EVP demo for XOF digest using SHAKE256

This demo optionally accepts a single command line argument, allowing
the output length to be specified.

Fixes #14106.

Reviewed-b

EVP demo for XOF digest using SHAKE256

This demo optionally accepts a single command line argument, allowing
the output length to be specified.

Fixes #14106.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17803)

show more ...

apps: several return value checks for BIO_new()

Also check return value of functions that call BIO_new() internally
such as dup_bio_out().

Reviewed-by: Matt Caswell <matt@openss

apps: several return value checks for BIO_new()

Also check return value of functions that call BIO_new() internally
such as dup_bio_out().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17421)

show more ...

Rework dependencies between config files and build files

Before PR #15310, which reworked how build files (Makefile, ...) were
generated, everything was done when configuring, so configd

Rework dependencies between config files and build files

Before PR #15310, which reworked how build files (Makefile, ...) were
generated, everything was done when configuring, so configdata.pm
could depend on build file templates and we'd get away with it.

However, since building configdata.pm is now independent of the build
file templates, that dependency is unnecessary, and would lead to
surprises of the build file template is updated, with an unexpected
full reconfiguration as a result, when all that's needed is to run
configdata.pm with no flags to get the build file re-generated.

This change is therefore a completion of what was forgotten in #15310.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17756)

show more ...

Fix build issue with aes-gcm-armv8-unroll8_64.S on older aarch64 assemblers

The EOR3 instruction is implemented with .inst, and the code here is enabled
using run-time detection of the C

Fix build issue with aes-gcm-armv8-unroll8_64.S on older aarch64 assemblers

The EOR3 instruction is implemented with .inst, and the code here is enabled
using run-time detection of the CPU capabilities, so no need to explicitly
ask for the sha3 extension.

Fixes #17773

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17795)

show more ...

Add EVP demo for X25519 key exchange

This offers both a known answer test with fixed keys and also
demonstrates a more realistic usage with random keys.

Fixes #14118.

R

Add EVP demo for X25519 key exchange

This offers both a known answer test with fixed keys and also
demonstrates a more realistic usage with random keys.

Fixes #14118.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17799)

show more ...

Fix typo in EVP_MD-BLAKE2(7)

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17790)

s_server: Do not use SSL_sendfile when KTLS is not being used

Fix a bug in `openssl s_server -WWW` where it would attempt to invoke
`SSL_sendfile` if `-ktls -sendfile` was passed on the

s_server: Do not use SSL_sendfile when KTLS is not being used

Fix a bug in `openssl s_server -WWW` where it would attempt to invoke
`SSL_sendfile` if `-ktls -sendfile` was passed on the command line, even
if KTLS has not actually been enabled, for example because it is not
supported by the host. Since `SSL_sendfile` is only supported when KTLS
is actually being used, this resulted in a failure to serve requests.

Fixes #17503.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17788)

show more ...

Perturb the malloc output during tests

Set the environment variable MALLOC_PERTURB_ during tests to perturb the
output from OPENSSL_malloc() calls (see the mallopt man page for details

Perturb the malloc output during tests

Set the environment variable MALLOC_PERTURB_ during tests to perturb the
output from OPENSSL_malloc() calls (see the mallopt man page for details
about this environment variable). This could be a low cost way of spotting
uninit reads in "make test" runs in some situations.

In tests I have found it to be a little unreliable (sometimes it seemed to
not perturb the output for inexplicable reasons) - but since this is easy
to implement I think it is worthwhile.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17768)

show more ...

asn1_string_to_time_t: Use timegm on FreeBSD.

FreeBSD does not provide a global timezone variable containing the
offset to UTC. Instead, FreeBSD's libc includes a legacy timezone
fu

asn1_string_to_time_t: Use timegm on FreeBSD.

FreeBSD does not provide a global timezone variable containing the
offset to UTC. Instead, FreeBSD's libc includes a legacy timezone
function dating back to Version 7 AT&T UNIX. As a result,
asn1_string_to_time_t currently fails to compile on FreeBSD as it
subtracts a function from a time_t value:

../crypto/asn1/a_time.c:625:37: error: invalid operands to binary expression ('time_t' (aka 'long') and 'char *(int, int)')
timestamp_utc = timestamp_local - timezone;
~~~~~~~~~~~~~~~ ^ ~~~~~~~~
1 error generated.

However, FreeBSD's libc does include a non-standard (but widely
available) timegm function which converts a struct tm directly to a
UTC time_t value. Use this on FreeBSD instead of mktime.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17765)

show more ...

Add testing of OBJ_find_sigid_by_algs()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Add testing of OBJ_find_sigid_by_algs()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)

show more ...

enable CMS sign/verify for provider-implemented PKEYs

We need to handle signatures with and without digest algs
and we generalize the ossl_cms_ecdsa_dsa_sign() function
to other algo

enable CMS sign/verify for provider-implemented PKEYs

We need to handle signatures with and without digest algs
and we generalize the ossl_cms_ecdsa_dsa_sign() function
to other algorithms that are handled in the same way.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)

show more ...

SM4 optimization for non-asm mode

This patch use table-lookup borrow from aes in crypto/aes/aes_core.c.

Test on my PC(AMD Ryzen Threadripper 3990X 64-Core Processor),

befor

SM4 optimization for non-asm mode

This patch use table-lookup borrow from aes in crypto/aes/aes_core.c.

Test on my PC(AMD Ryzen Threadripper 3990X 64-Core Processor),

before and after optimization:

debug mode:

Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 40101.14k 41453.80k 42073.86k 42174.81k 42216.11k 42227.03k
SM4-ECB 41222.60k 42074.88k 42673.66k 42868.05k 42896.04k 42844.16k
SM4-CTR 35867.22k 36874.47k 37004.97k 37083.82k 37052.42k 37076.99k

After:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 47273.51k 48957.40k 49665.19k 49810.77k 49859.24k 49834.67k
SM4-ECB 48100.01k 49323.34k 50224.04k 50273.28k 50533.72k 50730.12k
SM4-CTR 41352.64k 42621.29k 42971.22k 43061.59k 43089.92k 43100.84k

non-debug mode:

Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 141596.59k 145102.93k 146794.50k 146540.89k 146650.45k 146877.10k
SM4-ECB 144774.71k 155106.28k 158166.36k 158279.00k 158520.66k 159280.97k
SM4-CTR 138021.10k 141577.60k 142493.53k 142736.38k 142852.10k 143125.16k

After:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 142016.95k 150068.48k 152238.25k 152773.97k 153094.83k 152027.14k
SM4-ECB 148842.94k 159919.87k 163628.37k 164515.84k 164697.43k 164790.27k
SM4-CTR 141774.23k 146206.89k 147470.25k 147816.28k 146770.60k 148346.20k

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17766)

show more ...

Fix NULL pointer dereference for BN_mod_exp2_mont

This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.

Regression test

Fix NULL pointer dereference for BN_mod_exp2_mont

This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.

Regression test added. Fixes #17648.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17783)

show more ...

Enable openssl req -x509 to create certificates from CSRs

`openssl req -x509` has code allowing it to generate certificates from CSRs
as a replacement for `openssl x509`, but a bug preve

Enable openssl req -x509 to create certificates from CSRs

`openssl req -x509` has code allowing it to generate certificates from CSRs
as a replacement for `openssl x509`, but a bug prevents it from working
properly. -CA and -CAkey can now be passed to generate a CA-signed
certificate as documented in openssl-req(1).

Regression testing has been added to `openssl req`.

Fixes #17736.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17782)

show more ...

Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.

Fixes #12491.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from htt

Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.

Fixes #12491.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17744)

show more ...

[ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas

[ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)

show more ...

[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3

Fixes #17743

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@opens

[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3

Fixes #17743

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)

show more ...

[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias

`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This co

[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias

`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)

show more ...

aarch64: Fix async_fibre_swapcontext() on clang BTI builds

Reverting to using swapcontext() when compiling with clang on BTI-enabled
builds fixes the BTI setjmp() failure seen when runni

aarch64: Fix async_fibre_swapcontext() on clang BTI builds

Reverting to using swapcontext() when compiling with clang on BTI-enabled
builds fixes the BTI setjmp() failure seen when running asynctest.

The issue with setjmp/longjmp is a known clang bug: see
https://github.com/llvm/llvm-project/issues/48888

Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17698)

show more ...

crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup

Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(),

crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup

Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)

show more ...

fuzz/fuzz_rand.c: Add check for OSSL_LIB_CTX_new

As the potential failure of the OPENSSL_zalloc(), the OSSL_LIB_CTX_new()
could return NULL.
Therefore, it should be better to check i

fuzz/fuzz_rand.c: Add check for OSSL_LIB_CTX_new

As the potential failure of the OPENSSL_zalloc(), the OSSL_LIB_CTX_new()
could return NULL.
Therefore, it should be better to check it and return error if fails in
order to guarantee the success of the initialization.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17738)

show more ...

Correct the UnsafeLegacyServerConnect docs

This option is no longer set by default from OpenSSL 3.0.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@op

Correct the UnsafeLegacyServerConnect docs

This option is no longer set by default from OpenSSL 3.0.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17748)

show more ...

check the return value of CRYPTO_strdup()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>

check the return value of CRYPTO_strdup()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17741)

show more ...

Change `strlen' argument name to `strlength' to avoid c++ reserved words.

Fixes #17753

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail

Change `strlen' argument name to `strlength' to avoid c++ reserved words.

Fixes #17753

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17764)

show more ...

fetch: convert a NULL property query to ""

Previously, a NULL property query was never cached and this lead to a
performance degregation. Now, such a query is converted to an empty stri

fetch: convert a NULL property query to ""

Previously, a NULL property query was never cached and this lead to a
performance degregation. Now, such a query is converted to an empty string
and cached.

Fixes #17752
Fixes https://github.openssl.org/openssl/openssl/issues/26

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17769)

show more ...