Fix a compilation failure in bio_comp_test.c

Compiling with clang, --strict-warnings and enable-zlib-dynamic resulted
in a compilation failure. This fixes it.

Reviewed-by: Tomas

Fix a compilation failure in bio_comp_test.c

Compiling with clang, --strict-warnings and enable-zlib-dynamic resulted
in a compilation failure. This fixes it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19480)

show more ...

openssl list: Fix help text about -cipher-algorithms option

Fixes openssl#19133

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Revi

openssl list: Fix help text about -cipher-algorithms option

Fixes openssl#19133

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19370)

show more ...

Workaround egd rand source deficiencies

With egd as the rand source the reseed after fork confuses the egd.

Fixes #19396

Reviewed-by: Paul Dale <pauli@openssl.org>
Revi

Workaround egd rand source deficiencies

With egd as the rand source the reseed after fork confuses the egd.

Fixes #19396

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19454)

(cherry picked from commit 0b3fec502298f9a16889d2507948a916416e71cf)

show more ...

Checking the return of BIO_new_fp(). If it returns NULL, then it is unnecessary to build the BIO chain and better make the caller directly return NULL

Reviewed-by: Tomas Mraz <tomas@openssl.

Checking the return of BIO_new_fp(). If it returns NULL, then it is unnecessary to build the BIO chain and better make the caller directly return NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19445)

show more ...

doc: fix copy/paste error

Fixes #19460

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/

doc: fix copy/paste error

Fixes #19460

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19461)

show more ...

Fix coverity 1516101 deadcode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from htt

Fix coverity 1516101 deadcode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19464)

show more ...

crypto: thread: remove ossl_crypto_thread_native_terminate

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale

crypto: thread: remove ossl_crypto_thread_native_terminate

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19473)

show more ...

Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/op

Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

show more ...

Document the stack functions that are forgiving

I.e., those that can be called with NULL stack parameter or invalid index.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-b

Document the stack functions that are forgiving

I.e., those that can be called with NULL stack parameter or invalid index.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

show more ...

stack: Do not add error if pop/shift/value accesses outside of the stack

This partially reverts commit 30eba7f35983a917f1007bce45040c0af3442e42.
This is legitimate use of the stack funct

stack: Do not add error if pop/shift/value accesses outside of the stack

This partially reverts commit 30eba7f35983a917f1007bce45040c0af3442e42.
This is legitimate use of the stack functions and no error
should be reported apart from the NULL return value.

Fixes #19389

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

show more ...

Remove changes entry for RIPEMD160 in 3.2

It is already in 3.0.7.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https:/

Remove changes entry for RIPEMD160 in 3.2

It is already in 3.0.7.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19438)

show more ...

Add changes entry for RIPEMD160 in 3.0.7

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1

Add changes entry for RIPEMD160 in 3.0.7

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19438)

show more ...

Replace BIO_free(bio_err) with BIO_free_all(bio_err)

dup_bio_err() can return a BIO chain when 'OPENSSL_SYS_VMS' is defined.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewe

Replace BIO_free(bio_err) with BIO_free_all(bio_err)

dup_bio_err() can return a BIO chain when 'OPENSSL_SYS_VMS' is defined.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19446)

show more ...

test: driver: fix -Wunused-but-set-variable

The value of 'num_failed_inner' isn't ever used.

Fixes this error with Clang 15:
```
test/testutil/driver.c:341:17: error: variab

test: driver: fix -Wunused-but-set-variable

The value of 'num_failed_inner' isn't ever used.

Fixes this error with Clang 15:
```
test/testutil/driver.c:341:17: error: variable 'num_failed_inner' set but not used [-Werror,-Wunused-but-set-variable]
int num_failed_inner = 0;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)

show more ...

x509: fix -Wunused-but-set-variable

The value of 'l' isn't ever actually used.

Fixes this error with Clang 15:
```
crypto/x509/x_name.c:506:9: error: variable 'l' set but no

x509: fix -Wunused-but-set-variable

The value of 'l' isn't ever actually used.

Fixes this error with Clang 15:
```
crypto/x509/x_name.c:506:9: error: variable 'l' set but not used [-Werror,-Wunused-but-set-variable]
int l, i;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)

show more ...

txt_db: fix -Wunused-but-set-variable

The loop never uses the value of 'ln'.

Fixes this error with Clang 15:
```
crypto/txt_db/txt_db.c:24:10: error: variable 'ln' set but n

txt_db: fix -Wunused-but-set-variable

The loop never uses the value of 'ln'.

Fixes this error with Clang 15:
```
crypto/txt_db/txt_db.c:24:10: error: variable 'ln' set but not used [-Werror,-Wunused-but-set-variable]
long ln = 0;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)

show more ...

pem: fix -Wunused-but-set-variable

The loop never uses the value of 'line'.

Fixes this error with Clang 15:
```
crypto/pem/pem_lib.c:821:14: error: variable 'line' set but n

pem: fix -Wunused-but-set-variable

The loop never uses the value of 'line'.

Fixes this error with Clang 15:
```
crypto/pem/pem_lib.c:821:14: error: variable 'line' set but not used [-Werror,-Wunused-but-set-variable]
int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)

show more ...

CI: add Clang 15

We have to use the PPA provided by LLVM because Clang 15 isn't
officially part of Ubuntu 22.04 (or any other Ubuntu release yet),
see https://apt.llvm.org/ for detai

CI: add Clang 15

We have to use the PPA provided by LLVM because Clang 15 isn't
officially part of Ubuntu 22.04 (or any other Ubuntu release yet),
see https://apt.llvm.org/ for details.

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)

show more ...

Add af_alg errors to the error queue

If the kernel operation failed the EVP functions
just returned without any error message.

This commit adds them.

Reviewed-by: Richa

Add af_alg errors to the error queue

If the kernel operation failed the EVP functions
just returned without any error message.

This commit adds them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19289)

show more ...

test: threads: replace test_thread_noreturn

While POSIX threads are cancellable and may be asynchronously cancelled,
their cancellation is not guaranteed by the POSIX standard.

test: threads: replace test_thread_noreturn

While POSIX threads are cancellable and may be asynchronously cancelled,
their cancellation is not guaranteed by the POSIX standard.

test_thread_noreturn, which simulates a long-running possibly
unresponsive thread:

THREAD #1 THREAD #2
LOCK L1
SPAWN #2
LOCK L1

On MacOS, cancelling such thread only queues cancellation request, but
the following pthread_join hangs.

Replace this implementation by an unbounded sequence of sleeps instead.

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19433)

show more ...

crypto: thread: serialize concurrent joins

Multiple concurrent joins with a running thread suffer from a race
condition that allows concurrent join calls to perform concurrent arch
s

crypto: thread: serialize concurrent joins

Multiple concurrent joins with a running thread suffer from a race
condition that allows concurrent join calls to perform concurrent arch
specific join calls, which is UB on POSIX, or to concurrently execute
join and terminate calls.

As soon as a thread T1 exists, one of the threads that joins with T1
is selected to perform the join, the remaining ones await completion.
Once completed, the remaining calls immediately return. If the join
failed, another thread is selected to attempt the join operation.

Forcefully terminating a thread that is in the process of joining
another thread is not supported.

Common code from thread_posix and thread_win was refactored to use
common wrapper that handles synchronization.

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19433)

show more ...

openssl list: add an empty row at the end of each printed list of commands and algorithms

Fixes openssl#19140

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswe

openssl list: add an empty row at the end of each printed list of commands and algorithms

Fixes openssl#19140

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19372)

show more ...

Fix coverity 1516095 deadcode

Unless multiple compression algorithms are configured, test 3 is
not run, so anything looking at `test == 3` is considered dead code.

Reviewed-by:

Fix coverity 1516095 deadcode

Unless multiple compression algorithms are configured, test 3 is
not run, so anything looking at `test == 3` is considered dead code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19440)

show more ...

Fix coverity 1516094 uninit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19440)

Fix coverity 1516093 tainted scalar

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19440)