Don't clear the whole error stack when loading engines

Loading the various built-in engines was unconditionally clearing the
whole error stack. During config file processing processing a

Don't clear the whole error stack when loading engines

Loading the various built-in engines was unconditionally clearing the
whole error stack. During config file processing processing a .include
directive which fails results in errors being added to the stack - but
we carry on anyway. These errors were then later being removed by the
engine loading code, meaning that problems with the .include directive
never get shown.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)

show more ...

Don't clear errors on failure in CONF_modules_load_file_ex()

The call to CONF_modules_load() in CONF_modules_load_file_ex() can
return a negative number to indicate failure. This was inc

Don't clear errors on failure in CONF_modules_load_file_ex()

The call to CONF_modules_load() in CONF_modules_load_file_ex() can
return a negative number to indicate failure. This was incorrectly
being interpreted as "success" and therefore errors were being cleared
incorrectly.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)

show more ...

x509_vfy.c: Call verification callback individually per strict check in check_chain()

Fixes #13283

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.

x509_vfy.c: Call verification callback individually per strict check in check_chain()

Fixes #13283

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

show more ...

x509_vfy.c: Introduce CHECK_CB macro simplifying use of cert verification cb function

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pu

x509_vfy.c: Introduce CHECK_CB macro simplifying use of cert verification cb function

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

show more ...

CHANGES.md: Mention (strict) checks recently added to X509_verify_cert()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

Improve doc of X509_verify_cert(), also in openssl.pod

in particular regarding the checks due to X509_V_FLAG_X509_STRICT/-x509_strict

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.or

Improve doc of X509_verify_cert(), also in openssl.pod

in particular regarding the checks due to X509_V_FLAG_X509_STRICT/-x509_strict

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

show more ...

Check the configuration file by default

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13310)

Prepare for 3.0 alpha 9

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Prepare for release of 3.0 alpha 8

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Update copyright year

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13324)

defltprov: remove duplicate algorithm names.

Ed25519 and Ed448 contained aliases that were the same as the primary name.
This removes the aliases leaving ED25519 and ED448 as the canonic

defltprov: remove duplicate algorithm names.

Ed25519 and Ed448 contained aliases that were the same as the primary name.
This removes the aliases leaving ED25519 and ED448 as the canonical names.

Matching is case insensitive, so no functionality is lost. The FIPS provider
didn't include the duplicates.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13308)

show more ...

Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.

These methods should ultimately be deprecated. The move is to insulate
non-UNIX platforms from these undefined

Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.

These methods should ultimately be deprecated. The move is to insulate
non-UNIX platforms from these undefined symbols.

CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.

Fixes #13273

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13276)

show more ...

Do not export the submodules gost-engine

Remove gost-engine from the distribution tarball.

Signed-off-by: Hu Keping <hukeping@huawei.com>

Reviewed-by: Richard Levitte <levi

Do not export the submodules gost-engine

Remove gost-engine from the distribution tarball.

Signed-off-by: Hu Keping <hukeping@huawei.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13301)

show more ...

fix typo in README

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@

fix typo in README

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13289)

show more ...

Add more diagnostics to ossl_shim

We had several cases where the connection failed but we did not
have an error message to differentiate which failure condition had
been triggered.

Add more diagnostics to ossl_shim

We had several cases where the connection failed but we did not
have an error message to differentiate which failure condition had
been triggered. Add some more messages to help clarify what is
going wrong.

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)

show more ...

Adjust error reason for ssl_get_min_max_version() failure

Use SSL_R_NO_PROTOCOLS_AVAILABLE instead of ERR_R_INTERNAL_ERROR,
to match what the BoringSSL tests expect for this case.

Adjust error reason for ssl_get_min_max_version() failure

Use SSL_R_NO_PROTOCOLS_AVAILABLE instead of ERR_R_INTERNAL_ERROR,
to match what the BoringSSL tests expect for this case.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)

show more ...

Clear error queue entries from bad DLTS records

DTLS by design ignores records/packets with bad MAC or failed AEAD tag
validation. However, recent changes to have provided cipher
im

Clear error queue entries from bad DLTS records

DTLS by design ignores records/packets with bad MAC or failed AEAD tag
validation. However, recent changes to have provided cipher
implementations caused tls1_enc() to leave an entry on the error queue
for invalid GCM tags, e.g.:

800BEAEF487F0000:error::Provider routines:gcm_stream_update:cipher operation failed:providers/implementations/ciphers/ciphercommon_gcm.c:306

The BoringSSL tests check for entries on the error queue with
SSL_get_error() and so we were seeing spurious test failures
due to the additional item on the error queue. To avoid leaving
such spurious entries on the error queue, set a mark before calling
the ssl3_enc 'enc' method, and pop to that mark before ignoring
invalid packets.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)

show more ...

Prevent potential UAF in init_thread_deregister()

I discovered the potential for use-after-free on glob_tevent_reg &
its members in this function as a consequence of some static (de-)ini

Prevent potential UAF in init_thread_deregister()

I discovered the potential for use-after-free on glob_tevent_reg &
its members in this function as a consequence of some static (de-)initialization
fiasco in C++ client code.

Long story short, an EVP_PKEY_free() was happening after
OPENSSL_cleanup(). Aside from being freed the EVP_PKEY object wasn't
actually being used after cleanup, it was basically just an
ordering issue.

Obviously the application behavior here is somewhat suspect,
but IMO is basically benign. Crashing (most typical outcome
of a UAF) doesn't seem the optimal response.

At any rate, the issue can be avoided (at least with regard to this function)
by simply updating the pointer to NULL rather than leaving it pointing
to the freed memory, as is the typical practice.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13267)

show more ...

EVP: Fix typo in EVP_PKEY_gen comment

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/p

EVP: Fix typo in EVP_PKEY_gen comment

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13282)

show more ...

Initialize outl in evp_enc.c to 0, protect against NULL

Fixes #12734

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged f

Initialize outl in evp_enc.c to 0, protect against NULL

Fixes #12734

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13268)

show more ...

Add AES KW inverse ciphers to the EVP layer

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13272)

Remove FLOSS from all OSS builds on NonStop except for SPT threading.

The Standard POSIX Threads (SPT) implementation hangs in some test cases
if FLOSS is not used.

CLA: Permiss

Remove FLOSS from all OSS builds on NonStop except for SPT threading.

The Standard POSIX Threads (SPT) implementation hangs in some test cases
if FLOSS is not used.

CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.

Fixes #13277

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13279)

show more ...

test/recipes/90-test_shlibload.t: Skip when address sanitizer enabled

Because this test loads the shared libraries dynamically, there are
cases where that results in errors because the A

test/recipes/90-test_shlibload.t: Skip when address sanitizer enabled

Because this test loads the shared libraries dynamically, there are
cases where that results in errors because the ASAN library wasn't
loaded first. That makes this test unsuitable in an ASAN build.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13281)

show more ...

util/find-doc-nits: ignore OSSL_DEPRECATED*, alongside other reserved symbols

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13240)

Simplify and clarify doc/internal/man7/deprecation.pod

doc/internal/man7/deprecation.pod was unclear in some areas, and
included general documentation that has no place there.

R

Simplify and clarify doc/internal/man7/deprecation.pod

doc/internal/man7/deprecation.pod was unclear in some areas, and
included general documentation that has no place there.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13240)

show more ...