git.ipfire.org Git - thirdparty/openssl.git/log

set SSLfatal if tls1_set_shared_sigalgs has a malloc failure

Detected another memfail failure

https://github.com/openssl/openssl/actions/runs/16926186604/job/47962169870

Tracking it back, it occurs because tls1_set_server_sigalgs attempts to
preform an allocation, and in the event of failure, returns 0 without
setting SSLfatal, like the other failure paths in this function do when
returning 0, which translates to a return of WORK_ERROR higher up the
stack

The result is that on the next call to check_fatal in
read_state_machine, we fail the assert when deubg is enabled (as it is
in the coverage tests).

Fix it by calling SSLfatal when the call to OPENSSL_calloc fails in this
function.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28250)

docs: fix typos

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28239)

rsa: made the padding and salt length parameter decoding more straightforward

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28242)

hkdf: make the mode decoding more straightforward

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28242)

asym cipher: make the pad type decoding more straightforward

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28242)

rsa sig: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

ecdsa sig: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

dsa sig: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

hmac drbg: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

hash drbg: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

ctr drbg: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

crng test: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

test_rng: make indicator parameter conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

kmac: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

hmac: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

cmac: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

rsa kem: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

ecx: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

ecdh: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

dh: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

rsa: make parameters conditional on FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

params: fix conditionals in param parser generation script

These problems only occur in edge cases when using conditional parameters.
I.e. not a problem before now.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)

test/ml_kem_internal_test.c: Add EVP_MD_free() in the error path to avoid memory leak

Add EVP_MD_free() to free sha256 in the error path to avoid memory leak.

Fixes: d2136d9 ("Multi-variant ML-KEM")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27946)

Add CRYPTO_FREE_REF to ossl_quic_free_token_store

ossl_quic_free_token_store doesn't call CRYPTO_FREE_REF on the
hdl->reference object, which could lead to memory leaks on platforms
that don't support atomics (where the call to CRYPTO_NEW_REF allocates a
mutex as part of its function. It wasn't caught before because all the
platforms we do ci on support threads.

Fixes #28241

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28247)

Add test coverage for PKCS7_TEXT mode

This was inspired by the following commit
9882d389df71 ("crypto/pkcs7/pk7_smime.c: Add BIO_free() to avoid memory leak")
which discovered a bug in PKCS7_verify(..., PKCS7_TEXT).
While there is some test coverage for PKCS_verify by
./test/pkcs7_test.c, there is no test coverage whatsoever
of the PKCS7_TEXT flag for PKCS7_sign, PKCS7_encrypt and
PKCS7_decrypt.
So this adds some test coverage for those functions as well.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28223)

DH private key size was one bit too large

In the case when no q parameter was given,
the function generate_key in dh_key.c did create
one bit too much, so the priv_key value was exceeding
the DH group size q = (p-1)/2.
When the length is used in this case the limit is also
one bit too high, but for backward compatibility this
limit was left as is, instead we have to silently reduce
the value by one.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27870)

RISC-V: Add MD5 assembly implementation with rv64gc and Zbb

For the rv64gc assembly implementation, we can get about 20%-50% better performance than compiler-generated code (-O3).
For the Zbb assembly implementation, we can get about 10%-30% better performance than compiler-generated code (-O3 -march=rv64gc_zbb).

Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27990)

RISC-V: Add Zbb orn and its pseudo instruction opcode to rv64gc in riscv.pm

Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27990)

Correct the synthetisized OPENSSL_VERSION_NUMBER

The last hex digit always became 0x0L, even of OPENSSL_VERSION_PRE_RELEASE
was the empty string.

Resolves: https://github.com/openssl/openssl/issues/28227

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28230)

git: add x942kdf.c to gitignore

It is now a generated file. See:
- https://github.com/openssl/openssl/pull/27923

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28231)

encode_key2ms: convert to use generated parameter parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

encode_key2any: convert to use generated parameter parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

decode_spki2typespki: convert to use generated parameter parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

decode_pvk2key: convert to use generated parameter parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

decode_pem2der: convert to use generated parameter parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

decode_epki2pki: convert to use generated parameter parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

decode_der2key: convert to use generated parameter parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

encode_decode: rename files for generated param parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28152)

rsa: update to use generated param decoders for signature operations

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)

sm2: update to use generated param decoders for signature operations

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)

slh_dsa: update to use generated param decoders for signature operations

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)

ecdsa: update to use generated param decoders for signature operations

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)

dsa: update to use generated param decoders for signature operations

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)

signatures: rename files in anticipation of generated param decoding

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)

rsa kem: convert to using generated param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)

ml_kem kem: convert to using generated param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)

ecx kem: convert to using generated param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)

ec kem: convert to using generated param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)

kem: rename files for autogeneration of param parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)

ecx: convert key exchange to using generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)

ecdh: convert key exchange to using generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)

dh: convert key exchange to using generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)

exchange: rename files for generated param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)

file_store_any: convert to using generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)

win store: convert to using generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)

file_store: convert to using generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)

storemgmt: rename files for generate param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)

rsa: update sm asymmetric cipher to use generated param parser

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)

sm2: update sm asymmetric cipher to use generated param parser

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)

asym: rename RSA and SM2 asymmetric cipher files

To allow generated param parsing

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)

drbg: convert DRBGs to use generated ctx get param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

drbg: convert DRBGs to use generated ctx set param decoders

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

crngt: update to use generated param handling

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

drbg: move drbg_local.h to somewhere it can be found by generated files

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

seed: update to use generated param handling

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

jitter: update to use generated param handling

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

test rand: update to use generated param handling

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

rands: rename files for autogeneration of param parser

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)

blake2: use generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

blake2: add generated param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

poly1305: convert poly1305 to use param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

siphash: convert siphash to use param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

gmac: convert GMAC to use param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

cmac: convert CMAC to use param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

kmac: convert KMAC to use param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

hmac: convert HMAC to use param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

hmac: remove two unsupported params

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

Rename MAC files for autogeneration of param parsers

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)

kdf: put back argument null checks

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28204)

Remove OSSL_CRYPTO_ALLOC attribute from CRYPTO_*dup routines

The __attribute__((malloc)) is for functions that return new memory,
and "the memory [returned by the function] has undefined content", which
is a property that doesn't hold for the *dup functions (the same reason
it doesn't apply to realloc).

Fixes: e1035957eba1 "OSSL_CRYPTO_ALLOC attribute introduction proposal."
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28220)

Add NULL check

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28221)

Fix missing unlock in decoder_pkey.c

We hit an assertion failure during a call to CRYPTO_THREAD_read_lock
during memfail testing.

This was caused by us attempting to take a read lock in the same thread
that already held the same lock for writing resulting in an EBUSY
return.

This occured because we triggered a memory failure path in
DECODER_new_for_pkey, which never unlocked a write lock we were holding.

Fix it by ensuring the lock is released in the error path.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28216)

Assert SSLFatal on keylog failure

We hit an check_failure assert during memfail testing in
ssl_read_state_machine, based on a return of WORK_ERROR without an
SSLFatal call being made. This occurs because, if we fail in
ssl_log_secret (which we do due to memfail testing, we don't actually
assert an SSL fatal error.

Fix it by adding the SSLFatal call

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28216)

Remove assert in core_namemap.c

The namemap_add_name function has an assertion to check for the failure
os ossl_ht_insert.

Its there because we assume the operation can't fail since we're under
write lock

But it can fail if we get a malloc failure, as thats what we're testing
for here.

Remove the assert and handle the failure properly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28216)

Fix SKEYMGMT enumeration, add tests

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28207)

Increment sleep time in quic_tserver_test less

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28187)

doc/man3/SSL_CTX_set_domain_flags: fix version in HISTORY section

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28128)

test/sanitytest.c: fix setitimer usage in timer disarmament

It is incorrect to call setitimer(which, NULL, NULL) to disarm a timer,
Linux just gives a pass on that; properly provide a zeroed-out
structure instead.

Fixes: 760929f6ba18 "crypto/sleep.c: avoid returning early due to signal"
Reported-by: Neil Horman <nhorman@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28215)

Fix memory leak on EVP_CIPHER_param_to_asn1 failure

When EVP_CIPHER_param_to_asn1() fails, xalg->parameter was not freed,
leading to a memory leak. This patch adds proper cleanup for that case.
CLA: trivial

Signed-off-by: 77tiann <27392025k@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28131)

fix: Apply cascade-disables before showing status

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22621)

fix: restore missing --help in Configure

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22621)

ossl_prov_drbg_generate(): Move syscalls out of the write locked section

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28141)

Fix RSA key size validation in EVP_PKEY_RSA_keygen demo

The validation was checking the default 'bits' value (4096) instead of
the parsed 'bits_i' from the command line arguments, allowing invalid
key sizes to bypass the 512-bit minimum.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28139)

cms_kemri.c: Fix Coverity issues

Add return value check of ASN1_OCTET_STRING_set().
Do not call OPENSSL_cleanse() if keklen is greater than the cleaned buffer.

Fixes Coverity 1660824, 1660825

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28132)

crypto/{cmp,crmf}/: clean up unneeded #include directives

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/28035)

x509: Accept 'contentCommitment' as alias

ITU-T X.509 (10/2019) section 9.2.2.3 [1] defines 'contentCommitment' as
the current name for what had previously been called 'nonRepudiation',
and deprecates the old name:

> It is not incorrect to refer to this keyUsage bit using the identifier
> nonRepudiation. However, the use of this identifier has been
> deprecated.

Allow 'contentCommitment' as an alias wherever 'nonRepudiation' has been
accepted before, so that passing

-addext keyUsage=critical,contentCommitment

works as expected.

Add a test that checks that contentCommitment sets the same keyUsage bit
as nonRepudiation. Adjust the docs to mention the available alias name.

[1]: https://www.itu.int/rec/T-REC-X.509-201910-I/en

Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28161)

quic_channel.c: NULL check SSL_CONNECTION

Addresses coverity issue #1662037

Fixes: https://github.com/openssl/project/issues/1316
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28208)

crypto/sleep.c: avoid returning early due to signal

On POSIX systems, sleep/usleep/nanosleep may return early due to arrival
of a signal, and OSSL_sleep does not report that, so it is assumed that
it cannot return early. Fix that by introducing a loop that checks
the remaining time and sleep some more if the time has not passed;
that also solves the issue of limited sleeping time on some systems.

Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28193)

s/veirfy/verify

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28136)

- veirfy downloaded package

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28136)