Bernd Edlinger [Mon, 17 Jun 2019 14:57:25 +0000 (16:57 +0200)]
Handle CTRL-C as non-redoable abort signal
This is a bit annoying, if for instance "openssl genrsa -aes128"
tries to read a 4+ character size password, but CTRL-C does no longer
work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by
UI_set_result_ex, together with the error "You must type in 4 to 1023 characters".
Thus remove the REDOABLE flag to allow CTRL-C to work.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9170)
Miquel Ruiz [Mon, 22 Oct 2018 21:34:57 +0000 (22:34 +0100)]
Add SSL_shutdown to SSL_get_error's documentation
SSL_shutdown can fail if called during initialization, and in such case, it'll
add an error to the error queue. This adds SSL_shutdown to the list of functions
that should preceed the call to SSL_get_error.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/7465)
Rebecca Cran [Wed, 12 Jun 2019 20:03:36 +0000 (14:03 -0600)]
Fix UEFI build on FreeBSD by not including system headers
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9149)
Matt Caswell [Tue, 18 Jun 2019 10:45:26 +0000 (11:45 +0100)]
Following the previous 2 commits also move ecpointformats out of session
The previous 2 commits moved supported groups and ciphers out of the
session object to avoid race conditions. We now also move ecpointformats
for consistency. There does not seem to be a race condition with access
to this data since it is only ever set in a non-resumption handshake.
However, there is no reason for it to be in the session.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9176)
Matt Caswell [Fri, 14 Jun 2019 13:06:55 +0000 (14:06 +0100)]
Fix a race condition in ciphers handling
Similarly to the previous commit we were storing the peer offered list
of ciphers in the session. In practice there is no need for this
information to be avilable from one resumption to the next since this
list is specific to a particular handshake. Since the session object is
supposed to be immutable we should not be updating it once we have decided
to resume. The solution is to remove the session list out of the session
object.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9176)
Matt Caswell [Fri, 14 Jun 2019 11:46:13 +0000 (12:46 +0100)]
Fix a race condition in supported groups handling
In TLSv1.3 the supported groups can be negotiated each time a handshake
occurs, regardless of whether we are resuming or not. We should not store
the supported groups information in the session because session objects
can be shared between multiple threads and we can end up with race
conditions. For most users this won't be seen because, by default, we
use stateless tickets in TLSv1.3 which don't get shared. However if you
use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can
happen.
The answer is to move the supported the supported group information into
the SSL object instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9176)
Bernd Edlinger [Fri, 14 Jun 2019 12:48:37 +0000 (14:48 +0200)]
Fix error handling at openssl_strerror_r
When bufsize == 0, openssl_strerror_r should return 0 (if _GNU_SOURCE is defined),
to be consistent with non-_GNU_SOURCE variants, which exhibit the same behavior.
Fix a few cases, where the return value of openssl_strerror_r was ignored.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9163)
Rebecca Cran [Thu, 13 Jun 2019 22:09:47 +0000 (16:09 -0600)]
Swap #if blocks in uid.c so target platform gets checked before host
This avoids the case where a UEFI build on FreeBSD tries to call the system
issetugid function instead of returning 0 as it should do.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9158)
Matt Caswell [Wed, 12 Jun 2019 11:12:07 +0000 (12:12 +0100)]
Update the d2i docs to reflect reality
The d2i docs state that if an error occurs then |*a| is not freed. This
is not correct. On error it is freed and set to NULL. We update the docs
to say this, and also discuss the fact that this behaviour was inconsistent
prior to OpenSSL 1.1.0.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9146)
raja-ashok [Tue, 11 Jun 2019 14:59:08 +0000 (20:29 +0530)]
Fix typo mistake on calls to SSL_ctrl in ssl.h
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9140)
Acheev Bhagat [Wed, 12 Jun 2019 00:28:04 +0000 (20:28 -0400)]
Remove redundant include
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9137)
Matt Caswell [Tue, 11 Jun 2019 12:27:45 +0000 (13:27 +0100)]
Move a fall through comment
When compiling with --strict-warnings using gcc 7.4.0 the compiler
complains that a case falls through, even though there is an explicit
comment stating this. Moving the comment outside of the conditional
compilation section resolves this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9131)
Bernd Edlinger [Mon, 10 Jun 2019 08:24:35 +0000 (10:24 +0200)]
Fix a URL to the NMBRTHRY list archive
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9123)
Shigeki Ohtsu [Fri, 7 Jun 2019 02:49:48 +0000 (11:49 +0900)]
Fix doc to remove const arg in GEN_SESSION_CB
ae3947de095 changed the callback arg not to have a const parameter.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9104)
The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b87f037
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.
It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit a08714e18131b1998faa0113e5bd4024044654ac)
(Merged from https://github.com/openssl/openssl/pull/9118)
Acheev Bhagat [Fri, 7 Jun 2019 00:05:49 +0000 (20:05 -0400)]
Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9101)
David Makepeace [Fri, 7 Jun 2019 00:45:51 +0000 (10:45 +1000)]
Fixed typo in code comment.
[skip ci]
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9102)
Fix typo in macro argument of SSL_set1_client_sigalgs_list()
Fixes #9092
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9093)
Document deprecation of version-specific SSL/TLS methods
In commit 2b8fa1d56cd3 the version-specific SSL/TLS methods were
deprecated. This patch improves the documentation of that change
by stating the deprecation more prominently in the manual page
and explaining the reason for the deprecation.
Fixes #8989
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9001)
cnt greater than sizeof(strerror_pool) results in an unbounded
OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash.
When the first received error string was empty or contained only
spaces, cur would move in front of the start of the strerror_pool.
Also don't call openssl_strerror_r when the pool is full.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8966)
Matt Caswell [Wed, 17 Apr 2019 10:09:05 +0000 (11:09 +0100)]
Defer sending a KeyUpdate until after pending writes are complete
If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.
This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.
Fixes #8677
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)
Shane Lontis [Mon, 3 Jun 2019 05:19:48 +0000 (15:19 +1000)]
Add the content type attribute to additional CMS signerinfo.
Fixes #8923
Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)
Retropotenza [Fri, 31 May 2019 10:43:24 +0000 (12:43 +0200)]
Fix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux
CLA: trivial
Fixes #8911
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8866)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8866)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9052)
agnosticdev [Wed, 29 May 2019 15:27:26 +0000 (10:27 -0500)]
issue-8998: Ensure that the alert is generated and reaches the remote
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9041)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9021)
Richard Levitte [Mon, 27 May 2019 17:16:14 +0000 (19:16 +0200)]
Configure: make 'enable-buildtest-c++' work (not be a regexp)
OpenSSL 1.1.1's Configure treats the strings in @disablables as regexps,
which means that the 'buildtest-c++' option needs a bit of escaping to
be interpreted as intended.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9016)
Richard Levitte [Mon, 27 May 2019 12:40:25 +0000 (14:40 +0200)]
Configure: Remove extra warning and sanitizer options from CXXFLAGS
We add the extra warning and sanitizer options to check our code,
which is entirely in C. We support C++ compilers uniquely for the
sake of certain external test suites, and those projects can probably
sanitize their own code themselves.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9013)
Richard Levitte [Mon, 15 Apr 2019 15:30:11 +0000 (17:30 +0200)]
doc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements
The documentation of what a X509_LOOKUP implementation must do was
unclear and confusing. Most of all, clarification was needed that it
must store away the found objects in the X509_STORE.
Fixes #8707
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8755)
Fix a crash in the speed command with wrap ciphers
e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)
Matt Caswell [Wed, 22 May 2019 18:36:25 +0000 (19:36 +0100)]
Add the NIST CAVS test vectors for CCM
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)
Patrick Steuer [Tue, 21 May 2019 16:50:39 +0000 (18:50 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for DSA
Fixes #7323
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)
Patrick Steuer [Tue, 21 May 2019 15:43:54 +0000 (17:43 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for ECDSA
Fixes #8957
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)
Arne Schwabe [Fri, 17 May 2019 10:35:33 +0000 (12:35 +0200)]
Change SSL parameter SSL_session_reused const
This function only returns a status and does not modify the parameter.
Since similar function are already taking const parameters, also
change this function to have a const parameter.
Fixes #8934
CLA: trivial Signed-off-by: Arne Schwabe <arne@rfc2549.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8945)
Valentin Robert [Thu, 9 May 2019 19:12:31 +0000 (12:12 -0700)]
Fix typo in NOTES.PERL
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8905)
Rashmica Gupta [Tue, 7 May 2019 02:42:59 +0000 (12:42 +1000)]
crypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8889)
This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.
GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.
This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)
Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'
Since commit 137096a7ead it is possible to specify keywords instead
of negative magic numbers for the salt length. This commit replaces
the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes
by `rsa_pss_saltlen:max`.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8860)
Wojciech Kaluza [Sun, 21 Apr 2019 11:39:20 +0000 (12:39 +0100)]
Allow setting RCFLAGS as Configure option or environment variable
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)
Wojciech Kaluza [Sun, 21 Apr 2019 11:14:34 +0000 (12:14 +0100)]
Add RCFLAGS variable in Windows build file, and use it
- Allow user-defined RCFLAGS
- Pass RCFLAGS to RC
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)
Pauli [Wed, 24 Apr 2019 01:24:11 +0000 (11:24 +1000)]
Statistically test BN_rand_range().
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence
in the uniformity of the output of the random range generation function.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8818)
Enforce a strict output length check in CRYPTO_ccm128_tag
Return error if the output tag buffer size doesn't match
the tag size exactly. This prevents the caller from
using that portion of the tag buffer that remains
uninitialized after an otherwise succesfull call to
CRYPTO_ccm128_tag.
Bug found by OSS-Fuzz.
Fix suggested by Kurt Roeckx.
Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8810)
Jakub Jelen [Thu, 18 Apr 2019 14:09:45 +0000 (16:09 +0200)]
doc: Get rid of unrelated reference to DSA_new()
CLA: trivial
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8786)
Richard Levitte [Tue, 23 Apr 2019 07:41:19 +0000 (09:41 +0200)]
Configure: make disabling stuff easier and safer
Disabling one thing may mean having to disable other things as well.
We already have a process to auto-disable things through cascading,
but that was under-used.
Making the cascading mechanism available through a function to be
called to disable stuff makes it more automatic, and helps us when we
forget how different disabling options affect others.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)
Richard Levitte [Tue, 23 Apr 2019 07:24:38 +0000 (09:24 +0200)]
Configure: merge all of %user and %useradd into %config earlier
This came about with the realisation that upper case CFLAGS, LDFLAGS
and so on aren't treated much after that, and this makes figuring out
user added flags significantly easier, just look in %config.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8756)
Richard Levitte [Mon, 15 Apr 2019 11:15:55 +0000 (13:15 +0200)]
asn1parse: avoid double free
|str| was used for multiple conflicting purposes. When using
'-strictpem', it's used to uniquely hold a reference to the loaded
payload. However, when using '-strparse', |str| was re-used to hold
the position from where to start parsing.
So when '-strparse' and '-strictpem' are were together, |str| ended up
pointing into data pointed at by |at|, and was yet being freed, with
the result that the payload it held a reference to became a memory
leak, and there was a double free conflict when both |str| and |at|
were being freed.
The situation is resolved by always having |buf| hold the pointer to
the file data, and always and only use |str| to hold the position to
start parsing from. Now, we only need to free |buf| properly and not
|str|.
Fixes #8752
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8753)
Further harmonisation of manual page HISTORY sections
A couple of minor tweaks to match the style introduced in #7854:
- BIO_connect: remove line break to make more grep friendly
- SSL_CTX_new: harmoise the format of the HISTORY section
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 938e82f622eb04ebbfe534c79d234d0f6a0df035)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)
Update various man pages to place HISTORY section after SEE ALSO
SEE ALSO before HISTORY is the more common pattern in OpenSSL manual
pages and seems to be the prevalent order based on sampling my system
manual pages.
Fixes #8631
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b5c4bbbe54e112b976155004b3d702e47ce7d9d9)
Add a check for history section location to find-doc-nits
Check that the HISTORY section is located after the SEE ALSO section,
this is a much more frequent order in OpenSSL manual pages (and UNIX
manual pages in general).
Also check that SEE ALSO comes after EXAMPLES, so that the tool can
ensure the correct manual section sequence.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 573ac8f2228241771f727ecd8ff10f54073536d3)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)
Make check_example_location() in find-doc-nits generic
Change to check_section_location(), a generic function to ensure that
section SECTION appears before section BEFORE in the man pages.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 95f92d57755a9bfc83135a585da69d497f7293d9)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8736)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8736)
Don't use coordinate blinding when scalar is group order
This happens in ec_key_simple_check_key and EC_GROUP_check.
Since the the group order is not a secret scalar, it is
unnecessary to use coordinate blinding.
Fixes: #8731 Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8734)
Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8697)