Pre-declare all core dispatch table functions, and fix the internal ones

When assigning pointers to functions in an OSSL_DISPATCH table, we try
to ensure that those functions are properl

Pre-declare all core dispatch table functions, and fix the internal ones

When assigning pointers to functions in an OSSL_DISPATCH table, we try
to ensure that those functions are properly defined or declared with
an extra declaration using the corresponding function typedefs that
are defined by include/openssl/core_dispatch.h.

For the core dispatch table, found in crypto/provider_core.c, it seems
we forgot this habit, and thus didn't ensure well enough that the
function pointers that are assigned in the table can actually be used
for those dispatch table indexes.

This change adds all the missing declarations, and compensates for
differences with functions that do the necessary casting, making those
explicit rather than implicit, thereby trying to assure that we know
what we're doing.

One function is not fixed in this change, because there's a controversy,
a clash between the signature of BIO_ctrl() and OSSL_FUNC_BIO_ctrl_fn.
They have different return types.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18198)

show more ...

add a check for the return of OBJ_new_nid()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

add a check for the return of OBJ_new_nid()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18773)

show more ...

ci: add GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <p

ci: add GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)

show more ...

OSSL_trace_set_channel.pod and openssl.pod: fix missing/inconsistent category items

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Rev

OSSL_trace_set_channel.pod and openssl.pod: fix missing/inconsistent category items

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18763)

show more ...

x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting

The problem of producing to-the-point diagnostics will be fixed in a follow-up PR.
Fixes #18691

Rev

x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting

The problem of producing to-the-point diagnostics will be fixed in a follow-up PR.
Fixes #18691

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18758)

show more ...

test/certs/setup.sh: add missing comment on CA cert variant without basic constraints

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Re

test/certs/setup.sh: add missing comment on CA cert variant without basic constraints

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18758)

show more ...

Fix memory leak in EVP_PKEY_get1_encoded_public_key.

Occurs if a failure happens after the malloc call in the second call to
EVP_PKEY_get_octet_string_param().

Detected by PR #1

Fix memory leak in EVP_PKEY_get1_encoded_public_key.

Occurs if a failure happens after the malloc call in the second call to
EVP_PKEY_get_octet_string_param().

Detected by PR #18355

Some calling code assumes that nothing is allocated in the returned
pointer if there was a failure. Other calling code always trys freeing.
The third case is in ecdh_cms_encrypt() where it does not check the
return value. I am assuming this change is ok since the legacy path in
EVP_PKEY_get1_encoded_public_key() also does not return the pointer on
failure.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18739)

show more ...

http_client.c: fix calculation of Content-Length in set1_content()

Work around an inconsistency in the implementations of BIO_CTRL_INFO.

Reviewed-by: Tomas Mraz <tomas@openssl.org>

http_client.c: fix calculation of Content-Length in set1_content()

Work around an inconsistency in the implementations of BIO_CTRL_INFO.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18701)

show more ...

apps/cmp.c: fix cleanup of CMP_CTX vs. APP_HTTP_TLS_INFO in its http_cb_arg field

Prevent crashes on error by making sure the info is freed after OSSL_CMP_CTX_free(),
which may call OSSL

apps/cmp.c: fix cleanup of CMP_CTX vs. APP_HTTP_TLS_INFO in its http_cb_arg field

Prevent crashes on error by making sure the info is freed after OSSL_CMP_CTX_free(),
which may call OSSL_HTTP_close() and thus indirectly reference the info.
Moreover, should not attempt to reference the cmp_ctx variable when NULL.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18702)

show more ...

cmp_http.c: extend comment in keep_alive()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@

cmp_http.c: extend comment in keep_alive()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18702)

show more ...

Fix memory leak in X509V3_add1_i2d when flag is X509V3_ADD_DELETE

Fixes #18677

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Me

Fix memory leak in X509V3_add1_i2d when flag is X509V3_ADD_DELETE

Fixes #18677

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18698)

show more ...

use #pragma comment(lib) with _MSC_VER only

Avoid this warning when compiled with llvm/gcc + mingw-w64 and
`USE_BCRYPTGENRANDOM` enabled:

```
../providers/implementations/ra

use #pragma comment(lib) with _MSC_VER only

Avoid this warning when compiled with llvm/gcc + mingw-w64 and
`USE_BCRYPTGENRANDOM` enabled:

```
../providers/implementations/rands/seeding/rand_win.c:31:11: warning: unknown pragma ignored [-Wunknown-pragmas]
^
1 warning generated.
```

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18709)

show more ...

feat: add hmac-sm3 test cases from GM/T 0042-2015 Appendix D.3

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.c

feat: add hmac-sm3 test cases from GM/T 0042-2015 Appendix D.3

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18714)

show more ...

Add config option for speed command
Fixed #16986

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/op

Add config option for speed command
Fixed #16986

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18616)

show more ...

Add the LibreOffice Draw source for the QUIC overview graph

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.

Add the LibreOffice Draw source for the QUIC overview graph

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18745)

show more ...

Fix SHA, SHAKE, and KECCAK ASM flag passing

Flags for ASM implementations of SHA, SHAKE, and KECCAK were only passed to
the FIPS provider and not to the default or legacy provider. This

Fix SHA, SHAKE, and KECCAK ASM flag passing

Flags for ASM implementations of SHA, SHAKE, and KECCAK were only passed to
the FIPS provider and not to the default or legacy provider. This left some
potential for optimization. Pass the correct flags also to these providers.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18747)

show more ...

Make evp_test skip mac tests if digest or ciphers are disabled.

Fixes test error in #18714
This only happens currently during minimal builds.

Reviewed-by: Tomas Mraz <tomas@open

Make evp_test skip mac tests if digest or ciphers are disabled.

Fixes test error in #18714
This only happens currently during minimal builds.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18737)

show more ...

Add an EVP demo for HMAC

Fixes openssl#14109

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/o

Add an EVP demo for HMAC

Fixes openssl#14109

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18752)

show more ...

ssl/tls_srp.c: Add check for BN_dup

As the potential failure of the BN_dup,
it should be better to check the return value
in order to guarantee the success.

Signed-off-by: J

ssl/tls_srp.c: Add check for BN_dup

As the potential failure of the BN_dup,
it should be better to check the return value
in order to guarantee the success.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18699)

show more ...

Fix reported performance degradation on aarch64

This restores the implementation prior to
commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode")
for 64bit

Fix reported performance degradation on aarch64

This restores the implementation prior to
commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode")
for 64bit targets only, since it is reportedly 2-17% slower,
and the silicon errata only affects 32bit targets.
Only for 32bit targets the new algorithm is used.

Fixes #18445

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18581)

show more ...

Windows: use the basename of the product (.dll) for definition files

This resolves the faulty LIBRARY value that contained the directory
of the product (.dll) in the build tree. This ap

Windows: use the basename of the product (.dll) for definition files

This resolves the faulty LIBRARY value that contained the directory
of the product (.dll) in the build tree. This applies to engines and
other modules alike.

Fixes #18726

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18732)

show more ...

Add config option OPENSSL_NO_UNIX_SOCK

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/182

Add config option OPENSSL_NO_UNIX_SOCK

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18256)

show more ...

Updated information for OSSL_SIGNATURE_PARAM_PSS_SALTLEN
Fixes #18066

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from

Updated information for OSSL_SIGNATURE_PARAM_PSS_SALTLEN
Fixes #18066

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18736)

show more ...

Fixes OSCP->OCSP typo in ocsp command line

The existing help text says:

> -badsig Corrupt last byte of loaded OSCP response signature (for test)

but this s

Fixes OSCP->OCSP typo in ocsp command line

The existing help text says:

> -badsig Corrupt last byte of loaded OSCP response signature (for test)

but this should be OCSP. This is the only occurrence within the project
of this typo.

CLA: trivial

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18684)

show more ...

http_client.c: fix comment and documentation of the memory BIOs used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <

http_client.c: fix comment and documentation of the memory BIOs used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18674)

show more ...