We add the extra warning and sanitizer options to check our code,
which is entirely in C. We support C++ compilers uniquely for the
sake of certain external test suites, and those projects can probably
sanitize their own code themselves.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9013)
(cherry picked from commit 3b437400d9)
The documentation of what a X509_LOOKUP implementation must do was
unclear and confusing. Most of all, clarification was needed that it
must store away the found objects in the X509_STORE.
Fixes#8707
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8755)
(cherry picked from commit 19f43f02aa)
Add a few coverage test case.
Fixes#8949
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)
(cherry picked from commit 5b3accde60)
e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)
(cherry picked from commit 5d238a1032)
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)
(cherry picked from commit ecb0f148a9)
67c81ec311 forgot about s390x
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)
(cherry picked from commit 887e22dd8b)
This function only returns a status and does not modify the parameter.
Since similar function are already taking const parameters, also
change this function to have a const parameter.
Fixes#8934
CLA: trivial
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8945)
(cherry picked from commit c04b66b18d)
This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.
GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.
This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)
(cherry picked from commit 67c81ec311)
If the `openssl cms` command is called without specifying an
operation option, it replies with the following laconic error message:
cms: Use -help for summary.
This commit adds a helpful error message:
No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8861)
(cherry picked from commit 42151b8edb)
Since commit 137096a7ea it is possible to specify keywords instead
of negative magic numbers for the salt length. This commit replaces
the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes
by `rsa_pss_saltlen:max`.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8860)
(cherry picked from commit 31fc48ddc3)
- Allow user-defined RCFLAGS
- Pass RCFLAGS to RC
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)
(cherry picked from commit a583172dac)
The reason is that the shared-info attributes may depend on %disabled,
so we need to process all enablings/disablings first.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8846)
(cherry picked from commit 8f0dd6d9ee)
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence
in the uniformity of the output of the random range generation function.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8818)
(cherry picked from commit bb5b3e6dd0)
Return error if the output tag buffer size doesn't match
the tag size exactly. This prevents the caller from
using that portion of the tag buffer that remains
uninitialized after an otherwise succesfull call to
CRYPTO_ccm128_tag.
Bug found by OSS-Fuzz.
Fix suggested by Kurt Roeckx.
Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8810)
(cherry picked from commit 514c9da48b)
CLA: trivial
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8786)
(cherry picked from commit 87930507ff)
Disabling one thing may mean having to disable other things as well.
We already have a process to auto-disable things through cascading,
but that was under-used.
Making the cascading mechanism available through a function to be
called to disable stuff makes it more automatic, and helps us when we
forget how different disabling options affect others.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)
(cherry picked from commit 71ef78d71f)
This came about with the realisation that upper case CFLAGS, LDFLAGS
and so on aren't treated much after that, and this makes figuring out
user added flags significantly easier, just look in %config.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)
(cherry picked from commit c1a09254e4)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8756)
(cherry picked from commit 6fda11ae5a)
|str| was used for multiple conflicting purposes. When using
'-strictpem', it's used to uniquely hold a reference to the loaded
payload. However, when using '-strparse', |str| was re-used to hold
the position from where to start parsing.
So when '-strparse' and '-strictpem' are were together, |str| ended up
pointing into data pointed at by |at|, and was yet being freed, with
the result that the payload it held a reference to became a memory
leak, and there was a double free conflict when both |str| and |at|
were being freed.
The situation is resolved by always having |buf| hold the pointer to
the file data, and always and only use |str| to hold the position to
start parsing from. Now, we only need to free |buf| properly and not
|str|.
Fixes#8752
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8753)
(cherry picked from commit 4f29f3a29b)
A couple of minor tweaks to match the style introduced in #7854:
- BIO_connect: remove line break to make more grep friendly
- SSL_CTX_new: harmoise the format of the HISTORY section
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 938e82f622)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)
SEE ALSO before HISTORY is the more common pattern in OpenSSL manual
pages and seems to be the prevalent order based on sampling my system
manual pages.
Fixes#8631
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b5c4bbbe54)
Conflicts:
doc/man3/RAND_DRBG_generate.pod
doc/man3/RAND_DRBG_reseed.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)
Check that the HISTORY section is located after the SEE ALSO section,
this is a much more frequent order in OpenSSL manual pages (and UNIX
manual pages in general).
Also check that SEE ALSO comes after EXAMPLES, so that the tool can
ensure the correct manual section sequence.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 573ac8f222)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)
Change to check_section_location(), a generic function to ensure that
section SECTION appears before section BEFORE in the man pages.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 95f92d5775)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8736)
This patch checks if the EXAMPLES section in a pod file is placed
before the RETURN VALUES section.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit cc838ee2d6)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8736)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4564e77ae9)
Conflicts:
doc/internal/man3/openssl_ctx_get_data.pod (non-existant)
doc/man3/OPENSSL_s390xcap.pod (non-existant)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8736)
This happens in ec_key_simple_check_key and EC_GROUP_check.
Since the the group order is not a secret scalar, it is
unnecessary to use coordinate blinding.
Fixes: #8731
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8734)
(cherry picked from commit 3051bf2afa)
