Commit Graph

31041 Commits

Author SHA1 Message Date
Daniel Hu
26efd0b377 Further acceleration for SM4-GCM on ARM
This patch will allow the SM4-GCM function to leverage the SM4
high-performance CTR crypto interface already implemented for ARM,
which is faster than current single block cipher routine used
for GCM

It does not address the acceleration of GHASH function of GCM,
which can be a future task, still we can see immediate uplift of
performance (up to 4X)

Before this patch:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-GCM         186432.92k   394234.05k   587916.46k   639365.12k   648486.91k   652924.25k

After the patch:
SM4-GCM         193924.87k   860940.35k  1696083.71k  2302548.31k  2580411.73k  2607398.91k

Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17814)
2022-03-07 09:20:24 +11:00
Daniel
3769727734 Add demo for ARIA-256-CBC.
Fixes #14104

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17802)
2022-03-07 08:02:54 +11:00
Hugo Landau
4c8cdcd1cf EVP demo for XOF digest using SHAKE256
This demo optionally accepts a single command line argument, allowing
the output length to be specified.

Fixes #14106.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17803)
2022-03-04 16:11:46 +01:00
xkernel
fa17f5c987 apps: several return value checks for BIO_new()
Also check return value of functions that call BIO_new() internally
such as dup_bio_out().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17421)
2022-03-04 15:18:59 +01:00
Richard Levitte
468d15179d Rework dependencies between config files and build files
Before PR #15310, which reworked how build files (Makefile, ...) were
generated, everything was done when configuring, so configdata.pm
could depend on build file templates and we'd get away with it.

However, since building configdata.pm is now independent of the build
file templates, that dependency is unnecessary, and would lead to
surprises of the build file template is updated, with an unexpected
full reconfiguration as a result, when all that's needed is to run
configdata.pm with no flags to get the build file re-generated.

This change is therefore a completion of what was forgotten in #15310.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17756)
2022-03-04 12:32:54 +01:00
XiaokangQian
2507903eb7 Fix build issue with aes-gcm-armv8-unroll8_64.S on older aarch64 assemblers
The EOR3 instruction is implemented with .inst, and the code here is enabled
using run-time detection of the CPU capabilities, so no need to explicitly
ask for the sha3 extension.

Fixes #17773

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17795)
2022-03-04 11:11:51 +01:00
Hugo Landau
2cc7c9b698 Add EVP demo for X25519 key exchange
This offers both a known answer test with fixed keys and also
demonstrates a more realistic usage with random keys.

Fixes #14118.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17799)
2022-03-04 11:03:36 +11:00
Hugo Landau
a3b4cd1d6e Fix typo in EVP_MD-BLAKE2(7)
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17790)
2022-03-03 14:10:24 +00:00
Hugo Landau
aea68b0ddb s_server: Do not use SSL_sendfile when KTLS is not being used
Fix a bug in `openssl s_server -WWW` where it would attempt to invoke
`SSL_sendfile` if `-ktls -sendfile` was passed on the command line, even
if KTLS has not actually been enabled, for example because it is not
supported by the host. Since `SSL_sendfile` is only supported when KTLS
is actually being used, this resulted in a failure to serve requests.

Fixes #17503.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17788)
2022-03-03 13:39:34 +00:00
Matt Caswell
c1b364cee3 Perturb the malloc output during tests
Set the environment variable MALLOC_PERTURB_ during tests to perturb the
output from OPENSSL_malloc() calls (see the mallopt man page for details
about this environment variable). This could be a low cost way of spotting
uninit reads in "make test" runs in some situations.

In tests I have found it to be a little unreliable (sometimes it seemed to
not perturb the output for inexplicable reasons) - but since this is easy
to implement I think it is worthwhile.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17768)
2022-03-03 13:36:21 +00:00
John Baldwin
0176fc78d0 asn1_string_to_time_t: Use timegm on FreeBSD.
FreeBSD does not provide a global timezone variable containing the
offset to UTC.  Instead, FreeBSD's libc includes a legacy timezone
function dating back to Version 7 AT&T UNIX.  As a result,
asn1_string_to_time_t currently fails to compile on FreeBSD as it
subtracts a function from a time_t value:

../crypto/asn1/a_time.c:625:37: error: invalid operands to binary expression ('time_t' (aka 'long') and 'char *(int, int)')
    timestamp_utc = timestamp_local - timezone;
                    ~~~~~~~~~~~~~~~ ^ ~~~~~~~~
1 error generated.

However, FreeBSD's libc does include a non-standard (but widely
available) timegm function which converts a struct tm directly to a
UTC time_t value.  Use this on FreeBSD instead of mktime.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17765)
2022-03-03 13:33:12 +00:00
Michael Baentsch
065442165a Add testing of OBJ_find_sigid_by_algs()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)
2022-03-03 13:32:48 +01:00
Michael Baentsch
d15d561844 enable CMS sign/verify for provider-implemented PKEYs
We need to handle signatures with and without digest algs
and we generalize the ossl_cms_ecdsa_dsa_sign() function
to other algorithms that are handled in the same way.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)
2022-03-03 13:30:45 +01:00
zhangzhilei
13ba91cb02 SM4 optimization for non-asm mode
This patch use table-lookup borrow from aes in crypto/aes/aes_core.c.

Test on my PC(AMD Ryzen Threadripper 3990X 64-Core Processor),

before and after optimization:

debug mode:

Before:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC          40101.14k    41453.80k    42073.86k    42174.81k    42216.11k    42227.03k
SM4-ECB          41222.60k    42074.88k    42673.66k    42868.05k    42896.04k    42844.16k
SM4-CTR          35867.22k    36874.47k    37004.97k    37083.82k    37052.42k    37076.99k

After:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC          47273.51k    48957.40k    49665.19k    49810.77k    49859.24k    49834.67k
SM4-ECB          48100.01k    49323.34k    50224.04k    50273.28k    50533.72k    50730.12k
SM4-CTR          41352.64k    42621.29k    42971.22k    43061.59k    43089.92k    43100.84k

non-debug mode:

Before:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC         141596.59k   145102.93k   146794.50k   146540.89k   146650.45k   146877.10k
SM4-ECB         144774.71k   155106.28k   158166.36k   158279.00k   158520.66k   159280.97k
SM4-CTR         138021.10k   141577.60k   142493.53k   142736.38k   142852.10k   143125.16k

After:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC         142016.95k   150068.48k   152238.25k   152773.97k   153094.83k   152027.14k
SM4-ECB         148842.94k   159919.87k   163628.37k   164515.84k   164697.43k   164790.27k
SM4-CTR         141774.23k   146206.89k   147470.25k   147816.28k   146770.60k   148346.20k

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17766)
2022-03-03 13:19:55 +01:00
Hugo Landau
43135a5d22 Fix NULL pointer dereference for BN_mod_exp2_mont
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.

Regression test added. Fixes #17648.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17783)
2022-03-03 10:31:24 +01:00
Hugo Landau
df5c86e9f8 Enable openssl req -x509 to create certificates from CSRs
`openssl req -x509` has code allowing it to generate certificates from CSRs
as a replacement for `openssl x509`, but a bug prevents it from working
properly. -CA and -CAkey can now be passed to generate a CA-signed
certificate as documented in openssl-req(1).

Regression testing has been added to `openssl req`.

Fixes #17736.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17782)
2022-03-03 10:21:51 +01:00
Daniel
8bfb7506d2 Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.
Fixes #12491.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17744)
2022-03-02 12:59:30 +01:00
Nicola Tuveri
d71151ae70 [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Nicola Tuveri
b139a95665 [ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3
Fixes #17743

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Nicola Tuveri
66914fc024 [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Tom Cosgrove
d2d2401aed aarch64: Fix async_fibre_swapcontext() on clang BTI builds
Reverting to using swapcontext() when compiling with clang on BTI-enabled
builds fixes the BTI setjmp() failure seen when running asynctest.

The issue with setjmp/longjmp is a known clang bug: see
https://github.com/llvm/llvm-project/issues/48888

Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17698)
2022-03-01 09:51:29 +11:00
Jiasheng Jiang
366a162639 crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
2022-02-28 12:18:24 +01:00
Jiasheng Jiang
885d97fbf8 fuzz/fuzz_rand.c: Add check for OSSL_LIB_CTX_new
As the potential failure of the OPENSSL_zalloc(), the OSSL_LIB_CTX_new()
could return NULL.
Therefore, it should be better to check it and return error if fails in
order to guarantee the success of the initialization.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17738)
2022-02-28 12:15:41 +01:00
Matt Caswell
3d4dd8f272 Correct the UnsafeLegacyServerConnect docs
This option is no longer set by default from OpenSSL 3.0.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17748)
2022-02-28 09:07:34 +00:00
xkernel
37be6feeeb check the return value of CRYPTO_strdup()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17741)
2022-02-28 19:26:49 +11:00
Pauli
28e141c45d Change strlen' argument name to strlength' to avoid c++ reserved words.
Fixes #17753

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17764)
2022-02-28 16:24:27 +11:00
Pauli
af788ad6c3 fetch: convert a NULL property query to ""
Previously, a NULL property query was never cached and this lead to a
performance degregation.  Now, such a query is converted to an empty string
and cached.

Fixes #17752
Fixes https://github.openssl.org/openssl/openssl/issues/26

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17769)
2022-02-28 16:20:33 +11:00
Richard Levitte
98b7b74122 VMS: copy prologue/epilogue headers when header files are generated
This is crucial when the build tree isn't the source tree, as they
only take effect in directories where included header files reside.

The issue only comes up when linking with the static libraries, since
the shared libraries have upper case aliases of all symbols.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17755)
2022-02-25 07:50:51 +01:00
Jiasheng Jiang
18cb1740cc test/crltest.c: Add check for glue2bio
As the glue2bio() could return NULL pointer if fails,
it should be better to check the return value in order
to avoid the use of NULL pointer.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17718)
2022-02-24 11:24:51 +11:00
Jiasheng Jiang
cf21d1c62d bio_enc.c: add check for BIO_new_mem_buf
Since the memory allocation may fail, the BIO_new_mem_buf() may
return NULL pointer.
Therefore, it should be better to check it and return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17730)
2022-02-24 11:23:31 +11:00
Carlo Teubner
cbb6f4dbf0 X509_VERIFY_PARAM_set_flags.pod: fix typos
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17731)
2022-02-24 11:21:56 +11:00
Raul Ferrando
632e8be2b5 Add -quiet option to pkcs7 for -print_certs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17708)
2022-02-24 11:21:06 +11:00
Matt Caswell
42659159f4 Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num()
This macro and function were deprecated in the documentation but not in
the source.

Following an OTC vote the deprecation has been removed from the
documentation.

See https://github.com/openssl/technical-policies/issues/26

Fixes #17517

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17750)
2022-02-24 10:01:59 +11:00
msa42
0bc2fda3d3 doc: Fix KDF example for scrypt
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17745)
2022-02-24 09:23:08 +11:00
Matt Caswell
7e1eda483e Fix a failure in sslapitest
The SNI test in test_cert_cb_int() was always failing because it used
SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the
correct libctx. PR #17739 amended the test to check the return value from
SSL_CTX_new() which made the failure obvious.

Fixes #17757

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17758)
2022-02-23 11:49:48 +00:00
xkernel
8d215738a0 check *libctx which is allocated by OSSL_LIB_CTX_new()
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17740)
2022-02-23 10:23:10 +11:00
Jiasheng Jiang
b0317df231 test/sslapitest.c: Add check for SSL_CTX_new
As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fails, like SSL_CTX_new_ex().

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17739)
2022-02-23 10:21:27 +11:00
Dr. David von Oheimb
a044af49c4 X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)
2022-02-22 12:05:08 +01:00
Dr. David von Oheimb
2455a21f4e X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)
2022-02-22 12:05:08 +01:00
Dr. David von Oheimb
cd7ec0bca0 CMP: add subject of any provided CSR as default message sender
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17723)
2022-02-22 12:01:57 +01:00
Deepankar Bhattacharjee
f596bbe4da chacha20 performance optimizations for ppc64le with 8x lanes,
Performance increase around 50%.

Co-authored-by: Madhusudhanan Duraisamy <madurais@in.ibm.com>

Co-authored-by: Nilamjyoti Goswami <nilamgoswami@in.ibm.com>

Co-authored-by: Siva Sundar Anbareeswaran <srisivasundar@in.ibm.com>

Reviewed-by: Danny Tsen <dtsen@us.ibm.com>
Tested-by: Danny Tsen <dtsen@us.ibm.com>
Signed-off-by: Danny <dtsen@us.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16637)
2022-02-22 16:58:55 +11:00
Pauli
7b3041eba1 x509: handle returns from X509_TRUST_get_by_id() more consistently
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)
2022-02-21 11:42:34 +11:00
Jiasheng Jiang
09dca55733 rand: Add missing check for rand_get_global
As the potential failure of the rand_get_global(),
for example fail to get lock, 'dgbl' could be NULL
pointer and be dereferenced later.
Therefore, it should be better to check it and return
error if fails, like RAND_get0_primary() and other callers.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17690)
2022-02-20 13:09:27 +01:00
Jiasheng Jiang
d43597c718 fuzz/asn1.c: Add missing check for BIO_new
Since the BIO_new may fail, the 'bio' could be NULL pointer and be used.
Therefore, it should be better to check it and skip the print if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17690)
2022-02-20 13:04:24 +01:00
Jiasheng Jiang
78c5f1266f test/mdc2test.c: Add check for OSSL_PROVIDER_load
Since the potential failure of the OSSL_PROVIDER_load(),
for example there is no lock, the provider could fail to
be loaded into the library context.
Therefore, it should be better to check it and return error
if fails.
Also, in order to avoid free unknown pointer, 'c' should be
initialized as NULL.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17729)
2022-02-20 12:56:41 +01:00
yangyangtiantianlonglong
4a4f446008 doc: Refactored the example in crypto.pod
Added return value and error code in the sample

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)
2022-02-20 12:51:52 +01:00
yangyangtiantianlonglong
5272fdca6b doc: Update "SSL/TLS" old documentation description in openssl.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)
2022-02-20 12:51:48 +01:00
Dimitris Apostolou
2d17290d2c Fix typo
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17713)
2022-02-20 12:43:20 +01:00
Oleg Pekar
522a32ef1e Add changes logs caption for the next release 1.1.1n
Co-authored-by: Matthias St. Pierre <matthias.st.pierre@ncp-e.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)
2022-02-20 12:35:22 +01:00
Oleg Pekar
e0d00d79dd Fixed the date of changes of 1.1.1m
Fixed the date in the heading of "Changes between 1.1.1l and 1.1.1m" to 14 Dec 2021

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)
2022-02-20 12:35:22 +01:00