Reviewed-by: NTomas Mraz <tomas@openssl.org>

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14986)

Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14983)

We just detect this at compile time instead.

This avoids cross-compilation problems where the host platform supports
128-bit ints, but the target platform does not (or vice versa). This was
causing a problem on some platforms where, dependent on the CFLAGS, 128 bit
ints were either supported or not.

Fixes #14804
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14941)

CLA: trivial
Signed-off-by: NMichaM <contact-micha+github@posteo.de>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14879)

For some reason `keymgmt_gettable_params` and `keymgmt_settable_params`
seem to be the only prototypes in `core_dispatch.h` without named
arguments.

This is annoying if `core_dispatch.h` is being parsed to extract
information and also for developers who would like the header to be
self-contained, without having to refer to the documentation every time
to check what is supposed to be passed.
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14950)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14357)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14357)

Fixes #14855
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14937)

If configured with no-cms, handle it in build.info like the other options.
I guess I missed doing this file in PR #11250
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14918)

The error report filter was fragile, as it could potentially have to
be updated when other parts of libcrypto got updated, making a goose
chase and a maintenance problem.

We change this to regard d2i errors as something we don't care so much
about, since they are mainly part of the guessing mechanism.  The
success of the ossl_store_handle_load_result() call is based on
whether an object was actually created or not anyway.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

The EVP test didn't recognise ERR_R_UNSUPPORTED, now does
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

This includes the special decoder used in our STOREMGMT 'file:' implementation
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

So far, decoder implementations would return true (1) for a successful
decode all the way, including what the callback it called returned,
and false (0) in all other cases.

This construction didn't allow to stop to decoding process on fatal
errors, nor to choose what to report in the provider code.

This is now changed so that decoders implementations are made to
return false only on errors that should stop the decoding process from
carrying on with other implementations, and return true for all other
cases, even if that didn't result in a constructed object (EVP_PKEY
for example), essentially making it OK to return "empty handed".

The success of the decoding process is now all about successfully
constructing the final object, rather than about the return value of
the decoding chain.  If no construction is attempted, the central
decoding processing code concludes that whatever the input consisted
of, it's not supported by the available decoder implementations.

Fixes #14423
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

The propq is strdup'ed in X509_REQ_new_ex, but never freed.
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14907)

Fixes #14910
Also slightly improve further error handling of setup_request_ctx().
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14929)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

Fixes #14387
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

In function test_EVP_PKEY_ffc_priv_pub, params is freed via OSSL_PARAM_free() at line 577.
If the condition at line 581 is true, the execution will goto err, and params will be freed again at line 630.

The same problem also happens at line 593 and line 609, which causes two double free bugs.

Bugs reported by @Yunlongs

Fixes 14916
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)

In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481.
If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8.
In the nop8 branch, p8 is freed again at line 491.

Bug reported by @Yunlongs

Fixes #14915
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)

In function int_ts_RESP_verify_token, if (flags & TS_VFY_DATA) is true, function ts_compute_imprint() will be called at line 299.
In the implementation of ts_compute_imprint, it allocates md_alg at line 406.
But after the allocation, if the execution goto err, then md_alg will be freed in the first time by X509_ALGOR_free at line 439.

After that, ts_compute_imprint returns 0 and the execution goto err branch of int_ts_RESP_verify_token.
In the err branch, md_alg will be freed in the second time at line 320.

Bug reported by @Yunlongs

Fixes #14914
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)

In function SRP_create_verifier_ex, it calls SRP_create_verifier_BN_ex(..., &v, ..) at line 653.
In the implementation of SRP_create_verifier_BN_ex(), *verify (which is the paremeter of v) is allocated a pointer via BN_new() at line 738.
And *verify is freed via BN_clear_free() at line 743, and return 0.
Then the execution continues up to goto err at line 655, and the freed v is freed again at line 687.

Bug reported by @Yunlongs

Fixes #14913
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)

The end of loop test allows the index to go one step too far to be able to
terminate the param array but the end of list record is still added.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14922)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14128)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)

This causes tests to break.  Pushing it to help others debug.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)

Commit f6c95e46 added an "origin" field to
EVP_CIPHER and EVP_MD structures but did not update the s390 specific
implementations.  Update these to fix compile errors on s390.
Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com>
Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14926)

Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14903)

Fixes #14902

Also add workaround of `sudo hostname localhost` for the
intermittent test failures seen in CI.
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14872)

Fixes #14790
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14891)

Also includes testing for OSSL_LIB_CTX_get0_global_default().
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14890)

An API function for obtaining the global default lib ctx.
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14890)

Change things so that passing NULL to OSSL_LIB_CTX_set0_default() means
keep the current library context unchanged.

This has the advantage of simplifying error handling, e.g. you can call
OSSL_LIB_CTX_set0_default in an error/finalisation block safe in the
knowledge the if the "prevctx" was never set then it will be a no-op (like
calling a "free" function with NULL).

Fixes #14593
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14890)

The TODO suggest a possible refactoring. The refactoring doesn't seem
necessary at this stage. If it is required later it can be done without
affecting external APIs - so just remove the TODO.

Fixes #14397
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14888)