Add an EVP demo for HMAC

Fixes openssl#14109

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/o

Add an EVP demo for HMAC

Fixes openssl#14109

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18752)

show more ...

ssl/tls_srp.c: Add check for BN_dup

As the potential failure of the BN_dup,
it should be better to check the return value
in order to guarantee the success.

Signed-off-by: J

ssl/tls_srp.c: Add check for BN_dup

As the potential failure of the BN_dup,
it should be better to check the return value
in order to guarantee the success.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18699)

show more ...

Fix reported performance degradation on aarch64

This restores the implementation prior to
commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode")
for 64bit

Fix reported performance degradation on aarch64

This restores the implementation prior to
commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode")
for 64bit targets only, since it is reportedly 2-17% slower,
and the silicon errata only affects 32bit targets.
Only for 32bit targets the new algorithm is used.

Fixes #18445

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18581)

show more ...

Windows: use the basename of the product (.dll) for definition files

This resolves the faulty LIBRARY value that contained the directory
of the product (.dll) in the build tree. This ap

Windows: use the basename of the product (.dll) for definition files

This resolves the faulty LIBRARY value that contained the directory
of the product (.dll) in the build tree. This applies to engines and
other modules alike.

Fixes #18726

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18732)

show more ...

Add config option OPENSSL_NO_UNIX_SOCK

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/182

Add config option OPENSSL_NO_UNIX_SOCK

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18256)

show more ...

Updated information for OSSL_SIGNATURE_PARAM_PSS_SALTLEN
Fixes #18066

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from

Updated information for OSSL_SIGNATURE_PARAM_PSS_SALTLEN
Fixes #18066

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18736)

show more ...

Fixes OSCP->OCSP typo in ocsp command line

The existing help text says:

> -badsig Corrupt last byte of loaded OSCP response signature (for test)

but this s

Fixes OSCP->OCSP typo in ocsp command line

The existing help text says:

> -badsig Corrupt last byte of loaded OSCP response signature (for test)

but this should be OCSP. This is the only occurrence within the project
of this typo.

CLA: trivial

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18684)

show more ...

http_client.c: fix comment and documentation of the memory BIOs used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <

http_client.c: fix comment and documentation of the memory BIOs used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18674)

show more ...

OSSL_HTTP_REQ_CTX_nbio(): fix copy&paste glitch calling BIO_should_retry(rctx-rbio)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by

OSSL_HTTP_REQ_CTX_nbio(): fix copy&paste glitch calling BIO_should_retry(rctx-rbio)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18674)

show more ...

OSSL_HTTP_open(): improve use of use_ssl and its documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlanda

OSSL_HTTP_open(): improve use of use_ssl and its documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18674)

show more ...

app_http_tls_cb(): fix crash on inconsistency w.r.t. use of TLS

This happens if use_ssl is not set but an SSL_CTX is provided.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Review

app_http_tls_cb(): fix crash on inconsistency w.r.t. use of TLS

This happens if use_ssl is not set but an SSL_CTX is provided.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18674)

show more ...

openssl-cmds.pod.in: add missing entry for cmp

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/open

openssl-cmds.pod.in: add missing entry for cmp

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18653)

show more ...

Fix typos in SSL_CTX_use_certificate.pod file

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>

Fix typos in SSL_CTX_use_certificate.pod file

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18087)

show more ...

Add missing header for memcmp

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@

Add missing header for memcmp

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18719)

show more ...

Fix Coverity 1498605 & 1498606: uninitialised value

Both of these are false positives but better to be rid of the issue permanently
than for it to repeatedly return to haunt us.

Fix Coverity 1498605 & 1498606: uninitialised value

Both of these are false positives but better to be rid of the issue permanently
than for it to repeatedly return to haunt us.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17896)

show more ...

doc: document the event queue internal API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

doc: document the event queue internal API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)

show more ...

Add unit test for event queue

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)

ssl: implement an event queue

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)

ssl: add a zero time macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)

Add sparse array to libssl

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)

Add additional include

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)

AES OCB test vectors

Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin

AES OCB test vectors

Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

show more ...

Fix AES OCB encrypt/decrypt for x86 AES-NI

aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grand

Fix AES OCB encrypt/decrypt for x86 AES-NI

aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.

As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.

Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.

The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.

The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.

This addresses CVE-2022-2097.

Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

show more ...

Fix bn_gcd code to check return value when calling BN_one()

BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return

Fix bn_gcd code to check return value when calling BN_one()

BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.

The issue is triggered by a memory allocation failure.
Detected by PR #18355

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)

show more ...

v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl

v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)

show more ...