Commit Graph

31015 Commits

Author SHA1 Message Date
Hugo Landau
c0b7dac66e EVP_MD performance fix (refcount cache contention)
Partial fix for #17064. Avoid excessive writes to the cache line
containing the refcount for an EVP_MD object to avoid extreme
cache contention when using a single EVP_MD at high frequency on
multiple threads. This changes performance in 3.0 from being double
that of 1.1 to only slightly higher than that of 1.1.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17857)
2022-03-13 11:43:26 +11:00
Richard Levitte
abdb2278d2 Make ossltest engine use in test/recipes/20-test_dgst.t platform agnostic
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17861)
2022-03-12 11:00:07 +01:00
Dr. David von Oheimb
c8c923454b OSSL_CMP_CTX_setup_CRM(): Fix handling of defaults from CSR and refcert
Also update and complete related documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17726)
2022-03-12 09:05:02 +01:00
Todd Short
2cb52118dd DOC: TLS compression is disabled by default
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17854)
2022-03-11 10:35:48 -05:00
Dr. Matthias St. Pierre
a20c9b6c13 README: add missing link to OpenSSL 3.0 manual pages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17855)
2022-03-11 14:27:54 +11:00
Todd Short
a3e53d5683 Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
2022-03-10 10:42:43 -05:00
Tomas Mraz
97896f744d Drop ariacbc demo binary
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17848)
2022-03-10 14:36:13 +00:00
EasySec
f4f397a5cb Allow to *just* print key and IV of unstreamable modes when no input files
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17843)
2022-03-10 14:33:20 +00:00
xkernel
5266af8737 check the return of OPENSSL_sk_new_null
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/17836)
2022-03-10 14:28:06 +00:00
Todd Short
54b6755702 Set protocol in init_client()
If TCP is being used, protocol = 0 is passed to init_client(), then
protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17838)
2022-03-10 09:24:48 -05:00
Dmitry Belyavskiy
1753559230 Avoid potential memory leak
Resolves #17827

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17828)
2022-03-10 14:10:53 +00:00
xkernel
625b0990a0 check the return value of BIO_new_file()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17820)
2022-03-10 13:57:21 +00:00
Arran Cudbard-Bell
43ed242956 async_posix: Make ASYNC_set_mem_functions threadsafe
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17762)
2022-03-10 13:54:07 +00:00
Arran Cudbard-Bell
f6f56f4776 async_posix: Allow custom stack allocation functions to be specified for POSIX contexts
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17762)
2022-03-10 13:54:07 +00:00
Arran Cudbard-Bell
83c48d96ff async_posix: raise a memory allocation error if we fail to allocate stack memory
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17762)
2022-03-10 13:54:07 +00:00
Dr. Matthias St. Pierre
96a7766172 README: add link to migration_guide manual page
which replaces the link to the  OpenSSL 3.0 Wiki.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17840)
2022-03-10 14:05:59 +01:00
Matt Caswell
5979596247 Some platforms don't have pthread_atfork
We've had a report of a linker failure on some platforms (this one was
linux ARM) that apparently did not have pthread_atfork. It's strange that
this has not been reported before but the simplest solution is just to
remove this from the library since it isn't really used anyway.

Currently it is called to set up the fork handlers OPENSSL_fork_prepare,
OPENSSL_fork_parent and OPENSSL_fork_child. However all of those functions
are no-ops. This is a remnant from earlier code that got removed. We can
safely remove it now.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17842)
2022-03-10 13:22:28 +11:00
Marcel Raad
b420e24937 android-x86 target: Add -latomic
Fixes https://github.com/openssl/openssl/issues/14083 again after being
broken by https://github.com/openssl/openssl/pull/15640.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17833)
2022-03-09 18:03:23 +01:00
Michael Baentsch
fa66f62ebb Add external testing with oqsprovider
Including running the oqsprovider external test in the
CI external test build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17832)
2022-03-09 17:57:37 +01:00
Tom Cosgrove
a35c3a9f5b Use Perl to generate bsaes-armv8.S
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14592)
2022-03-09 17:50:03 +01:00
Ben Avison
82551af514 ARM assembly pack: translate bit-sliced AES implementation to AArch64
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14592)
2022-03-09 17:50:03 +01:00
Hugo Landau
fe537f89cd Fix test failure when testing with Test::Harness
Fixes an issue where, when the test suite was being run with the older
Test::Harness package, the test suite would not complete correctly due
to evaluation of $harness->runtests()->has_errors, which is only
available for the newer TAP::Parser::Aggregator code path.

Fixes #17818.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17823)
2022-03-09 09:46:09 +01:00
Hugo Landau
e9492d1cec Add EVP demos for RSA-PSS signing and verification
Two demos are provided: one using RSA-PSS directly in which a digest
must be provided, and one using RSA-PSS with the EVP_DigestSign APIs
which performs the hashing for you.

Fixes #14113.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17800)
2022-03-07 09:25:00 +11:00
Hugo Landau
3dafeacef8 Add EVP demo for Poly1305 demonstrating Poly1305-AES
Fixes #14122.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17796)
2022-03-07 09:22:29 +11:00
Daniel Hu
26efd0b377 Further acceleration for SM4-GCM on ARM
This patch will allow the SM4-GCM function to leverage the SM4
high-performance CTR crypto interface already implemented for ARM,
which is faster than current single block cipher routine used
for GCM

It does not address the acceleration of GHASH function of GCM,
which can be a future task, still we can see immediate uplift of
performance (up to 4X)

Before this patch:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-GCM         186432.92k   394234.05k   587916.46k   639365.12k   648486.91k   652924.25k

After the patch:
SM4-GCM         193924.87k   860940.35k  1696083.71k  2302548.31k  2580411.73k  2607398.91k

Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17814)
2022-03-07 09:20:24 +11:00
Daniel
3769727734 Add demo for ARIA-256-CBC.
Fixes #14104

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17802)
2022-03-07 08:02:54 +11:00
Hugo Landau
4c8cdcd1cf EVP demo for XOF digest using SHAKE256
This demo optionally accepts a single command line argument, allowing
the output length to be specified.

Fixes #14106.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17803)
2022-03-04 16:11:46 +01:00
xkernel
fa17f5c987 apps: several return value checks for BIO_new()
Also check return value of functions that call BIO_new() internally
such as dup_bio_out().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17421)
2022-03-04 15:18:59 +01:00
Richard Levitte
468d15179d Rework dependencies between config files and build files
Before PR #15310, which reworked how build files (Makefile, ...) were
generated, everything was done when configuring, so configdata.pm
could depend on build file templates and we'd get away with it.

However, since building configdata.pm is now independent of the build
file templates, that dependency is unnecessary, and would lead to
surprises of the build file template is updated, with an unexpected
full reconfiguration as a result, when all that's needed is to run
configdata.pm with no flags to get the build file re-generated.

This change is therefore a completion of what was forgotten in #15310.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17756)
2022-03-04 12:32:54 +01:00
XiaokangQian
2507903eb7 Fix build issue with aes-gcm-armv8-unroll8_64.S on older aarch64 assemblers
The EOR3 instruction is implemented with .inst, and the code here is enabled
using run-time detection of the CPU capabilities, so no need to explicitly
ask for the sha3 extension.

Fixes #17773

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17795)
2022-03-04 11:11:51 +01:00
Hugo Landau
2cc7c9b698 Add EVP demo for X25519 key exchange
This offers both a known answer test with fixed keys and also
demonstrates a more realistic usage with random keys.

Fixes #14118.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17799)
2022-03-04 11:03:36 +11:00
Hugo Landau
a3b4cd1d6e Fix typo in EVP_MD-BLAKE2(7)
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17790)
2022-03-03 14:10:24 +00:00
Hugo Landau
aea68b0ddb s_server: Do not use SSL_sendfile when KTLS is not being used
Fix a bug in `openssl s_server -WWW` where it would attempt to invoke
`SSL_sendfile` if `-ktls -sendfile` was passed on the command line, even
if KTLS has not actually been enabled, for example because it is not
supported by the host. Since `SSL_sendfile` is only supported when KTLS
is actually being used, this resulted in a failure to serve requests.

Fixes #17503.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17788)
2022-03-03 13:39:34 +00:00
Matt Caswell
c1b364cee3 Perturb the malloc output during tests
Set the environment variable MALLOC_PERTURB_ during tests to perturb the
output from OPENSSL_malloc() calls (see the mallopt man page for details
about this environment variable). This could be a low cost way of spotting
uninit reads in "make test" runs in some situations.

In tests I have found it to be a little unreliable (sometimes it seemed to
not perturb the output for inexplicable reasons) - but since this is easy
to implement I think it is worthwhile.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17768)
2022-03-03 13:36:21 +00:00
John Baldwin
0176fc78d0 asn1_string_to_time_t: Use timegm on FreeBSD.
FreeBSD does not provide a global timezone variable containing the
offset to UTC.  Instead, FreeBSD's libc includes a legacy timezone
function dating back to Version 7 AT&T UNIX.  As a result,
asn1_string_to_time_t currently fails to compile on FreeBSD as it
subtracts a function from a time_t value:

../crypto/asn1/a_time.c:625:37: error: invalid operands to binary expression ('time_t' (aka 'long') and 'char *(int, int)')
    timestamp_utc = timestamp_local - timezone;
                    ~~~~~~~~~~~~~~~ ^ ~~~~~~~~
1 error generated.

However, FreeBSD's libc does include a non-standard (but widely
available) timegm function which converts a struct tm directly to a
UTC time_t value.  Use this on FreeBSD instead of mktime.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17765)
2022-03-03 13:33:12 +00:00
Michael Baentsch
065442165a Add testing of OBJ_find_sigid_by_algs()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)
2022-03-03 13:32:48 +01:00
Michael Baentsch
d15d561844 enable CMS sign/verify for provider-implemented PKEYs
We need to handle signatures with and without digest algs
and we generalize the ossl_cms_ecdsa_dsa_sign() function
to other algorithms that are handled in the same way.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)
2022-03-03 13:30:45 +01:00
zhangzhilei
13ba91cb02 SM4 optimization for non-asm mode
This patch use table-lookup borrow from aes in crypto/aes/aes_core.c.

Test on my PC(AMD Ryzen Threadripper 3990X 64-Core Processor),

before and after optimization:

debug mode:

Before:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC          40101.14k    41453.80k    42073.86k    42174.81k    42216.11k    42227.03k
SM4-ECB          41222.60k    42074.88k    42673.66k    42868.05k    42896.04k    42844.16k
SM4-CTR          35867.22k    36874.47k    37004.97k    37083.82k    37052.42k    37076.99k

After:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC          47273.51k    48957.40k    49665.19k    49810.77k    49859.24k    49834.67k
SM4-ECB          48100.01k    49323.34k    50224.04k    50273.28k    50533.72k    50730.12k
SM4-CTR          41352.64k    42621.29k    42971.22k    43061.59k    43089.92k    43100.84k

non-debug mode:

Before:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC         141596.59k   145102.93k   146794.50k   146540.89k   146650.45k   146877.10k
SM4-ECB         144774.71k   155106.28k   158166.36k   158279.00k   158520.66k   159280.97k
SM4-CTR         138021.10k   141577.60k   142493.53k   142736.38k   142852.10k   143125.16k

After:
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
SM4-CBC         142016.95k   150068.48k   152238.25k   152773.97k   153094.83k   152027.14k
SM4-ECB         148842.94k   159919.87k   163628.37k   164515.84k   164697.43k   164790.27k
SM4-CTR         141774.23k   146206.89k   147470.25k   147816.28k   146770.60k   148346.20k

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17766)
2022-03-03 13:19:55 +01:00
Hugo Landau
43135a5d22 Fix NULL pointer dereference for BN_mod_exp2_mont
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.

Regression test added. Fixes #17648.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17783)
2022-03-03 10:31:24 +01:00
Hugo Landau
df5c86e9f8 Enable openssl req -x509 to create certificates from CSRs
`openssl req -x509` has code allowing it to generate certificates from CSRs
as a replacement for `openssl x509`, but a bug prevents it from working
properly. -CA and -CAkey can now be passed to generate a CA-signed
certificate as documented in openssl-req(1).

Regression testing has been added to `openssl req`.

Fixes #17736.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17782)
2022-03-03 10:21:51 +01:00
Daniel
8bfb7506d2 Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.
Fixes #12491.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17744)
2022-03-02 12:59:30 +01:00
Nicola Tuveri
d71151ae70 [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Nicola Tuveri
b139a95665 [ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3
Fixes #17743

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Nicola Tuveri
66914fc024 [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Tom Cosgrove
d2d2401aed aarch64: Fix async_fibre_swapcontext() on clang BTI builds
Reverting to using swapcontext() when compiling with clang on BTI-enabled
builds fixes the BTI setjmp() failure seen when running asynctest.

The issue with setjmp/longjmp is a known clang bug: see
https://github.com/llvm/llvm-project/issues/48888

Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17698)
2022-03-01 09:51:29 +11:00
Jiasheng Jiang
366a162639 crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
2022-02-28 12:18:24 +01:00
Jiasheng Jiang
885d97fbf8 fuzz/fuzz_rand.c: Add check for OSSL_LIB_CTX_new
As the potential failure of the OPENSSL_zalloc(), the OSSL_LIB_CTX_new()
could return NULL.
Therefore, it should be better to check it and return error if fails in
order to guarantee the success of the initialization.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17738)
2022-02-28 12:15:41 +01:00
Matt Caswell
3d4dd8f272 Correct the UnsafeLegacyServerConnect docs
This option is no longer set by default from OpenSSL 3.0.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17748)
2022-02-28 09:07:34 +00:00
xkernel
37be6feeeb check the return value of CRYPTO_strdup()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17741)
2022-02-28 19:26:49 +11:00
Pauli
28e141c45d Change strlen' argument name to strlength' to avoid c++ reserved words.
Fixes #17753

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17764)
2022-02-28 16:24:27 +11:00