Commit Graph

35452 Commits

Author SHA1 Message Date
Richard Levitte
b96e10b9f9 fix: refactor the EVP_PKEY_OP checks
On the one hand, we have public macros that are collections of EVP_PKEY_OP
bits, like EVP_PKEY_OP_TYPE_SIG, obviously meant to be used like this:

    if ((ctx->operation & EVP_PKEY_OP_TYPE_SIG) == 0) ...

On the other hand, we also have internal test macros, like
EVP_PKEY_CTX_IS_SIGNATURE_OP(), obviously meant to be used like this:

    if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) ...

Unfortunately, these two sets of macros were completely separate, forcing
developers to keep them both sync, manually.

This refactor makes the internal macros use the corresponding public macros,
and adds the missing public macros, for consistency.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24854)
2024-07-21 12:04:49 -04:00
Tomas Mraz
a988704147 tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length()
Fixes Coverity 1598052

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24929)
2024-07-21 12:00:20 -04:00
slontis
53b0527dd7 Remove check for RSA encryption allowing X9.31 padding.
X9.31 is a Signature Standard, and should not apply to encryption.

rsa_ossl_public_encrypt() does not allow this padding mode.
The openssl rsautil command line tool already failed if the
-x931 option was used with -encrypt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24938)
2024-07-21 11:54:58 -04:00
Pauli
98afa01f3e fips: correctly initialise FIPS indicator settables
The `memset(3)` just happened to work because 2s complement.
This is more robust.

Also reduced the size of the indicator structure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24923)
2024-07-19 17:33:19 +02:00
Tomas Mraz
8a79f5bc18 prov-compat-label.yml: Do not test fips provider from master
The master branch will be modified by the PR so the result will
be misleading.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24933)
2024-07-19 17:32:05 +02:00
Tomas Mraz
d357e5476a Fix the provider compatibility CI
Added missing fips version checks in rand_test.c and evprand.txt

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24933)
2024-07-19 17:32:05 +02:00
Neil Horman
50066236eb Fix coverity-1604661
Coverity called out an error in asn1parse_main, indicating that the
for(;;) loop which repeatedly reads from a bio and updates the length
value num, may overflow said value prior to exiting the loop.

We could probably call this a false positive, but on very large PEM
file, I suppose it could happen, so just add a check to ensure that num
doesn't go from a large positive to a large negative value inside the
loop

Fixes openssl/private#571

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24910)
2024-07-18 19:09:10 +02:00
Neil Horman
0b67643ade Fix coverity-1610057
Coverity caught a error in a recent change, in which atoi was used to
assign a value to two size_t variables, and then checked them for being
>= 0, which will always be true.

given that atoi returns an undefined value (usually zero) in the event
of a failure, theres no good way to check the return value of atoi for
validitiy.

Instead use OPENSSL_strtoul and confirm both that the translation
passed, and that the endptr value is at the NULL terminator (indicating
that the entire string was consumed)

Fixes openssl/private#552

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24861)
2024-07-18 19:07:52 +02:00
Neil Horman
863e44c1e0 Add a stroul test
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24861)
2024-07-18 19:07:52 +02:00
Neil Horman
04f7729c40 Add an OPENSSL_strtoul wrapper
utility function to give us sane checking on strtoul conversions

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24861)
2024-07-18 19:07:52 +02:00
Tomas Mraz
202ef97edc Allow short reads in asn1_d2i_read_bio()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22486)
2024-07-18 19:05:46 +02:00
erbsland-dev
0d4663ca6a Improve clarity and readability of password input documentation
Fixed #7310: Enhanced existing documentation for password input methods
- Refined descriptions for password input methods: `file:`, `fd:`, and `stdin`
- Enhanced readability and consistency in the instructions
- Clarified handling of multiple lines in read files.
- Clarified that `fd:` is not supported on Windows.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24878)
2024-07-18 19:03:13 +02:00
Randall S. Becker
1b2ab42ed7 Change strnlen() to OPENSSL_strnlen() in fuzz/provider.
strnlen() is not portable. It is preferable to use the wrapper.

Fixes: #24908

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24912)
2024-07-18 17:26:55 +02:00
Gerd Hoffmann
d7af3f7aa7 fix vs2019 warning
windows vs2019 throws warnings when compiling openssl for edk2:

ERROR - Compiler #2220 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : the following warning is treated as an error
WARNING - Compiler #4701 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local variable 'peer_rpk' used
WARNING - Compiler #4703 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local pointer variable 'peer_rpk' used

Explicitly initialize the peer_rpk variable to make the compiler happy.

Yes, it's a false positive, but you have to check the tls_process_rpk()
body in another source file to see that, which apparently is beyond the
compiler's capabilities.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24895)
2024-07-18 16:13:41 +02:00
Tomas Mraz
7e7c41dff6 Fix test_cms recipe
The number of tests was not bumped in 29bbe7d008

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24926)
2024-07-18 09:42:57 +02:00
Richard Levitte
7821b7b977 fix: util/check-format-commit.sh to handle one-line diff hunks
For multi-line hunks, 'git diff -U0' outputs a pair of START,COUNT
indicators to show where the hunk starts and ends.  However, if the hunk is
just one line, only START is output, with the COUNT of 1 being implied.
Typically, this happens for copyright change hunks, like this:

    --- a/crypto/evp/evp_err.c
    +++ b/crypto/evp/evp_err.c
    @@ -3 +3 @@
    - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
    + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.

This is normal unified diff output, and our script must adapt.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24900)
2024-07-18 05:45:52 +02:00
Tomas Mraz
cf3d65b866 EVP_PKEY-DH.pod: Clarify the manpage in regards to DH and DHX types
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24819)
2024-07-17 16:39:00 +02:00
Tomas Mraz
45611a8a89 Document that DH and DHX key types cannot be used together in KEX
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24819)
2024-07-17 16:39:00 +02:00
Georgi Valkov
ce6b2f9826 threads_pthread, threads_win: improve code consistency
Improve code consistency between threads_pthread.c and threads_win.c
threads_pthread.c has good comments, let's copy them to threads_win.c
In many places uint64_t or LONG int was used, and assignments were
performed between variables with different sizes.
Unify the code to use uint32_t. In 32 bit architectures it is easier
to perform 32 bit atomic operations. The size is large enough to hold
the list of operations.
Fix result of atomic_or_uint_nv improperly casted to int *
instead of int.

Note:
In general size_t should be preferred for size and index, due to its
descriptive name, however it is more convenient to use uint32_t for
consistency between platforms and atomic calls.

READER_COUNT and ID_VAL return results that fit 32 bit. Cast them to
uint32_t to save a few CPU cycles, since they are used in 32 bit
operations anyway.

TODO:
In struct rcu_lock_st, qp_group can be moved before id_ctr
for better alignment, which would save 8 bytes.

allocate_new_qp_group has a parameter count of type int.
Signed values should be avoided as size or index.
It is better to use unsigned, e.g uint32_t, even though
internally this is assigned to a uint32_t variable.

READER_SIZE is 16 in threads_pthread.c, and 32 in threads_win.c
Using a common size for consistency should be prefered.

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24803)
2024-07-17 16:37:07 +02:00
Georgi Valkov
a2c74d7af6 threads_win: fix build error with mingw64
This fixes a build error regression on mingw64 introduced by me in
16beec98d2

In get_hold_current_qp, uint32_t variables were improperly
used to hold the value of reader_idx, which is defined as long int.
So I used CRYPTO_atomic_load_int, where a comment states
On Windows, LONG is always the same size as int

There is a size confusion, because
Win32 VC x86/x64: LONG, long, long int are 32 bit
MingW-W64: LONG, long, long int are 32 bit
cygwin64: LONG is 32 bit, long, long int are 64 bit

Fix:
- define reader_idx as uint32_t
- edit misleading comment, to clarify:
On Windows, LONG (but not long) is always the same size as int.

Fixes the following build error, reported in [1].
crypto/threads_win.c: In function 'get_hold_current_qp':
crypto/threads_win.c:184:32: error: passing argument 1 of 'CRYPTO_atomic_load_int' from incompatible pointer type [-Wincompatible-pointer-types]
  184 |         CRYPTO_atomic_load_int(&lock->reader_idx, (int *)&qp_idx,
      |                                ^~~~~~~~~~~~~~~~~
      |                                |
      |                                volatile long int *

[1] https://github.com/openssl/openssl/pull/24405#issuecomment-2211602282

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24803)
2024-07-17 16:37:07 +02:00
Dr. David von Oheimb
29bbe7d008 {CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)
2024-07-17 16:34:53 +02:00
Dr. David von Oheimb
cc31db1eb6 CMS_get1_{certs,crls}(): make sure they return NULL only on error
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)
2024-07-17 16:34:53 +02:00
Neil Horman
22e08c7cdc Fix coverity-1604666
Coverity recently flaged an error in which the return value for
EVP_MD_get_size wasn't checked for negative values prior to use, which
can cause underflow later in the function.

Just add the check and error out if get_size returns an error.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24896)
2024-07-17 16:30:55 +02:00
Neil Horman
a753547eef Fix coverity-1604665
Coverity issued an error in the opt_uintmax code, detecting a potential
overflow on a cast to ossl_intmax_t

Looks like it was just a typo, casting m from uintmax_t to ossl_intmax_t

Fix it by correcting the cast to be ossl_uintmax_t, as would be expected

Theres also some conditionals that seem like they should be removed, but
I'll save that for later, as there may be some corner cases in which
ossl_uintmax_t isn't equal in size to uintmax_t..maybe.

Fixes openssl/private#567

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24897)
2024-07-17 09:50:36 +02:00
Pauli
90c3db9e6a Unit test for switching from KMAC to other MAC in kbkdf.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24883)
2024-07-17 14:14:52 +10:00
Pauli
f35fc4f184 Fix kbkdf bug if MAC is set to KMAC and then something else
A context that is set to KMAC sets the is_kmac flag and this cannot be reset.
So a user that does kbkdf using KMAC and then wants to use HMAC or CMAC will
experience a failure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24883)
2024-07-17 14:14:41 +10:00
Pauli
4ac531ddcb Document the fips-indicator param for the test RNG
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24851)
2024-07-17 10:43:21 +10:00
Pauli
df32ba9e92 Add unit tests for the TEST-RAND FIPS indicator
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24851)
2024-07-17 10:43:21 +10:00
Pauli
924321a519 Add FIPS indicator for TEST-RAND
The indicator is always non-FIPS, since this is used for internal tasks and
hasn't been validated.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24851)
2024-07-17 10:43:21 +10:00
erbsland-dev
2dd74d3acb Add tests for long configuration lines with backslashes
Introduce new test files to verify behavior with config lines longer than 512 characters containing backslashes. Updated test plan to include these new test scenarios.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24890)
2024-07-16 21:32:40 +02:00
erbsland-dev
f54e4bc51b Fix line continuation check in config parser
Fixes #8038: Previously, line continuation logic did not account for the 'again' flag, which could cause incorrect removal of a backslash character in the middle of a line. This fix ensures that line continuation is correctly handled only when 'again' is false, thus improving the reliability of the configuration parser.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24890)
2024-07-16 21:32:40 +02:00
erbsland-dev
f692ceeedc Clarify in-place encryption behavior in documentation
Fixes #7941: Update the `EVP_EncryptUpdate` documentation to specify that in-place encryption is guaranteed only if the context does not contain incomplete data from previous operations.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24887)
2024-07-16 13:20:58 -04:00
Neil Horman
c1a27bdeb9 Fix cmake generator
PR #24678 modified some environment variables and locations that the
cmake exporter depended on, resulting in empty directory resolution.
Adjust build build.info and input variable names to match up again

Fixes #24874

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24877)
2024-07-16 11:12:04 -04:00
Tomas Mraz
b916940752 Optimization of ossl_ec_key_public_check()
We can do just the quick check if cofactor == 1 as the
fact that the point is on the curve already implies
that order * point = infinity.

Fixes #21833

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24816)
2024-07-16 15:36:46 +02:00
Neil Horman
01753c09bb Set down_load factor on hash table when culling items in doall
oss-fuzz noted this issue:
https://oss-fuzz.com/testcase-detail/5363002606419968

Which reports a heap buffer overflow during ossl_method_cache_flush_some

Its occuring because we delete items from the hash table while inside
its doall iterator

The iterator in lhash.c does a reverse traversal of all buckets in the
hash table, and at some point a removal during an iteration leads to the
hash table shrinking, by calling contract.  When that happens, the
bucket index becomes no longer valid, and if the index we are on is
large, it exceeds the length of the list, leading to an out of band
reference, and the heap buffer overflow report.

Fix it by preventing contractions from happening during the iteration,
but setting the down_load factor to 0, and restoring it to its initial
value after the iteration is done

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24867)
2024-07-16 06:05:14 -04:00
Pauli
2c3f1a6cad Fix parameter types int -> integer changes
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24881)
2024-07-16 06:42:05 +02:00
Matt Caswell
5c6975bd44 Fix a copy & paste error in the EVP_RAND docs
The "max_request" string is defined via the OSSL_RAND_PARAM_MAX_REQUEST
macro.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24863)
2024-07-15 16:42:24 -04:00
Daniel Gustafsson
b33f2697d9 Rearrange code examples in docs for clarity
The introduction of a deprecation notice between the header include
line and the function prototypes left the inclusion in the previous
block.  Move the #include to after the deprecation notice to ensure
that the headers is included together with the corresponding MDX_y*
functions.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24864)
2024-07-15 12:21:31 -04:00
Neil Horman
9884568569 Fix coverity-1510058
coverity noted a recent change made a call to OSSL_PARAM_get_size_t
without checking the return code, as is practice in all other call
sites.

Just add the check.

Fixes openssl/private#551

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24860)
2024-07-15 10:10:00 +10:00
Neil Horman
42230f294a Convert check-format-commits.sh to use allowlist
Initially check-format-commits.sh tried to check everything, using a
banlist to exlude files not appropriate for checking.

Its becoming clear that that approach isn't workable, given that the
number of files that we should not check far outweighs the number of
files that we should check.

Ideally we should be checking .c files, .h files and their .in
counterparts, everything else should be excluded (at least for now)

convert the script to using an allowlist, only checking the above list,
and ignoring everything else

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24865)
2024-07-13 12:23:52 -04:00
Matt Caswell
e8c7febc8f Fix a minor typo in the documentation of RAND_set_seed_source_type()
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24858)
2024-07-12 18:08:44 +02:00
Richard Levitte
edb5dd56fc fix(stylecheck): Take advantage of check-format-commit.sh's new capability
.github/workflows/style-checks.yml now runs util/check-format-commit.sh
with the whole range of commits of the given PR.  This allows code style
fixups to be in a separate commit.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)
2024-07-12 15:37:07 +01:00
Richard Levitte
c2083f4ec6 feat: enhance util/check-format-commit.sh to be able to handle a commit range
Additionally, the 'git diff' call is modified to not show context lines, as
it's confusing to have style nits displayed on lines the author of the
commits hasn't touched.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)
2024-07-12 15:36:50 +01:00
erbsland-dev
b74646b627 Document Internal EVP_MD_CTX_ Flags
Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
internal use only and must not be used in user code.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24829)
2024-07-12 15:54:35 +02:00
Georgi Valkov
20da3dabc4 o_fopen: fix coding style and build error with VS2010
Follow the coding style to place variable definitions before code

Fixes a build error on Windows 2003 with VS2010 introduced in [1]
crypto\o_fopen.c(45) : error C2143: syntax error : missing ';' before 'type'
crypto\o_fopen.c(46) : error C2275: 'DWORD' : illegal use of this type as an expression
        E:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\windef.h(152) : see declaration of 'DWORD'
crypto\o_fopen.c(46) : error C2146: syntax error : missing ';' before identifier 'flags'
crypto\o_fopen.c(46) : error C2065: 'flags' : undeclared identifier

[1] 917f37195a

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24853)
2024-07-12 11:23:56 +01:00
Tomas Mraz
b24a8200ab x_attrib.c: Fix print_hex() function
- Better handle 0 length input
- Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex()
  which fixes insufficient length of the allocate buffer.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24771)
2024-07-12 11:20:35 +01:00
Hongren Zheng
6cf42ad392 riscv: Fix cpuid_obj asm checks for sm4/sm3
Similar to #22881 / #23752

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/24486)
2024-07-12 11:09:02 +01:00
Richard Levitte
6eb648941e fix: drop DSA <=> dsaWithSHA1 aliasing
For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.

This was first discovered with 'openssl list':

    $ openssl list -signature-algorithms
    ...
    { 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default

This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).

Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)
2024-07-12 11:20:23 +02:00
Dmitry Misharov
8b591dceef deploy docs.openssl.org on doc changes
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24839)
2024-07-12 10:59:15 +02:00
Neil Horman
861e1f450c ignore various files in commit checker
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24845)
2024-07-11 23:13:47 -04:00