oweals/openssl.git
5 years agotest/enginetest.c: Make sure no config file is loaded
Richard Levitte [Tue, 16 Jul 2019 10:21:47 +0000 (12:21 +0200)]
test/enginetest.c: Make sure no config file is loaded

If a config file gets loaded, the tests get disturbed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9393)

5 years agodoc: fix some links
Richard Levitte [Thu, 18 Jul 2019 07:19:43 +0000 (09:19 +0200)]
doc: fix some links

Some links are aged and need an adjustment.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9407)

5 years agoutil/find-doc-nits: fixups
Richard Levitte [Thu, 18 Jul 2019 07:03:18 +0000 (09:03 +0200)]
util/find-doc-nits: fixups

- Treat .pod.in files as well, and parse out the base name for those
  too.
- Correct the detection of the description part in the NAME section
  (the separating dash MUST be preceeded with a space)
- Allow slahes in names of the NAME section (convert them to dashes
  for file name comparison).  This allows manual pages for some of our
  header files, such as openssl/core.h.
- Properly detect repeated names in the NAME section.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9407)

5 years agoFix no-dh
Matt Caswell [Wed, 17 Jul 2019 10:40:41 +0000 (11:40 +0100)]
Fix no-dh

The recent move of the DH code into the default provider broke no-dh. This
adds back in various missing guards.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9399)

5 years agoCorrect some OSSL_PARAM documentation
Richard Levitte [Thu, 18 Jul 2019 07:25:24 +0000 (09:25 +0200)]
Correct some OSSL_PARAM documentation

The documentation wasn't quite in sync with the implementation.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9408)

5 years agoAdd value_barriers in constant time select functions
Bernd Edlinger [Fri, 21 Jun 2019 19:26:19 +0000 (21:26 +0200)]
Add value_barriers in constant time select functions

The barriers prevent the compiler from narrowing down the
possible value range of the mask and ~mask in the select
statements, which avoids the recognition of the select
and turning it into a conditional load or branch.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9217)

5 years agoFix S390X compile error due to missing defines
Shane Lontis [Wed, 17 Jul 2019 22:25:44 +0000 (08:25 +1000)]
Fix S390X compile error due to missing defines

Add the missing S390X_aes_XXX_gcm_CAPABLE() macros into aes_platform.h.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9403)

5 years agoCleanup use of X509 STORE locks
Shane Lontis [Mon, 15 Jul 2019 02:42:38 +0000 (12:42 +1000)]
Cleanup use of X509 STORE locks

Cosmetic changes to use the X509_STORE_lock/unlock functions.
Renamed some ctx variables to store.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9366)

5 years agoFix init_get_thread_local()
Dr. Matthias St. Pierre [Wed, 17 Jul 2019 17:14:01 +0000 (19:14 +0200)]
Fix init_get_thread_local()

Previously, init_get_thread_local() pushed the thread event handler
list onto the global register before calling CRYPTO_THREAD_set_local(),
and when the latter failed, forgot to pop the list from the stack again.

Instead of cleaning the stack on error, this commit avoids the situation
entirely by postponing the push operation until all other operations
succeeded. This reordering also significantly reduces the scope of the
critical section.

Another simplification of the code is achieved by moving the push operation
onto the register (which is disabled in FIPS mode) into a separate function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9401)

5 years agoDeprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop}
Rich Salz [Wed, 10 Jul 2019 20:22:12 +0000 (16:22 -0400)]
Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop}

They were only used for recursive ASN1 parsing.
Even if the internal memory-debugging facility remains,
this simplification seems worthwhile.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9342)

5 years agoFix the return value for SSL_get0_chain_certs()
Matt Caswell [Tue, 16 Jul 2019 14:32:35 +0000 (15:32 +0100)]
Fix the return value for SSL_get0_chain_certs()

This function was always returning 0. It should return 1 on success.

Fixes #9374

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9395)

5 years agoParameter building utilities.
Pauli [Wed, 17 Jul 2019 06:59:09 +0000 (16:59 +1000)]
Parameter building utilities.

A fuller implementation of PARAMS_TEMPLATE as per #9266 but renamed.
This introduces a statis data type which can be used to constructor a
description of a parameter array.  It can then be converted into a OSSL_PARAM
array and the allocated storage freed by a single call to OPENSSL_free.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9305)

5 years agoremove end of line spaces
Pauli [Tue, 16 Jul 2019 10:35:42 +0000 (20:35 +1000)]
remove end of line spaces

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/9397)

5 years agoRemove tab characters from C source files.
Pauli [Tue, 16 Jul 2019 10:24:10 +0000 (20:24 +1000)]
Remove tab characters from C source files.

Some have been creeping into the source code.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/9397)

5 years agoAuto add a label depending on the type of issue they report.
Kurt Roeckx [Sun, 7 Jul 2019 09:04:32 +0000 (11:04 +0200)]
Auto add a label depending on the type of issue they report.

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #9319

5 years agoProvider config module: allow providers to already be loaded
Richard Levitte [Mon, 15 Jul 2019 09:55:33 +0000 (11:55 +0200)]
Provider config module: allow providers to already be loaded

This allows 'default' to be configured in the config file, if needed.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9371)

5 years agoFix SSL_CTX_set_session_id_context() docs
Todd Short [Mon, 15 Jul 2019 13:55:13 +0000 (09:55 -0400)]
Fix SSL_CTX_set_session_id_context() docs

Also, use define rather than sizeof

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9377)

5 years agos390x assembly pack: fix restoring of SIGILL action
Patrick Steuer [Mon, 15 Jul 2019 15:00:15 +0000 (17:00 +0200)]
s390x assembly pack: fix restoring of SIGILL action

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9381)

5 years agoActually silently ignore GET / OCSP requests
Viktor Dukhovni [Mon, 15 Jul 2019 17:12:04 +0000 (13:12 -0400)]
Actually silently ignore GET / OCSP requests

Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agoDocument the new EVP_KEYEXCH type and related functions
Matt Caswell [Fri, 28 Jun 2019 08:50:56 +0000 (09:50 +0100)]
Document the new EVP_KEYEXCH type and related functions

Previous commits added the EVP_KEYEXCH type for representing key exchange
algorithms. They also added various functions for fetching and using them,
so we document all of those functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9266)

5 years agoAdd the ability to set PKCS#3 DH padding in providers
Matt Caswell [Thu, 27 Jun 2019 15:37:44 +0000 (16:37 +0100)]
Add the ability to set PKCS#3 DH padding in providers

This also adds the ability to set arbitrary parameters on key exchange
algorithms. The ability to pad the output is one such parameter for DH.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9266)

5 years agoEnable PKCS#3 DH in the providers
Matt Caswell [Thu, 27 Jun 2019 14:03:55 +0000 (15:03 +0100)]
Enable PKCS#3 DH in the providers

The default provider now has support for PKCS#3 Diffie-Hellman so we
switch libcrypto to using providers for that algorithm.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9266)

5 years agoImplement PKCS#3 DH Key Exchange in the default provider
Matt Caswell [Thu, 27 Jun 2019 11:36:30 +0000 (12:36 +0100)]
Implement PKCS#3 DH Key Exchange in the default provider

We add the capability for the default provider to perform PKCS#3
Diffie-Hellman key exchange. At this point the implementation is not used
because libcrypto still uses legacy handling for Diffie-Hellman.

Note X9.42 DH is not touched by this commit.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9266)

5 years agoMake the EVP Key Exchange code provider aware
Matt Caswell [Thu, 27 Jun 2019 09:48:17 +0000 (10:48 +0100)]
Make the EVP Key Exchange code provider aware

We introduce a new EVP_KEYEXCH type to represent key exchange algorithms
and refactor the existing code to use it where available.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9266)

5 years agoRegenerate mkerr files
Rich Salz [Thu, 11 Jul 2019 18:01:56 +0000 (14:01 -0400)]
Regenerate mkerr files

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)

5 years agoRemove function name from errors
Rich Salz [Fri, 31 May 2019 17:52:45 +0000 (13:52 -0400)]
Remove function name from errors

Deprecate all xxx_F_ defines.
Removed some places that tested for a specific function.
Use empty field for the function names in output.
Update documentation.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)

5 years agoRemove DRBG from SSL structure.
Pauli [Tue, 16 Jul 2019 02:28:08 +0000 (12:28 +1000)]
Remove DRBG from SSL structure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9390)

5 years agoAdd Common shared code needed to move aes ciphers to providers
Shane Lontis [Mon, 15 Jul 2019 23:46:14 +0000 (09:46 +1000)]
Add Common shared code needed to move aes ciphers to providers

Custom aes ciphers will be placed into multiple new files
(instead of the monolithic setup used in the e_aes.c legacy code)
so it makes sense to have a header for the platform specific
code that needs to be shared between files.
modes_lcl.h has also moved to modes_int.h to allow sharing with the
provider source.
Code that will be common to AEAD ciphers has also been added. These
will be used by seperate PR's for GCM, CCM & OCB.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9301)

5 years agoremove end of line whitespace
Pauli [Thu, 11 Jul 2019 20:27:19 +0000 (06:27 +1000)]
remove end of line whitespace

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9111)

5 years agoConvert asn1_dsa.c to use the WPACKET API instead
Matt Caswell [Mon, 10 Jun 2019 16:52:15 +0000 (17:52 +0100)]
Convert asn1_dsa.c to use the WPACKET API instead

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9111)

5 years agoGive WPACKET the ability to have a NULL buffer underneath it
Matt Caswell [Mon, 10 Jun 2019 16:48:26 +0000 (17:48 +0100)]
Give WPACKET the ability to have a NULL buffer underneath it

This means the WPACKET API can be used for calculating the number of
bytes that would have been written if a non-NULL buffer had been used.
This enables us to calculate the number of length bytes required when
encoding ASN.1

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9111)

5 years agoConvert asn1_dsa.c to use the PACKET API instead
Matt Caswell [Fri, 7 Jun 2019 16:40:21 +0000 (17:40 +0100)]
Convert asn1_dsa.c to use the PACKET API instead

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9111)

5 years agoMake the PACKET/WPACKET code available to both libcrypto and libssl
Matt Caswell [Fri, 7 Jun 2019 15:32:49 +0000 (16:32 +0100)]
Make the PACKET/WPACKET code available to both libcrypto and libssl

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9111)

5 years agoAdd simple ASN.1 utils for DSA signature DER.
David Makepeace [Mon, 3 Jun 2019 04:58:54 +0000 (14:58 +1000)]
Add simple ASN.1 utils for DSA signature DER.

Adds simple utility functions to allow both the default and fips providers to
encode and decode DSA-Sig-Value and ECDSA-Sig-Value (DSA_SIG and ECDSA_SIG
structures) to/from ASN.1 DER without requiring those providers to have a
dependency on the asn1 module.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9111)

5 years agoCoverity #1451596: check dirlen for being negative
Pauli [Sun, 14 Jul 2019 07:55:15 +0000 (17:55 +1000)]
Coverity #1451596: check dirlen for being negative

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9362)

5 years agoCoverity #1451595: use correct free function.
Pauli [Sun, 14 Jul 2019 07:53:17 +0000 (17:53 +1000)]
Coverity #1451595: use correct free function.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9362)

5 years agoutil/opensslwrap.sh: adjust to define OPENSSL_MODULES as well
Richard Levitte [Mon, 15 Jul 2019 14:14:35 +0000 (16:14 +0200)]
util/opensslwrap.sh: adjust to define OPENSSL_MODULES as well

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9379)

5 years agoIn documentation, consistently refer to OpenSSL 3.0
Richard Levitte [Mon, 15 Jul 2019 13:03:44 +0000 (15:03 +0200)]
In documentation, consistently refer to OpenSSL 3.0

3.0.0 is a habit from pre-3.0 OpenSSL, which doesn't make sense with
the new version scheme.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9376)

5 years agoMake sure all BIGNUM operations work within the FIPS provider
Matt Caswell [Thu, 4 Jul 2019 14:41:17 +0000 (15:41 +0100)]
Make sure all BIGNUM operations work within the FIPS provider

The FIPS provider does not have a default OPENSSL_CTX so, where
necessary, we need to ensure we can always access an explicit
OPENSSL_CTX. We remove functions from the FIPS provider that use
the default OPENSSL_CTX, and fixup some places which were using
those removed functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9310)

5 years agoMove the code for 'openssl list' to its own translation unit.
Richard Levitte [Wed, 10 Jul 2019 18:25:03 +0000 (20:25 +0200)]
Move the code for 'openssl list' to its own translation unit.

That makes it easier to work with than going through apps/openssl.c
This also moves the implementation of calculate_columns() and makes it
generally accessible.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9340)

5 years agoRefactor apps/progs.* to be generate with 'make update'
Richard Levitte [Wed, 10 Jul 2019 18:19:36 +0000 (20:19 +0200)]
Refactor apps/progs.* to be generate with 'make update'

This makes for a cleaner apps/progs.h as well as as cleaner
apps/build.info.

We also break out the type declarations to apps/include/function.h

apps/progs.c and apps/progs.h are NOT regenerated when 'apps' is
disabled.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9340)

5 years agoFix wrong lock claimed in x509 dir lookup.
Krists Krilovs [Mon, 8 Jul 2019 20:43:09 +0000 (13:43 -0700)]
Fix wrong lock claimed in x509 dir lookup.

x509 store's objects cache can get corrupted when using dir lookup
method in multithreaded application. Claim x509 store's lock when
accessing objects cache.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9326)

5 years agoissue-9316: Update return documentation for RAND_set_rand_engine
agnosticdev [Fri, 12 Jul 2019 10:11:56 +0000 (05:11 -0500)]
issue-9316: Update return documentation for RAND_set_rand_engine

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9351)

5 years agoMake allocation/free/clean available to providers
Rich Salz [Thu, 11 Jul 2019 05:53:59 +0000 (15:53 +1000)]
Make allocation/free/clean available to providers

Also make OPENSSL_hexstr2buf available to providers.
EVP control functions need hexstring conversion, so move any
memory-allocating functions in o_str.c into new file mem_str.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8886)

5 years agoAdapt the provider AES for more use of OSSL_PARAM
Richard Levitte [Tue, 9 Jul 2019 10:03:00 +0000 (12:03 +0200)]
Adapt the provider AES for more use of OSSL_PARAM

The cipher context IV was a bit interesting.  EVP_CIPHER_CTX_iv()
returns a pointer to the live IV, while EVP_CIPHER_CTX_ctrl() with the
type EVP_CTRL_GET_IV gets a copy of the live IV.  To support both, we
support getting it with both the OSSL_PARAM_OCTET_STRING and
OSSL_PARAM_OCTET_PTR datatypes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)

5 years agoAdapt diverse EVP_CIPHER functions to use get_params and set_params interfaces
Richard Levitte [Tue, 9 Jul 2019 05:32:16 +0000 (07:32 +0200)]
Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)

5 years agoMake more use of OSSL_PARAM for ciphers
Richard Levitte [Tue, 9 Jul 2019 05:27:27 +0000 (07:27 +0200)]
Make more use of OSSL_PARAM for ciphers

A lot of the different numbers associated with ciphers are really
algorithm parameters.  Key length, block size, IV length, that sort of
thing.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)

5 years agotest/evp_test.c: [ciphers] Test that we get back the same IV we gave
Richard Levitte [Mon, 8 Jul 2019 18:36:29 +0000 (20:36 +0200)]
test/evp_test.c: [ciphers] Test that we get back the same IV we gave

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)

5 years agoReplace long dash characters with normal ascii minus
Bernd Edlinger [Mon, 8 Jul 2019 07:49:33 +0000 (09:49 +0200)]
Replace long dash characters with normal ascii minus

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9321)

5 years agoAdd X9.42 KDF.
Shane Lontis [Mon, 8 Jul 2019 23:33:18 +0000 (09:33 +1000)]
Add X9.42 KDF.

Move the KDF code for CMS DH key agreement into an EVP_KDF object.
There are 2 specifications for X9.42 KDF. This implementation uses DER for
otherinfo which embeds the KDF loop counter inside the DER object.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8898)

5 years agoAvoid NULL pointer dereference. Fixes #9043.
Dmitry Belyavskiy [Mon, 8 Jul 2019 10:14:50 +0000 (20:14 +1000)]
Avoid NULL pointer dereference. Fixes #9043.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9059)

5 years agoA very brief explanation of how to add custom functions to OpenSSL.
Dmitry Belyavskiy [Mon, 8 Jul 2019 10:09:13 +0000 (20:09 +1000)]
A very brief explanation of how to add custom functions to OpenSSL.

Inspired by Rich Salz's letter to openssl-users@

[edited to remove non-ASCII characters and end of line white space]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9267)

5 years agoiOS build: Replace %20 with space in config script
John Schember [Tue, 2 Jul 2019 19:05:27 +0000 (15:05 -0400)]
iOS build: Replace %20 with space in config script

CLA: trivial

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9297)

5 years agoFix build error for aarch64 big endian.
Lei Maohui [Thu, 13 Jun 2019 03:17:30 +0000 (12:17 +0900)]
Fix build error for aarch64 big endian.

Modified rev to rev64, because rev only takes integer registers.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827
Otherwise, the following error will occur.

Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b'

CLA: trivial

Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9151)

5 years agoman: fix typo in OPENSSL_fork_prepare.pod
Dr. Matthias St. Pierre [Fri, 31 May 2019 07:06:28 +0000 (09:06 +0200)]
man: fix typo in OPENSSL_fork_prepare.pod

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9318)

5 years agoFix an endless loop in BN_generate_prime_ex
Bernd Edlinger [Thu, 4 Jul 2019 15:56:23 +0000 (17:56 +0200)]
Fix an endless loop in BN_generate_prime_ex

Happens when trying to generate 4 or 5 bit safe primes.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9311)

5 years agoPrevent the use of RUN_ONCE inside the FIPS module
Matt Caswell [Thu, 4 Jul 2019 09:21:53 +0000 (10:21 +0100)]
Prevent the use of RUN_ONCE inside the FIPS module

FIPS module code *always* runs within the scope of an associated
OPENSSL_CTX. When the module is loaded the OPENSSL_CTX gets created, and
when the module is unloaded the OPENSSL_CX gets freed. A module may be
loaded multiple times within the scope of different OPENSSL_CTX objects.
"Global" data should always be stored within the OPENSSL_CTX. In this
way it will always get cleaned up properly when the module is unloaded.

All current code within the FIPS module works this way. To avoid
"accidents" we disabled the RUN_ONCE code inside the FIPS module.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9308)

5 years agoClarify documentation of SSL_CTX_set_verify client side behavior
Tomas Mraz [Tue, 2 Jul 2019 11:32:29 +0000 (13:32 +0200)]
Clarify documentation of SSL_CTX_set_verify client side behavior

Fixes #9259

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9291)

5 years agoFix a typo and a syntax error in opensslconf.h
Bernd Edlinger [Tue, 2 Jul 2019 19:33:42 +0000 (21:33 +0200)]
Fix a typo and a syntax error in opensslconf.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9298)

5 years agotest/recipes/02_test_errstr.t: Make it less fragile
Richard Levitte [Wed, 3 Jul 2019 17:11:36 +0000 (19:11 +0200)]
test/recipes/02_test_errstr.t: Make it less fragile

Change it to split the error string returned by `openssl errstr` in a
more robust manner, and ensure it's the reason code we look at.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9304)

5 years agoAdding Test.pm with workaround for Perl abs2rel bug
Martin Peylo [Wed, 22 Aug 2018 09:48:22 +0000 (12:48 +0300)]
Adding Test.pm with workaround for Perl abs2rel bug

If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g.
"./config ../openssl", then a bug in Perl's abs2rel may trigger that directory-
rewriting in __cwd results in wrong entries in %directories under certain
circumstances, e.g. when a test executes run(app(["openssl"]) after indir.

There should not be any need to go to a higher directory from BLDDIR or SRCDIR,
so it should be OK to use them in their absolute form, also resolving all
possible symlinks, right from the start.

Following the File::Spec::Functions bug description (reported to perl.org):

When abs2rel gets a path argument with ..s that are crossing over the ..s
trailing the base argument, the result is wrong.

Example
PATH: /home/goal/test/..
BASE: /home/goal/test/../../base
Good result: ../goal
Bad  result: ../..

Bug verified with File::Spec versions
- 3.6301
- 3.74 (latest)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7031)

5 years agoFix comment; unchecked->checked
Rich Salz [Tue, 2 Jul 2019 11:53:19 +0000 (07:53 -0400)]
Fix comment; unchecked->checked

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9292)

5 years agoAdd a dummy call to BN_rand_ex() in the FIPS provider
Matt Caswell [Wed, 19 Jun 2019 14:20:03 +0000 (15:20 +0100)]
Add a dummy call to BN_rand_ex() in the FIPS provider

The previous commit made BIGNUM RAND operations available from within
the FIPS provider. We test this out by making a dummy call to check it
completes successfully.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)

5 years agoMake BIGNUM rand functions available within the FIPS module
Matt Caswell [Fri, 28 Jun 2019 10:24:51 +0000 (11:24 +0100)]
Make BIGNUM rand functions available within the FIPS module

The BIGNUM rand functions were previously disabled for the FIPS module.
We can now re-enable them.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)

5 years agoProvide rand_bytes_ex and rand_priv_bytes_ex
Matt Caswell [Fri, 28 Jun 2019 10:23:46 +0000 (11:23 +0100)]
Provide rand_bytes_ex and rand_priv_bytes_ex

We provider internal versions of RAND_bytes() and RAND_priv_bytes() which
have the addition of taking an OPENSSL_CTX as a parameter.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)

5 years agos390x assembly pack: fix various aes modes performance regression
Patrick Steuer [Fri, 28 Jun 2019 20:08:16 +0000 (22:08 +0200)]
s390x assembly pack: fix various aes modes performance regression

which was introduced with 64adf9aac7.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9271)

5 years agoFIPS module: adapt for the changed error reporting methods
Richard Levitte [Tue, 18 Jun 2019 09:39:13 +0000 (11:39 +0200)]
FIPS module: adapt for the changed error reporting methods

The FIPS module inner provider doesn't need to deal with error reason
strings or error library number, since it uses the outer provider's
error reporting upcalls.  We therefore disable that code in
crypto/provider_core.c when building the FIPS module.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9174)

5 years agoReplumbing: re-implement error reporting for providers
Richard Levitte [Tue, 18 Jun 2019 09:18:31 +0000 (11:18 +0200)]
Replumbing: re-implement error reporting for providers

The idea is that providers should only have to report a reason code.
The library code is considered to be libcrypto internal, and are
allocated dynamically and automatically for providers on creation.

We reserve the upper 8 bits of the reason code for internal OpenSSL
use.  This allows our own providers to report errors in form of a
packed number that includes library number, function number and
reason number.

With this, a provider can potentially use any reason number it wants
from 1 to 16777216, although the current error semantics really only
allow 1 to 4095 (because only the lower 12 bits are currently
considered an actual reason code by the ERR subsystem).

A provider can provide a reason string table in form of an array of
ERR_STRING_DATA, with each item containing just the reason code and
the associated string, with the dispatch function numbered
OSSL_FUNC_PROVIDER_GET_REASON_STRINGS matching the type
OSSL_provider_get_reason_strings_fn.
If available, libcrypto will call that function on provider
activation.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9174)

5 years agoossl_provider_upref to ossl_provider_up_ref
Richard Levitte [Tue, 2 Jul 2019 12:57:36 +0000 (14:57 +0200)]
ossl_provider_upref to ossl_provider_up_ref

Common pattern is that the routines to increment the reference count
are called something_up_ref, not something_upref.  Adapt
ossl_provider_upref() accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9293)

5 years agoCheck for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data
Bernd Edlinger [Mon, 1 Jul 2019 07:41:47 +0000 (09:41 +0200)]
Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data

The member value.ptr is undefined for those ASN1 types.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)

5 years agoFix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN
Bernd Edlinger [Mon, 1 Jul 2019 07:06:02 +0000 (09:06 +0200)]
Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN

BOOLEAN does not have valid data in the value.ptr member,
thus don't use it here.

Fixes #9276

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)

5 years agoFix Typos
Antoine Cœur [Tue, 2 Jul 2019 08:04:04 +0000 (16:04 +0800)]
Fix Typos

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9288)

5 years agotest/p_test.c: silence -Wstringop-overflow
Patrick Steuer [Mon, 1 Jul 2019 16:09:16 +0000 (18:09 +0200)]
test/p_test.c: silence -Wstringop-overflow

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9282)

5 years agoRemove EXPORT_VAR_AS_FUNC
Rich Salz [Mon, 1 Jul 2019 20:24:08 +0000 (16:24 -0400)]
Remove EXPORT_VAR_AS_FUNC

We only export functions, not global, so remove the config option
and some of the #ifdef stuff.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9285)

5 years agoRemove global-var/function macros
Rich Salz [Mon, 1 Jul 2019 18:54:53 +0000 (14:54 -0400)]
Remove global-var/function macros

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9284)

5 years agoRemove DES_check_key global
Rich Salz [Mon, 1 Jul 2019 18:41:19 +0000 (14:41 -0400)]
Remove DES_check_key global

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9284)

5 years agoRemove NextStep support
Rich Salz [Thu, 20 Jun 2019 21:07:25 +0000 (17:07 -0400)]
Remove NextStep support

Because of that we can remove OPENSSL_UNISTD and some other
macros from e_os2.h and opensslconf.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9204)

5 years agoFix a leak in evp_test
Matt Caswell [Fri, 28 Jun 2019 14:06:55 +0000 (15:06 +0100)]
Fix a leak in evp_test

If evp_test fails to load the legacy provider then it leaks a reference
to the default provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9270)

5 years agoChange RC5_32_set_key to return an int type
Matt Caswell [Fri, 28 Jun 2019 15:29:42 +0000 (16:29 +0100)]
Change RC5_32_set_key to return an int type

If the key is too long we now return an error.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)

5 years agoEnsure that rc5 doesn't try to use a key longer than 2040 bits
Matt Caswell [Fri, 26 Apr 2019 11:11:13 +0000 (12:11 +0100)]
Ensure that rc5 doesn't try to use a key longer than 2040 bits

The maximum key length for rc5 is 2040 bits so we should not attempt to
use keys longer than this.

Issue found by OSS-Fuzz and Guido Vranken.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)

5 years agoOnly cache a method if we actually created one
Matt Caswell [Fri, 28 Jun 2019 13:29:34 +0000 (14:29 +0100)]
Only cache a method if we actually created one

We were attempting to cache a method after we failed to create it
which leads to an assertion failure.

Fixes #9264

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9269)

5 years agoFix Typos
Antoine Cœur [Sun, 30 Jun 2019 18:02:06 +0000 (02:02 +0800)]
Fix Typos

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9275)

5 years agoAdd OIDs for kmac128, kmac256 and blake2.
Pauli [Thu, 27 Jun 2019 14:02:00 +0000 (00:02 +1000)]
Add OIDs for kmac128, kmac256 and blake2.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9277)

5 years agoAdd a note in the contributing file about trivial commits.
Pauli [Thu, 27 Jun 2019 08:45:26 +0000 (18:45 +1000)]
Add a note in the contributing file about trivial commits.

A better explanation of where the "CLA: trivial" line goes and how to add
it post hoc.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9265)

5 years agos390x assembly pack: update OPENSSL_s390xcap(3)
Patrick Steuer [Wed, 26 Jun 2019 21:41:35 +0000 (23:41 +0200)]
s390x assembly pack: update OPENSSL_s390xcap(3)

Add description of capability vector's pcc and kma parts.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)

5 years agos390x assembly pack: add support for pcc and kma instructions
Patrick Steuer [Wed, 26 Jun 2019 23:07:54 +0000 (01:07 +0200)]
s390x assembly pack: add support for pcc and kma instructions

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)

5 years agoSupport SM2 certificate signing
Paul Yang [Wed, 5 Jun 2019 06:46:48 +0000 (14:46 +0800)]
Support SM2 certificate signing

SM2 certificate signing request can be created and signed by OpenSSL
now, both in library and apps.

Documentation and test cases are added.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9085)

5 years agoChange the DRBG HMAC implementation to lookup allowed digest names
Matt Caswell [Thu, 20 Jun 2019 12:17:22 +0000 (13:17 +0100)]
Change the DRBG HMAC implementation to lookup allowed digest names

As per the previous commit we make the same change for DRBG HMAC and
more closely align the FIPS_MODE and non FIPS_MODE implementations.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)

5 years agoChange the DRBG HASH implementation to lookup all allowed algorithm names
Matt Caswell [Thu, 20 Jun 2019 10:51:08 +0000 (11:51 +0100)]
Change the DRBG HASH implementation to lookup all allowed algorithm names

We use the new function ossl_prov_util_nid_to_name() to look up the
algorithm and unify the FIPS_MODE and non-FIPS_MODE handling.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)

5 years agoAdd a nid 2 algorithm name mapping capability
Matt Caswell [Thu, 20 Jun 2019 10:48:50 +0000 (11:48 +0100)]
Add a nid 2 algorithm name mapping capability

Providers that link against libcrypto can just use OBJ_nid2sn() to look
up the name of an algorithm given a NID. However that doesn't work for the
FIPS provider because OBJ_nid2sn() is not available there (due to the
reliance of the code on ASN.1 types). Therefore we provider a new function
to do this mapping. For providers linking against libcrypto the new function
just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the
NIDs known there.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)

5 years agoCall RAND_DRBG_bytes from inside the FIPS provider
Matt Caswell [Tue, 28 May 2019 10:26:17 +0000 (11:26 +0100)]
Call RAND_DRBG_bytes from inside the FIPS provider

Insert a dummy call to RAND_DRBG_bytes from inside the FIPS provider to
demonstrate that it is possible to use the RAND code from inside the
module. This is temporary and will be removed once real uses of the RAND
code are available inside the module.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)

5 years agoFix NULL pointer dereference in the ex_data code
Matt Caswell [Tue, 28 May 2019 10:28:16 +0000 (11:28 +0100)]
Fix NULL pointer dereference in the ex_data code

In some circumstances the global data held in the "global" variable can
be NULL, so we should error out in the circumstance instead of crashing.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)

5 years agoMake the RAND code available from inside the FIPS module
Matt Caswell [Thu, 23 May 2019 13:35:42 +0000 (14:35 +0100)]
Make the RAND code available from inside the FIPS module

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)

5 years agoDocument EVP_CIPHER_up_ref()
Matt Caswell [Mon, 24 Jun 2019 16:47:04 +0000 (17:47 +0100)]
Document EVP_CIPHER_up_ref()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)

5 years agoRename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref
Matt Caswell [Mon, 24 Jun 2019 16:38:01 +0000 (17:38 +0100)]
Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref

All the other upref functions are spelled as "up_ref". These new functions
should be consistent.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)

5 years agoAdd documentation for EVP_CIPHER_fetch
Matt Caswell [Mon, 24 Jun 2019 16:34:14 +0000 (17:34 +0100)]
Add documentation for EVP_CIPHER_fetch

We extend the EVP_MD_fetch documentation to be more generic and to also
cover EVP_CIPHER_fetch. We expect this to be further expanded with other
"fetch" functions in the future.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)

5 years agoman: clarify the 'random number generator must be seeded' requirement
Dr. Matthias St. Pierre [Thu, 27 Jun 2019 08:12:08 +0000 (10:12 +0200)]
man: clarify the 'random number generator must be seeded' requirement

The manual pages require for some API functions that the 'random number
generator must be seeded' before calling the function.  Initially, this
was meant literally, i.e. the OpenSSL CSPRNG had to be seeded manually
before calling these functions.

Since version 1.1.1, the CSPRNG is seeded automatically on first use,
so it's not the responsibility of the programmer anymore.  Still, he
needs to be aware that the seeding might fail.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9257)

5 years agoman: fix documentation for RSA_generate_key()
Dr. Matthias St. Pierre [Thu, 27 Jun 2019 10:50:26 +0000 (12:50 +0200)]
man: fix documentation for RSA_generate_key()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9260)

5 years agoMove the public SIV mode functions from public headers to internal ones
Matt Caswell [Mon, 24 Jun 2019 15:07:30 +0000 (16:07 +0100)]
Move the public SIV mode functions from public headers to internal ones

SIV mode is accessible via EVP. There should be no reason to make the low
level SIV functions from the modes directory part of the public API. Since
these functions do not exist in 1.1.1 we are still able to make this change.

This also reduces the list of newly added undocumented symbols from
issue #9095.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9232)

5 years agoMove 'shared_sigalgs' from cert_st to ssl_st
Benjamin Kaduk [Thu, 13 Jun 2019 19:26:12 +0000 (12:26 -0700)]
Move 'shared_sigalgs' from cert_st to ssl_st

It was only ever in cert_st because ssl_st was a public structure
and could not be modified without breaking the API.  However, both
structures are now opaque, and thus we can freely change their layout
without breaking applications.  In this case, keeping the shared
sigalgs in the SSL object prevents complications wherein they would
inadvertently get cleared during SSL_set_SSL_CTX() (e.g., as run
during a cert_cb).

Fixes #9099

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)