Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

open brace '{' following struct go on the same line

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Revie

open brace '{' following struct go on the same line

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

show more ...

Add locking to CRYPTO_secure_used

Coverity issue 1551719 noted CRYPTO_secure_used referenced a shared
variable without taking the appropriate read lock. Add that.

Reviewed-by:

Add locking to CRYPTO_secure_used

Coverity issue 1551719 noted CRYPTO_secure_used referenced a shared
variable without taking the appropriate read lock. Add that.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22802)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Introduce [HAVE_/NO_]MADVISE defines

Toolchains that target a non-MMU architecture may not have the `madvise`
function available, even if the `sys/mman.h` header provides a define
fo

Introduce [HAVE_/NO_]MADVISE defines

Toolchains that target a non-MMU architecture may not have the `madvise`
function available, even if the `sys/mman.h` header provides a define
for `MADV_DONTDUMP` (e.g. when targeting ARMv7-M with uClibc). The
following tweaks the implementation to use `HAVE_MADVISE`/`NO_MADVISE`
defines to help indicate when to attempt to use `madvise`. This change
operates in the same manner as the original implementation (i.e. relies
on `MADV_DONTDUMP` to indicate if `madvise` can be used); however, this
change now allows a builder to override the internal detection by
explicitly providing the `HAVE_MADVISE` define at compile time. This
should give flexibility for environments which do not have `madvise`
when there is no easy logic to set `NO_MADVISE`.

Signed-off-by: James Knight <james.d.knight@live.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20851)

show more ...

Do not check definition of a macro and use it in a single condition

The condition evaluation in #if conditions does not tolerate this
if the macro is not defined.

Fixes #19628

Do not check definition of a macro and use it in a single condition

The condition evaluation in #if conditions does not tolerate this
if the macro is not defined.

Fixes #19628

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20018)

show more ...

Adapt CRYPTO_secure_malloc() like CRYPTO_malloc()

In other words, make it raise ERR_R_MALLOC_FAILURE appropriately.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo

Adapt CRYPTO_secure_malloc() like CRYPTO_malloc()

In other words, make it raise ERR_R_MALLOC_FAILURE appropriately.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

Fix UWP builds by defining VirtualLock

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Fix UWP builds by defining VirtualLock

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18311)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to b

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)

Remove locking in CRYPTO_secure_allocated()

The check for being in secure memory is against the arena. The arena is only
ever modified by sh_init() and sh_done() and in both cases, it i

Remove locking in CRYPTO_secure_allocated()

The check for being in secure memory is against the arena. The arena is only
ever modified by sh_init() and sh_done() and in both cases, it is done without
locking. Thus, it is safe for the CRYPTO_secure_allocated() to not lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)

show more ...

Make the lock in CRYPTO_secure_allocated() a read lock

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)

Always check CRYPTO_LOCK_{read,write}_lock

Some functions that lock things are void, so we just return early.

Also make ossl_namemap_empty return 0 on error. Updated the docs, and

Always check CRYPTO_LOCK_{read,write}_lock

Some functions that lock things are void, so we just return early.

Also make ossl_namemap_empty return 0 on error. Updated the docs, and added
some code to ossl_namemap_stored() to handle the failure, and updated the
tests to allow for failure.

Fixes: #14230

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14238)

show more ...

Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap
call level.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Re

Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap
call level.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13394)

show more ...

CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Re

CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13394)

show more ...

Implement OpenSSL secure memory for Windows

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl

Implement OpenSSL secure memory for Windows

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13172)

show more ...

Fix wrong return value check of mmap function

The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED.

CLA: trivial

Reviewed-by: Tomas Mra

Fix wrong return value check of mmap function

The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED.

CLA: trivial

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12187)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init().

If the user specifies a minimum allocation size that is smaller than
the free list structure (or zero), calculate t

secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init().

If the user specifies a minimum allocation size that is smaller than
the free list structure (or zero), calculate the minimum possible size rather
than failing.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)

show more ...

Mem-sec small code adjustment

Conditional code readability improvement.

Remove unused macro

Commit #11042 has introduced a new, unused, CRYPTO_EX_INDEX macro.
Remove be

Mem-sec small code adjustment

Conditional code readability improvement.

Remove unused macro

Commit #11042 has introduced a new, unused, CRYPTO_EX_INDEX macro.
Remove before version release.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11103)

show more ...

Make secure-memory be a config option

Adding support for "no-secure-memory" was simple, a one-liner.
Fixing all the "ifdef OPENSSL_SECURE_MEMORY" to be "ifndef NO_xxx"
was a bit more

Make secure-memory be a config option

Adding support for "no-secure-memory" was simple, a one-liner.
Fixing all the "ifdef OPENSSL_SECURE_MEMORY" to be "ifndef NO_xxx"
was a bit more work. My original goof, for not following the OpenSSL
pattern "ifndef NO_" used everywhere else.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11023)

show more ...

Make minimum size for secure memory a size_t.

The minimum size argument to CRYPTO_secure_malloc_init() was an int but ought
to be a size_t since it is a size.

From an API perspe

Make minimum size for secure memory a size_t.

The minimum size argument to CRYPTO_secure_malloc_init() was an int but ought
to be a size_t since it is a size.

From an API perspective, this is a change. However, the minimum size is
verified as being a positive power of two and it will typically be a small
constant.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from #11003)

show more ...

Use vxRandLib for VxWorks7

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/

Use vxRandLib for VxWorks7

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8023)

show more ...

Following the license change, modify the boilerplates in crypto/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7827)