Fix a possible memleak in opt_verify

The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom

Fix a possible memleak in opt_verify

The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22922)

show more ...

Fix a possible memleak in apps/rehash.c

The OPENSSL_DIR_end was missing in case of error.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@open

Fix a possible memleak in apps/rehash.c

The OPENSSL_DIR_end was missing in case of error.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22920)

show more ...

Fix a possible memleak in smime_main

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Fix a possible memleak in smime_main

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22919)

show more ...

Fix a possible memleak in cms_main

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Fix a possible memleak in cms_main

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22918)

show more ...

Add a test case for OSSL_HTTP_parse_url

Ensure we test the case where the port value is empty in the URL.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <to

Add a test case for OSSL_HTTP_parse_url

Ensure we test the case where the port value is empty in the URL.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)

show more ...

Fix some invalid use of sscanf

sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.

The instance in OSSL_HTTP_parse_url could cau

Fix some invalid use of sscanf

sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.

The instance in OSSL_HTTP_parse_url could cause an uninitialised read of
sizeof(unsigned int) bytes (typically 4). In many cases this uninit read
will immediately fail on the following check (i.e. if the read value
>65535).

If the top 2 bytes of a 4 byte unsigned int are zero then the value will
be <=65535 and the uninitialised value will be returned to the caller and
could represent arbitrary data on the application stack.

The OpenSSL security team has assessed this issue and consider it to be
a bug only (i.e. not a CVE).

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)

show more ...

Extend the test of BN_GF2m_mod_inv

Test that input value of 1 for p is treated as an error

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com

Extend the test of BN_GF2m_mod_inv

Test that input value of 1 for p is treated as an error

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)

show more ...

Avoid an infinite loop in BN_GF2m_mod_inv

If p is set to 1 when calling BN_GF2m_mod_inv then an infinite loop will
result. Calling this function set 1 when applications call this directl

Avoid an infinite loop in BN_GF2m_mod_inv

If p is set to 1 when calling BN_GF2m_mod_inv then an infinite loop will
result. Calling this function set 1 when applications call this directly
is a non-sensical value - so this would be considered a bug in the caller.

It does not seem possible to cause OpenSSL internal callers of
BN_GF2m_mod_inv to call it with a value of 1.

So, for the above reasons, this is not considered a security issue.
Reported by Bing Shi.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)

show more ...

Fix detection for riscv64/riscv32

Fixes #22871

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/

Fix detection for riscv64/riscv32

Fixes #22871

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/22881)

show more ...

Remove some redundant code

We remove a function that was left behind and is no longer called after the
record layer refactor

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Revi

Remove some redundant code

We remove a function that was left behind and is no longer called after the
record layer refactor

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)

show more ...

Don't attempt to set provider params on an ENGINE based cipher

If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but

Don't attempt to set provider params on an ENGINE based cipher

If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)

show more ...

Add a test for late loading of an ENGINE in TLS

Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).

Reviewed-b

Add a test for late loading of an ENGINE in TLS

Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)

show more ...

Deprecate SPT threading support on NonStop.

This fix removes explicit support for the SPT threading model in configurations.
This also reverts commit f63e1b48ac893dd6110452e70ed08f191547

Deprecate SPT threading support on NonStop.

This fix removes explicit support for the SPT threading model in configurations.
This also reverts commit f63e1b48ac893dd6110452e70ed08f191547cd89 that were
required for SPT but broke other models.

Fixes: #22798

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22807)

show more ...

Fix a possible memory leak in do_othername

Since the gen->type will not be set in a2i_GENERAL_NAME
the gen->d.otherName will not be automatically
cleaned up by GENERAL_NAME_free.

Fix a possible memory leak in do_othername

Since the gen->type will not be set in a2i_GENERAL_NAME
the gen->d.otherName will not be automatically
cleaned up by GENERAL_NAME_free.
Also fixed a similar leak in a2i_GENERAL_NAME,
where ASN1_STRING_set may fail but gen->d.ia5
will not be automatically cleaned up.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22996)

show more ...

doc: improve documentation of EVP in-place encryption

The EVP interface explicitly allows in-place encryption/decryption,
but this fact is just 'partially' documented in `EVP_EncryptUpda

doc: improve documentation of EVP in-place encryption

The EVP interface explicitly allows in-place encryption/decryption,
but this fact is just 'partially' documented in `EVP_EncryptUpdate(3)`
(pun intended): the manual page mentions only operation failure in
case of 'partial' overlaps. This is not even correct, because
the check for partially overlapping buffers is only implemented
in legacy code paths.

Currently, in-place encryption/decryption is only documented for
RSA (`RSA_public_encrypt(3)`) and DES (`DES_ecb_encrypt(3)`), as
well as in the provider interface (`provider-cipher(7)`).

This commit amends `EVP_EncryptUpdate(3)` and `provider-cipher(7)`
to make the front-end and back-end documentation consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22875)

show more ...

Add overflow checks to parse_number/parse_hex/parse_oct

Test the next arithmetic operation to safely determine if adding the
next digit in the passed property string will overflow

Add overflow checks to parse_number/parse_hex/parse_oct

Test the next arithmetic operation to safely determine if adding the
next digit in the passed property string will overflow

Also, noted a bug in the parse_hex code. When parsing non-digit
characters (i.e. a-f and A-F), we do a tolower conversion (which is
fine), and then subtract 'a' to get the hex value from the ascii (which
is definately wrong). We should subtract 'W' to convert tolower
converted hex digits in the range a-f to their hex value counterparts

Add tests to test_property_parse_error to ensure overflow checks work

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22874)

show more ...

Configure: Refuse to make directories in the source tree

Fixes #22907

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from ht

Configure: Refuse to make directories in the source tree

Fixes #22907

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22908)

show more ...

Modify 'out-of-source-and-install' to work with a read-only source tree

This also adds the configuration options 'enable-quic'.

Fixes #22907

Reviewed-by: Tomas Mraz <tomas@

Modify 'out-of-source-and-install' to work with a read-only source tree

This also adds the configuration options 'enable-quic'.

Fixes #22907

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22908)

show more ...

Add the 'run_tests' target to the Windows build file template as well

For some reason, it was added to the Unix and VMS build templates, but
Windows was forgotten.

Reviewed-by:

Add the 'run_tests' target to the Windows build file template as well

For some reason, it was added to the Unix and VMS build templates, but
Windows was forgotten.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22947)

show more ...

Make sure that the test / tests build target run 'run_tests' last

Fixes #22943

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merge

Make sure that the test / tests build target run 'run_tests' last

Fixes #22943

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22947)

show more ...

Statically link legacy provider to evp_extra_test

Like in #17345, evp_extra_test links libcrypto statically, but also has
a dynamic/shared load via the legacy provider, which leads to am

Statically link legacy provider to evp_extra_test

Like in #17345, evp_extra_test links libcrypto statically, but also has
a dynamic/shared load via the legacy provider, which leads to ambiguous
behavior in evp_extra_test on some platforms, usually a crash (SIGSEGV)
on exit via the atexit handlers. Statically link the legacy provider to
avoid this.

Fixes #22819

Helped-by: Neil Horman <nhorman@openssl.org>
Helped-by: Tomas Mraz <tomas@openssl.org>
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22905)

show more ...

ossl_decoder_cache_flush(): Do not raise an error if there is no cache

This function can be called during OPENSSL_cleanup() when
the cache was already flushed and deallocated.

F

ossl_decoder_cache_flush(): Do not raise an error if there is no cache

This function can be called during OPENSSL_cleanup() when
the cache was already flushed and deallocated.

Fixes #22939

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22941)

show more ...

QUIC LCIDM: Minor updates in response to feedback

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/

QUIC LCIDM: Minor updates in response to feedback

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)

show more ...

QUIC LCIDM: Make robust against LHASH failures

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope

QUIC LCIDM: Make robust against LHASH failures

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)

show more ...

QUIC LCIDM: Always use lcid_obj to refer to QUIC_LCID

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/open

QUIC LCIDM: Always use lcid_obj to refer to QUIC_LCID

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)

show more ...