Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

Remove the dead store in EVP_DecryptFinal_ex

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas M

Remove the dead store in EVP_DecryptFinal_ex

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24526)

show more ...

Fix new typos found by codespell

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23133)

internal/common.h: rename macro `(un)likely` to `ossl_(un)likely`

The macro was introduced in commit ed6dfd1e3694 without an
openssl-specific prefix as mandated by the coding style.

internal/common.h: rename macro `(un)likely` to `ossl_(un)likely`

The macro was introduced in commit ed6dfd1e3694 without an
openssl-specific prefix as mandated by the coding style.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22603)

show more ...

evp: process key length and iv length early if present

evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers

evp: process key length and iv length early if present

evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers (AEAD ones).

This means that changing the IV length as a parameter will either truncate the
IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised
bytes.

Truncation is very bad if SP 800-38d section 8.2.1 is being used to
contruct a deterministic IV. This leads to an instant loss of confidentiality.

Grabbing extra bytes isn't so serious, it will most likely result in a bad
decryption.

Problem reported by Tony Battersby of Cybernetics.com but earlier discovered
and raised as issue #19822.

Fixes CVE-2023-5363
Fixes #19822

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

show more ...

Optimize out unneeded up_ref/free of EVP_CIPHER

Fixes #22189

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://git

Optimize out unneeded up_ref/free of EVP_CIPHER

Fixes #22189

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22198)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

use '__builtin_expect' to improve EVP_EncryptUpdate performance for gcc/clang.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Revi

use '__builtin_expect' to improve EVP_EncryptUpdate performance for gcc/clang.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21425)

show more ...

evp: update to structure based atomics

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2

evp: update to structure based atomics

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)

show more ...

Avoid calling into provider with the same iv_len or key_len

Fixes #20625

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Revi

Avoid calling into provider with the same iv_len or key_len

Fixes #20625

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20664)

show more ...

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

Ensure we call the cleanup() function when cleaning an EVP_CIPHER_CTX

In some circumstances we were not calling the cleanup() function to
remove cipher specific data from an EVP_CIPHER_C

Ensure we call the cleanup() function when cleaning an EVP_CIPHER_CTX

In some circumstances we were not calling the cleanup() function to
remove cipher specific data from an EVP_CIPHER_CTX.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19300)

show more ...

Fix usage of custom EVP_CIPHER objects

If a custom EVP_CIPHER object has been passed to EVP_CipherInit() then it
should be used in preference to a fetched cipher.

We also fix a

Fix usage of custom EVP_CIPHER objects

If a custom EVP_CIPHER object has been passed to EVP_CipherInit() then it
should be used in preference to a fetched cipher.

We also fix a possible NULL pointer deref in the same code for digests.

If the custom cipher passed to EVP_CipherInit() happens to use NID_undef
(which should be a discouraged practice), then in the previous
implementation this could result in the NULL cipher being fetched and
hence NULL encryption being unexpectedly used.

CVE-2022-3358

Fixes #18970

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19300)

show more ...

Fix check of EVP_CIPHER_CTX_ctrl

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

Fix check of EVP_CIPHER_CTX_ctrl

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18368)

show more ...

Fix Coverity 1503325 use after free

Another reference counting false positive, now negated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@o

Fix Coverity 1503325 use after free

Another reference counting false positive, now negated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Fix Coverity 1503096: out-of-bounds access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com

Fix Coverity 1503096: out-of-bounds access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17898)

show more ...

Use safe math to computer sizes.

The sizes are rounded via the expression: (cmpl + 7) / 8 which overflows if
cmpl is near to the type's maximum. Instead we use the safe_math function to

Use safe math to computer sizes.

The sizes are rounded via the expression: (cmpl + 7) / 8 which overflows if
cmpl is near to the type's maximum. Instead we use the safe_math function to
computer this without any possibility of error.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17884)

show more ...

Fix signed integer overflow in evp_enc

Fixes #17869.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@o

Fix signed integer overflow in evp_enc

Fixes #17869.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17870)

show more ...

Fix IV length caching in EVP encryption code

The IV length cache value was being invalidated excessively, causing IV
length caching to be ineffective.

Related to #17064.

Fix IV length caching in EVP encryption code

The IV length cache value was being invalidated excessively, causing IV
length caching to be ineffective.

Related to #17064.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17862)

show more ...

evp enc: cache cipher key length

Instead of doing a heavy params based query every time a context is
asked for its key length, this value is cached in the context and only
queried if

evp enc: cache cipher key length

Instead of doing a heavy params based query every time a context is
asked for its key length, this value is cached in the context and only
queried if it could have been modified.

Fixes #17064

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)

show more ...

evp enc: cache cipher IV length

Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it co

evp enc: cache cipher IV length

Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it could
have been modified.

Fixes #17064

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)

show more ...

Add context dup functions for digests and ciphers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable

If key length is different from the existing key length and it is not
a settable parameter, raise an error.

EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable

If key length is different from the existing key length and it is not
a settable parameter, raise an error.

Fixes #16277

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16279)

show more ...

fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

show more ...