From 5140472a7d61ffdc217c9af69b9fabd057e7aa2d Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Fri, 29 Sep 2023 15:31:37 +0200 Subject: [PATCH 01/18] doc: correct the SSL_CTX_set_info_callback(3) manual page The info callback is not prototyped correctly, and the code example fails to compile because of const-incorrectness. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22224) (cherry picked from commit 92986c0be56bc8bf9c414dab59d4f1e128f1e843) Signed-off-by: fly2x --- doc/man3/SSL_CTX_set_info_callback.pod | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index 9cee642073..99f59b063c 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -12,11 +12,15 @@ SSL_get_info_callback #include - void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); - void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); + void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*callback) (const SSL *ssl, int type, int val)); - void SSL_set_info_callback(SSL *ssl, void (*callback)()); - void (*SSL_get_info_callback(const SSL *ssl))(); + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val); + + void SSL_set_info_callback(SSL *ssl, + void (*callback) (const SSL *ssl, int type, int val)); + + void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); =head1 DESCRIPTION @@ -119,7 +123,7 @@ SSL_get_info_callback() returns the current setting. The following example callback function prints state strings, information about alerts being handled and error messages to the B BIO. - void apps_ssl_info_callback(SSL *s, int where, int ret) + void apps_ssl_info_callback(const SSL *s, int where, int ret) { const char *str; int w = where & ~SSL_ST_MASK; -- Gitee From ea89a061c7f772d382e58f74ee76111ef9054d74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 17:23:41 +0000 Subject: [PATCH 02/18] Bump actions/setup-python from 4.7.0 to 4.7.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.0 to 4.7.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.7.0...v4.7.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22254) (cherry picked from commit f7e7bbcd7850b96d02dd0f4dd49b3365b320776c) Signed-off-by: fly2x --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2f1564b379..4c4af6763f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -298,7 +298,7 @@ jobs: - name: make run: make -s -j4 - name: Setup Python - uses: actions/setup-python@v4.7.0 + uses: actions/setup-python@v4.7.1 with: python-version: ${{ matrix.PYTHON }} - uses: actions-rs/toolchain@v1 -- Gitee From 79bf0bfc40b441d507266111a35ba964dbe6ac18 Mon Sep 17 00:00:00 2001 From: Sumitra Sharma Date: Mon, 2 Oct 2023 20:53:52 +0530 Subject: [PATCH 03/18] Add openssl/pem.h inclusion for d2i_PKCS8PrivateKey Include the necessary header file openssl/pem.h in the documentation to ensure that all functions related to d2i_PKCS8PrivateKey are correctly defined. Closes openssl#22188 Signed-off-by: Sumitra Sharma Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22253) (cherry picked from commit cda2e7c914bffc904e3ee79f360953fd370e19e9) Signed-off-by: fly2x --- doc/man3/d2i_PKCS8PrivateKey_bio.pod | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod index 5b5371b70f..e84283f63e 100644 --- a/doc/man3/d2i_PKCS8PrivateKey_bio.pod +++ b/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -9,6 +9,7 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private =head1 SYNOPSIS #include + #include EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); -- Gitee From 3a08fed53bbe147160c5e0200628b3e088c483f6 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Tue, 26 Sep 2023 18:25:27 +0200 Subject: [PATCH 04/18] doc/man3: fix misnamed function name Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`, fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph in commit b3696a55a5ed. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22242) (cherry picked from commit 515856f5ceb1ef0065466ac85164766623457000) Signed-off-by: fly2x --- doc/man3/DSA_generate_parameters.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/DSA_generate_parameters.pod b/doc/man3/DSA_generate_parameters.pod index 415c4c8b82..32eecb6891 100644 --- a/doc/man3/DSA_generate_parameters.pod +++ b/doc/man3/DSA_generate_parameters.pod @@ -51,7 +51,7 @@ called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to L. -DSA_generate_prime() is similar to DSA_generate_prime_ex() but +DSA_generate_parameters() is similar to DSA_generate_parameters_ex() but expects an old-style callback function; see L for information on the old-style callback. -- Gitee From 8b2444bcd5df28d057471795dfe47bc7ad5c332c Mon Sep 17 00:00:00 2001 From: Frederik Wedel-Heinen Date: Mon, 2 Oct 2023 10:58:48 +0200 Subject: [PATCH 05/18] Remove duplicates of EVP_aes_xxx_wrap() from EVP_aes_128_gcm.pod Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22236) (cherry picked from commit 5c20c202699ba9c08183c5227df0ad4352e0974b) Signed-off-by: fly2x --- doc/man3/EVP_aes_128_gcm.pod | 6 ------ 1 file changed, 6 deletions(-) diff --git a/doc/man3/EVP_aes_128_gcm.pod b/doc/man3/EVP_aes_128_gcm.pod index 09cae99129..067f17e8fc 100644 --- a/doc/man3/EVP_aes_128_gcm.pod +++ b/doc/man3/EVP_aes_128_gcm.pod @@ -134,13 +134,7 @@ section for details. EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_256_wrap_pad() AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section -- Gitee From 4798b97ea98e4b1124ee90e97f55243eba9f52c4 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 26 Dec 2022 20:38:44 +0100 Subject: [PATCH 06/18] Improved detection of engine-provided private "classic" keys Resolves #17092 (?) Resolves #17286 (?) Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19965) (cherry picked from commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5) Signed-off-by: fly2x --- crypto/engine/eng_pkey.c | 42 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index 6e6d6df35b..a8f1371a79 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); return NULL; } + /* We enforce check for legacy key */ + switch (EVP_PKEY_get_id(pkey)) { + case EVP_PKEY_RSA: + { + RSA *rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_set1_RSA(pkey, rsa); + RSA_free(rsa); + } + break; +# ifndef OPENSSL_NO_EC + case EVP_PKEY_SM2: + case EVP_PKEY_EC: + { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_set1_EC_KEY(pkey, ec); + EC_KEY_free(ec); + } + break; +# endif +# ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + { + DSA *dsa = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_set1_DSA(pkey, dsa); + DSA_free(dsa); + } + break; +#endif +# ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + { + DH *dh = EVP_PKEY_get1_DH(pkey); + EVP_PKEY_set1_DH(pkey, dh); + DH_free(dh); + } + break; +#endif + default: + /*Do nothing */ + break; + } + return pkey; } -- Gitee From 95d7c5f1a2618f0bf8ac2631a18add699dfcfe55 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 2 Oct 2023 09:12:12 +0200 Subject: [PATCH 07/18] Restore the meaning of EVP_PKEY_print_private() With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD function "priv_print", effectively asking the backend to print whatever it regards as private key components. In all backends that were built into libcrypto, this function printed what was included in the private key structure, which usually includes the public key components as well. With OpenSSL 3.0, some of the corresponding key2text encoders got a slightly different behavior, where the presence of the selector OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be regarded as private key components printed. This isn't entirely consistent, though, as the RSA key2text encoder will still print the public key components regardless. To compensate for the changed backend behavior, EVP_PKEY_print_private() was made to ask the encoder to print the keypair rather than just the private key, thereby moving the backend semantics to the application API. Unfortunately, this causes confusion for providers where the key2text encoder really should print the private key only. This change restores the built-in 1.1.1 backend behavior in the encoders that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its documented behavior, leaving it to the backend to decide what it regards as "private key components". Fixes #22233 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22237) (cherry picked from commit 1296c2ec7866a4f2f4d210432c771142e8de33a0) Signed-off-by: fly2x --- crypto/evp/p_lib.c | 2 +- include/openssl/evp.h | 2 + .../encode_decode/encode_key2text.c | 63 ++++++++----------- 3 files changed, 28 insertions(+), 39 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 59a7a867ec..04b148a912 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1201,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { - return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL, + return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL, (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), pctx); } diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 49e8e1df78..22e8c25098 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -85,6 +85,8 @@ /* Easy to use macros for EVP_PKEY related selections */ # define EVP_PKEY_KEY_PARAMETERS \ ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +# define EVP_PKEY_PRIVATE_KEY \ + ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) # define EVP_PKEY_PUBLIC_KEY \ ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) # define EVP_PKEY_KEYPAIR \ diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index 7d983f5e51..9ec3490c3a 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -241,7 +241,7 @@ static int dh_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DH_get0_pub_key(dh); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -316,7 +316,7 @@ static int dsa_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DSA_get0_pub_key(dsa); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -525,7 +525,7 @@ static int ec_to_text(BIO *out, const void *key, int selection) if (priv_len == 0) goto err; } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { const EC_POINT *pub_pt = EC_KEY_get0_public_key(ec); if (pub_pt == NULL) { @@ -575,26 +575,31 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } + switch (ecx->type) { + case ECX_KEY_TYPE_X25519: + type_label = "X25519"; + break; + case ECX_KEY_TYPE_X448: + type_label = "X448"; + break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448"; + break; + } + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (ecx->privkey == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Private-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Private-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Private-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Private-Key"; - break; - } + if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0) + return 0; + if (!print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) + return 0; } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { /* ecx->pubkey is an array, not a pointer... */ if (!ecx->haspubkey) { @@ -602,29 +607,11 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Public-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Public-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Public-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Public-Key"; - break; - } + if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0) + return 0; } - if (BIO_printf(out, "%s:\n", type_label) <= 0) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && !print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 - && !print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) + if (!print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) return 0; return 1; -- Gitee From 6c55c7caaa63eddf24ebb83190018d76149e78e3 Mon Sep 17 00:00:00 2001 From: Sumitra Sharma Date: Tue, 3 Oct 2023 09:28:44 +0530 Subject: [PATCH 08/18] Correct documentation for PKCS5_PBKDF2_HMAC In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states that an iter value less than 1 is treated as a single iteration. Upon further investigation in providers/implementations/kdfs/pbkdf2.c, it appears that invalid iter values will result in failure and raise the PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation to accurately reflect the behavior in OpenSSL 3.x. Closes openssl#22168 Signed-off-by: Sumitra Sharma Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22252) (cherry picked from commit 82496b8663f20ff12f02adbe46a060a94b0cbfc5) Signed-off-by: fly2x --- doc/man3/PKCS5_PBKDF2_HMAC.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod index 0984e993da..3da271bdbf 100644 --- a/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -33,7 +33,8 @@ be NULL terminated. B is the iteration count and its value should be greater than or equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any -B less than 1 is treated as a single iteration. +B value less than 1 is invalid; such values will result in failure +and raise the PROV_R_INVALID_ITERATION_COUNT error. B is the message digest function used in the derivation. PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1(). -- Gitee From 2566bb12722c686c13a489efa9099e45ea2666f8 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Sun, 24 Sep 2023 01:24:59 +0200 Subject: [PATCH 09/18] test: evp_extra: fix indentation error Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22185) (cherry picked from commit b49cafd86b295aa5e177d6c1368b06a1202ec2b3) Signed-off-by: fly2x --- test/evp_extra_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index a6667105dc..4a10e7fb04 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1133,11 +1133,11 @@ static int test_EVP_PKEY_sign(int tst) if (tst == 0 ) { if (!TEST_ptr(pkey = load_example_rsa_key())) - goto out; + goto out; } else if (tst == 1) { #ifndef OPENSSL_NO_DSA if (!TEST_ptr(pkey = load_example_dsa_key())) - goto out; + goto out; #else ret = 1; goto out; @@ -1145,7 +1145,7 @@ static int test_EVP_PKEY_sign(int tst) } else { #ifndef OPENSSL_NO_EC if (!TEST_ptr(pkey = load_example_ec_key())) - goto out; + goto out; #else ret = 1; goto out; -- Gitee From ac896b68ec8f95a09fa3fbfae4d5ac68fb32a0c1 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Sun, 24 Sep 2023 01:13:20 +0200 Subject: [PATCH 10/18] test: evp_extra: test signing with legacy app method based keys This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression test for the bug fix in commit 1acc3e8cc3c6 (pull request #22163). It is analogous to `test_EVP_PKEY_sign`, only with a fake app method based key. (The EC key test case was omitted, because there is no `EC_KEY_METHOD_dup` method.) Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22185) (cherry picked from commit 860e36d0dd72f4aa4791e88aa185cb42065a30c4) Signed-off-by: fly2x --- test/evp_extra_test.c | 85 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 4a10e7fb04..2899c69b19 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1179,6 +1179,88 @@ static int test_EVP_PKEY_sign(int tst) return ret; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 +static int test_EVP_PKEY_sign_with_app_method(int tst) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + RSA_METHOD *rsa_meth = NULL; +#ifndef OPENSSL_NO_DSA + DSA *dsa = NULL; + DSA_METHOD *dsa_meth = NULL; +#endif + unsigned char *sig = NULL; + size_t sig_len = 0, shortsig_len = 1; + EVP_PKEY_CTX *ctx = NULL; + unsigned char tbs[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 + }; + + if (tst == 0) { + if (!TEST_ptr(pkey = load_example_rsa_key())) + goto out; + if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) + goto out; + + if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) + || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) + || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) + goto out; + rsa = NULL; /* now owned by the pkey */ + } else { +#ifndef OPENSSL_NO_DSA + if (!TEST_ptr(pkey = load_example_dsa_key())) + goto out; + if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) + goto out; + + if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) + || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) + || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) + goto out; + dsa = NULL; /* now owned by the pkey */ +#else + ret = 1; + goto out; +#endif + } + + ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); + if (!TEST_ptr(ctx) + || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, + sizeof(tbs)), 0)) + goto out; + sig = OPENSSL_malloc(sig_len); + if (!TEST_ptr(sig) + /* Test sending a signature buffer that is too short is rejected */ + || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, + sizeof(tbs)), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), + 0) + /* Test the signature round-trips */ + || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), + 0)) + goto out; + + ret = 1; + out: + EVP_PKEY_CTX_free(ctx); + OPENSSL_free(sig); + EVP_PKEY_free(pkey); + RSA_free(rsa); + RSA_meth_free(rsa_meth); +#ifndef OPENSSL_NO_DSA + DSA_free(dsa); + DSA_meth_free(dsa_meth); +#endif + return ret; +} +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + /* * n = 0 => test using legacy cipher * n = 1 => test using fetched cipher @@ -4771,6 +4853,9 @@ int setup_tests(void) ADD_TEST(test_EVP_Digest); ADD_TEST(test_EVP_md_null); ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); +#endif ADD_ALL_TESTS(test_EVP_Enveloped, 2); ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); ADD_TEST(test_privatekey_to_pkcs8); -- Gitee From 9f833763ffba2d53d921475c3b72eec957d9a89b Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Mon, 2 Oct 2023 12:10:01 +0200 Subject: [PATCH 11/18] Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init The initialization was introduced in commit dc8de3e6f1ee and changes the behaviour of the `init` method for DSA and DH between 1.1.1 and 3.0, while the behaviour for RSA and EC_KEY remains unchanged. The initialization is not necessary in 3.x and master imho and breaks the use-case of intercepting the methods of an existing key. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22185) (cherry picked from commit 706512ecbc31585d447b53c3aa89acdf6951f996) Signed-off-by: fly2x --- crypto/dh/dh_key.c | 1 - crypto/dh/dh_lib.c | 2 ++ crypto/dsa/dsa_lib.c | 2 ++ crypto/dsa/dsa_ossl.c | 1 - 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 4e9705beef..fb9ef5dd7c 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { dh->flags |= DH_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dh->params); dh->dirty_cnt++; return 1; } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 29cda5d7bf..57ea2ee492 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif /* FIPS_MODULE */ + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index ccc7016592..ebe3685d46 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 62f7c70149..8fd66a950e 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, static int dsa_init(DSA *dsa) { dsa->flags |= DSA_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dsa->params); dsa->dirty_cnt++; return 1; } -- Gitee From 3d52c9c359b032914676c9a713c040912eff0859 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 4 Oct 2023 12:30:22 +0200 Subject: [PATCH 12/18] d2i_PKCS8PrivateKey_bio.pod: evp.h include is unnecessary It is also not allowed by doc nits check to have multiple includes. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/22276) (cherry picked from commit 831602922f19a8f39d0c0fae425b81e9ab402c69) Signed-off-by: fly2x --- doc/man3/d2i_PKCS8PrivateKey_bio.pod | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod index e84283f63e..55ec346575 100644 --- a/doc/man3/d2i_PKCS8PrivateKey_bio.pod +++ b/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -8,7 +8,6 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private =head1 SYNOPSIS - #include #include EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); -- Gitee From 8d5912c2196980b0817eda278a2c9397995c3484 Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 25 Sep 2023 09:34:07 +1000 Subject: [PATCH 13/18] ossl_property_list_to_string: handle quoted strings ossl_property_list_to_string() didn't quote strings correctly which could result in a generated property string being unparsable. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22182) (cherry picked from commit fb20e66c6b2651067f50bab8cf098c71e2caed4b) Signed-off-by: fly2x --- crypto/property/property_parse.c | 32 +++++++++++++++++++++++++++++--- test/property_test.c | 3 +++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index ca2bd33381..b3d99d2544 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed) static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) { - size_t olen, len; + size_t olen, len, i; + char quote = '\0'; + int quotes; len = olen = strlen(str); *needed += len; - if (*remain == 0) + /* + * Check to see if we need quotes or not. + * Characters that are legal in a PropertyName don't need quoting. + * We simply assume all others require quotes. + */ + for (i = 0; i < len; i++) + if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') { + /* Default to single quotes ... */ + if (quote == '\0') + quote = '\''; + /* ... but use double quotes if a single is present */ + if (str[i] == '\'') + quote = '"'; + } + + quotes = quote != '\0'; + if (*remain == 0) { + *needed += 2 * quotes; return; + } - if (*remain < len + 1) + if (quotes) + put_char(quote, buf, remain, needed); + + if (*remain < len + 1 + quotes) len = *remain - 1; if (len > 0) { @@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) *remain -= len; } + if (quotes) + put_char(quote, buf, remain, needed); + if (len < olen && *remain == 1) { **buf = '\0'; ++*buf; diff --git a/test/property_test.c b/test/property_test.c index 6a405e364b..1005b9952c 100644 --- a/test/property_test.c +++ b/test/property_test.c @@ -616,6 +616,9 @@ static struct { { "", "" }, { "fips=3", "fips=3" }, { "fips=-3", "fips=-3" }, + { "provider='foo bar'", "provider='foo bar'" }, + { "provider=\"foo bar'\"", "provider=\"foo bar'\"" }, + { "provider=abc***", "provider='abc***'" }, { NULL, "" } }; -- Gitee From 63402ebed957e7349f9e0043de4b2824d63ac2dc Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 3 Oct 2023 14:43:13 +0200 Subject: [PATCH 14/18] DH_check: Emphasize the importance of return value check Reviewed-by: Matt Caswell Reviewed-by: Tom Cosgrove Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22262) (cherry picked from commit f7b80136a3df4396b19ebb86d4814d8cefe6d6db) Signed-off-by: fly2x --- doc/man3/DH_generate_parameters.pod | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod index 1098a161ea..fa4ac54fb8 100644 --- a/doc/man3/DH_generate_parameters.pod +++ b/doc/man3/DH_generate_parameters.pod @@ -128,6 +128,10 @@ The parameter B is invalid. =back +If 0 is returned or B<*codes> is set to a nonzero value the supplied +parameters should not be used for Diffie-Hellman operations otherwise +the security properties of the key exchange are not guaranteed. + DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to DH_check() and DH_check_params() respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the -- Gitee From e8af00abf168612b4452cbf252e2efadf2beeb30 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 4 Oct 2023 09:30:43 +0200 Subject: [PATCH 15/18] BN_gcd(): Avoid shifts of negative values Fixes #22216 Thanks to Leland Mills for investigation and testing. Reviewed-by: Tom Cosgrove Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22272) (cherry picked from commit 0f7a3b0caa33a87c900536dc1c02fa553d2193cc) Signed-off-by: fly2x --- crypto/bn/bn_gcd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 59d024f674..6a31ff87ef 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) for (i = 0; i < m; i++) { /* conditionally flip signs if delta is positive and g is odd */ - cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))); delta = (-cond & -delta) | ((cond - 1) & delta); r->neg ^= cond; /* swap */ @@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) goto err; BN_consttime_swap(g->d[0] & 1 /* g is odd */ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))), g, temp, top); if (!BN_rshift1(g, g)) goto err; -- Gitee From d20e7b6ad36538f6ad868021a68a9daabfa1e196 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 3 Oct 2023 15:45:13 +0200 Subject: [PATCH 16/18] d2i_X509.pod: Better document using the reuse capability for libctx setup Reviewed-by: Matt Caswell Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22265) (cherry picked from commit 4ca56f51803a8ae010423180ac80ef991cf78fc5) Signed-off-by: fly2x --- doc/man3/d2i_X509.pod | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 9226ef77c3..00efb60358 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -390,10 +390,12 @@ to the returned structure is also written to I<*a>. If an error occurred then NULL is returned. On a successful return, if I<*a> is not NULL then it is assumed that I<*a> -contains a valid B> structure and an attempt is made to reuse it. This -"reuse" capability is present for historical compatibility but its use is -B (see BUGS below, and the discussion in the RETURN -VALUES section). +contains a valid B> structure and an attempt is made to reuse it. +For B> structures where it matters it is possible to set up a library +context on the decoded structure this way (see the B section). +However using the "reuse" capability for other purposes is B (see B below, and the discussion in the B +section). B_bio>() is similar to B>() except it attempts to parse data from BIO I. @@ -538,6 +540,22 @@ Alternative technique: if (d2i_X509(&x, &p, len) == NULL) /* error */ +Setting up a library context and property query: + + X509 *x; + unsigned char *buf; + const unsigned char *p; + int len; + OSSL_LIB_CTX *libctx = ....; + const char *propq = ....; + + /* Set up buf and len to point to the input buffer. */ + p = buf; + x = X509_new_ex(libctx, propq); + + if (d2i_X509(&x, &p, len) == NULL) + /* error, x was freed and NULL assigned to it (see RETURN VALUES) */ + =head1 WARNINGS Using a temporary variable is mandatory. A common -- Gitee From 6c9d08843e9e66da2e5a01040cc1afcfc90646c9 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 29 Dec 2021 13:05:12 -0500 Subject: [PATCH 17/18] Don't use __ARMEL__/__ARMEB__ in aarch64 assembly GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm, respectively. They are not defined on aarch64, which instead use __AARCH64EL__ and __AARCH64EB__. However, OpenSSL's assembly originally used the 32-bit defines on both platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is less portable and can even interfere with other headers, which use __ARMEL__ to detect little-endian arm. Over time, the aarch64 assembly has switched to the correct defines, such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit finishes the job: poly1305-armv8.pl needed a fix and the dual-arch armx.pl files get one more transform to convert from 32-bit to 64-bit. (There is an even more official endianness detector, __ARM_BIG_ENDIAN in the Arm C Language Extensions. But I've stuck with the GCC ones here as that would be a larger change.) Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/22176) Signed-off-by: fly2x --- crypto/aes/asm/aesv8-armx.pl | 3 +++ crypto/arm_arch.h | 5 ----- crypto/modes/asm/ghashv8-armx.pl | 3 +++ crypto/poly1305/asm/poly1305-armv8.pl | 24 ++++++++++++------------ 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index 544dc7e8ef..d0e0be6187 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -3661,6 +3661,9 @@ if ($flavour =~ /64/) { ######## 64-bit code s/\.[ui]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { ######## 32-bit code diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 45d7e15564..0b0d5f8d0b 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -21,11 +21,6 @@ # elif defined(__GNUC__) # if defined(__aarch64__) # define __ARM_ARCH__ 8 -# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -# else -# define __ARMEL__ -# endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectures[] table in diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index b1d35d25b5..1c53ae0690 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -744,6 +744,9 @@ if ($flavour =~ /64/) { ######## 64-bit code s/\.[uisp]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { ######## 32-bit code diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 113a2151b6..0b7d4d8af8 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -85,7 +85,7 @@ poly1305_init: ldp $r0,$r1,[$inp] // load key mov $s1,#0xfffffffc0fffffff movk $s1,#0x0fff,lsl#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $r0,$r0 // flip bytes rev $r1,$r1 #endif @@ -132,7 +132,7 @@ poly1305_blocks: .Loop: ldp $t0,$t1,[$inp],#16 // load input sub $len,$len,#16 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $t0,$t0 rev $t1,$t1 #endif @@ -197,13 +197,13 @@ poly1305_emit: csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif @@ -335,7 +335,7 @@ poly1305_blocks_neon: adcs $h1,$h1,xzr adc $h2,$h2,xzr -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -381,7 +381,7 @@ poly1305_blocks_neon: ldp $d0,$d1,[$inp],#16 // load input sub $len,$len,#16 add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -466,7 +466,7 @@ poly1305_blocks_neon: lsl $padbit,$padbit,#24 add x15,$ctx,#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -502,7 +502,7 @@ poly1305_blocks_neon: ld1 {$S2,$R3,$S3,$R4},[x15],#64 ld1 {$S4},[x15] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -563,7 +563,7 @@ poly1305_blocks_neon: umull $ACC1,$IN23_0,${R1}[2] ldp x9,x13,[$in2],#48 umull $ACC0,$IN23_0,${R0}[2] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -628,7 +628,7 @@ poly1305_blocks_neon: umlal $ACC4,$IN01_2,${R2}[0] umlal $ACC1,$IN01_2,${S4}[0] umlal $ACC2,$IN01_2,${R0}[0] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -909,13 +909,13 @@ poly1305_emit_neon: csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif -- Gitee From cbe09215fcc787d14953ea531357ae5ebbcfa649 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 26 Sep 2023 17:39:50 +0200 Subject: [PATCH 18/18] Optimize out unneeded up_ref/free of EVP_CIPHER Fixes #22189 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22198) (cherry picked from commit 8ed76c62b5d3214e807e684c06efd69c6471c800) Signed-off-by: fly2x --- crypto/evp/evp_enc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b178d10864..d2ed3fd378 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, #endif } - if (cipher->prov != NULL) { + if (!ossl_assert(cipher->prov != NULL)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + if (cipher != ctx->fetched_cipher) { if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; -- Gitee