APPS: Add check for multiple 'unknown' options

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

Statically link the legacy provider to endecode_test

We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests

Statically link the legacy provider to endecode_test

We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.

Fixes #17059

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17345)

show more ...

Add a test for a custom digest created via EVP_MD_meth_new()

We check that the init and cleanup functions for the custom method are
called as expected.

Based on an original repr

Add a test for a custom digest created via EVP_MD_meth_new()

We check that the init and cleanup functions for the custom method are
called as expected.

Based on an original reproducer by Dmitry Belyavsky from issue #17149.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

show more ...

Fix a leak in EVP_DigestInit_ex()

If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.

Fixes #171

Fix a leak in EVP_DigestInit_ex()

If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.

Fixes #17149

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

show more ...

Ensure that MDs created via EVP_MD_meth_new() go down the legacy route

MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they ar

Ensure that MDs created via EVP_MD_meth_new() go down the legacy route

MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

show more ...

EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt

The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.

Fixes #17424

EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt

The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.

Fixes #17424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)

show more ...

crypto/bio: fix build on UEFI

When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:

crypto/bio

crypto/bio: fix build on UEFI

When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:

crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled

Fix that by using EFIAPI calling convention when compiling for UEFI.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)

show more ...

Don't use __ARMEL__/__ARMEB__ in aarch64 assembly

GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead us

Don't use __ARMEL__/__ARMEB__ in aarch64 assembly

GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.

However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.

Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.

(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17373)

show more ...

check-format.pl: Fix report on space before ';' and allow it after ')'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

check-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

check-format.pl: Fix report on constant on LHS of comparison/assignment

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

check_format.pl: Add checks for blank lines within/after local decls

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

Delete unused param about get_construct_message_f

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/open

Delete unused param about get_construct_message_f

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17385)

show more ...

Add a test case for the short password

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)

Update alert to common protocol

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openss

Update alert to common protocol

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17161)

show more ...

apps.c: fix various coding style nits found by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17435)

Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)

show more ...

providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init

There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.

Reviewed-b

providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init

There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)

show more ...

v2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16345)

apps/cmp.c: fix coding style nits reported by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

APPS load_key_certs_crls(): Make file access errors much more readable

This reverts part of commit ef0449135c4e4e7f using a less invasive suppression.

Reviewed-by: Paul Dale <pauli@

APPS load_key_certs_crls(): Make file access errors much more readable

This reverts part of commit ef0449135c4e4e7f using a less invasive suppression.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

show more ...

OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

Test importing EC key parameters with a bad curve

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)