Change WININSTALLCONTEXT to OSSL_WINCTX

Make it more in line with other command line defines, and a bit shorter

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Cas

Change WININSTALLCONTEXT to OSSL_WINCTX

Make it more in line with other command line defines, and a bit shorter

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)

show more ...

dont fall back to build time defaults on windows

to prevent security issues, don't fall back to build time default
locations, instead return the string "UNDEFINED"

Reviewed-by:

dont fall back to build time defaults on windows

to prevent security issues, don't fall back to build time default
locations, instead return the string "UNDEFINED"

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)

show more ...

Correct use of workflow ENV vars on windows

On windows ci we're using powershell operations, need to follow those
rules

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-

Correct use of workflow ENV vars on windows

On windows ci we're using powershell operations, need to follow those
rules

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)

show more ...

Add a unit test to validate the functionality of our reg key lookups

Add a test to check to make sure our registry key lookups work. note
this test only runs on windows (clearly), but a

Add a unit test to validate the functionality of our reg key lookups

Add a test to check to make sure our registry key lookups work. note
this test only runs on windows (clearly), but also only if the registry
keys are set via an installer or some other manual process (to be done
in the CI workflow)

Also add workflow steps to set registry keys for testing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)

show more ...

convert users of build time defaults to use new defaults api

Now that we can query for install time registry keys on windows, convert
users of these macros to use the api instead

convert users of build time defaults to use new defaults api

Now that we can query for install time registry keys on windows, convert
users of these macros to use the api instead

Add a unit test to validate the functionality of our reg key lookups

Add a test to check to make sure our registry key lookups work. note
this test only runs on windows (clearly), but also only if the registry
keys are set via an installer or some other manual process (to be done
in the CI workflow)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)

show more ...

Add defaults api to openssl build

Build time defaults aren't great for windows, in which various macros
(like OPENSSLDIR) are selected at build time, but may be selected
differently

Add defaults api to openssl build

Build time defaults aren't great for windows, in which various macros
(like OPENSSLDIR) are selected at build time, but may be selected
differently at install time. Add an internal defaults api to return the
build time constants on unix systems, but instead query registry keys
for the form:
HLKM\SOFTWARE\OpenSSL-{version}-{wininstallcontext}
Such that each built version of openssl may maintain its own set of
registry keys to identify these locations, and be set administratiely as
appropriate at install or run time

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)

show more ...

Avoid NULL pointer dereference

Function readbuffer_gets() misses some of the initial checks of its
arguments. Not checking them can lead to a later NULL pointer
dereferences.

Avoid NULL pointer dereference

Function readbuffer_gets() misses some of the initial checks of its
arguments. Not checking them can lead to a later NULL pointer
dereferences.

The checks are now unified with the checks in readbuffer_read()
function.

CLA: trivial
Fixes #23915

Signed-off-by: Radek Krejci <radek.krejci@oracle.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23918)

show more ...

check_format.pl: fix detection of 'if' with single stmt in braces without 'else'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Me

check_format.pl: fix detection of 'if' with single stmt in braces without 'else'

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24805)

show more ...

Add (void) cast to result of ossl_quic_rxfc_on_retire()

Return value of function 'ossl_quic_rxfc_on_retire', called at
quic_stream_map.c:767, is not checked, but it is usually checked

Add (void) cast to result of ossl_quic_rxfc_on_retire()

Return value of function 'ossl_quic_rxfc_on_retire', called at
quic_stream_map.c:767, is not checked, but it is usually checked
for this function.

CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24794)

show more ...

Fix possible double-free in pkcs7 add_attribute function

The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_AT

Fix possible double-free in pkcs7 add_attribute function

The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_ATTRIBUTE_create succeeds, but when an error happens
after that point there is no way to get the ownership back
to the caller, which is necessary to fullfill the API contract.

Fixed that by moving the call to X509_ATTRIBUTE_create to the
end of the function, and make sure that no errors are possible
after that point.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22721)

show more ...

fuzz/decoder.c: Lower the limits on key checks

These checks still take too long time on clusterfuzz
so they are longer than the timeout limit.

Reviewed-by: Neil Horman <nhorman@

fuzz/decoder.c: Lower the limits on key checks

These checks still take too long time on clusterfuzz
so they are longer than the timeout limit.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24781)

show more ...

Fix incorrect sentence

Remove superfluous "the" from sentence.

CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>

Fix incorrect sentence

Remove superfluous "the" from sentence.

CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24790)

show more ...

test: userNotice X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/247

test: userNotice X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24761)

show more ...

feat: support userNotice X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/

feat: support userNotice X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24761)

show more ...

Allow shared iOS builds

Fixes #24545

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/

Allow shared iOS builds

Fixes #24545

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24649)

show more ...

Unlock only when lock was successful

Addressing issue (#24517):
Updated the example in CRYPTO_THREAD_run_once.pod to reflect that an unlock call should not be made if a write_lock failed

Unlock only when lock was successful

Addressing issue (#24517):
Updated the example in CRYPTO_THREAD_run_once.pod to reflect that an unlock call should not be made if a write_lock failed.
Updated BIO_lookup_ex in bio_addr.c and ossl_engine_table_select in eng_table.c to not call unlock if the lock failed.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24779)

show more ...

Fixes for potential deadlock

Fixes (#24517):
(3/3) Addresses the potential deadlock if an error occurs from up_ref
in functions ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, an

Fixes for potential deadlock

Fixes (#24517):
(3/3) Addresses the potential deadlock if an error occurs from up_ref
in functions ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, and
ENGINE_get_prev in file crypto/engine/eng_list.c

CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24780)

show more ...

Configure: Remove -Wswitch-default from strict warnings

Also move -Wno-tautological-constant-out-of-range-compare to
clang-specific options as it is not supported by gcc.

Review

Configure: Remove -Wswitch-default from strict warnings

Also move -Wno-tautological-constant-out-of-range-compare to
clang-specific options as it is not supported by gcc.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24758)

(cherry picked from commit 3d9c6b16d8b8e75b73e2fd34849e930e2792f3a4)

show more ...

fix: remove some odd empty lines

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merg

fix: remove some odd empty lines

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24776)

show more ...

fix: openssl speed: RSA encryption is on the pubkey, not the privkey

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Toma

fix: openssl speed: RSA encryption is on the pubkey, not the privkey

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24776)

show more ...

Convert hashtable to using ossl_rcu_deref on lookup

The new hashtable has an issue on non-64 bit builds. We use
CRYPTO_atomic_load to load a pointer value when doing lookups, but that

Convert hashtable to using ossl_rcu_deref on lookup

The new hashtable has an issue on non-64 bit builds. We use
CRYPTO_atomic_load to load a pointer value when doing lookups, but that
API relies on the expectation that pointers are 64 bits wide. On 32 bit
systems, we try to load 64 bits using CRYPTO_atomic_load into a 32 bit
pointer, which overruns our stack

Fix this by no longer using CRYPTO_atomic_load for value fetches from
the hashtable. Instead use ossl_rcu_deref, whcih operates on void
pointers and is safe on all arches

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24682)

show more ...

BIO_f_base64.pod and openssl-enc.pod.in: improve description on newline handling

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

BIO_f_base64.pod and openssl-enc.pod.in: improve description on newline handling

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18783)

show more ...

OPENSSL_hexstr2buf_ex(): Handle zero-length input correctly

In case of zero-length input the code wrote one byte
before the start of the output buffer. The length
of the output was a

OPENSSL_hexstr2buf_ex(): Handle zero-length input correctly

In case of zero-length input the code wrote one byte
before the start of the output buffer. The length
of the output was also reported incorrectly in this case.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24770)

show more ...

Check EC_GROUP_get0_order result before dereference

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mr

Check EC_GROUP_get0_order result before dereference

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24755)

show more ...

threads_win: fix build error with VS2010 x86

InterlockedAnd64 and InterlockedAdd64 are not available on VS2010 x86.
We already have implemented replacements for other functions, such as

threads_win: fix build error with VS2010 x86

InterlockedAnd64 and InterlockedAdd64 are not available on VS2010 x86.
We already have implemented replacements for other functions, such as
InterlockedOr64. Apply the same approach to fix the errors.
A CRYPTO_RWLOCK rw_lock is added to rcu_lock_st.

Replace InterlockedOr64 and InterlockedOr with CRYPTO_atomic_load and
CRYPTO_atomic_load_int, using the existing design pattern.

Add documentation and tests for the new atomic functions
CRYPTO_atomic_add64, CRYPTO_atomic_and

Fixes:
libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedAdd64 referenced in function _get_hold_current_qp
libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedOr referenced in function _get_hold_current_qp
libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedAnd64 referenced in function _update_qp
libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedOr64 referenced in function _ossl_synchronize_rcu

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24405)

show more ...