dh: fix coverty 1474423: resource leak

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14637)

apps: fix coverity 1451544: improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

test: fix coverity 1451534: improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

test: fix coverity 1469427: impropery use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

test: fix coverity 1454812: improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

test: fix coverity 1451574: improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

enc: fix coverity 1451499, 1451501, 1451506, 1451507, 1351511, 1451514, 1451517, 1451523, 1451526m 1451528, 1451539, 1451441, 1451549, 1451568 & 1451572: improper use of negative value

Revie

enc: fix coverity 1451499, 1451501, 1451506, 1451507, 1351511, 1451514, 1451517, 1451523, 1451526m 1451528, 1451539, 1451441, 1451549, 1451568 & 1451572: improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

show more ...

test: fix coverity 1371689 & 1371690: improper use of negative values

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

apps: fix coverity 271258: improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

err: fix coverity 1452768: dereference after null check

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

pem: fix coverity 1474426: uninitialised scalar variable.

Based on the value, it would with work properly or produce an error. Most likely seems to have been the former.

Reviewed-b

pem: fix coverity 1474426: uninitialised scalar variable.

Based on the value, it would with work properly or produce an error. Most likely seems to have been the former.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

show more ...

Be more selective about copying libcrypto symbols into legacy.so

Some private libcrypto symbols are also included in legacy.so.
Unfortunately this included some files with "RUN_ONCE" fun

Be more selective about copying libcrypto symbols into legacy.so

Some private libcrypto symbols are also included in legacy.so.
Unfortunately this included some files with "RUN_ONCE" functions and
global data. This doesn't get properly cleaned up when OpenSSL exits.
Therefore we are more selective about the symbols we include in legacy.so.

Fixes #13560

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14646)

show more ...

Disable fips-securitychecks if no-fips is configured.

Fixes: #14629

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>

Disable fips-securitychecks if no-fips is configured.

Fixes: #14629

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14634)

show more ...

endecode_test: Add file and line arguments to test callbacks

To improve debug information in case of test failures source
file and line arguments are added to test callbacks.

Fi

endecode_test: Add file and line arguments to test callbacks

To improve debug information in case of test failures source
file and line arguments are added to test callbacks.

Fixes #14331

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14567)

show more ...

Fix usages of const EVP_MD.

Partially fixes #13837

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

Fix usages of const EVP_MD.

Partially fixes #13837

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14474)

show more ...

Dual 1024-bit exponentiation optimization for Intel IceLake CPU
with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key
operations. It uses 256-bit registers to avoid CPU

Dual 1024-bit exponentiation optimization for Intel IceLake CPU
with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key
operations. It uses 256-bit registers to avoid CPU frequency scaling issues.
The performance speedup for RSA2k signature on ICL is ~2x.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13750)

show more ...

APPS: fix load_certs_multifile() interpreting backslashes

Fixes #14622

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1

APPS: fix load_certs_multifile() interpreting backslashes

Fixes #14622

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14636)

show more ...

Fix DER reading from stdin for BIO_f_readbuffer

Fixes #14559

The intitial implementation of the gets() function tried using the next bio's gets() function.
For a file BIO this r

Fix DER reading from stdin for BIO_f_readbuffer

Fixes #14559

The intitial implementation of the gets() function tried using the next bio's gets() function.
For a file BIO this returned incorrect data for binary data containing 0x00.
Just buffering all data during gets() did not work however since some
applications open and close the bio multiple times when dealing with pem
files containing multiple entries.. This does not work
when reading from stdin unless the data if buffered one byte at a time.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14599)

show more ...

ASN1: Reset the content dump flag after dumping

When encountering a badly coded item, the DER printer (ASN1_print_dump())
sets a flag to ensure that an additional hex dump of the offendi

ASN1: Reset the content dump flag after dumping

When encountering a badly coded item, the DER printer (ASN1_print_dump())
sets a flag to ensure that an additional hex dump of the offending content
is printed as part of the output. Unfortunately, this flag is never reset,
which means that all following items are printed with the extra hex dump,
whether they are faulty or not.

Resetting the flag after hex dumping ensures that only the faulty contents
are printed with the additional hex dump.

Fixes #14626

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14627)

show more ...

evp: fix coverity 1473380: copy into fixed size buffer

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14614)

sslapitest: fix problem in cleanup on failure path

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)

evp: fix coverity 1473381 - dereference after null check

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)

x509: coverity 1472673 & 1472693 - dereference after null checks

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)

test: coverity 1469426 - dereference after null check

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)

ssl: coverity 1465527 - dereference after null check

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)