()
in `crypto/context.c`, has already checked return value and dealed with
the situation if it returns 0.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17581)

(cherry picked from commit 7f1cb465c1f0e45bde8c1ee54a37e6f7641c70c6)

---

Summary of changes:
 crypto/bio/bss_core.c | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/crypto/bio/bss_core.c b/crypto/bio/bss_core.c
index de774e2b00..b78b1bedaa 100644
--- a/crypto/bio/bss_core.c
+++ b/crypto/bio/bss_core.c
@@ -48,7 +48,7 @@ static int bio_core_read_ex(BIO *bio, char *data, size_t 
data_len,
 {
 BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
 
-if (bcgbl->c_bio_read_ex == NULL)
+if (bcgbl == NULL || bcgbl->c_bio_read_ex == NULL)
 return 0;
 return bcgbl->c_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read);
 }
@@ -58,7 +58,7 @@ static int bio_core_write_ex(BIO *bio, const char *data, 
size_t data_len,
 {
 BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
 
-if (bcgbl->c_bio_write_ex == NULL)
+if (bcgbl == NULL || bcgbl->c_bio_write_ex == NULL)
 return 0;
 return bcgbl->c_bio_write_ex(BIO_get_data(bio), data, data_len, written);
 }
@@ -67,7 +67,7 @@ static long bio_core_ctrl(BIO *bio, int cmd, long num, void 
*ptr)
 {
 BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
 
-if (bcgbl->c_bio_ctrl == NULL)
+if (bcgbl == NULL || bcgbl->c_bio_ctrl == NULL)
 return -1;
 return bcgbl->c_bio_ctrl(BIO_get_data(bio), cmd, num, ptr);
 }
@@ -76,7 +76,7 @@ static int bio_core_gets(BIO *bio, char *buf, int size)
 {
 BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
 
-if (bcgbl->c_bio_gets == NULL)
+if (bcgbl == NULL || bcgbl->c_bio_gets == NULL)
 return -1;
 return bcgbl->c_bio_gets(BIO_get_data(bio), buf, size);
 }
@@ -85,7 +85,7 @@ static int bio_core_puts(BIO *bio, const char *str)
 {
 BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
 
-if (bcgbl->c_bio_puts == NULL)
+if (bcgbl == NULL || bcgbl->c_bio_puts == NULL)
 return -1;
 return bcgbl->c_bio_puts(BIO_get_data(bio), str);
 }
@@ -101,6 +101,9 @@ static int bio_core_free(BIO *bio)
 {
 BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
 
+if (bcgbl == NULL)
+return 0;
+
 BIO_set_init(bio, 0);
 bcgbl->c_bio_free(BIO_get_data(bio));
 
@@ -133,7 +136,7 @@ BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, 
OSSL_CORE_BIO *corebio)
 BIO_CORE_GLOBALS *bcgbl = get_globals(libctx);
 
 /* Check the library context has been initialised with the callbacks */
-if (bcgbl->c_bio_write_ex == NULL && bcgbl->c_bio_read_ex == NULL)
+if (bcgbl == NULL || (bcgbl->c_bio_write_ex == NULL && 
bcgbl->c_bio_read_ex == NULL))
 return NULL;
 
 if ((outbio = BIO_new_ex(libctx, BIO_s_core())) == NULL)
@@ -151,6 +154,9 @@ int ossl_bio_init_core(OSSL_LIB_CTX *libctx, const 
OSSL_DISPATCH *fns)
 {
 BIO_CORE_GLOBALS *bcgbl = get_globals(libctx);
 
+if (bcgbl == NULL)
+   return 0;
+
 for (; fns->function_id != 0; fns++) {
 switch (fns->function_id) {
 case OSSL_FUNC_BIO_READ_EX:

[openssl] openssl-3.0 update

[Matt Caswell]

The branch openssl-3.0 has been updated
   via  d259be3fe23a6af97fb901699b096d6fb329b357 (commit)
  from  9fa43878ec74f8fa1aa70d9838d913e1c843c4e3 (commit)


- Log -
commit d259be3fe23a6af97fb901699b096d6fb329b357
Author: Matt Caswell 
Date:   Wed Jan 26 12:35:30 2022 +

Ensure ciphers command honours -propquery

Any propquery passed via the -propquery option to the ciphers command was
being ignored.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17595)

(cherry picked from commit 4ed381736b063284bdbd5d302988617aa4366a3f)

---

Summary of changes:
 apps/ciphers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/ciphers.c b/apps/ciphers.c
index 9c494224a1..50bff07c29 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -187,7 +187,7 @@ int ciphers_main(int argc, char **argv)
 goto end;
 }
 
-ctx = SSL_CTX_new(meth);
+ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth);
 if (ctx == NULL)
 goto err;
 if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  9fa43878ec74f8fa1aa70d9838d913e1c843c4e3 (commit)
  from  4ac8e51e3272c7d7f2e7d62da699f52e0112ac05 (commit)


- Log -
commit 9fa43878ec74f8fa1aa70d9838d913e1c843c4e3
Author: Tomas Mraz 
Date:   Tue Jan 25 17:14:52 2022 +0100

lhash: Avoid 32 bit right shift of a 32 bit value

Fixes #17583

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17589)

(cherry picked from commit 2ce0a3d19005271e7e3c351b562d9da93e2d4c80)

---

Summary of changes:
 crypto/lhash/lhash.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 82d0ec5b8b..29ba153dc8 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -383,7 +383,8 @@ unsigned long OPENSSL_LH_strhash(const char *c)
 v = n | (*c);
 n += 0x100;
 r = (int)((v >> 2) ^ v) & 0x0f;
-ret = (ret << r) | (ret >> (32 - r));
+/* cast to uint64_t to avoid 32 bit shift of 32 bit value */
+ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));
 ret &= 0xL;
 ret ^= v * v;
 c++;
@@ -404,7 +405,8 @@ unsigned long ossl_lh_strcasehash(const char *c)
 for (n = 0x100; *c != '\0'; n += 0x100) {
 v = n | ossl_tolower(*c);
 r = (int)((v >> 2) ^ v) & 0x0f;
-ret = (ret << r) | (ret >> (32 - r));
+/* cast to uint64_t to avoid 32 bit shift of 32 bit value */
+ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));
 ret &= 0xL;
 ret ^= v * v;
 c++;

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  4ac8e51e3272c7d7f2e7d62da699f52e0112ac05 (commit)
  from  17a27b8979d8dab8e57f2dad68d85dc2033cfeda (commit)


- Log -
commit 4ac8e51e3272c7d7f2e7d62da699f52e0112ac05
Author: Tomas Mraz 
Date:   Tue Jan 25 18:10:26 2022 +0100

Fix IV length of DES EDE ECB implementations

Fixes #17587

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17591)

(cherry picked from commit d450eb84c802b2f78971f905b251a0fb89ebb7d1)

---

Summary of changes:
 providers/implementations/ciphers/cipher_tdes.c |  6 +-
 providers/implementations/ciphers/cipher_tdes_default.c |  2 +-
 test/recipes/30-test_evp_data/evpciph_des3_common.txt   | 15 ++-
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/providers/implementations/ciphers/cipher_tdes.c 
b/providers/implementations/ciphers/cipher_tdes.c
index e63c143755..409e2b8306 100644
--- a/providers/implementations/ciphers/cipher_tdes.c
+++ b/providers/implementations/ciphers/cipher_tdes.c
@@ -19,11 +19,7 @@
 #include "cipher_tdes.h"
 #include "prov/implementations.h"
 
-/*
- * NOTE: ECB mode does not use an IV - but existing test code is setting
- * an IV. Fixing this could potentially make applications break.
- */
 /* ossl_tdes_ede3_ecb_functions */
-IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
+IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 0, block);
 /* ossl_tdes_ede3_cbc_functions */
 IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);
diff --git a/providers/implementations/ciphers/cipher_tdes_default.c 
b/providers/implementations/ciphers/cipher_tdes_default.c
index 0e75d0ff11..4d1fe5c3f9 100644
--- a/providers/implementations/ciphers/cipher_tdes_default.c
+++ b/providers/implementations/ciphers/cipher_tdes_default.c
@@ -26,7 +26,7 @@ IMPLEMENT_tdes_cipher(ede3, EDE3, cfb1, CFB, TDES_FLAGS, 
64*3,  8, 64, stream);
 IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64*3,  8, 64, stream);
 
 /* ossl_tdes_ede2_ecb_functions */
-IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 64, block);
+IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 0, block);
 /* ossl_tdes_ede2_cbc_functions */
 IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64*2, 64, 64, block);
 /* ossl_tdes_ede2_ofb_functions */
diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt 
b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
index 30be60e842..d5e8f9728a 100644
--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -11,7 +11,7 @@
 #   PrivPubKeyPair Sign Verify VerifyRecover
 # and continue until a blank line. Lines starting with a pound sign are 
ignored.
 
-Title = DES3 Test
+Title = DES3 Tests
 
 # DES EDE3 CBC tests (from destest)
 Cipher = DES-EDE3-CBC
@@ -20,3 +20,16 @@ IV = fedcba9876543210
 Plaintext = 37363534333231204E6F77206973207468652074696D6520666F7220
 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 NextIV = 1c673812cfde9675
+
+# DES EDE3 ECB test
+Cipher = DES-EDE3-ECB
+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F7220
+Ciphertext = 62c10cc9efbf15aaa5ae2e487b690e56d8b1dfb8f5c5b293855e77dd9024b1b1
+
+# DES EDE ECB test
+Availablein = default
+Cipher = DES-EDE-ECB
+Key = 0123456789abcdeffedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F7220
+Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  17a27b8979d8dab8e57f2dad68d85dc2033cfeda (commit)
  from  09894bacc035fb4c68acfc3dd2798ad999eb3275 (commit)


- Log -
commit 17a27b8979d8dab8e57f2dad68d85dc2033cfeda
Author: Jiasheng Jiang 
Date:   Tue Jan 25 15:51:31 2022 +0800

UI: Check for NULL pointer after calling OPENSSL_memdup

The OPENSSL_memdup() is not always success, as the potential failure of
the allocation.
Then the '*pptr'could be NULL pointer but the ui_dup_method_data() will
still return 1.
In CRYPTO_dup_ex_data(), the 'storage[i]->dup_func' will not fail and
'ptr' will be used in CRYPTO_set_ex_data().
Also, if '*pptr' is NULL, I think it should also return 0 to tell the
caller that the duplication fails in order to prevernt using the NULL
pointer.
Therefore, it should be better to add the check and return 1 only if the
duplication succeed.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17582)

(cherry picked from commit 3f6a12a07f52c55dc3f4b0def42680f589f89ed4)

---

Summary of changes:
 crypto/ui/ui_util.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 871472cd32..9967111ecd 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -73,9 +73,12 @@ static void ui_new_method_data(void *parent, void *ptr, 
CRYPTO_EX_DATA *ad,
 static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
   void **pptr, int idx, long argl, void *argp)
 {
-if (*pptr != NULL)
+if (*pptr != NULL) {
 *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data));
-return 1;
+if (*pptr != NULL)
+return 1;
+}
+return 0;
 }
 
 static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  09894bacc035fb4c68acfc3dd2798ad999eb3275 (commit)
   via  481709cd4d9ad5b77f1550fd23b169934ff8e2b6 (commit)
  from  27ee6e252d04b587e98228c81ecc3e62a34bae26 (commit)


- Log -
commit 09894bacc035fb4c68acfc3dd2798ad999eb3275
Author: Darshan Sen 
Date:   Sat Jan 22 17:56:05 2022 +0530

Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()

Signed-off-by: Darshan Sen 

Reviewed-by: Bernd Edlinger 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17507)

(cherry picked from commit 1d28ada1c39997c10fe5392f4235bbd2bc44b40f)

commit 481709cd4d9ad5b77f1550fd23b169934ff8e2b6
Author: Darshan Sen 
Date:   Fri Jan 14 16:22:41 2022 +0530

Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()

When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.

Fixes: https://github.com/openssl/openssl/issues/17506

Signed-off-by: Darshan Sen 

Reviewed-by: Bernd Edlinger 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17507)

(cherry picked from commit 59ccb72cd5cec3b4e312853621e12a68dacdbc7e)

---

Summary of changes:
 CHANGES.md|  5 -
 crypto/passphrase.c   |  3 ++-
 crypto/pem/pem_pk8.c  |  2 +-
 crypto/ui/ui_util.c   |  2 +-
 test/evp_pkey_provided_test.c | 39 +++
 5 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index a0ef0cdcfa..50002e0af6 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,7 +30,10 @@ breaking changes, and mappings for the large list of 
deprecated functions.
 
 ### Changes between 3.0.1 and 3.0.2 [xx XXX ]
 
- * none yet
+ * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty
+   passphrase strings.
+
+   *Darshan Sen*
 
 ### Changes between 3.0.0 and 3.0.1 [14 Dec 2021]
 
diff --git a/crypto/passphrase.c b/crypto/passphrase.c
index cb1bc66958..830872953a 100644
--- a/crypto/passphrase.c
+++ b/crypto/passphrase.c
@@ -41,7 +41,8 @@ int ossl_pw_set_passphrase(struct ossl_passphrase_data_st 
*data,
 ossl_pw_clear_passphrase_data(data);
 data->type = is_expl_passphrase;
 data->_.expl_passphrase.passphrase_copy =
-OPENSSL_memdup(passphrase, passphrase_len);
+passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len)
+: OPENSSL_malloc(1);
 if (data->_.expl_passphrase.passphrase_copy == NULL) {
 ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
 return 0;
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 4742f02fef..60ff09354b 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int 
isder, int nid,
 if (enc || (nid != -1)) {
 if (kstr == NULL) {
 klen = cb(buf, PEM_BUFSIZE, 1, u);
-if (klen <= 0) {
+if (klen < 0) {
 ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY);
 goto legacy_end;
 }
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 58769d68a3..871472cd32 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -114,7 +114,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
 
 if (len >= 0)
 result[len] = '\0';
-if (len <= 0)
+if (len < 0)
 return len;
 if (UI_set_result_ex(ui, uis, result, len) >= 0)
 return 1;
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index cf4d8e1294..b4a77f8500 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -128,6 +128,16 @@ static int compare_with_file(const char *alg, int type, 
BIO *membio)
 return ret;
 }
 
+static int pass_cb(char *buf, int size, int rwflag, void *u)
+{
+return 0;
+}
+
+static int pass_cb_error(char *buf, int size, int rwflag, void *u)
+{
+return -1;
+}
+
 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
 {
 BIO *membio = BIO_new(BIO_s_mem());
@@ -140,6 +150,35 @@ static int test_print_key_using_pem(const char *alg, const 
EVP_PKEY *pk)
 !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
 (unsigned char *)"pass", 4,
 NULL, NULL))
+/* Output zero-length passphrase encrypted private key in PEM form */
+|| !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
+

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  27ee6e252d04b587e98228c81ecc3e62a34bae26 (commit)
   via  7ae540d59a01f2765b7868c0887be9bc3c0596c6 (commit)
  from  e293979b2c23712769bf9c655e8a440bf2d3d44f (commit)


- Log -
commit 27ee6e252d04b587e98228c81ecc3e62a34bae26
Author: Jiasheng Jiang 
Date:   Mon Jan 24 11:18:38 2022 +0800

test/ct_test.c: Add the missing check after calling sk_SCT_new_null

As the potential failure of the allocation, the sk_SCT_new_null() could
return NULL pointer if fails.
And then sk_SCT_push() uses the 'fixture->sct_list' and returns -1 if
fails.
But the return value of the sk_SCT_push() is not checked.
I think it is better to check it just after the allocation.

CLA: trivial

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17571)

(cherry picked from commit 7625d70ad9e7be0588dd9453e89892c2b24b8175)

commit 7ae540d59a01f2765b7868c0887be9bc3c0596c6
Author: Jiasheng Jiang 
Date:   Mon Jan 24 11:06:34 2022 +0800

evp_test: Add the missing check after calling OPENSSL_malloc

The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() deals
with.

CLA: trivial

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17571)

(cherry picked from commit 2208ba56ebefe4cf7d924e2ac7044ccd3307250b)

---

Summary of changes:
 test/ct_test.c  | 3 +++
 test/evp_test.c | 8 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/test/ct_test.c b/test/ct_test.c
index d1799fa7a2..f914ee514a 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -449,6 +449,9 @@ static int test_encode_tls_sct(void)
 SETUP_CT_TEST_FIXTURE();
 
 fixture->sct_list = sk_SCT_new_null();
+if (fixture->sct_list == NULL)
+   return 0;
+
 if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id,
 CT_LOG_ENTRY_TYPE_X509, timestamp,
 extensions, signature)))
diff --git a/test/evp_test.c b/test/evp_test.c
index 47d4e6c878..f2b0924e2f 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -574,7 +574,9 @@ static int cipher_test_init(EVP_TEST *t, const char *alg)
 }
 ERR_clear_last_mark();
 
-cdat = OPENSSL_zalloc(sizeof(*cdat));
+if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat
+return 0;
+
 cdat->cipher = cipher;
 cdat->fetched_cipher = fetched_cipher;
 cdat->enc = -1;
@@ -1175,7 +1177,9 @@ static int mac_test_init(EVP_TEST *t, const char *alg)
 return 0;
 }
 
-mdat = OPENSSL_zalloc(sizeof(*mdat));
+if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat
+return 0;
+
 mdat->type = type;
 mdat->mac_name = OPENSSL_strdup(alg);
 mdat->mac = mac;

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  e293979b2c23712769bf9c655e8a440bf2d3d44f (commit)
  from  45036df45048c6498efa49d3572869830d05df45 (commit)


- Log -
commit e293979b2c23712769bf9c655e8a440bf2d3d44f
Author: Hubert Kario 
Date:   Thu Jan 20 17:35:18 2022 +0100

s_server: correctly handle 2^14 byte long records

as the code uses BIO_gets, and it always null terminates the
strings it reads, when it reads a record 2^14 byte long, it actually
returns 2^14-1 bytes to the calling application, in general it returns
size-1 bytes to the caller

This makes the code sub-optimal (as every 2^14 record will need two
BIO_gets() calls) and makes it impossible to use -rev option to test
all plaintext lengths (like in openssl#15706)

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17553)

---

Summary of changes:
 apps/s_server.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index d95bf14cbf..813c56592c 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, int prot, unsigned 
char *context)
 /* Set width for a select call if needed */
 width = s + 1;
 
-buf = app_malloc(bufsize, "server www buffer");
+/* as we use BIO_gets(), and it always null terminates data, we need
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+buf = app_malloc(bufsize + 1, "server www buffer");
 io = BIO_new(BIO_f_buffer());
 ssl_bio = BIO_new(BIO_f_ssl());
 if ((io == NULL) || (ssl_bio == NULL))
@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, int prot, unsigned 
char *context)
 }
 
 for (;;) {
-i = BIO_gets(io, buf, bufsize - 1);
+i = BIO_gets(io, buf, bufsize + 1);
 if (i < 0) {/* error */
 if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
 if (!s_quiet)
@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, int prot, unsigned 
char *context)
  * we're expecting to come from the client. If they haven't
  * sent one there's not much we can do.
  */
-BIO_gets(io, buf, bufsize - 1);
+BIO_gets(io, buf, bufsize + 1);
 }
 
 BIO_puts(io,
@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, int prot, unsigned 
char *context)
 SSL *con;
 BIO *io, *ssl_bio, *sbio;
 
-buf = app_malloc(bufsize, "server rev buffer");
+/* as we use BIO_gets(), and it always null terminates data, we need
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+buf = app_malloc(bufsize + 1, "server rev buffer");
 io = BIO_new(BIO_f_buffer());
 ssl_bio = BIO_new(BIO_f_ssl());
 if ((io == NULL) || (ssl_bio == NULL))
@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, int prot, unsigned 
char *context)
 print_ssl_summary(con);
 
 for (;;) {
-i = BIO_gets(io, buf, bufsize - 1);
+i = BIO_gets(io, buf, bufsize + 1);
 if (i < 0) {/* error */
 if (!BIO_should_retry(io)) {
 if (!s_quiet)

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  45036df45048c6498efa49d3572869830d05df45 (commit)
  from  9d0a228ae2c2af274995566ae79f3b07c2937069 (commit)


- Log -
commit 45036df45048c6498efa49d3572869830d05df45
Author: Todd Short 
Date:   Thu Jan 20 14:38:33 2022 -0500

`make clean` should clean up fips provider shared object.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17556)

---

Summary of changes:
 Configurations/unix-Makefile.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 52d2f6a64e..6d4039c33f 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -582,7 +582,7 @@ clean: libclean
$(RM) $(MANDOCS3)
$(RM) $(MANDOCS5)
$(RM) $(MANDOCS7)
-   $(RM) $(PROGRAMS) $(TESTPROGS) $(MODULES) $(SCRIPTS)
+   $(RM) $(PROGRAMS) $(TESTPROGS) $(MODULES) $(FIPSMODULE) $(SCRIPTS)
$(RM) $(GENERATED_MANDATORY) $(GENERATED)
-find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d 
-exec $(RM) {} \;
-find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d 
-exec $(RM) {} \;

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  9d0a228ae2c2af274995566ae79f3b07c2937069 (commit)
  from  a28dbfe7c84b6a43746d0e2ef4153e2a13067c4a (commit)


- Log -
commit 9d0a228ae2c2af274995566ae79f3b07c2937069
Author: Pauli 
Date:   Fri Jan 21 17:09:46 2022 +1100

self_test.h: fix the C++ wrapping

Fixes #17557

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17562)

(cherry picked from commit 1bfd20f08c042072cae44a9eb81626cbfff81116)

---

Summary of changes:
 include/openssl/self_test.h | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
index 77c600a0d1..6d6c96abf8 100644
--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@@ -73,10 +73,6 @@ extern "C" {
 # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND   "TLS13_KDF_EXPAND"
 # define OSSL_SELF_TEST_DESC_RNG"RNG"
 
-# ifdef __cplusplus
-}
-# endif
-
 void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb,
  void *cbarg);
 void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb,
@@ -90,4 +86,7 @@ void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char 
*type,
 int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes);
 void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret);
 
+# ifdef __cplusplus
+}
+# endif
 #endif /* OPENSSL_SELF_TEST_H */

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  a28dbfe7c84b6a43746d0e2ef4153e2a13067c4a (commit)
   via  4d5447fe9222a72f6289fcb9c09b7daa91e528a9 (commit)
  from  3d046c4d047a55123beeceffe9f8bae09159445e (commit)


- Log -
commit a28dbfe7c84b6a43746d0e2ef4153e2a13067c4a
Author: Gerd Hoffmann 
Date:   Wed Jan 12 10:30:15 2022 +0100

crypto/bio: drop float formating for UEFI

Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.

Avoid those problems by not compiling the formating code for floating
point numbers.

Signed-off-by: Gerd Hoffmann 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17547)

(cherry picked from commit f59d72f027da90edcccad5cc78c94d3099fadecf)

commit 4d5447fe9222a72f6289fcb9c09b7daa91e528a9
Author: Gerd Hoffmann 
Date:   Wed Jan 12 12:35:16 2022 +0100

Revert "crypto/bio: fix build on UEFI"

This reverts commit 328bf5adf9e23da523d4195db309083aa02403c4.

Turned out it isn't that simple, the fix is incomplete.
So revert and try again with another approach.

Signed-off-by: Gerd Hoffmann 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17547)

(cherry picked from commit 619c9bad41d041bab2ac6ba3933d526b48ceee2a)

---

Summary of changes:
 crypto/bio/bio_print.c | 27 +++
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/crypto/bio/bio_print.c b/crypto/bio/bio_print.c
index 60b28c61ff..101c2a841a 100644
--- a/crypto/bio/bio_print.c
+++ b/crypto/bio/bio_print.c
@@ -32,8 +32,10 @@ static int fmtstr(char **, char **, size_t *, size_t *,
   const char *, int, int, int);
 static int fmtint(char **, char **, size_t *, size_t *,
   int64_t, int, int, int, int);
+#ifndef OPENSSL_SYS_UEFI
 static int fmtfp(char **, char **, size_t *, size_t *,
  LDOUBLE, int, int, int, int);
+#endif
 static int doapr_outch(char **, char **, size_t *, size_t *, int);
 static int _dopr(char **sbuffer, char **buffer,
  size_t *maxlen, size_t *retlen, int *truncated,
@@ -89,7 +91,9 @@ _dopr(char **sbuffer,
 {
 char ch;
 int64_t value;
+#ifndef OPENSSL_SYS_UEFI
 LDOUBLE fvalue;
+#endif
 char *strvalue;
 int min;
 int max;
@@ -260,6 +264,7 @@ _dopr(char **sbuffer,
 min, max, flags))
 return 0;
 break;
+#ifndef OPENSSL_SYS_UEFI
 case 'f':
 if (cflags == DP_C_LDOUBLE)
 fvalue = va_arg(args, LDOUBLE);
@@ -293,6 +298,16 @@ _dopr(char **sbuffer,
flags, G_FORMAT))
 return 0;
 break;
+#else
+case 'f':
+case 'E':
+case 'e':
+case 'G':
+case 'g':
+/* not implemented for UEFI */
+ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED);
+return 0;
+#endif
 case 'c':
 if (!doapr_outch(sbuffer, buffer, , maxlen,
  va_arg(args, int)))
@@ -513,11 +528,9 @@ fmtint(char **sbuffer,
 return 1;
 }
 
-#ifdef OPENSSL_SYS_UEFI
-static LDOUBLE EFIAPI abs_val(LDOUBLE value)
-#else
+#ifndef OPENSSL_SYS_UEFI
+
 static LDOUBLE abs_val(LDOUBLE value)
-#endif
 {
 LDOUBLE result = value;
 if (value < 0)
@@ -525,11 +538,7 @@ static LDOUBLE abs_val(LDOUBLE value)
 return result;
 }
 
-#ifdef OPENSSL_SYS_UEFI
-static LDOUBLE EFIAPI pow_10(int in_exp)
-#else
 static LDOUBLE pow_10(int in_exp)
-#endif
 {
 LDOUBLE result = 1;
 while (in_exp) {
@@ -816,6 +825,8 @@ fmtfp(char **sbuffer,
 return 1;
 }
 
+#endif /* OPENSSL_SYS_UEFI */
+
 #define BUFFER_INC  1024
 
 static int

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  3d046c4d047a55123beeceffe9f8bae09159445e (commit)
  from  ca048994ae1431965a068b17e1f17afa2345e1f5 (commit)


- Log -
commit 3d046c4d047a55123beeceffe9f8bae09159445e
Author: yangyangtiantianlonglong 
Date:   Wed Jan 19 11:19:52 2022 +0800

Fix the same BIO_FLAGS macro definition

Also add comment to the public header to avoid
making another conflict in future.

Fixes #17545

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17546)

(cherry picked from commit e278f18563dd3dd67c00200ee30402f48023c6ef)

---

Summary of changes:
 include/internal/bio.h   | 2 +-
 include/openssl/bio.h.in | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/internal/bio.h b/include/internal/bio.h
index 2d36a7b980..02f7222ab4 100644
--- a/include/internal/bio.h
+++ b/include/internal/bio.h
@@ -48,9 +48,9 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t 
*read);
  * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next.
  * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving.
  */
-# define BIO_FLAGS_KTLS_TX  0x800
 # define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000
 # define BIO_FLAGS_KTLS_RX  0x2000
+# define BIO_FLAGS_KTLS_TX  0x4000
 
 /* KTLS related controls and flags */
 # define BIO_set_ktls_flag(b, is_tx) \
diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
index 2c65b7e1a7..686dad3099 100644
--- a/include/openssl/bio.h.in
+++ b/include/openssl/bio.h.in
@@ -209,6 +209,8 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF0x800
 
+/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags 
*/
+
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
 

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  ca048994ae1431965a068b17e1f17afa2345e1f5 (commit)
  from  078439d78d1d1435f0ebaf97819daa38a8c81ad5 (commit)


- Log -
commit ca048994ae1431965a068b17e1f17afa2345e1f5
Author: Tobias Nießen 
Date:   Mon Jan 17 15:31:39 2022 +

Clarify flags argument of X509_check_ip

Because no supported flag affects the behavior of X509_check_ip, the
flags argument currently has no effect.

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17536)

(cherry picked from commit 2d280fe016a98b57d488f42fd3941bcd61407c5a)

---

Summary of changes:
 doc/man3/X509_check_host.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod
index 9002fb22e6..1edf725a51 100644
--- a/doc/man3/X509_check_host.pod
+++ b/doc/man3/X509_check_host.pod
@@ -62,7 +62,8 @@ X509_check_ip() checks if the certificate matches a specified 
IPv4 or
 IPv6 address.  The B array is in binary format, in network
 byte order.  The length is either 4 (IPv4) or 16 (IPv6).  Only
 explicitly marked addresses in the certificates are considered; IP
-addresses stored in DNS names and Common Names are ignored.
+addresses stored in DNS names and Common Names are ignored. There are
+currently no B that would affect the behavior of this call.
 
 X509_check_ip_asc() is similar, except that the NUL-terminated
 string B is first converted to the internal representation.

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  078439d78d1d1435f0ebaf97819daa38a8c81ad5 (commit)
  from  174adc705c2c3921cb3da34ce11641c159bd139b (commit)


- Log -
commit 078439d78d1d1435f0ebaf97819daa38a8c81ad5
Author: Pauli 
Date:   Thu Jan 13 12:19:23 2022 +1100

ssl: better support TSAN operations

For platforms that do not have native TSAN support, locking needs to be used
instead.  This adds the locking.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17489)

(cherry picked from commit acce055778ecbf72e06a254b3a9bf2a2907e5170)

---

Summary of changes:
 ssl/ssl_lib.c| 47 +++
 ssl/ssl_local.h  | 30 ++
 ssl/ssl_sess.c   | 11 ++-
 ssl/statem/extensions.c  | 13 +++--
 ssl/statem/statem_clnt.c |  2 +-
 ssl/statem/statem_lib.c  | 17 ++---
 6 files changed, 93 insertions(+), 27 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f3993f0bc3..14030f8ebc 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2451,6 +2451,17 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
 return ctx->sessions;
 }
 
+static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat)
+{
+int res = 0;
+
+if (ssl_tsan_lock(ctx)) {
+res = tsan_load(stat);
+ssl_tsan_unlock(ctx);
+}
+return res;
+}
+
 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 {
 long l;
@@ -2506,27 +2517,27 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, 
void *parg)
 case SSL_CTRL_SESS_NUMBER:
 return lh_SSL_SESSION_num_items(ctx->sessions);
 case SSL_CTRL_SESS_CONNECT:
-return tsan_load(>stats.sess_connect);
+return ssl_tsan_load(ctx, >stats.sess_connect);
 case SSL_CTRL_SESS_CONNECT_GOOD:
-return tsan_load(>stats.sess_connect_good);
+return ssl_tsan_load(ctx, >stats.sess_connect_good);
 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
-return tsan_load(>stats.sess_connect_renegotiate);
+return ssl_tsan_load(ctx, >stats.sess_connect_renegotiate);
 case SSL_CTRL_SESS_ACCEPT:
-return tsan_load(>stats.sess_accept);
+return ssl_tsan_load(ctx, >stats.sess_accept);
 case SSL_CTRL_SESS_ACCEPT_GOOD:
-return tsan_load(>stats.sess_accept_good);
+return ssl_tsan_load(ctx, >stats.sess_accept_good);
 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
-return tsan_load(>stats.sess_accept_renegotiate);
+return ssl_tsan_load(ctx, >stats.sess_accept_renegotiate);
 case SSL_CTRL_SESS_HIT:
-return tsan_load(>stats.sess_hit);
+return ssl_tsan_load(ctx, >stats.sess_hit);
 case SSL_CTRL_SESS_CB_HIT:
-return tsan_load(>stats.sess_cb_hit);
+return ssl_tsan_load(ctx, >stats.sess_cb_hit);
 case SSL_CTRL_SESS_MISSES:
-return tsan_load(>stats.sess_miss);
+return ssl_tsan_load(ctx, >stats.sess_miss);
 case SSL_CTRL_SESS_TIMEOUTS:
-return tsan_load(>stats.sess_timeout);
+return ssl_tsan_load(ctx, >stats.sess_timeout);
 case SSL_CTRL_SESS_CACHE_FULL:
-return tsan_load(>stats.sess_cache_full);
+return ssl_tsan_load(ctx, >stats.sess_cache_full);
 case SSL_CTRL_MODE:
 return (ctx->mode |= larg);
 case SSL_CTRL_CLEAR_MODE:
@@ -3199,6 +3210,14 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char 
*propq,
 return NULL;
 }
 
+#ifdef TSAN_REQUIRES_LOCKING
+ret->tsan_lock = CRYPTO_THREAD_lock_new();
+if (ret->tsan_lock == NULL) {
+ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+goto err;
+}
+#endif
+
 ret->libctx = libctx;
 if (propq != NULL) {
 ret->propq = OPENSSL_strdup(propq);
@@ -3465,6 +3484,9 @@ void SSL_CTX_free(SSL_CTX *a)
 OPENSSL_free(a->sigalg_lookup_cache);
 
 CRYPTO_THREAD_lock_free(a->lock);
+#ifdef TSAN_REQUIRES_LOCKING
+CRYPTO_THREAD_lock_free(a->tsan_lock);
+#endif
 
 OPENSSL_free(a->propq);
 
@@ -3733,11 +3755,12 @@ void ssl_update_cache(SSL *s, int mode)
 /* auto flush every 255 connections */
 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
 TSAN_QUALIFIER int *stat;
+
 if (mode & SSL_SESS_CACHE_CLIENT)
 stat = >session_ctx->stats.sess_connect_good;
 else
 stat = >session_ctx->stats.sess_accept_good;
-if ((tsan_load(stat) & 0xff) == 0xff)
+if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff)
 SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
 }
 }
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index ce93049180..9f119a9d79 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -898,6 +898,9 @@ struct ssl_ctx_st {
  

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  174adc705c2c3921cb3da34ce11641c159bd139b (commit)
  from  5f7757265bfd7ccdf1973bf09f9d72634ea70949 (commit)


- Log -
commit 174adc705c2c3921cb3da34ce11641c159bd139b
Author: Tomas Mraz 
Date:   Fri Jan 14 16:19:33 2022 +0100

dh_exch.c: Correct gettable parameters for DH key exchange

Fixes #17510

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17515)

(cherry picked from commit c1167f09d840b109ef1c1c1485e3de64be2fc625)

---

Summary of changes:
 providers/implementations/exchange/dh_exch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/implementations/exchange/dh_exch.c 
b/providers/implementations/exchange/dh_exch.c
index ea05b3177e..cd92f26957 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -414,12 +414,12 @@ static const OSSL_PARAM 
*dh_settable_ctx_params(ossl_unused void *vpdhctx,
 }
 
 static const OSSL_PARAM known_gettable_ctx_params[] = {
-OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL),
 OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0),
 OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0),
 OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL),
 OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR,
 NULL, 0),
+OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0),
 OSSL_PARAM_END
 };
 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  5f7757265bfd7ccdf1973bf09f9d72634ea70949 (commit)
  from  454358be49b55c313fe3781bc6f5f6c644787f87 (commit)


- Log -
commit 5f7757265bfd7ccdf1973bf09f9d72634ea70949
Author: Kevin Jones 
Date:   Sat Jan 15 01:38:41 2022 +

Fix mistake in ERR_peek_error_all documentation.

The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17522)

(cherry picked from commit f242ce9817157817b19ccb303fd436fe487539b3)

---

Summary of changes:
 doc/man3/ERR_get_error.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod
index 6518458907..924c650184 100644
--- a/doc/man3/ERR_get_error.pod
+++ b/doc/man3/ERR_get_error.pod
@@ -31,7 +31,7 @@ ERR_get_error_line_data, ERR_peek_error_line_data, 
ERR_peek_last_error_line_data
  const char **func,
  const char **data, int *flags);
  unsigned long ERR_peek_error_all(const char **file, int *line,
-  const char *func,
+  const char **func,
   const char **data, int *flags);
  unsigned long ERR_peek_last_error_all(const char **file, int *line,
const char *func,

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  454358be49b55c313fe3781bc6f5f6c644787f87 (commit)
  from  67397a6aeda3383bdc7c7165d8c0efe9423cc7a9 (commit)


- Log -
commit 454358be49b55c313fe3781bc6f5f6c644787f87
Author: Tomas Mraz 
Date:   Thu Jan 13 18:07:08 2022 +0100

bn_ppc.c: Fix build failure on AIX with XLC/XLCLANG

These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.

Fixes #17087

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17497)

(cherry picked from commit cfbb5fcf4424395a1a23751556ea12c56b80b57e)

---

Summary of changes:
 crypto/bn/bn_ppc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
index 05c0c4cb92..5424c25d47 100644
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@@ -40,7 +40,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const 
BN_ULONG *bp,
  * no opportunity to figure it out...
  */
 
-#if defined(_ARCH_PPC64)
+#if defined(_ARCH_PPC64) && !defined(__ILP32__)
 if (num == 6) {
 if (OPENSSL_ppccap_P & PPC_MADD300)
 return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  67397a6aeda3383bdc7c7165d8c0efe9423cc7a9 (commit)
  from  8bb90f43aa732efb9530edc2ab3767b228d5d9da (commit)


- Log -
commit 67397a6aeda3383bdc7c7165d8c0efe9423cc7a9
Author: Tomas Mraz 
Date:   Thu Jan 13 19:02:31 2022 +0100

dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid

And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit 59d3fd1cc8c938daa6384783a7e5847d6f5201f7)

---

Summary of changes:
 test/dhtest.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/test/dhtest.c b/test/dhtest.c
index 71c95b186f..ce94999f7d 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -744,6 +744,33 @@ static int dh_rfc5114_fix_nid_test(void)
 /* Tested function is called here */
 if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3), 1))
 goto err;
+/* Negative test */
+if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 99), 0))
+goto err;
+/* If we're still running then the test passed. */
+ok = 1;
+err:
+EVP_PKEY_CTX_free(paramgen_ctx);
+return ok;
+}
+
+static int dh_set_dh_nid_test(void)
+{
+int ok = 0;
+EVP_PKEY_CTX *paramgen_ctx;
+
+/* Run the test. Success is any time the test does not cause a SIGSEGV 
interrupt */
+paramgen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, 0);
+if (!TEST_ptr(paramgen_ctx))
+goto err;
+if (!TEST_int_eq(EVP_PKEY_paramgen_init(paramgen_ctx), 1))
+goto err;
+/* Tested function is called here */
+if (!TEST_int_eq(EVP_PKEY_CTX_set_dh_nid(paramgen_ctx, NID_ffdhe2048), 1))
+goto err;
+/* Negative test */
+if (!TEST_int_eq(EVP_PKEY_CTX_set_dh_nid(paramgen_ctx, NID_secp521r1), 0))
+goto err;
 /* If we're still running then the test passed. */
 ok = 1;
 err:
@@ -898,6 +925,7 @@ int setup_tests(void)
 ADD_TEST(dh_get_nid);
 ADD_TEST(dh_load_pkcs3_namedgroup_privlen_test);
 ADD_TEST(dh_rfc5114_fix_nid_test);
+ADD_TEST(dh_set_dh_nid_test);
 #endif
 return 1;
 }

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  8bb90f43aa732efb9530edc2ab3767b228d5d9da (commit)
   via  554addd65b6ce9ee0b8f1d6c4115ef192d693f4f (commit)
  from  ba4f941b081897747e8432296cd14bebafc97920 (commit)


- Log -
commit 8bb90f43aa732efb9530edc2ab3767b228d5d9da
Author: Tomas Mraz 
Date:   Thu Jan 13 19:01:33 2022 +0100

Do not call ossl_ffc_name_to_dh_named_group with NULL argument

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)

commit 554addd65b6ce9ee0b8f1d6c4115ef192d693f4f
Author: Tomas Mraz 
Date:   Thu Jan 13 19:00:13 2022 +0100

Properly return error on EVP_PKEY_CTX_set_dh_nid and 
EVP_PKEY_CTX_set_dhx_rfc5114

Fixes #17485

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8)

---

Summary of changes:
 crypto/evp/ctrl_params_translate.c   | 23 +--
 crypto/ffc/ffc_backend.c |  1 +
 providers/implementations/keymgmt/dh_kmgmt.c |  1 +
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/crypto/evp/ctrl_params_translate.c 
b/crypto/evp/ctrl_params_translate.c
index f6a2d1d0f8..3dd3e8f995 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1004,8 +1004,11 @@ static int fix_dh_nid(enum state state,
 return 0;
 
 if (state == PRE_CTRL_TO_PARAMS) {
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(ctx->p1));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
 ctx->p1 = 0;
 }
 
@@ -1028,16 +1031,24 @@ static int fix_dh_nid5114(enum state state,
 
 switch (state) {
 case PRE_CTRL_TO_PARAMS:
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(ctx->p1));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
+
 ctx->p1 = 0;
 break;
 
 case PRE_CTRL_STR_TO_PARAMS:
 if (ctx->p2 == NULL)
 return 0;
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2 == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
+
 ctx->p1 = 0;
 break;
 
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index b227186934..b387f966cc 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -37,6 +37,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const 
OSSL_PARAM params[])
 const DH_NAMED_GROUP *group = NULL;
 
 if (prm->data_type != OSSL_PARAM_UTF8_STRING
+|| prm->data == NULL
 || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL
 || !ossl_ffc_named_group_set_pqg(ffc, group))
 #endif
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c 
b/providers/implementations/keymgmt/dh_kmgmt.c
index 98eb882e3f..ab8ef3ac52 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -532,6 +532,7 @@ static int dh_gen_common_set_params(void *genctx, const 
OSSL_PARAM params[])
 const DH_NAMED_GROUP *group = NULL;
 
 if (p->data_type != OSSL_PARAM_UTF8_STRING
+|| p->data == NULL
 || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL
 || ((gctx->group_nid =
  ossl_ffc_named_group_get_uid(group)) == NID_undef)) {

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  ba4f941b081897747e8432296cd14bebafc97920 (commit)
  from  63c0fbcf865a711161feccd90aec9bf2e0e49199 (commit)


- Log -
commit ba4f941b081897747e8432296cd14bebafc97920
Author: EasySec 
Date:   Thu Jan 13 23:30:30 2022 +0100

Fix typo in SSL_CTX_set_dh_auto

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17499)

(cherry picked from commit 144316d276adf5b8172316f7bc20b372b8e31ac8)

---

Summary of changes:
 doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 
b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
index aacf82a80f..4340989976 100644
--- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
@@ -11,7 +11,7 @@ SSL_set_tmp_dh_callback, SSL_set_tmp_dh
 
  #include 
 
- long SSL_CTX_set_dh_auto(SSL *s, int onoff);
+ long SSL_CTX_set_dh_auto(SSL_CTX *ctx, int onoff);
  long SSL_set_dh_auto(SSL *s, int onoff);
  int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey);
  int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey);

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  63c0fbcf865a711161feccd90aec9bf2e0e49199 (commit)
  from  a8779af2f5cb76ac2563c28c1fdbdf314f0a6ebb (commit)


- Log -
commit 63c0fbcf865a711161feccd90aec9bf2e0e49199
Author: Dmytro Podgornyi 
Date:   Wed Jan 12 19:25:23 2022 +0200

ssl/t1_enc: Fix kTLS RX offload path

During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.

CLA: trivial

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17492)

(cherry picked from commit d73a7a3a71270aaadb4e4e678ae9bd3cef8b9cbd)

---

Summary of changes:
 ssl/t1_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 51688d4f2e..101cba6490 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -122,7 +122,7 @@ static int count_unprocessed_records(SSL *s)
 return -1;
 
 /* Read until next record */
-if (PACKET_get_length_prefixed_2(, ))
+if (!PACKET_get_length_prefixed_2(, ))
 return -1;
 
 count += 1;

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  a8779af2f5cb76ac2563c28c1fdbdf314f0a6ebb (commit)
  from  46670c739d1f28c874b900e93952173d9846bec9 (commit)


- Log -
commit a8779af2f5cb76ac2563c28c1fdbdf314f0a6ebb
Author: manison 
Date:   Wed Jan 12 20:53:48 2022 +0100

EVP: fix evp_keymgmt_util_match so that it actually tries cross export the 
other way if the first attempt fails

Fixes #17482

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17487)

(cherry picked from commit 37b850738cbab74413d41033b2a4df1d69e1fa4a)

---

Summary of changes:
 crypto/evp/keymgmt_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index 2a73e9a2be..05c4e97957 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -370,7 +370,7 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, 
int selection)
  * but also to determine if we should attempt a cross export
  * the other way.  There's no point doing it both ways.
  */
-int ok = 1;
+int ok = 0;
 
 /* Complex case, where the keymgmt differ */
 if (keymgmt1 != NULL

[openssl] openssl-3.0 update

[Matt Caswell]

The branch openssl-3.0 has been updated
   via  46670c739d1f28c874b900e93952173d9846bec9 (commit)
  from  2ee3e38f8f456db4b5afb023ae0472ff79204369 (commit)


- Log -
commit 46670c739d1f28c874b900e93952173d9846bec9
Author: Shreenidhi Shedi 
Date:   Wed Jan 12 20:55:38 2022 +0530

Add a comment to indicate ineffective macro

EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards

CLA: trivial

Signed-off-by: Shreenidhi Shedi 

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17484)

(cherry picked from commit 79704a88eb5aa70fa506e3e59a29fcda21f428af)

---

Summary of changes:
 include/openssl/evp.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 1850381720..be57127e36 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -205,8 +205,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX 
*ctx, int cmd,
  * don't accidentally reuse the values for other purposes.
  */
 
-# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008/* Allow use of non FIPS
-* digest in FIPS mode */
+/* This flag has no effect from openssl-3.0 onwards */
+# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008
 
 /*
  * The following PAD options are also currently ignored in 1.0.0, digest

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  2ee3e38f8f456db4b5afb023ae0472ff79204369 (commit)
  from  941c877bdb71038f6beeaf416d9b7b7951ff1f19 (commit)


- Log -
commit 2ee3e38f8f456db4b5afb023ae0472ff79204369
Author: Pauli 
Date:   Thu Jan 13 12:30:59 2022 +1100

coverity 1497107: dereference after null check

Add null checks to avoid dereferencing a pointer that could be null.

Reviewed-by: Tim Hudson 
Reviewed-by: Tomas Mraz 
Reviewed-by: David von Oheimb 
(Merged from https://github.com/openssl/openssl/pull/17488)

---

Summary of changes:
 apps/lib/apps.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 25a6b6bcc3..07dd4550f2 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -696,10 +696,13 @@ int load_cert_certs(const char *uri,
 if (ret) {
 if (pcert != NULL)
 warn_cert(uri, *pcert, 0, vpm);
-warn_certs(uri, *pcerts, 1, vpm);
+if (pcerts != NULL)
+warn_certs(uri, *pcerts, 1, vpm);
 } else {
-sk_X509_pop_free(*pcerts, X509_free);
-*pcerts = NULL;
+if (pcerts != NULL) {
+sk_X509_pop_free(*pcerts, X509_free);
+*pcerts = NULL;
+}
 }
 return ret;
 }

[openssl] openssl-3.0 update

[beldmit]

The branch openssl-3.0 has been updated
   via  941c877bdb71038f6beeaf416d9b7b7951ff1f19 (commit)
  from  21467ec273818e70a05ddece1019a13796c0fd26 (commit)


- Log -
commit 941c877bdb71038f6beeaf416d9b7b7951ff1f19
Author: Dmitry Belyavskiy 
Date:   Wed Jan 12 16:54:45 2022 +0100

Cleansing all the temporary data for s390x

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17486)

(cherry picked from commit 79c7acc59bb98c2b8451b048ed1dd8cc517df76e)

---

Summary of changes:
 crypto/ec/ecp_s390x_nistp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index 5c70b2d678..c5726c638b 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -116,7 +116,7 @@ ret:
 /* Otherwise use default. */
 if (rc == -1)
 rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
+OPENSSL_cleanse(param, sizeof(param));
 BN_CTX_end(ctx);
 BN_CTX_free(new_ctx);
 return rc;
@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned 
char *dgst,
 
 ok = 1;
 ret:
-OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
+OPENSSL_cleanse(param, sizeof(param));
 if (ok != 1) {
 ECDSA_SIG_free(sig);
 sig = NULL;

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  21467ec273818e70a05ddece1019a13796c0fd26 (commit)
  from  16535ba9b86dcb99558201e66613f018fb1d3f65 (commit)


- Log -
commit 21467ec273818e70a05ddece1019a13796c0fd26
Author: Tomas Mraz 
Date:   Wed Jan 12 09:55:43 2022 +0100

test_gendhparam: Drop expected error output

Otherwise it sometimes confuses the TAP parser.

Fixes #17480

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17481)

(cherry picked from commit 3bfb7239daf3d6a89476e163dc925c641d356729)

---

Summary of changes:
 test/recipes/15-test_gendhparam.t | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/test/recipes/15-test_gendhparam.t 
b/test/recipes/15-test_gendhparam.t
index b5fe644889..b95695b4dc 100644
--- a/test/recipes/15-test_gendhparam.t
+++ b/test/recipes/15-test_gendhparam.t
@@ -140,9 +140,17 @@ foreach my $test (@testdata) {
 push(@pkeyopts, '-pkeyopt');
 push(@pkeyopts, $_);
 }
-my @lines = run(app(['openssl', 'genpkey', '-genparam',
+my @lines;
+if ($expected[0] eq 'ERROR') {
+@lines = run(app(['openssl', 'genpkey', '-genparam',
+  '-algorithm', $alg, '-text', @pkeyopts],
+ stderr => undef),
+ capture => 1);
+} else {
+@lines = run(app(['openssl', 'genpkey', '-genparam',
   '-algorithm', $alg, '-text', @pkeyopts]),
-capture => 1);
+ capture => 1);
+}
 ok(compareline(\@lines, \@expected), $msg);
 }
 

[openssl] openssl-3.0 update

[Matt Caswell]

The branch openssl-3.0 has been updated
   via  16535ba9b86dcb99558201e66613f018fb1d3f65 (commit)
  from  589e0ab4ebf35e1e73d826ad08160b9e6060e616 (commit)


- Log -
commit 16535ba9b86dcb99558201e66613f018fb1d3f65
Author: Matt Caswell 
Date:   Tue Jan 11 17:13:39 2022 +

Clear md_data only when necessary

PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17473)

(cherry picked from commit 8086b267fb3395c53cd5fc29eea68ba4826b333d)

---

Summary of changes:
 crypto/evp/digest.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index eb6ccfaca2..066f2a4af9 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -33,9 +33,10 @@ static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
 ctx->digest->cleanup(ctx);
 if (ctx->md_data != NULL && ctx->digest->ctx_size > 0
 && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)
-|| force))
+|| force)) {
 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
-ctx->md_data = NULL;
+ctx->md_data = NULL;
+}
 }
 }
 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  589e0ab4ebf35e1e73d826ad08160b9e6060e616 (commit)
   via  d1a488e944275a1b5db50ce02c1593aedb37c1f9 (commit)
   via  a69b93afd26d8da664e19847432cebe3c7d3fbb3 (commit)
   via  cc05c3ea8c585eb58a46602f94c59e3c17f4383d (commit)
   via  d1ec05915686019eec8fa8de9890292980fc5d6e (commit)
   via  3517a3e055d3ed27b70441e2ee087fbb709b58da (commit)
  from  cca25d5eb83b56ae27d81bd72bebf69c2f393e43 (commit)


- Log -
commit 589e0ab4ebf35e1e73d826ad08160b9e6060e616
Author: Pauli 
Date:   Wed Jan 12 15:01:17 2022 +1100

drbg: add handling for cases where TSAN isn't available

Most of the DRGB code is run under lock from the EVP layer.  This is relied
on to make the majority of TSAN operations safe.  However, it is still 
necessary
to enable locking for all DRBGs created.

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17479)

commit d1a488e944275a1b5db50ce02c1593aedb37c1f9
Author: Pauli 
Date:   Wed Jan 12 14:45:07 2022 +1100

lhash: use lock when TSAN not available for statistics gathering

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17479)

commit a69b93afd26d8da664e19847432cebe3c7d3fbb3
Author: Pauli 
Date:   Wed Jan 12 14:25:46 2022 +1100

mem: do not produce usage counts when tsan is unavailable.

Doing the tsan operations under lock would be difficult to arrange here 
(locks
require memory allocation).

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17479)

commit cc05c3ea8c585eb58a46602f94c59e3c17f4383d
Author: Pauli 
Date:   Wed Jan 12 14:22:23 2022 +1100

core namemap: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17479)

commit d1ec05915686019eec8fa8de9890292980fc5d6e
Author: Pauli 
Date:   Wed Jan 12 13:26:38 2022 +1100

tsan: make detecting the need for locking when using tsan easier

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17479)

commit 3517a3e055d3ed27b70441e2ee087fbb709b58da
Author: Pauli 
Date:   Wed Jan 12 14:24:49 2022 +1100

threadstest: add write check to lock checking

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17479)

---

Summary of changes:
 crypto/core_namemap.c  | 15 --
 crypto/lhash/lh_stats.c| 25 
 crypto/lhash/lhash.c   | 55 ++
 crypto/lhash/lhash_local.h |  3 ++
 crypto/mem.c   | 14 ++---
 include/internal/tsan_assist.h |  8 -
 providers/implementations/rands/drbg.c |  4 +++
 test/threadstest.c |  2 ++
 8 files changed, 95 insertions(+), 31 deletions(-)

diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index 2bee5ef194..6cb0ec5a06 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -37,11 +37,7 @@ struct ossl_namemap_st {
 CRYPTO_RWLOCK *lock;
 LHASH_OF(NAMENUM_ENTRY) *namenum;  /* Name->number mapping */
 
-#ifdef tsan_ld_acq
-TSAN_QUALIFIER int max_number; /* Current max number TSAN version */
-#else
-int max_number;/* Current max number plain version */
-#endif
+TSAN_QUALIFIER int max_number; /* Current max number */
 };
 
 /* LHASH callbacks */
@@ -99,10 +95,7 @@ static const OSSL_LIB_CTX_METHOD stored_namemap_method = {
 
 int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
 {
-#ifdef tsan_ld_acq
-/* Have TSAN support */
-return namemap == NULL || tsan_load(>max_number) == 0;
-#else
+#ifdef TSAN_REQUIRES_LOCKING
 /* No TSAN support */
 int rv;
 
@@ -114,6 +107,9 @@ int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
 rv = namemap->max_number == 0;
 CRYPTO_THREAD_unlock(namemap->lock);
 return rv;
+#else
+/* Have TSAN support */
+return namemap == NULL || tsan_load(>max_number) == 0;
 #endif
 }
 
@@ -260,6 +256,7 @@ static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int 
number,
 || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL)
 goto err;
 
+/* The tsan_counter use here is safe since we're under lock */
 namenum->number =
 number != 0 ? number : 1 + tsan_counter(>max_number);
 (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum);
diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
index 5e38c42580..0d4bc72608 100644
--- a/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
@@ -61,6 +61,14 @@ void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, 
FILE *fp)
 
 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
 {
+int omit_tsan = 0;
+
+#ifdef 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  cca25d5eb83b56ae27d81bd72bebf69c2f393e43 (commit)
  from  f7e71772becc0dba8a0cae9766b78ea42819b849 (commit)


- Log -
commit cca25d5eb83b56ae27d81bd72bebf69c2f393e43
Author: Pauli 
Date:   Wed Jan 12 12:28:29 2022 +1100

Avoid using a macro expansion in a macro when statically initialising

Circumvents a problem with ancient PA-RISC compilers on HP/UX.

Fixes #17477

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17478)

(cherry picked from commit 9c5d1451292566e546d5dd01c7f19950fa34391d)

---

Summary of changes:
 providers/fips/self_test_data.inc | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/providers/fips/self_test_data.inc 
b/providers/fips/self_test_data.inc
index dd39ab5252..f2c1af04b6 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -18,7 +18,7 @@
 { name, OSSL_PARAM_OCTET_STRING, ITM(data) }
 #define ST_KAT_PARAM_UTF8STRING(name, data)
\
 { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
-#define ST_KAT_PARAM_UTF8CHAR(name, data)\
+#define ST_KAT_PARAM_UTF8CHAR(name, data)  
\
 { name, OSSL_PARAM_UTF8_STRING, ITM(data) }
 #define ST_KAT_PARAM_INT(name, i)  
\
 { name, OSSL_PARAM_INTEGER, ITM(i) }
@@ -1291,9 +1291,15 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
 ST_KAT_PARAM_END()
 };
 
+/*-
+ * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
+ * HP/UX PA-RISC compilers.
+ */
+static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
+
 static const ST_KAT_PARAM rsa_enc_params[] = {
-ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
-OSSL_PKEY_RSA_PAD_MODE_NONE),
+ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
 ST_KAT_PARAM_END()
 };
 

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  f7e71772becc0dba8a0cae9766b78ea42819b849 (commit)
  from  3dcec2fb274235e938ce04f43e3e2f6d5743ae52 (commit)


- Log -
commit f7e71772becc0dba8a0cae9766b78ea42819b849
Author: Gerd Hoffmann 
Date:   Tue Jan 11 08:51:31 2022 +0100

drop unused callback variable

Signed-off-by: Gerd Hoffmann 

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17471)

(cherry picked from commit 64a644530e023d3064db9027b0977d33b1d2ad9a)

---

Summary of changes:
 crypto/evp/pmeth_gn.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index f9d001fdd0..e6bb48501f 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -128,7 +128,6 @@ static int ossl_callback_to_pkey_gencb(const OSSL_PARAM 
params[], void *arg)
 int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 {
 int ret = 0;
-OSSL_CALLBACK cb;
 EVP_PKEY *allocated_pkey = NULL;
 /* Legacy compatible keygen callback info, only used with provider impls */
 int gentmp[2];

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  3dcec2fb274235e938ce04f43e3e2f6d5743ae52 (commit)
  from  3755dc294d2e24b741e235550d063850464467cb (commit)


- Log -
commit 3dcec2fb274235e938ce04f43e3e2f6d5743ae52
Author: Tomas Mraz 
Date:   Mon Jan 10 17:09:59 2022 +0100

EVP_DigestSignFinal: *siglen should not be read if sigret == NULL

This fixes small regression from #16962.

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17460)

(cherry picked from commit a4e01187d3648d9ce99507097400902cf21f9b55)

---

Summary of changes:
 crypto/evp/m_sigver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 9188edbc21..7409780065 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -480,14 +480,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char 
*sigret,
 if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
 return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
  sigret, siglen,
- (siglen == NULL) ? 0 
: *siglen);
+ sigret == NULL ? 0 : 
*siglen);
 dctx = EVP_PKEY_CTX_dup(pctx);
 if (dctx == NULL)
 return 0;
 
 r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
   sigret, siglen,
-  (siglen == NULL) ? 0 : 
*siglen);
+  *siglen);
 EVP_PKEY_CTX_free(dctx);
 return r;
 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  3755dc294d2e24b741e235550d063850464467cb (commit)
  from  b64b8e39cfb5e89c0af8b9127a414cf529192846 (commit)


- Log -
commit 3755dc294d2e24b741e235550d063850464467cb
Author: Tomas Mraz 
Date:   Mon Jan 10 17:26:33 2022 +0100

pkeyutl: Fix regression with -kdflen option

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17461)

(cherry picked from commit b82fd89d8bae1445c89ec90d1a6145fe3216d2d7)

---

Summary of changes:
 apps/pkeyutl.c | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 73012e3069..891f2280e3 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -464,23 +464,23 @@ int pkeyutl_main(int argc, char **argv)
 }
 goto end;
 }
-if (kdflen != 0) {
-buf_outlen = kdflen;
-rv = 1;
+if (rawin) {
+/* rawin allocates the buffer in do_raw_keyop() */
+rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0,
+  _out, (size_t *)_outlen);
 } else {
-if (rawin) {
-/* rawin allocates the buffer in do_raw_keyop() */
-rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0,
-  _out, (size_t *)_outlen);
+if (kdflen != 0) {
+buf_outlen = kdflen;
+rv = 1;
 } else {
 rv = do_keyop(ctx, pkey_op, NULL, (size_t *)_outlen,
   buf_in, (size_t)buf_inlen);
-if (rv > 0 && buf_outlen != 0) {
-buf_out = app_malloc(buf_outlen, "buffer output");
-rv = do_keyop(ctx, pkey_op,
-  buf_out, (size_t *)_outlen,
-  buf_in, (size_t)buf_inlen);
-}
+}
+if (rv > 0 && buf_outlen != 0) {
+buf_out = app_malloc(buf_outlen, "buffer output");
+rv = do_keyop(ctx, pkey_op,
+  buf_out, (size_t *)_outlen,
+  buf_in, (size_t)buf_inlen);
 }
 }
 if (rv <= 0) {

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  b64b8e39cfb5e89c0af8b9127a414cf529192846 (commit)
  from  56de678e426e619f01e70247fa669c45986aa205 (commit)


- Log -
commit b64b8e39cfb5e89c0af8b9127a414cf529192846
Author: Matt Caswell 
Date:   Mon Jan 10 14:46:46 2022 +

Ensure we test fetching encoder/decoder/store loader with a query string

Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.

Reviewed-by: Tomas Mraz 
Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17459)

---

Summary of changes:
 test/provfetchtest.c | 19 +--
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/test/provfetchtest.c b/test/provfetchtest.c
index 95ae87910e..aae9b40057 100644
--- a/test/provfetchtest.c
+++ b/test/provfetchtest.c
@@ -225,6 +225,7 @@ static int dummy_provider_init(const OSSL_CORE_HANDLE 
*handle,
  * Test 1: Encoder
  * Test 2: Store loader
  * Test 3: EVP_RAND
+ * Test 4-7: As above, but additionally with a query string
  */
 static int fetch_test(int tst)
 {
@@ -236,6 +237,7 @@ static int fetch_test(int tst)
 OSSL_STORE_LOADER *loader = NULL;
 int testresult = 0;
 unsigned char buf[32];
+int query = tst > 3;
 
 if (!TEST_ptr(libctx))
 goto err;
@@ -246,24 +248,29 @@ static int fetch_test(int tst)
 || !TEST_ptr(dummyprov = OSSL_PROVIDER_load(libctx, "dummy-prov")))
 goto err;
 
-switch(tst) {
+switch (tst % 4) {
 case 0:
-decoder = OSSL_DECODER_fetch(libctx, "DUMMY", NULL);
+decoder = OSSL_DECODER_fetch(libctx, "DUMMY",
+ query ? "provider=dummy" : NULL);
 if (!TEST_ptr(decoder))
 goto err;
 break;
 case 1:
-encoder = OSSL_ENCODER_fetch(libctx, "DUMMY", NULL);
+encoder = OSSL_ENCODER_fetch(libctx, "DUMMY",
+ query ? "provider=dummy" : NULL);
 if (!TEST_ptr(encoder))
 goto err;
 break;
 case 2:
-loader = OSSL_STORE_LOADER_fetch(libctx, "DUMMY", NULL);
+loader = OSSL_STORE_LOADER_fetch(libctx, "DUMMY",
+ query ? "provider=dummy" : NULL);
 if (!TEST_ptr(loader))
 goto err;
 break;
 case 3:
-if (!TEST_true(RAND_set_DRBG_type(libctx, "DUMMY", NULL, NULL, NULL))
+if (!TEST_true(RAND_set_DRBG_type(libctx, "DUMMY",
+  query ? "provider=dummy" : NULL,
+  NULL, NULL))
 || !TEST_int_ge(RAND_bytes_ex(libctx, buf, sizeof(buf), 0), 1))
 goto err;
 break;
@@ -284,7 +291,7 @@ static int fetch_test(int tst)
 
 int setup_tests(void)
 {
-ADD_ALL_TESTS(fetch_test, 4);
+ADD_ALL_TESTS(fetch_test, 8);
 
 return 1;
 }

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  56de678e426e619f01e70247fa669c45986aa205 (commit)
  from  408ba1775a82bad57f2e1a4bb4078e4b82cef10b (commit)


- Log -
commit 56de678e426e619f01e70247fa669c45986aa205
Author: Matt Caswell 
Date:   Mon Jan 10 14:45:16 2022 +

Fix Decoder, Encoder and Store loader fetching

Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()

Fixes #17456

Reviewed-by: Tomas Mraz 
Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17459)

(cherry picked from commit cd1981a0dc165ab6af5e2945beaaa9efe4484cee)

---

Summary of changes:
 crypto/encode_decode/decoder_meth.c | 5 +++--
 crypto/encode_decode/encoder_meth.c | 5 +++--
 crypto/store/store_meth.c   | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/crypto/encode_decode/decoder_meth.c 
b/crypto/encode_decode/decoder_meth.c
index 6d44437314..25407b8999 100644
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -375,13 +375,14 @@ inner_ossl_decoder_fetch(struct decoder_data_st 
*methdata, int id,
 construct_decoder,
 destruct_decoder
 };
+OSSL_PROVIDER *prov = NULL;
 
 methdata->id = id;
 methdata->names = name;
 methdata->propquery = properties;
 methdata->flag_construct_error_occurred = 0;
 if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_DECODER,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
 , methdata)) != NULL) {
 /*
  * If construction did create a method for us, we know that
@@ -392,7 +393,7 @@ inner_ossl_decoder_fetch(struct decoder_data_st *methdata, 
int id,
 if (id == 0 && name != NULL)
 id = ossl_namemap_name2num(namemap, name);
 if (id != 0)
-ossl_method_store_cache_set(store, NULL, id, properties, 
method,
+ossl_method_store_cache_set(store, prov, id, properties, 
method,
 up_ref_decoder, free_decoder);
 }
 
diff --git a/crypto/encode_decode/encoder_meth.c 
b/crypto/encode_decode/encoder_meth.c
index 9c0214db6b..43eca755ac 100644
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -385,13 +385,14 @@ inner_ossl_encoder_fetch(struct encoder_data_st 
*methdata, int id,
 construct_encoder,
 destruct_encoder
 };
+OSSL_PROVIDER *prov = NULL;
 
 methdata->id = id;
 methdata->names = name;
 methdata->propquery = properties;
 methdata->flag_construct_error_occurred = 0;
 if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_ENCODER,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
 , methdata)) != NULL) {
 /*
  * If construction did create a method for us, we know that
@@ -401,7 +402,7 @@ inner_ossl_encoder_fetch(struct encoder_data_st *methdata, 
int id,
  */
 if (id == 0)
 id = ossl_namemap_name2num(namemap, name);
-ossl_method_store_cache_set(store, NULL, id, properties, method,
+ossl_method_store_cache_set(store, prov, id, properties, method,
 up_ref_encoder, free_encoder);
 }
 
diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c
index e79ec871fd..10b56bc685 100644
--- a/crypto/store/store_meth.c
+++ b/crypto/store/store_meth.c
@@ -317,13 +317,14 @@ inner_loader_fetch(struct loader_data_st *methdata, int 
id,
 construct_loader,
 destruct_loader
 };
+OSSL_PROVIDER *prov = NULL;
 
 methdata->scheme_id = id;
 methdata->scheme = scheme;
 methdata->propquery = properties;
 methdata->flag_construct_error_occurred = 0;
 if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_STORE,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
 , methdata)) != NULL) {
 /*
  * If construction did create a method for us, we know that there
@@ -332,7 +333,7 @@ inner_loader_fetch(struct loader_data_st *methdata, int id,
  */
 if (id == 0)

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  408ba1775a82bad57f2e1a4bb4078e4b82cef10b (commit)
  from  576cc3ecb34a8909bf549798430de95fc0fb4042 (commit)


- Log -
commit 408ba1775a82bad57f2e1a4bb4078e4b82cef10b
Author: Matt Caswell 
Date:   Fri Jan 7 17:30:39 2022 +

Clarify the int param getter documentation

OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17445)

(cherry picked from commit 254217a4a0c9e64869495447a0e6bdc2323d4cd1)

---

Summary of changes:
 doc/man3/EVP_PKEY_gettable_params.pod | 9 +
 1 file changed, 9 insertions(+)

diff --git a/doc/man3/EVP_PKEY_gettable_params.pod 
b/doc/man3/EVP_PKEY_gettable_params.pod
index 23ac4bd8b0..29b8ec822b 100644
--- a/doc/man3/EVP_PKEY_gettable_params.pod
+++ b/doc/man3/EVP_PKEY_gettable_params.pod
@@ -37,6 +37,15 @@ EVP_PKEY_gettable_params() returns a constant list of 
I indicating
 the names and types of key parameters that can be retrieved.
 See L for information about parameters.
 
+An B of type B or
+B is of arbitrary length. Such a parameter can be
+obtained using any of the functions EVP_PKEY_get_int_param(),
+EVP_PKEY_get_size_t_param() or EVP_PKEY_get_bn_param(). Attempting to
+obtain an integer value that does not fit into a native C B type will 
cause
+EVP_PKEY_get_int_param() to fail. Similarly attempting to obtain an integer
+value that is negative or does not fit into a native C B type using
+EVP_PKEY_get_size_t_param() will also fail.
+
 EVP_PKEY_get_int_param() retrieves a key I integer value I<*out>
 associated with a name of I.
 

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  576cc3ecb34a8909bf549798430de95fc0fb4042 (commit)
  from  afaa7755aa3e577348e1267d5ad34da695292917 (commit)


- Log -
commit 576cc3ecb34a8909bf549798430de95fc0fb4042
Author: Peiwei Hu 
Date:   Wed Jan 5 23:17:53 2022 +0800

Fix: some patches related to error exiting

Signed-off-by: Peiwei Hu 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17443)

---

Summary of changes:
 apps/verify.c| 1 +
 crypto/ec/ec_lib.c   | 4 ++--
 crypto/x509/v3_crld.c| 1 +
 crypto/x509/v3_sxnet.c   | 8 +---
 ssl/statem/statem_clnt.c | 2 +-
 test/evp_test.c  | 2 +-
 6 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/apps/verify.c b/apps/verify.c
index acf80c65c4..a403f301fc 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -263,6 +263,7 @@ static int check(X509_STORE *ctx, const char *file,
 if (x509_ctrl_string(x, opt) <= 0) {
 BIO_printf(bio_err, "parameter error \"%s\"\n", opt);
 ERR_print_errors(bio_err);
+X509_free(x);
 return 0;
 }
 }
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 3d3cf96962..2d85d4f23a 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1710,8 +1710,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM 
params[],
 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
 if (ptmp != NULL
 && !ossl_ec_encoding_param2id(ptmp, _flag)) {
-ECerr(0, EC_R_INVALID_ENCODING);
-return 0;
+ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+goto err;
 }
 if (encoding_flag == OPENSSL_EC_NAMED_CURVE) {
 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index bc755f5f0d..e704d419f7 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -83,6 +83,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, 
X509V3_CTX *ctx,
 return -1;
 dnsect = X509V3_get_section(ctx, cnf->value);
 if (!dnsect) {
+X509_NAME_free(nm);
 ERR_raise(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND);
 return -1;
 }
diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c
index 3e5ae048be..4c925900dd 100644
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -167,11 +167,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, 
const char *user,
 goto err;
 if (!ASN1_INTEGER_set(sx->version, 0))
 goto err;
-*psx = sx;
 } else
 sx = *psx;
 if (SXNET_get_id_INTEGER(sx, zone)) {
 ERR_raise(ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID);
+if (*psx == NULL)
+SXNET_free(sx);
 return 0;
 }
 
@@ -185,13 +186,14 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, 
const char *user,
 if (!sk_SXNETID_push(sx->ids, id))
 goto err;
 id->zone = zone;
+*psx = sx;
 return 1;
 
  err:
 ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
 SXNETID_free(id);
-SXNET_free(sx);
-*psx = NULL;
+if (*psx == NULL)
+SXNET_free(sx);
 return 0;
 }
 
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 435888db21..f4e2c15600 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2926,7 +2926,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
 encoded_pub_len = EVP_PKEY_get1_encoded_public_key(ckey, _pub);
 if (encoded_pub_len == 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-EVP_PKEY_free(skey);
+EVP_PKEY_free(ckey);
 return EXT_RETURN_FAIL;
 }
 
diff --git a/test/evp_test.c b/test/evp_test.c
index eda8c827f9..47d4e6c878 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2516,7 +2516,7 @@ static int rand_test_run(EVP_TEST *t)
 item->pr_entropyB_len);
 params[1] = OSSL_PARAM_construct_end();
 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
-return 0;
+goto err;
 }
 if (!TEST_true(EVP_RAND_generate
(expected->ctx, got, got_len,

[openssl] openssl-3.0 update

[Matt Caswell]

The branch openssl-3.0 has been updated
   via  afaa7755aa3e577348e1267d5ad34da695292917 (commit)
   via  fa2029250e38947ebd68a9b5861bedaa2384d85d (commit)
   via  43927f81a5d1ea1d32508430eee2df85736ba105 (commit)
  from  617203e64f17371b95fc8d64fc7fde9f8bc6e9db (commit)


- Log -
commit afaa7755aa3e577348e1267d5ad34da695292917
Author: Matt Caswell 
Date:   Wed Dec 29 16:39:11 2021 +

Add a test for a custom digest created via EVP_MD_meth_new()

We check that the init and cleanup functions for the custom method are
called as expected.

Based on an original reproducer by Dmitry Belyavsky from issue #17149.

Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17255)

(cherry picked from commit fbbe7202eba9fba243c18513f4f0316dafb3496d)

commit fa2029250e38947ebd68a9b5861bedaa2384d85d
Author: Matt Caswell 
Date:   Fri Dec 10 17:17:27 2021 +

Fix a leak in EVP_DigestInit_ex()

If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.

Fixes #17149

Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17255)

(cherry picked from commit 357bccc8ba64ec8a5f587b04b5d6b6ca9e8dcbdc)

commit 43927f81a5d1ea1d32508430eee2df85736ba105
Author: Matt Caswell 
Date:   Fri Dec 10 16:53:02 2021 +

Ensure that MDs created via EVP_MD_meth_new() go down the legacy route

MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.

Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17255)

(cherry picked from commit d9ad5b16b32172df6f7d02cfb1c339cc85d0db01)

---

Summary of changes:
 crypto/evp/digest.c   | 34 -
 test/evp_extra_test.c | 85 +++
 2 files changed, 104 insertions(+), 15 deletions(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index d92059cbcc..eb6ccfaca2 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -25,6 +25,19 @@
 #include "crypto/evp.h"
 #include "evp_local.h"
 
+static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
+{
+if (ctx->digest != NULL) {
+if (ctx->digest->cleanup != NULL
+&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+ctx->digest->cleanup(ctx);
+if (ctx->md_data != NULL && ctx->digest->ctx_size > 0
+&& (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)
+|| force))
+OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+ctx->md_data = NULL;
+}
+}
 
 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
 {
@@ -41,12 +54,7 @@ void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
  * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
  * sometimes only copies of the context are ever finalised.
  */
-if (ctx->digest && ctx->digest->cleanup
-&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
-ctx->digest->cleanup(ctx);
-if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-&& (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force))
-OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+cleanup_old_md_data(ctx, force);
 if (force)
 ctx->digest = NULL;
 
@@ -207,7 +215,8 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const 
EVP_MD *type,
 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
 || tmpimpl != NULL
 #endif
-|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
+|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
+|| type->origin == EVP_ORIG_METH) {
 if (ctx->digest == ctx->fetched_digest)
 ctx->digest = NULL;
 EVP_MD_free(ctx->fetched_digest);
@@ -215,10 +224,7 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const 
EVP_MD *type,
 goto legacy;
 }
 
-if (ctx->digest != NULL && ctx->digest->ctx_size > 0) {
-OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
-ctx->md_data = NULL;
-}
+cleanup_old_md_data(ctx, 1);
 
 /* Start of non-legacy code below */
 
@@ -307,10 +313,8 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const 
EVP_MD *type,
 }
 #endif
 if (ctx->digest != type) {
-if (ctx->digest && ctx->digest->ctx_size) {
-OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
-ctx->md_data = NULL;
-}
+cleanup_old_md_data(ctx, 1);
+
 ctx->digest = type;
 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
 ctx->update = type->update;

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  617203e64f17371b95fc8d64fc7fde9f8bc6e9db (commit)
  from  7e1ec537a91d1f33c50e8f70dff82a4ed6668e9a (commit)


- Log -
commit 617203e64f17371b95fc8d64fc7fde9f8bc6e9db
Author: Tomas Mraz 
Date:   Wed Jan 5 16:50:00 2022 +0100

EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt

The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.

Fixes #17424

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17425)

(cherry picked from commit 64a8f6008acce93d0bf184559c63e66c0cc0e23d)

---

Summary of changes:
 crypto/evp/exchange.c | 24 +---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index e2ca30c94d..bd97a047c5 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -306,7 +306,7 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const 
OSSL_PARAM params[])
 /*
  * Ensure that the key is provided, either natively, or as a cached
  * export.  We start by fetching the keymgmt with the same name as
- * |ctx->pkey|, but from the provider of the exchange method, using
+ * |ctx->keymgmt|, but from the provider of the exchange method, using
  * the same property query as when fetching the exchange method.
  * With the keymgmt we found (if we did), we try to export |ctx->pkey|
  * to it (evp_pkey_export_to_provider() is smart enough to only 
actually
@@ -380,6 +380,7 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY 
*peer,
 int ret = 0, check;
 void *provkey = NULL;
 EVP_PKEY_CTX *check_ctx = NULL;
+EVP_KEYMGMT *tmp_keymgmt = NULL, *tmp_keymgmt_tofree = NULL;
 
 if (ctx == NULL) {
 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
@@ -404,8 +405,25 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, 
EVP_PKEY *peer,
 return -1;
 }
 
-provkey = evp_pkey_export_to_provider(peer, ctx->libctx, >keymgmt,
-  ctx->propquery);
+/*
+ * Ensure that the |peer| is provided, either natively, or as a cached
+ * export.  We start by fetching the keymgmt with the same name as
+ * |ctx->keymgmt|, but from the provider of the exchange method, using
+ * the same property query as when fetching the exchange method.
+ * With the keymgmt we found (if we did), we try to export |peer|
+ * to it (evp_pkey_export_to_provider() is smart enough to only actually
+ * export it if |tmp_keymgmt| is different from |peer|'s keymgmt)
+ */
+tmp_keymgmt_tofree = tmp_keymgmt =
+evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)
+
EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange),
+EVP_KEYMGMT_get0_name(ctx->keymgmt),
+ctx->propquery);
+if (tmp_keymgmt != NULL)
+provkey = evp_pkey_export_to_provider(peer, ctx->libctx,
+  _keymgmt, ctx->propquery);
+EVP_KEYMGMT_free(tmp_keymgmt_tofree);
+
 /*
  * If making the key provided wasn't possible, legacy may be able to pick
  * it up

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  7e1ec537a91d1f33c50e8f70dff82a4ed6668e9a (commit)
  from  79fc479baf848e91a991a215d775d8aae844fbe5 (commit)


- Log -
commit 7e1ec537a91d1f33c50e8f70dff82a4ed6668e9a
Author: Gerd Hoffmann 
Date:   Fri Jan 7 12:58:27 2022 +0100

crypto/bio: fix build on UEFI

When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:

   crypto/bio/bio_print.c:587:46: error: SSE register return with SSE 
disabled

Fix that by using EFIAPI calling convention when compiling for UEFI.

Signed-off-by: Gerd Hoffmann 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17442)

(cherry picked from commit 328bf5adf9e23da523d4195db309083aa02403c4)

---

Summary of changes:
 crypto/bio/bio_print.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/crypto/bio/bio_print.c b/crypto/bio/bio_print.c
index 1ea9a1a3c6..60b28c61ff 100644
--- a/crypto/bio/bio_print.c
+++ b/crypto/bio/bio_print.c
@@ -13,6 +13,7 @@
 #include "crypto/ctype.h"
 #include "internal/numbers.h"
 #include 
+#include 
 
 /*
  * Copyright Patrick Powell 1995
@@ -512,7 +513,11 @@ fmtint(char **sbuffer,
 return 1;
 }
 
+#ifdef OPENSSL_SYS_UEFI
+static LDOUBLE EFIAPI abs_val(LDOUBLE value)
+#else
 static LDOUBLE abs_val(LDOUBLE value)
+#endif
 {
 LDOUBLE result = value;
 if (value < 0)
@@ -520,7 +525,11 @@ static LDOUBLE abs_val(LDOUBLE value)
 return result;
 }
 
+#ifdef OPENSSL_SYS_UEFI
+static LDOUBLE EFIAPI pow_10(int in_exp)
+#else
 static LDOUBLE pow_10(int in_exp)
+#endif
 {
 LDOUBLE result = 1;
 while (in_exp) {

[openssl] openssl-3.0 update

[bernd . edlinger]

The branch openssl-3.0 has been updated
   via  79fc479baf848e91a991a215d775d8aae844fbe5 (commit)
  from  e33f05660447c69e89f2e9f5d3140a56322411d5 (commit)


- Log -
commit 79fc479baf848e91a991a215d775d8aae844fbe5
Author: Bernd Edlinger 
Date:   Fri Jan 7 12:44:27 2022 +0100

Add a test case for the short password

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17441)

(cherry picked from commit 21095479c016f2ceaca0f71078fd27f0e9ba9375)

---

Summary of changes:
 test/recipes/15-test_genrsa.t | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e11ce8947a..1bba712863 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
 ($no_fips ? 0 : 3)  # Extra FIPS related tests
-+ 13;
++ 15;
 
 # We want to know that an absurdly small number of bits isn't support
 is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
@@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 
'genrsatest.pem', $good ])),
"genrsa -f4 $good");
 ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 
'genrsatest-enc.pem',
+   '-aes256', '-passout', 'pass:x' ])),
+   "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 
'pass:x' ])),
+   "rsa decrypt");
 
 unless ($no_fips) {
 my $provconf = srctop_file("test", "fips-and-base.cnf");

[openssl] openssl-3.0 update

[Dr . Paul Dale]

The branch openssl-3.0 has been updated
   via  e33f05660447c69e89f2e9f5d3140a56322411d5 (commit)
  from  277a8334cd4a213619fe92107dd393eab6d8a801 (commit)


- Log -
commit e33f05660447c69e89f2e9f5d3140a56322411d5
Author: Peiwei Hu 
Date:   Thu Jan 6 09:47:05 2022 +0800

providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init

There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17429)

(cherry picked from commit 22778abad905536fa6c93cdc6fffc8c736dfee79)

---

Summary of changes:
 providers/implementations/keymgmt/rsa_kmgmt.c | 19 ---
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c 
b/providers/implementations/keymgmt/rsa_kmgmt.c
index b1c3011f14..29e5d10813 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -454,19 +454,24 @@ static void *gen_init(void *provctx, int selection, int 
rsa_type,
 gctx->libctx = libctx;
 if ((gctx->pub_exp = BN_new()) == NULL
 || !BN_set_word(gctx->pub_exp, RSA_F4)) {
-BN_free(gctx->pub_exp);
-OPENSSL_free(gctx);
-return NULL;
+goto err;
 }
 gctx->nbits = 2048;
 gctx->primes = RSA_DEFAULT_PRIME_NUM;
 gctx->rsa_type = rsa_type;
+} else {
+goto err;
 }
-if (!rsa_gen_set_params(gctx, params)) {
-OPENSSL_free(gctx);
-return NULL;
-}
+
+if (!rsa_gen_set_params(gctx, params))
+goto err;
 return gctx;
+
+err:
+if (gctx != NULL)
+BN_free(gctx->pub_exp);
+OPENSSL_free(gctx);
+return NULL;
 }
 
 static void *rsa_gen_init(void *provctx, int selection,

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  277a8334cd4a213619fe92107dd393eab6d8a801 (commit)
   via  86914ceadf2909204485605106cc121036ab091d (commit)
  from  6bb8ef9d0fbe62ea39427eb0b1ffad916f6b8d16 (commit)


- Log -
commit 277a8334cd4a213619fe92107dd393eab6d8a801
Author: Tomas Mraz 
Date:   Tue Jan 4 11:57:54 2022 +0100

Test importing EC key parameters with a bad curve

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17411)

(cherry picked from commit d4d8f163db1d32c98d8f956e6966263a7a22fac1)

commit 86914ceadf2909204485605106cc121036ab091d
Author: Tomas Mraz 
Date:   Tue Jan 4 11:53:30 2022 +0100

EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure

Fixes #17407

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17411)

(cherry picked from commit 5b03b89f7f925384c2768874c95f1af7053fd16f)

---

Summary of changes:
 crypto/evp/pmeth_gn.c | 10 --
 test/evp_pkey_provided_test.c | 17 +++--
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index af3d990869..f9d001fdd0 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -365,6 +365,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, 
int selection,
   OSSL_PARAM params[])
 {
 void *keydata = NULL;
+EVP_PKEY *allocated_pkey = NULL;
 
 if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
@@ -375,7 +376,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, 
int selection,
 return -1;
 
 if (*ppkey == NULL)
-*ppkey = EVP_PKEY_new();
+allocated_pkey = *ppkey = EVP_PKEY_new();
 
 if (*ppkey == NULL) {
 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
@@ -383,8 +384,13 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, 
int selection,
 }
 
 keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, 
params);
-if (keydata == NULL)
+if (keydata == NULL) {
+if (allocated_pkey != NULL) {
+*ppkey = NULL;
+EVP_PKEY_free(allocated_pkey);
+}
 return 0;
+}
 /* keydata is cached in *ppkey, so we need not bother with it further */
 return 1;
 }
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 8b5c7b3457..cf4d8e1294 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -1113,8 +1113,6 @@ err:
 return ret;
 }
 
-#define CURVE_NAME 2
-
 static int test_fromdata_ec(void)
 {
 int ret = 0;
@@ -1126,6 +1124,11 @@ static int test_fromdata_ec(void)
 OSSL_PARAM *fromdata_params = NULL;
 const char *alg = "EC";
 const char *curve = "prime256v1";
+const char bad_curve[] = "nonexistent-curve";
+OSSL_PARAM nokey_params[2] = {
+   OSSL_PARAM_END,
+   OSSL_PARAM_END
+};
 /* UNCOMPRESSED FORMAT */
 static const unsigned char ec_pub_keydata[] = {
POINT_CONVERSION_UNCOMPRESSED,
@@ -1179,6 +1182,16 @@ static int test_fromdata_ec(void)
 if (!TEST_ptr(ctx))
 goto err;
 
+/* try importing parameters with bad curve first */
+nokey_params[0] =
+OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+ (char *)bad_curve, sizeof(bad_curve));
+if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
+|| !TEST_int_eq(EVP_PKEY_fromdata(ctx, , EVP_PKEY_KEY_PARAMETERS,
+  nokey_params), 0)
+|| !TEST_ptr_null(pk))
+goto err;
+
 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, , EVP_PKEY_KEYPAIR,
   fromdata_params), 1))

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  6bb8ef9d0fbe62ea39427eb0b1ffad916f6b8d16 (commit)
  from  3f8434150ee7ad2357c8f606d8f9d93938bb17fe (commit)


- Log -
commit 6bb8ef9d0fbe62ea39427eb0b1ffad916f6b8d16
Author: xkernel 
Date:   Tue Jan 4 22:54:27 2022 +0800

fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17413)

(cherry picked from commit 7b1264baab7edd82fea8b27d9ddec048bafc0048)

---

Summary of changes:
 ssl/statem/statem_clnt.c | 6 +++---
 ssl/statem/statem_srvr.c | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c17716283d..435888db21 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3074,7 +3074,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
 EVP_MD_CTX_free(ukm_hash);
 ukm_hash = NULL;
 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-  EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
+  EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
 goto err;
 }
@@ -3205,13 +3205,13 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET 
*pkt)
 
 /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code */
 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-  EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) < 0) {
+  EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
 goto err;
 }
 
 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-  EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) < 0) {
+  EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
 goto err;
 }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index d0d8d26e11..462fd72071 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3244,13 +3244,13 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt)
 
 /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code depending on 
size */
 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT,
-  EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) < 0) {
+  EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
 goto err;
 }
 
 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT,
-  EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) < 0) {
+  EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
 goto err;
 }

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  3f8434150ee7ad2357c8f606d8f9d93938bb17fe (commit)
  from  99ea7ec94b26a24a90be76d6e7176842ea4a5f09 (commit)


- Log -
commit 3f8434150ee7ad2357c8f606d8f9d93938bb17fe
Author: xkernel 
Date:   Wed Jan 5 09:38:05 2022 +0800

properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17415)

(cherry picked from commit 949e4f79d202d43519d373b2af6b1a4948bf1a74)

---

Summary of changes:
 ssl/record/ssl3_record.c | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index c713f231ca..d4101618c6 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1392,6 +1392,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char 
*md, int sending)
 int tlstree_mac = sending ? (ssl->mac_flags & 
SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
   : (ssl->mac_flags & 
SSL_MAC_FLAG_READ_MAC_TLSTREE);
 int t;
+int ret = 0;
 
 if (sending) {
 seq = RECORD_LAYER_get_write_sequence(>rlayer);
@@ -1412,15 +1413,13 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char 
*md, int sending)
 } else {
 hmac = EVP_MD_CTX_new();
 if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) {
-EVP_MD_CTX_free(hmac);
-return 0;
+goto end;
 }
 mac_ctx = hmac;
 }
 
 if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, 
EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) {
-EVP_MD_CTX_free(hmac);
-return 0;
+goto end;
 }
 
 if (SSL_IS_DTLS(ssl)) {
@@ -1450,19 +1449,17 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char 
*md, int sending)
 *p++ = OSSL_PARAM_construct_end();
 
 if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx),
- tls_hmac_params))
-return 0;
+ tls_hmac_params)) {
+goto end;
+}
 }
 
 if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
 || EVP_DigestSignFinal(mac_ctx, md, _size) <= 0) {
-EVP_MD_CTX_free(hmac);
-return 0;
+goto end;
 }
 
-EVP_MD_CTX_free(hmac);
-
 OSSL_TRACE_BEGIN(TLS) {
 BIO_printf(trc_out, "seq:\n");
 BIO_dump_indent(trc_out, seq, 8, 4);
@@ -1481,7 +1478,10 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char 
*md, int sending)
 BIO_printf(trc_out, "md:\n");
 BIO_dump_indent(trc_out, md, md_size, 4);
 } OSSL_TRACE_END(TLS);
-return 1;
+ret = 1;
+ end:
+EVP_MD_CTX_free(hmac);
+return ret;
 }
 
 int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  99ea7ec94b26a24a90be76d6e7176842ea4a5f09 (commit)
  from  ce2f4b6b1705526b3862b2f137dfcac0ad2cb558 (commit)


- Log -
commit 99ea7ec94b26a24a90be76d6e7176842ea4a5f09
Author: xkernel 
Date:   Tue Jan 4 21:18:02 2022 +0800

properly free the resource from CRYPTO_malloc

Reviewed-by: Kurt Roeckx 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17412)

(cherry picked from commit 1b87116a0c43b8b4e1ad88b851d5bcf27c1a5f64)

---

Summary of changes:
 ssl/statem/statem_clnt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c93c6b1f21..c17716283d 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3187,7 +3187,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt)
 if (peer_cert == NULL) {
 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
  SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-return 0;
+goto err;
 }
 
 pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx,
@@ -3195,7 +3195,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt)
   s->ctx->propq);
 if (pkey_ctx == NULL) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
-return 0;
+goto err;
 }
 
 if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 ) {

[openssl] openssl-3.0 update

[bernd . edlinger]

The branch openssl-3.0 has been updated
   via  ce2f4b6b1705526b3862b2f137dfcac0ad2cb558 (commit)
  from  7a30610902d6d19cfd1698498d3d4129f308e285 (commit)


- Log -
commit ce2f4b6b1705526b3862b2f137dfcac0ad2cb558
Author: Bernd Edlinger 
Date:   Wed Jan 5 17:25:02 2022 +0100

Fix copyright year issues

Fixes: #13765

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17427)

(cherry picked from commit fd84b9c3e94be1771d1b34ad857081f7693318aa)

---

Summary of changes:
 .github/workflows/ci.yml   | 2 ++
 crypto/asn1/charmap.h  | 2 +-
 crypto/bn/bn_prime.h   | 2 +-
 crypto/conf/conf_def.h | 2 +-
 crypto/objects/obj_xref.h  | 2 +-
 include/openssl/obj_mac.h  | 2 +-
 util/perl/OpenSSL/copyright.pm | 4 ++--
 7 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b52b8c15f4..32edfe064d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,6 +27,8 @@ jobs:
 sudo apt-get update
 sudo apt-get -yq --no-install-suggests --no-install-recommends 
--force-yes install unifdef
 - uses: actions/checkout@v2
+  with:
+fetch-depth: 0
 - name: config
   run: ./config --banner=Configured --strict-warnings enable-fips && perl 
configdata.pm --dump
 - name: make build_generated
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index 95928ca663..ac1eb076cc 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index d92f6dfa69..8a859ac02e 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index e5321bd30d..1f66a58e09 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/conf/keysets.pl
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index c08b5fc2ab..21a193ee98 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index edbd98b152..0e86027667 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/util/perl/OpenSSL/copyright.pm b/util/perl/OpenSSL/copyright.pm
index 1fd9f353f7..b82b67a0e6 100644
--- a/util/perl/OpenSSL/copyright.pm
+++ b/util/perl/OpenSSL/copyright.pm
@@ -23,11 +23,11 @@ sub year_of {
 
 # See if git's available
 open my $FH,
-   "git log -1 --date=format:%Y --format=format:%ad $file 2>/dev/null|"
+   "git log -1 --date=short --format=format:%cd $file 2>/dev/null|"
or return $YEAR;
 my $LINE = <$FH>;
 close $FH;
-chomp($LINE);
+$LINE =~ s/^([0-9]*)-.*/$1/;
 $YEAR = $LINE if $LINE;
 return $YEAR;
 }

[openssl] openssl-3.0 update

[dev]

The branch openssl-3.0 has been updated
   via  7a30610902d6d19cfd1698498d3d4129f308e285 (commit)
  from  f762f91f9506927ed036bca5f78f392e039911df (commit)


- Log -
commit 7a30610902d6d19cfd1698498d3d4129f308e285
Author: Dr. David von Oheimb 
Date:   Fri May 14 15:11:00 2021 +0200

OSSL_STORE: Prevent spurious error during loading private keys

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/15283)

(cherry picked from commit da198adb9c5626f31c52613fe2ae59a7066c3366)

---

Summary of changes:
 .../implementations/encode_decode/decode_der2key.c | 23 +-
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/providers/implementations/encode_decode/decode_der2key.c 
b/providers/implementations/encode_decode/decode_der2key.c
index 356e65b403..9e3b86b46e 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -204,19 +204,24 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, 
int selection,
 if (!ok)
 goto next;
 
-ok = 0;  /* Assume that we fail */
+ok = 0; /* Assume that we fail */
 
+ERR_set_mark();
 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
 derp = der;
 if (ctx->desc->d2i_PKCS8 != NULL) {
 key = ctx->desc->d2i_PKCS8(NULL, , der_len, ctx);
-if (ctx->flag_fatal)
+if (ctx->flag_fatal) {
+ERR_clear_last_mark();
 goto end;
+}
 } else if (ctx->desc->d2i_private_key != NULL) {
 key = ctx->desc->d2i_private_key(NULL, , der_len);
 }
-if (key == NULL && ctx->selection != 0)
+if (key == NULL && ctx->selection != 0) {
+ERR_clear_last_mark();
 goto next;
+}
 }
 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
 derp = der;
@@ -224,16 +229,24 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, 
int selection,
 key = ctx->desc->d2i_PUBKEY(NULL, , der_len);
 else
 key = ctx->desc->d2i_public_key(NULL, , der_len);
-if (key == NULL && ctx->selection != 0)
+if (key == NULL && ctx->selection != 0) {
+ERR_clear_last_mark();
 goto next;
+}
 }
 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
 derp = der;
 if (ctx->desc->d2i_key_params != NULL)
 key = ctx->desc->d2i_key_params(NULL, , der_len);
-if (key == NULL && ctx->selection != 0)
+if (key == NULL && ctx->selection != 0) {
+ERR_clear_last_mark();
 goto next;
+}
 }
+if (key == NULL)
+ERR_clear_last_mark();
+else
+ERR_pop_to_mark();
 
 /*
  * Last minute check to see if this was the correct type of key.  This

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  f762f91f9506927ed036bca5f78f392e039911df (commit)
  from  82df03d7dd6f207f47ad023ef341c563188903b4 (commit)


- Log -
commit f762f91f9506927ed036bca5f78f392e039911df
Author: x2018 
Date:   Mon Nov 29 19:08:36 2021 +0800

check the return value of OSSL_PARAM_BLD_new in dsa_kmgmt.c:195

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17155)

(cherry picked from commit 0da3b39af3d961486758262ca71d2135d7013048)

---

Summary of changes:
 providers/implementations/keymgmt/dsa_kmgmt.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c 
b/providers/implementations/keymgmt/dsa_kmgmt.c
index 1e1b168f7d..b327a3a783 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -210,12 +210,16 @@ static int dsa_export(void *keydata, int selection, 
OSSL_CALLBACK *param_cb,
   void *cbarg)
 {
 DSA *dsa = keydata;
-OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
+OSSL_PARAM_BLD *tmpl;
 OSSL_PARAM *params = NULL;
 int ok = 1;
 
 if (!ossl_prov_is_running() || dsa == NULL)
-goto err;
+return 0;
+
+tmpl = OSSL_PARAM_BLD_new();
+if (tmpl == NULL)
+return 0;
 
 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
 ok = ok && ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), tmpl, 
NULL);

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  82df03d7dd6f207f47ad023ef341c563188903b4 (commit)
  from  038a185971c84ea3978a6a8ba799fca46dc919e7 (commit)


- Log -
commit 82df03d7dd6f207f47ad023ef341c563188903b4
Author: zhaozg 
Date:   Sat Jan 1 22:45:12 2022 +0800

sm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2

CLA: trivial

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17389)

(cherry picked from commit 8582dccc4dd1f1667b0e91a098e2cc78c7146dd7)

---

Summary of changes:
 crypto/asn1/d2i_pu.c  | 2 +-
 crypto/asn1/i2d_evp.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 1be114b8a2..6d5dd1bc60 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -54,7 +54,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const 
unsigned char **pp,
 goto err;
 }
 
-switch (EVP_PKEY_get_id(ret)) {
+switch (EVP_PKEY_get_base_id(ret)) {
 case EVP_PKEY_RSA:
 if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
 ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c
index 8b36388263..070ac83376 100644
--- a/crypto/asn1/i2d_evp.c
+++ b/crypto/asn1/i2d_evp.c
@@ -131,7 +131,7 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
 
 return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp);
 }
-switch (EVP_PKEY_get_id(a)) {
+switch (EVP_PKEY_get_base_id(a)) {
 case EVP_PKEY_RSA:
 return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
 #ifndef OPENSSL_NO_DSA

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  038a185971c84ea3978a6a8ba799fca46dc919e7 (commit)
  from  f29cb506035e5aecbdae351aeaddbe3b919d8f9c (commit)


- Log -
commit 038a185971c84ea3978a6a8ba799fca46dc919e7
Author: Peiwei Hu 
Date:   Tue Jan 4 09:10:32 2022 +0800

apps/passwd.c: free before error exiting

use goto instead of returning directly while error handling

Signed-off-by: Peiwei Hu 

Reviewed-by: Ben Kaduk 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17404)

(cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac)

---

Summary of changes:
 apps/passwd.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/passwd.c b/apps/passwd.c
index 65cbd9e493..80861b3f3b 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -410,7 +410,7 @@ static char *md5crypt(const char *passwd, const char 
*magic, const char *salt)
 n >>= 1;
 }
 if (!EVP_DigestFinal_ex(md, buf, NULL))
-return NULL;
+goto err;
 
 for (i = 0; i < 1000; i++) {
 if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
@@ -636,7 +636,7 @@ static char *shacrypt(const char *passwd, const char 
*magic, const char *salt)
 n >>= 1;
 }
 if (!EVP_DigestFinal_ex(md, buf, NULL))
-return NULL;
+goto err;
 
 /* P sequence */
 if (!EVP_DigestInit_ex(md2, sha, NULL))
@@ -647,7 +647,7 @@ static char *shacrypt(const char *passwd, const char 
*magic, const char *salt)
 goto err;
 
 if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
-return NULL;
+goto err;
 
 if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
 goto err;
@@ -664,7 +664,7 @@ static char *shacrypt(const char *passwd, const char 
*magic, const char *salt)
 goto err;
 
 if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
-return NULL;
+goto err;
 
 if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
 goto err;

[openssl] openssl-3.0 update

[tomas]

The branch openssl-3.0 has been updated
   via  f29cb506035e5aecbdae351aeaddbe3b919d8f9c (commit)
  from  c245cc1be1acb47b1f983dea3bbb0caf36a33712 (commit)


- Log -
commit f29cb506035e5aecbdae351aeaddbe3b919d8f9c
Author: Tomas Mraz 
Date:   Mon Jan 3 14:46:52 2022 +0100

trace.c: Add missing trace category entry

Fixes #17397

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17399)

(cherry picked from commit e06c0a2870c55aa4e66108ca071e7da7fd00b922)

---

Summary of changes:
 crypto/trace.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/trace.c b/crypto/trace.c
index cc0b477698..dc194acb52 100644
--- a/crypto/trace.c
+++ b/crypto/trace.c
@@ -136,6 +136,7 @@ static const struct trace_category_st trace_categories[] = {
 TRACE_CATEGORY_(PKCS12_DECRYPT),
 TRACE_CATEGORY_(X509V3_POLICY),
 TRACE_CATEGORY_(BN_CTX),
+TRACE_CATEGORY_(CMP),
 TRACE_CATEGORY_(STORE),
 TRACE_CATEGORY_(DECODER),
 TRACE_CATEGORY_(ENCODER),

[openssl] openssl-3.0 update

[dev]

The branch openssl-3.0 has been updated
   via  c245cc1be1acb47b1f983dea3bbb0caf36a33712 (commit)
  from  46ee414f64a846a6a7606b1fba47a084dea172eb (commit)


- Log -
commit c245cc1be1acb47b1f983dea3bbb0caf36a33712
Author: Dr. David von Oheimb 
Date:   Mon Jan 3 17:03:13 2022 +0100

app_http_tls_cb: Fix double-free in case TLS not used

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17400)

(cherry picked from commit 97b8c859c64bc60fcf5bb27ed51489c81fde41b3)

---

Summary of changes:
 apps/lib/apps.c | 19 +++
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 2d3641ea8e..25a6b6bcc3 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2444,9 +2444,10 @@ static const char *tls_error_hint(void)
 /* HTTP callback function that supports TLS connection also via HTTPS proxy */
 BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
 {
+APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
+SSL_CTX *ssl_ctx = info->ssl_ctx;
+
 if (connect && detail) { /* connecting with TLS */
-APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
-SSL_CTX *ssl_ctx = info->ssl_ctx;
 SSL *ssl;
 BIO *sbio = NULL;
 
@@ -2480,12 +2481,14 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, 
int detail)
 if (hint != NULL)
 ERR_add_error_data(2, " : ", hint);
 }
-(void)ERR_set_mark();
-BIO_ssl_shutdown(bio);
-cbio = BIO_pop(bio); /* connect+HTTP BIO */
-BIO_free(bio); /* SSL BIO */
-(void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
-bio = cbio;
+if (ssl_ctx != NULL) {
+(void)ERR_set_mark();
+BIO_ssl_shutdown(bio);
+cbio = BIO_pop(bio); /* connect+HTTP BIO */
+BIO_free(bio); /* SSL BIO */
+(void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
+bio = cbio;
+}
 }
 return bio;
 }