Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Squashed 'openssl/' changes from 31157bc0b46..a92271e03a8
a92271e03a8 Prepare for release of 3.1.0 33fd20b5d7a make update cb224f4e27b Update copyright year f02e5cd6067 Fix aarch64 signed bit shift issue found by UBSAN 1beb33bda63 fips: Use salt >= 16 bytes in PBKDF2 selftest 6a0a3fee222 Add option to FIPS module to enforce EMS check during KDF TLS1_PRF. 5b2fe0ba65b DOCS: provider-keymgmt(7) - params for EVP_PKEY_get_default_digest_{name,nid}() aa7f2efcf8a Improve the performance of EVP_PKCS82PKEY_ex 3a272c1ef56 Fix cast. 493ab45169d Fix typo in base provider example code 0937c01f2e0 Coverity 1521557: Error handling issues 2bb9e445209 Add sections that were missing f118ab321ad Fix FFC mdprop setting bugs. 2022b9e761f Fix potential infinite loops in ECDSA signing. dda8b03284a Fix infinite loops in DSA sign code. 3d896a18277 ec: Use .machine "any" explicitly in ecp_nistp521-ppc64 97b926c852a Update FIPS provider documentation to note that fips=yes is mandatory cdcb9c76bdd Disable atomic refcounts with no-threads b175e870e97 Fix incomplete error check on RSA_public_decrypt() de80517c640 Fix incomplete error check on ASN1_item_i2d() b7f3b7d8aba Document the list of RAND algorithms in the default and fips providers. 1b9b1d5ad6a Add provider pre-fetching documentation b4ac0bfc320 Add documentation for "NULL" cipher and digest algorithms. da30fd892e2 CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type b2df2651dfc CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue 540e4388bc9 CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key d4a8a5307b5 CMS_decrypt*(): fix misconceptions and mem leak 3c8cee20650 CMS_add0_cert.pod: remove wrong text on duplicate CRLs; small further improvements 913020e7aba CMS_add1_crl(): prevent double free on failure of CMS_add0_crl() 2c4b1c7b7b0 Do not have more data in a pipeline than the split_send_fragment 89ed54456ec Update the pipelining docs 1d06598f0e9 Fix read pipelining df9c7ceefef Pipeline output/input buf arrays must live until the EVP_Cipher is called 24c7d367b61 Add a test for TLS pipelining a92dd651abf Skip subdirectories in SSL_add_dir_cert_subjects_to_stack() b14928611b0 Fixes #20278: Fixed double free bug in crypto/http/http_client.c 0c51788e31e Fix potential NULL pointer dereference in function evp_pkey_asn1_ctrl 73b0126150b update documentation to note that EdDSA is not FIPS approved 098e655e212 update changes entry to note EdDSA is not FIPS approved a4720e98904 Revert "Put EdDSA back as approved algorithms." ed8d2c9948f Add a test for no initialisation of the default config file ba8e2074fe3 Only call OPENSSL_init_crypto on fetch if using the default libctx a57ab43975d Document return value of OSSL_DECODER_from_data d1e1a8feeb7 Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime() cae7b99285e Fix failing cms test when no-des is used 3da073c405e openssl-3.0#20290: Fixed typo in "config" man page 2f32721db4e kbkdf: Fix kbkdf_dup function pointer type 67315e59a1d Use of sparse_array.c only in the shared libssl e10bbf112e0 OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert 440bc71b543 Correct a copy&paste error in a link URL dbb1d378977 Sync CHANGES.md and NEWS.md with 3.0.8 release c062097bf3e rsa: add msvc intrinsic for non x64 platforms 9b4015eccca Add /test/timing_load_creds to gitignore fba38088640 Fix the return values of the aarch64 unroll8_eor_aes_gcm_*_*_kernel functions 13ca68791ff Fix BIO_set_indent() check cf3cf2ba81f Fix incomplete BIO_dup_state() error check a5a3532ab0e Fix incomplete check on CMS_SharedInfo_encode b887310c59b Fix error check on default_check() helper function 9b77bd92f89 Fix incomplete error check on BIO_set_md() e80518db6d5 Document limits on static and dynamic linking for HPE NonStop platforms. 4cfae921af8 Fix a potential memory leak in apps/s_server.c 510e4935ca7 Fix incomplete error check on BIO_set_accept_name() 2175054e320 ci: Add djgpp build b0e596cd254 des: prevent error when using two key triple DES with a random key c99faac4f1b Internaly declare the DSA type for no-deprecated builds 77ca40dcd5d remove EdDSA from changes entry about non-fips algorithms 58f28b402a1 doc: remove EdDSA from list of non-FIPS algorithms. b1ef927c92a Put EdDSA back as approved algorithms. 84358a87be2 Add testcase for missing return check of BIO_set_md() calls 4561dc7972a pk7_doit.c: Check return of BIO_set_md() calls 84d85fcabd6 CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (3.0) de4e3868de2 Add test for DSA pubkey without param import and check b2dc025d149 Do not create DSA keys without parameters by decoder 9ce43690cee Prevent creating DSA and DH keys without parameters through import 6e0760302b4 Fix NULL deference when validating FFC public key. c05921c4b83 Add test for d2i_PKCS7 NULL dereference fc173dc3105 Do not dereference PKCS7 object data if not set ae72afd0281 Check CMS failure during BIO setup with -stream is handled correctly 16f263d7ad3 Fix a UAF resulting from a bug in BIO_new_NDEF de3ab47deb9 Add a test for CVE-2022-4450 7e1d8445b57 Avoid dangling ptrs in header and data params for PEM_read_bio_ex 8022a4799fe Fix Timing Oracle in RSA decryption e2d0a3b5f55 Add testcase for nc_match_single type confusion 4679cfce391 Fix type confusion in nc_match_single() b767b00c81a Fix typo in Ordinals.pm from PR #14074 b85a1f13d6d doc/man1/{storeutl,gendsa}: point out that extra options/arguments are ignored 63176a011b6 Fix incomplete check on EVP_CIPHER_param_to_asn1() b0bd7a28e8b Use $config{build_file} instead of $target{build_file} 26328e53b04 Fix a potential memory leak in crypto/provider_child.c 008d81694d5 BIO_read.pod: fix small typo 984d28b9fe1 Do not include sparse_array.o in libssl with no-shared 58e8162e73d Avoid duplicating symbols in legacy.a with some build options c122d15039a [doc] Sync documentation now that 3.0 honors OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT f526461da3b Fix incomplete check on X509V3_add1_i2d() f006e27ff02 Workaround crash in atexit on NonStop platforms b4120a155ba ChaCha20-Poly1305 no longer supports truncated IV's. 00e8275a8e4 coverity 1520506: error handling 4476dcaf9fd coverity 1520505: error handling c6a7b7bebaf Add notes about ignoring initialization failures on contexts 3100e52ebad Document that the RSA e value is mandatory when importing. 16897205581 Fix Coverity 1520485: logically dead code 0c76c217b7c Revert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*" 67374d8c5c7 Clarify the change of enc -S behavior in 3.0 27675857653 Fix incomplete checks for EVP_CIPHER_asn1_to_param c46385e996f test: note that a default property query must be included for FIPS validity d702d0144f8 changes entry about non-approved FIPS algorithms 6f09571af0e Put X25519 and X448 back as approved algorithms 12d2997109f fips: document that the EdDSA algorithms are not-validated f0af262bd8d OSSL_trace_set_channel(): add important statement that it takes BIO ownership 4700b80d7c6 set_trace_data(): prevent double free on OPENSSL_strdup() failure 2c83dedef6a CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk* 27527f230cd CI: cross-compile: Allow to set CPU capabilities 538358abc9f Fix corruption when searching for CRLs in hashed directories d36a9d66dc7 Add DTLS support to the large app data test 3be93f1b264 Ensure our buffer allocation allows for the Explicit IV 5e73bf03d78 Add a test for large app data ba8159638bc MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones 21c06d4ac98 X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc 605a13842ac cmp_client.c: fix handling of total_timeout for RR and GENM transactions bf277d54f93 cmp_client_test.c: add tests for end_time being initialized for RR/GENM de107d4c94b CMP docs: clarify behavior on message/total timeout values given de1ce231ab3 Fixes wrong return type in BIO_do_connect man page. c167983269e Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4() f9abf587747 Padlock: fix byte swapping assembly for AES-192 and 256 7b662e0fc7a Add link to EBNF definition 3107aafad2e Add negative test for unquoted property string f60b1239cfd Correct property EBNF for unquoted strings fe89566149f Fix incorrect error return value in i2r_ADMISSION_SYNTAX() 05040e96971 Fix potential NULL pointer dereference 16129bf1b84 Clarify documentation of X509_STORE_CTX_get_current_cert() 9d0de908ec1 pkey: Imply public check if -pubin is specified 281c6b4a785 s390x: Fix keccak xofs via CPACF a419d3aa8d0 Fix big-endian issue in chacha20 SVE implementation on aarch64 c9d7c0b349b Bump actions/setup-python from 4.4.0 to 4.5.0 7f7918e9244 Documenting lack of error codes stability 5ed42a26dac Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime ada7f2258ea Revert "Limit size of modulus for BN_mod_exp_mont_consttime()" f70ef016b2b fips: make EdDSA unapproved for FIPS c6fc9f75814 SSKDF with KMAC should return SIZE_MAX when EVP_KDF_CTX_get_kdf_size() is used. 6828d87b93f fix manpage of `d2i_X509(3)` e72a0ab363e Do not check definition of a macro and use it in a single condition e33c37aead7 OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated fcc224a3c5c In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1 2b7b7eebf9b test/param_build_test.c: test zero BIGNUM 3d63177fac7 Add empty migration guide for 3.1 84292823699 Doc: Update history section of EC_GROUP API's. 92990ab3597 Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey(). a8e8afe885b info.c: Fix typos in seed macro name and description string 49f2bc922fa rsaz_exp_x2.c: Remove unused ALIGN64 macro df073dd603c rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasing 9470c182834 Revert "Fix an occasional CI failure due to unaligned access" b21e82f62ac Fix SM4 test failures on big-endian ARM processors 69e18a4d93e BIO_s_dgram: add documentation and hazard warnings 8c29e5ebfd5 Avoid possible divide by zero cbae8a5fc40 80-test_cms.t: Fix rsapssSaltlen check on MinGW 98fa15347ea Cleanse internal BN_generate_dsa_nonce() buffers used to generate k. de87b146c43 Bump actions/setup-python from 4.3.1 to 4.4.0 eebdca29004 INSTALL.md: Remove trailing space 73e4007ad67 Docs: Move deprecated ECDSA_ functions into a separate file. 129c41906b9 Change HKDF to alloc the info buffer. 63549494c89 ec_kmgmt.c: check the return of BN_CTX_get() in time. 9f78288f15b INSTALL.md: Fix typo 6a4bda0cbf6 Add Demos for DSA params/DSA keygen. 85f172a5156 Fix possible UB in init_info_strings cdc23b16bb5 Add testcase for OSSL_trace_set_callback() e1f09938ca6 Avoid ifdefs in trace categories 0c5fe6e4e74 Add a CMS test for a bad encryption algorithm cc122995d1f Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID 903e96599b5 Fix BIO_f_asn1() to properly report some errors 6259cf34eab Fix SMIME_crlf_copy() to properly report an error 54b5aeb94c3 Fix BIO_f_cipher() flushing 92d86b387ea Fix a logic flaw in test_mod_exp_zero cb6bd940310 Prepare for 3.1 beta 2 84ae1c1fb94 Prepare for release of 3.1 beta 1 06444ab2e38 make update 19e1bc0e97d Update copyright year c75203021bd Add CHANGES.md entry for support for KMAC in KBKDF f39d181c470 Update FIPS related build instructions. e6852268066 Refine the documents of several APIs 4e98cb5733a Update HMAC() documentation. b46d2209691 Fix FIPS Provider compat CI of 3.0 libcrypto with 3.2 FIPS provider a92a0097d07 Add KMAC support to KBKDF. 47dec02433a timing_load_creds requires POSIX1.2001 due to rusage 0756e7a4016 Coverity: fix 272011 resource leak f1b104953af timing_load_creds: Fix typos in the timersub macro 5c92ac52c28 Do not build P10-specific AES-GCM assembler on AIX cdcc439aa0a Do not build P10-specific Chacha20 assembler on AIX cda5515a5ef CHANGES.md: Fix the 3.0.7 release date 28864841616 Fix openssl storeutl to allow serial + issuer 4d2d39c9609 Make error reason for disallowed legacy sigalg more specific 2f05fe946bc Fix SM4-CBC regression on Armv8 b018b05d6bf crypto/err: expand on error code generation c153dd8a254 Run-checker merge CI: Memleak test does not work without ubsan a800b7adbee Revert "Run-checker merge CI: Replace no-shared with no-modules" c3f24a0390d OSSL_CMP_validate_msg(): make sure to reject protection type mismatch 4d4b5e10c28 unbuffer stdin before get passwd from stdin db2fc00945b signature: Clamp PSS salt len to MD len fea151a24de Obtain PSS salt length from provider 3956fc91afc Run-checker merge CI: Replace no-shared with no-modules b23521c40ab Cross compiles CI: Disable stringop-overflow warning on s390x and m68k a09f6a10e8c Fuzz checker CI: Use more generic include dir for fuzzer includes 843b0524eb7 Bump actions/setup-python from 4.3.0 to 4.3.1 c69ac438306 Fix `no-ec enable-ktls` build d2cdcb663e6 test: add test case for deadlock reported in #19643 1adc6dbdb8f x509: fix double locking problem 31240c1a53a Replace some boldened types with a corresponding man page link e921c278aaa Move the description of the core types into their own pages 2e1ec27bca3 Better sorting of util/other.syms 3aad04a0286 Fix treatment of BUILD_METADATA 25b0b217220 djgpp: Fix unused-but-set-variable warning afec90df259 Fix warnings with unsigned time_t 2a210032983 Define threads_lib.c functions only for OPENSSL_SYS_UNIX f7ff0d34f29 Cast socklen_t to size_t in assert comparison 2ce940e54e9 Cast values to match printf format strings. f3e9308fe1b Replace "a RSA" with "an RSA" 8ca2a012c8e timing_load_creds: Add timersub macro for platforms where it is missing a6e50030516 Fix the code used to detect aarch64 capabilities when we don't have getauxval() cca2d261d59 Fix the check of BIO_set_write_buffer_size and BIO_set_read_buffer_size bdb66dd4c56 Fix the check of EVP_PKEY_decrypt_init 6a858e9f596 Fix the checks in rsautl_main 2fcf42c062c Drop a spurious printf in evp_test.c f0294208d11 Fix build on NonStop 998174c5d8f doc: fix EVP_SignInit.pod f491f96ab0d Clarify the EVP_PKEY_decrypt manual page 4277516fd1b Prepare for 3.1 beta 1 21037dfc280 Prepare for release of 3.1 alpha 1 be8d1efbafc make update 967f2014402 Update copyright year f73a5b7d986 NEWS.md: Update with changes from 3.0.7 and major items from 3.1 be3392084ab cmp_client_test.c: add tests for OSSL_CMP_CTX_get_status ca0dd5f4a30 Remove redundant assignment in felem_mul_ref in p521 059123bed8f doc: fix location of AES-SIV ciphers d656efb9eb7 Update pyca-cryptography submodule to 38.0.4 926db476bc6 Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED 18e72cbefec Fix occasional assertion failure when storing properties 93d3ad02123 Drop incorrect skipping of some evp_test testcases with no-gost 5462d8d6a6a Add test for EVP_PKEY_Q_keygen d0f33da0273 Fix typos in doc/man3/EVP_EncryptInit.pod 2c3ea16b232 When using PEM_read_bio_PrivateKey_ex() the public key is optional afc18bfdb83 add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function 23a0b31f32a add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function b3d29175f70 OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs f494a5c2fe7 CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs 9bf67ed5525 Fix typo in openssl-x509.pod.in 80d89bde843 test/timing_load_creds.c: use OPENSSL_SYS_ macros 5e616482dc1 Disable test/timing_load_creds.c on VMS 5d8c9e2c28f Add SM2 support for EVP_PKEY_Q_keygen fb705bebeef CMP: fix handling of unset or missing failInfo PKI status information 12dbea73ef5 CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages 0703f3f9dff Add two new build targets to enable the possibility of using clang-cl as an assembler for Windows on Arm builds and also clang-cl as the compiler as well. Make appropriate changes to armcap source and peralsm scripts. bf8365842f2 OSSL_trace_enabled.pod and OSSL_trace_set_channel.pod: improve doc 59b51db3d24 http_client.c: Dump response on error when tracing is enabled d04231c1741 c_rehash: Fix file extension matching 18292564ba2 Coverity 1515953: negative loop bound 762473f53a0 Improve performance of the encoder collection 69bcdb7dcdf optimize ossl_sm4_set_key speed 10c2f19420e Add vpaes-loongarch64.pl module. e5a5a194fa7 Add LoongArch64 cpuid and OPENSSL_loongarchcap_P bf0e3fae0d8 nit: fix some pointer comparisons fee9986c3da apps & al : Fix various typos, repeated words, align some spelling to LDP. f24b716f26f Fix various typos, repeated words, align some spelling to LDP. 2c54276e89e crypto/*: Fix various typos, repeated words, align some spelling to LDP. 5af0050147e crypto: Fix various typos, repeated words, align some spelling to LDP. 86699ac6ef4 Fixed some grammar and spelling cb6f8ae4638 ERR: replace remnant ECerr() and EVPerr() calls in crypto/ 98e3f4e9d0a apps/speed.c: Lock buffer in memory a193030d324 Add config option for speed command Fixed #16986 b800396dddc test/trace_api_test.c: fix gcc error on -Werror=strict-prototypes 9099a0564be Add tests for trace_api. 24e1432e187 Fix AES-GCM on Power 8 CPUs 64668674e80 OSSL_CRYPTO_ALLOC attribute introduction proposal. 8cef32cd2e0 Fix PROV_RC5_CTX's original structure name 0094d5c26b7 openssl.cnf: split option value and comment and remove leading space 7bfa68fe580 Cleanup EBCDIC string defintions 150c6f0f3c1 Add some API tests for TLSv1.3 record padding 7bda9e81a68 Add a test for read_ahead data crossing a key change 291f8294d47 provider: cipher: aes: add riscv32 zkn (zbkb) support 8aff1e8bf30 aes_platform: add riscv32 zkn asm support fd7953b7b93 add build support for riscv32 aes zkn 2f97366e469 Add RISC-V 32 cpuid support 624bd6890da Add linux32-riscv32/BSD-riscv32 target ef832b3b5dd Add AES implementation in riscv32 zkn asm 38186a241eb Add BSD-armv4 target based on linux-armv4 8bee6acc6fa Improve chacha20 perfomance on aarch64 by interleaving scalar with SVE/SVE2 6bf9a6e59cb Drop the optimisation level for ppc64le cross-compile 8ba5893e4a9 Add CODE-OF-CONDUCT.md 8a63360e8ec Fix unrolled montgomery multiplication for POWER9 3a2da102b42 Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"" 40230f66c42 test/timing_load_creds.c: fix coding style and other (mostly minor) issues 93485e8ed8b Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info e5124e1cb52 Add a stand-alone "timing" program 411a3d81874 Add ROTATE inline RISC-V zbb/zbkb asm for DES 41ac1b428f8 Fix GHASH-ASM implementation on s390x 15c7642b9e2 Change name of parameter in documentation from sigret to sig 74bfc163f10 gcm_get_funcs(): Add missing fallback for ghash on x86_64 77d99f03a19 Fix regression from GCM mode refactoring 6df6a44fe9d s390x: Optimize kmac 61763c03235 s390x: Fix GCM setup 5c7a383d5e3 Clean up GCM_MUL and remove GCM_FUNCREF_4BIT aa973176940 Clean up use of GHASH macro 6843c1e4a71 Use separate function to get GCM functions a66a1162310 Remove some unused 4bit GCM code be25847920f Remove unused 1bit GCM implementation b2587f03d84 Remove unused 8bit GCM implementation 6df209b410b Emit rev8 on __riscv_zbkb as on __riscv_zbb fe606019274 Cleanup : directly include of `internal/nelem.h` when required. 3431dd4b3ee Improve FIPS RSA keygen performance. 86479643a4b params_api_test.c: Fix mistake in backported test fix d5c02e2de86 Release the drbg in the global default context before engines 872dd0a21f2 Add a test case for the engine crash with AES-256-CTR e4d8eaac7e2 Add an EVP signature demo using DSA 20d3731006c test/recipes/80-test_cms.t: Fix the "CAdES ko" test b3840494e92 Fix coverity issues in X509v3_addr de22633a877 Add missing HISTORY sections for OpenSSL 3.0 related documents. 1136c4dc391 Improve FIPS RSA keygen performance. 6f6f4133129 Fix no-dtls1_2 ba86c086c72 dhparam: Correct the documentation of -dsaparam 4890f26e398 dhparam_test: Test that we add private key length on generation and print it ac214d70155 Use as small dh key size as possible to support the security 1f664896b90 Add ROTATE inline RISC-V zbb/zbkb asm for chacha dc6daead2f2 Add config option OPENSSL_NO_UNIX_SOCK 713f6a14e25 Add a DTLS next epoch test 01c7d59f035 VMS: For executables, process the use of /INCLUDE=main a bit differently 81bfb11b8d6 VMS: use selective search when linking with shareable images 72f022b9940 Add ROTATE inline asm support for SM3 674ecc0c5a1 Add SM3 implementation in RISC-V Zksh asm 433471084e4 Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats 2adb7908ef8 Optimize chacha20 on aarch64 by SVE2 c25f2c18735 Add test cases for verification of time stamping certificates 31117e602a4 Remove debug and other outdated build targets. d8813ae09a2 [crypto/bn] BN_consttime_swap: remove superfluous early exit 03b825f74f4 providers: cipher: aes: add riscv64 zkn support 9243129b5f3 aes_platform: add riscv64 zkn asm support 67026390bf7 Add riscv scalar crypto extension capability 3c2287309c6 add build support for riscv64 aes zkn a85f5cd635d Add AES implementation in riscv64 zkn asm 73cf79101c4 Fix code format: BLOCK_CIPHER_custom fbb9a1f9971 Move types.h #undefs for wincrypt.h compatibility e373c086c4d Make running individual ssl-test easier c251c628f80 Add riscv64 asm_arch to BSD-riscv64 target 2e7f6ca65d4 Apply the AES-GCM unroll8 optimization patch to Neoverse N2 d295e4b1da6 performance: improve ossl_lh_strcasehash fca5d6a2b76 Drop ossl_namemap_add_name_n() and simplify ossl_namemap_add_names() 8af5c6c4d34 ossl_namemap_name2_num: Avoid unnecessary OPENSSL_strndup(). 2a24b6f170f Add BSWAP4/BSWAP8 routines for riscv64 with Zbb 58901bfaf9f Add clmul-based gmult for riscv64 with Zbb, Zbc 8448432a3be Add basic RISC-V cpuid and OPENSSL_riscvcap b60603c5e3a Add AES implementation in generic riscv64 asm 1aadae96206 Prepare NonStop for fixed-size integer types. b28fbe26f5d add tests for PBKDF2 with SHA-3 5b8b7bcbab1 add support for SHA-3 based PRF to PBES2 e12f0f11b30 Make IV/buf in prov_cipher_ctx_st aligned 5c03d5ddce0 Add riscv64 asm_arch to linux64-riscv64 target 45e16e9e45d RISC-V support for the SHA256 c606775c4e4 evp_md: assert digest is provided for algctx reuse 9c5104948b8 Exclude IPv6 code using OPENSSL_USE_IPV6 instead of AF_INET6 b595301793c Header file cleanup for C++20 header-units 0f6ff63bdf3 doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1 a8b6c9f83ce tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above 4a929c7c5cb Remove the _fetch_by_number functions f68b78e3076 Remove duplicated #include headers a14eff6319e Acceleration of chacha20 on aarch64 by SVE b9b91dad9f1 md5: add assembly implementation for aarch64 708bf3dde8f evp_md_init_internal: Avoid reallocating algctx if digest unchanged dbe58ce23e7 Prefer .inst rather than .long for probe instructions in arm64cpuid.pl 092f0eded32 Clear unused variables in X509_print_ex() a44616e9464 Fix gcc 6.3 builds of aarch64 BSAES afb3f8ad95f fix some typos a06a72f797d fix for sslecho in demos echoing garbage #18165 0c6bca79085 Added Simple SSL Echo Client/Server to demos. e3bcb12b6e9 s390: Add new machine generation 2535075bf0b SM4 optimization for ARM by ASIMD 553e125aff6 Remove unused libctx functions (runonce, onfree) 519481c7748 Add -static-libgcc to solaris-sparcv7-gcc shared_ldflag a48081ac606 OSSL_PARAM_get_*_ptr: Drop errors from ptr/string mismatch 8436ef8bdb9 Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA ee246234bf5 Refactor: a separate func for provider activation from config 851bbd0f571 Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod. 0306ba1da18 evp_extra_test2: Test DH param checks with non-NULL libctx b049d9add2b DH_check[_params]() use libctx of the dh for prime checks 52ca4c4bac5 ParseC.pm: gracefully handle DOS-style end-of-line in source files 7fe68ca8382 Use <openssl/e_os2.h> rather than <stdint.h> c097598ca49 Add test to confirm IPAddressFamily_check_len catches invalid len fabdc09b1ff Catch incorrect IPAddressFamily lengths 5aaa3458e5d Drop explicit check for engines in opt_legacy_okay 31d6565c846 Fix the check of EC_GROUP_check_named_curve 3a4dd7f7d1a apps/speed.c: fix the wrong checks 8fe8c0f89eb Ensure that SIZE_MAX is defined where OSSL_SSIZE_MAX is used. 46b13bbfa1b Add documentation for CPUID bit #64+17 176836fce91 test: fix typo in test description 6953cda1edf test: add two comparision options to fips version test utility code 08715aaa249 Add test for EVP_PKEY_eq d619035d034 Update documentation for keymgmt export utils 2c2726cd99a Propagate selection all the way on key export 2f3f0b0c420 apps/ocsp.c: Add missing test if make_ocsp_response failed 3d004cefec5 Use the same encryption growth macro consistently a05e2aa5488 apps/speed.c: add verifying if fdopen returns NULL 38977853ec0 Resign test/certs/rootCA.pem to expire in 100 years a7b0ea5ad04 Update the validity period of ed25519 cerificates 66ecce223ce test_CMAC_keygen(): Avoid using ECB cipher with CMAC d90a4c7d5a1 cmac_set_ctx_params(): Fail if cipher mode is not CBC 66c4f141369 demos/mac/cmac-aes256: Clarify the cipher algorithm used 985eb23fbf8 Add test for generating safeprime DH parameters 729295023af Use libctx when generating DH parameters c6fb30f488f Remove further uses of __ARMEL__ in AArch64 assembly c2564d1323f Fix Coverity 1503218: negative loop bound 4a1108eb590 Decoder resolution performance optimizations ae154847632 Disable the test_afalg on cross compile targets c425e365f49 Configure: don't try to be clever when configuring afalgeng ceae983354d Fix incorrect comments in aes-gcm-armv8-unroll8_64.pl 42fe0f1aa4a Add EVP RSA key encode/decode demo 6907e6a1480 Fix typos in CCM test vector titles e2c3aea2ea5 Fix IV length caching in EVP encryption code a1fed5b2f62 aes-gcm-avx512.pl: Fixed mingw64 build 3f3d32832c6 Fix bug in scrypt KDF provider dup method 38f3427cb6f Fixed conditional statement testing 64 and 256 bytes afb67ad1e1b update oqsprovider/liboqs to v0.7.2 5929d5287a3 Update the oqs-provider submodule to a more recent commit 9a937ef4731 test_external_oqsprovider: Use working checkout of liboqs c635400be1f Add external testing with oqsprovider bfdcbe95fde Use Perl to generate bsaes-armv8.S 8a2941870ec ARM assembly pack: translate bit-sliced AES implementation to AArch64 e301e531fb1 Further acceleration for SM4-GCM on ARM 1dd1e2df3d8 Fix build issue with aes-gcm-armv8-unroll8_64.S on older aarch64 assemblers 0f3de2f0b92 Add testing of OBJ_find_sigid_by_algs() c581148fa48 enable CMS sign/verify for provider-implemented PKEYs 0c8684e7945 SM4 optimization for non-asm mode 41e2d878419 chacha20 performance optimizations for ppc64le with 8x lanes, Performance increase around 50%. 659b645d15d Fix typo 8095adc16b7 test/helpers/handshake.c: Add check for OPENSSL_strdup 270c72a340c Add test of FIPS provider from the master branch with 3.0 build fa82704ea65 evp_test: Skip testcase if r parameter is unsupported 64e20b1f442 Add test of FIPS provider from the 3.0 branch with master build 0a23b2b5308 AES-GCM enabled with AVX512 vAES and vPCLMULQDQ. af84bf2d52d aarch64: fix branch target indications in arm64cpuid.pl and keccak1600 106050faebc Fixed counter overflow 817096e9b51 Fix typos bbbccd79594 evp enc: cache cipher key length 071f5f874bb aes: avoid accessing key length field directly 97477bb6c48 Move e_os.h to include/internal 70df6caa0bf indentation fix dbe35ee6bfc tls1 prf: implement ctx dup operation 0ca770e3785 pkcs12 kdf: implement ctx dup operation 6e6024c37c3 test: change pkey kdf dup fail test to a pkey kdf dup success test 0f5229723ff k942 kdf: implement ctx dup operation ab09d2d7cb8 ss KDF: implement ctx dup operation 99a414d1df1 ssh kdf: implement ctx dup operation e85d09d9803 scrypt: implement ctx dup operation cb949048d6e krb5kdf: implement ctx dup operation a0a589babcf kbkdf: implement ctx dup operation 6343c3cf7e7 hkdf: implement ctx dup operation e9f0b7243c1 pbkdf2: implement ctx dup operation 34d2a072a9c pbkdf1: implement ctx dup operation f46befd667e evp_test: add a ctx dup operation to the KDF tests a262d4ff181 prov: add a safe memdup function for context cloning bc15591d7d3 Support different R_BITS lengths for KBKDF e8f1d76b502 Fix endianness problem in params_api_test 34ca334e5de Optimize AES-GCM for uarchs with unroll and new instructions a2bdca6fe66 AES-GCM performance optimzation with stitched method for p9+ ppc64le f01ebab0c0e fuzz: add punycode decoder fuzz test 709c04b5dd6 punycode: update to use WPACKET instead of using custom range checking 7abe06cbb52 pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey c8df0736e42 pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional 80645dfb8fd Limit size of modulus for BN_mod_exp_mont_consttime() 78a4827dad6 Revert "Skip DES based tests in FIPS mode" a7fb08256d0 Revert "Remove conditional FIPS dependence for 3DES" d0afc4ecc00 Revert "Move DES based test cases out of FIPS territory" d65b52ab575 Put 3DES back into the FIPS provider as a non-approved algorithm 13d3be4a37f pkcs7: Remove unused includes 3ede8f19b58 fips-label.yml: Fix the script after actions/github-script upgrade 08043118d1d Simpler square-root computation for Ed25519 5948336502a Fix sm3ss1 translation issue in sm3-armv8.pl 3fe69d976b5 test: add cipher context dup test 15e6cb6223a test: add digest context dup tests 0e1634db8e1 doc: document digest and cipher dup functions 107b16037ed Add context dup functions for digests and ciphers fc83bd1a1d8 fix indentation 37f1828d870 SM4 optimization for ARM by HW instruction 8c39948b269 providers: Add SM4 GCM implementation 852bb13853b property: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined. 8ea185e2e41 test: add some unit tests for the property to string functions b1b4806a8ca property: use a stack to efficiently convert index to string 654490cebf8 SM3 acceleration with SM3 hardware instruction on aarch64 4c4ac7c7ddb param dup: add errors to failure returns 584e4473779 param build set: add errors to failure returns b08f61e7c4d param build: add errors to failure returns c737132dff0 test: check for properly raised errors during param conversion 59548647a81 params: add error messages for built in param conversions a99bc331302 err: add additional errors ec8ee00100f Statically link the legacy provider to endecode_test 0029f786658 Don't use __ARMEL__/__ARMEB__ in aarch64 assembly 068c7fa9952 APPS load_key_certs_crls(): Make file access errors much more readable 00ce8311524 OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file 0aaa71b90a9 Fix typos 53f2ed74370 Don't run TLSFuzzer tests when it is not properly set 8963caee374 Run TLSfuzzer tests for CI cda2f1b9d4b TLS Fuzzer: initial test infrastructure 6f79bda426c TLSfuzzer: submodules 490934c61bd fix building failure when using -Wconditional-uninitialized f53caf04eba Fix compile error when building with no-asm ea578b6553b check the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347 9316125febb improving tests for adding sigalg with empty digest 25136fcf1b0 Documentation for RNDR and RNDRRS f716af3484c Add tests for RNDR and combine tests with RDRAND 42ffe7812ca Add support for RNDRRS Provider 45c74dea20c Add Arm Assembly (aarch64) support for RNG ee51843cbe8 Remove some unnecessary undefs in bn_asm.c 923140bd003 Add support for BSD-ppc, BSD-ppc64 and BSD-ppc64le configurations 3d2b47bcdf8 Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU 0bed814750c Add RSA encrypt demo b25d775e6cc sha/asm/keccak1600-ppc64.pl: Load data in 8 byte chunks on little endian e7557d7d747 prov: remove unused field `flag_fallback` and function `ossl_provider_set_fallback` c3f76ee8e40 x509: remove dead call to strlen() 8786f7058c0 Remove redundant tests 5f113755bde Revise s_client and s_server verbiage re secure renegotiation. 37fdd76d06b aarch64: support BTI and pointer authentication in assembly 17366644e4d RISC-V support for the SHA512 8bb214fae17 Add changes entry indicating that the OBJ_* calls are now thread safe 74299cf58fe test: add threading test for object creation cd0cc4911f8 doc: add note to indicate that the OBJ_ functions were not thread safe in 3.0 a5d27c2907e doc: Document that the OBJ creation functions are now thread safe. 060290e6aaf obj: add locking to the OBJ sigid calls 26d9ed7aef6 obj: make new NIDs use tsan if possible 196c57ee6a9 obj: make the OBJ_ calls thread safe 0c1613aeb92 tsan: add an addition macro 6460c3cf931 increase x509 code coverage metrics b699a1e89d2 Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread bae1d405cf0 Fix documentation for some i2d return values. 42e1a641a48 Test that signatures using hash name commands work properly 0391198f48f apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name db30d8f90d8 Check for private key existence before calling eddsa sign functions 733084ae065 crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case 6f6d7eeda1d Configurations/*.tmpl: overhaul assembler make rules. ec33ed71266 Update GitHub actions as suggested by dependabot 5c7a2fc2790 Coverity 1516624: Fix overrun memory access. eaa20600732 Fix the ceiling on how much encryption growth we can have 27cf118437c providers/common/der/oids_to_c.pm: Remove use of Data::Dumper 78ed5ab1d70 Potential null pointer reference 7f6bf5cdac7 fips: verify that the RNG was restored after the self tests dad5676c1a7 fipsinstall: add -self_test_oninstall option. 18477977496 Update FIPS KATs for 140-3 df8f8432eb1 dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1 dfb79d08e28 Remove DES cipher from the FIPS provider f66c14a0cc1 Update fipsinstall tests bf9c7c4bb42 Remove conditional FIPS dependence for 3DES 55d9f73a43d Move DES based test cases out of FIPS territory 3e218fd7bed Skip DES based tests in FIPS mode e30aad54159 rand: add set0 calls for the private and public DRBGs 5e244a93778 Update CHANGES.md and NEWS.md for new release 355be308eb2 punycode: add unit tests 4af7a0e48f4 Fix CVE-2022-3786 in punycode decoder. 0d50c5e2885 Fix CVE-2022-3602 in punycode decoder. f1b7a6c2475 tests: clear error queue before executing a testcase 6001ba23e08 Fix parameter names for RSA private key example 868141d4506 Make openVMS seeding less dependent of OpenVMS version 4215d649e92 Use RSA CRT parameters in FIPS self tests. 49e5865692f test: driver: fix -Wunused-but-set-variable 551aa3b6f96 x509: fix -Wunused-but-set-variable 6bfde830c86 txt_db: fix -Wunused-but-set-variable e556b05083f pem: fix -Wunused-but-set-variable 1462e6f9a65 CI: add Clang 15 8024730835d CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14 259b9dd55ee CI: add GCC 11 9fb0ff30343 rand: remove the ossl_rand_pool_add_additional_data() function. 91caaa3ba3e ssl_cipher_process_rulestr: don't read outside rule_str buffer cc62162a540 Add missing ERR_R_XXX_LIB codes 22b486e2ac0 Finer grained error records for provider load/init failures 432616d448c Update VERSION.dat, CHANGES.md and NEWS.md for branch openssl-3.1 02be04e5359 Fix a lock in provider_remove_store_methods() REVERT: 31157bc0b46 Prepare for release of 3.0.8 REVERT: 8c0eaeaf7c6 make update REVERT: 2a4b68ef012 Update copyright year REVERT: 2ad99281707 Internaly declare the DSA type for no-deprecated builds REVERT: 071e702aec8 Add CHANGES.md and NEWS.md entries for the 3.0.8 release REVERT: a0f2359613f Add testcase for missing return check of BIO_set_md() calls REVERT: d3b6dfd70db pk7_doit.c: Check return of BIO_set_md() calls REVERT: 2f7530077e0 CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (3.0) REVERT: 7e371855829 Add test for DSA pubkey without param import and check REVERT: fab4973801b Do not create DSA keys without parameters by decoder REVERT: c1b4467a7cc Prevent creating DSA and DH keys without parameters through import REVERT: 23985bac83f Fix NULL deference when validating FFC public key. REVERT: 67813d8a4d1 Add test for d2i_PKCS7 NULL dereference REVERT: 934a04f0e77 Do not dereference PKCS7 object data if not set REVERT: f596ec8a6f9 Check CMS failure during BIO setup with -stream is handled correctly REVERT: 8818064ce3c Fix a UAF resulting from a bug in BIO_new_NDEF REVERT: cbafa34b5a0 Add a test for CVE-2022-4450 REVERT: 63bcf189be7 Avoid dangling ptrs in header and data params for PEM_read_bio_ex REVERT: 8e257b86e58 Fix Timing Oracle in RSA decryption REVERT: fe6842f5a5d Add testcase for nc_match_single type confusion REVERT: c927a349269 Fix type confusion in nc_match_single() REVERT: 36d85b02cef doc/man1/{storeutl,gendsa}: point out that extra options/arguments are ignored REVERT: 77f29142b26 Fix incomplete check on EVP_CIPHER_param_to_asn1() REVERT: 28b78f39560 Use $config{build_file} instead of $target{build_file} REVERT: 0f67990573f Fix a potential memory leak in crypto/provider_child.c REVERT: 45e6a974736 BIO_read.pod: fix small typo REVERT: d36b0450d9d Do not include sparse_array.o in libssl with no-shared REVERT: 5a1b22fc2e6 Avoid duplicating symbols in legacy.a with some build options REVERT: 721aca05df2 Fix incomplete check on X509V3_add1_i2d() REVERT: 39bc59bc83c ChaCha20-Poly1305 no longer supports truncated IV's. REVERT: da6d4180526 coverity 1520506: error handling REVERT: 2680cd25ed0 coverity 1520505: error handling REVERT: 3a0bbaba732 Add notes about ignoring initialization failures on contexts REVERT: a47eff38d7e Document that the RSA e value is mandatory when importing. REVERT: d646730b89c Fix Coverity 1520485: logically dead code REVERT: 84eace37362 Clarify the change of enc -S behavior in 3.0 REVERT: 9c92c4917e1 Fix incomplete checks for EVP_CIPHER_asn1_to_param REVERT: ce7193b1233 OSSL_trace_set_channel(): add important statement that it takes BIO ownership REVERT: a478dd11e9e set_trace_data(): prevent double free on OPENSSL_strdup() failure REVERT: a3dd46d2c63 Fix corruption when searching for CRLs in hashed directories REVERT: ae0f54d3005 Add DTLS support to the large app data test REVERT: ecafcd8ad35 Ensure our buffer allocation allows for the Explicit IV REVERT: 6960fb03d58 Add a test for large app data REVERT: 299f096ff39 MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones REVERT: 5f77f91a42f X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc REVERT: add42e0b3b5 cmp_client.c: fix handling of total_timeout for RR and GENM transactions REVERT: 538682c62ac cmp_client_test.c: add tests for end_time being initialized for RR/GENM REVERT: de3b3c9c04e CMP docs: clarify behavior on message/total timeout values given REVERT: 780e7b11a54 Fixes wrong return type in BIO_do_connect man page. REVERT: 846d5099f3c Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4() REVERT: f45c6033ceb Padlock: fix byte swapping assembly for AES-192 and 256 REVERT: 36d03d2f05a Add link to EBNF definition REVERT: 9db21bebd18 Add negative test for unquoted property string REVERT: 5aa0554ac37 Correct property EBNF for unquoted strings REVERT: b9097b0c3b0 Fix incorrect error return value in i2r_ADMISSION_SYNTAX() REVERT: 60c19d0d61d Fix potential NULL pointer dereference REVERT: e594a9b7605 Clarify documentation of X509_STORE_CTX_get_current_cert() REVERT: 46d4cb4d8f1 pkey: Imply public check if -pubin is specified REVERT: 5701ead8f20 Bump actions/setup-python from 4.4.0 to 4.5.0 REVERT: d6220d1b7f6 Documenting lack of error codes stability REVERT: e6b1586ea2b Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime REVERT: 54eb24982b6 Revert "Limit size of modulus for BN_mod_exp_mont_consttime()" REVERT: 18308d6616c SSKDF with KMAC should return SIZE_MAX when EVP_KDF_CTX_get_kdf_size() is used. REVERT: 757fd35182b fix manpage of `d2i_X509(3)` REVERT: d92a5da5ae2 Do not check definition of a macro and use it in a single condition REVERT: 1932e595c80 OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated REVERT: f51b4ebb079 In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1 REVERT: 5601648e91d test/param_build_test.c: test zero BIGNUM REVERT: 7b807ad6eaa Add testcase for OSSL_trace_set_callback() REVERT: 318a27d4e9a Avoid ifdefs in trace categories REVERT: b4419635c99 test/trace_api_test.c: fix gcc error on -Werror=strict-prototypes REVERT: 5c6936e92df Add tests for trace_api. REVERT: 2f2176dc8d3 Doc: Update history section of EC_GROUP API's. REVERT: accd85ce7cd Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey(). REVERT: b9b411be841 info.c: Fix typos in seed macro name and description string REVERT: 4f46ff14bec rsaz_exp_x2.c: Remove leftover from broken cherry-pick REVERT: e3a9668e48b Revert "rsaz_exp_x2.c: Remove unused ALIGN64 macro" REVERT: 2a57a117a2e rsaz_exp_x2.c: Remove unused ALIGN64 macro REVERT: dcde8ea8c46 rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasing REVERT: 842311ae30b Revert "Fix an occasional CI failure due to unaligned access" REVERT: 6f252dd632a BIO_s_dgram: add documentation and hazard warnings REVERT: 0a69ca8f635 Avoid possible divide by zero REVERT: 5b449de0f0a 80-test_cms.t: Fix rsapssSaltlen check on MinGW REVERT: 7736379c5c0 Cleanse internal BN_generate_dsa_nonce() buffers used to generate k. REVERT: 1bd53640a2a Bump actions/setup-python from 4.3.1 to 4.4.0 REVERT: 46cf94e5e6e INSTALL.md: Remove trailing space REVERT: 4a8e7e27649 Docs: Move deprecated ECDSA_ functions into a separate file. REVERT: 12f64521194 Change HKDF to alloc the info buffer. REVERT: 053e06bd050 ec_kmgmt.c: check the return of BN_CTX_get() in time. REVERT: f0bbb25f348 INSTALL.md: Fix typo REVERT: b65285ba438 Add Demos for DSA params/DSA keygen. REVERT: b49d8da7745 Fix possible UB in init_info_strings REVERT: 00323667e3b Add a CMS test for a bad encryption algorithm REVERT: e979d9aaf5f Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID REVERT: a923d9bbb52 Fix BIO_f_asn1() to properly report some errors REVERT: 0a3eeb3346d Fix SMIME_crlf_copy() to properly report an error REVERT: 1619478374f Fix BIO_f_cipher() flushing REVERT: 36d6ebad8f6 Update pyca-cryptography submodule to 38.0.4 REVERT: 999509c235a Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED REVERT: 6651044b4d8 Fix a logic flaw in test_mod_exp_zero REVERT: c935b89f285 Raise the KMAC limits for key and custom size to 512 bytes REVERT: 0a229aec0a5 Update FIPS related build instructions. REVERT: 4ae8fe6cc8d Refine the documents of several APIs REVERT: 75fa52ddc97 Update HMAC() documentation. REVERT: 5ba39c0bf79 Fix FIPS Provider compat CI of 3.0 libcrypto with 3.2 FIPS provider REVERT: 878b00aa336 Coverity: fix 272011 resource leak REVERT: 53c643f67fe Fix openssl storeutl to allow serial + issuer REVERT: f92b294563b Make error reason for disallowed legacy sigalg more specific REVERT: bb3a931f867 crypto/err: expand on error code generation REVERT: 353521b7720 Run-checker merge CI: Memleak test does not work without ubsan REVERT: 921e19c20aa Revert "Run-checker merge CI: Replace no-shared with no-modules" REVERT: 4343b2923ac unbuffer stdin before get passwd from stdin REVERT: 17bd383dd21 Obtain PSS salt length from provider REVERT: 39fcc351c2c Run-checker merge CI: Replace no-shared with no-modules REVERT: bc136fd386b Cross compiles CI: Disable stringop-overflow warning on s390x and m68k REVERT: 8face2721b7 Fuzz checker CI: Use more generic include dir for fuzzer includes REVERT: 42cd898bd30 Bump actions/setup-python from 4.3.0 to 4.3.1 REVERT: c438de07c00 Fix `no-ec enable-ktls` build REVERT: 6fbbb53477a test: add test case for deadlock reported in #19643 REVERT: 7725e7bfe6f x509: fix double locking problem REVERT: 9a5c884999a cmp_vfy_test.c: fix name OSSL_CMP_CTX_set0_trusted{,Store} REVERT: f6fdbe63c7c OSSL_CMP_validate_msg(): make sure to reject protection type mismatch REVERT: c919280f793 Replace some boldened types with a corresponding man page link REVERT: 2365be29764 Move the description of the core types into their own pages REVERT: a0564dc8553 Better sorting of util/other.syms REVERT: f60dfe81847 Fix treatment of BUILD_METADATA REVERT: f15d23e2f9e Replace "a RSA" with "an RSA" REVERT: 544758738da Fix the check of BIO_set_write_buffer_size and BIO_set_read_buffer_size REVERT: 18e45bd9ead Fix the check of EVP_PKEY_decrypt_init REVERT: 5812a2d282a Fix the checks in rsautl_main REVERT: 17345cf10f9 doc: fix EVP_SignInit.pod REVERT: e3ce39ab344 Clarify the EVP_PKEY_decrypt manual page REVERT: d4394159918 cmp_client_test.c: add tests for OSSL_CMP_CTX_get_status REVERT: d1aa7d11363 doc: fix location of AES-SIV ciphers REVERT: e2758d1a39e Fix occasional assertion failure when storing properties REVERT: 0e4c201cb88 Drop incorrect skipping of some evp_test testcases with no-gost REVERT: ff2f8c81a08 Add test for EVP_PKEY_Q_keygen REVERT: ac591bf69e6 Fix typos in doc/man3/EVP_EncryptInit.pod REVERT: e7a7aa78348 When using PEM_read_bio_PrivateKey_ex() the public key is optional REVERT: e2cf3852733 add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function REVERT: 27a09e77667 add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function REVERT: 2c65de46785 OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs REVERT: 327e968c336 CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs REVERT: 79701dea429 Fix typo in openssl-x509.pod.in REVERT: 1c8b17358fe Add SM2 support for EVP_PKEY_Q_keygen REVERT: f2784497264 CMP: fix handling of unset or missing failInfo PKI status information REVERT: 69d3c81ca5c CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages REVERT: c28c2e0c7e6 Fix coverity issues in X509v3_addr REVERT: f35a4be939a Add missing HISTORY sections for OpenSSL 3.0 related documents. REVERT: 5ac7cfb5621 Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod. REVERT: 07f21b22ca9 evp_extra_test2: Test DH param checks with non-NULL libctx REVERT: 2bc3854a6cf DH_check[_params]() use libctx of the dh for prime checks REVERT: 9aa9d6a9426 ParseC.pm: gracefully handle DOS-style end-of-line in source files REVERT: 3e0a1c2c18b Add test to confirm IPAddressFamily_check_len catches invalid len REVERT: 17af63c1df8 Catch incorrect IPAddressFamily lengths REVERT: 56de1f3ce3d Drop explicit check for engines in opt_legacy_okay REVERT: b67935515ed Fix the check of EC_GROUP_check_named_curve REVERT: e29ea41f6d5 apps/speed.c: fix the wrong checks REVERT: eb153d04294 Add documentation for CPUID bit #64+17 REVERT: 17d20f6159a Add test for EVP_PKEY_eq REVERT: 38066a07e09 Update documentation for keymgmt export utils REVERT: aeb80f63d44 Propagate selection all the way on key export REVERT: d163bd08bb9 apps/ocsp.c: Add missing test if make_ocsp_response failed REVERT: c3e8128befa fipsinstall test: skip PCT DSA signature test for new providers REVERT: 00cd0627252 test: add two comparision options to fips version test utility code REVERT: bb0190e8a4d Use the same encryption growth macro consistently REVERT: 1aef13c0bdb apps/speed.c: add verifying if fdopen returns NULL REVERT: 511d8c0fb0e Resign test/certs/rootCA.pem to expire in 100 years REVERT: 2f27b9363e8 Update the validity period of ed25519 cerificates REVERT: b697ae10287 Add test for generating safeprime DH parameters REVERT: 0f68f59dd45 Use libctx when generating DH parameters REVERT: 2fee530c86d pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey REVERT: 60d391b6f01 pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional REVERT: b8a5adf3ec4 Limit size of modulus for BN_mod_exp_mont_consttime() REVERT: d0f8056c47f Release the drbg in the global default context before engines REVERT: aa97297427f Add a test case for the engine crash with AES-256-CTR REVERT: e285a0b5a0e fips-label.yml: Fix the script after actions/github-script upgrade REVERT: 6feff2e59df Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread REVERT: f3aa51d6347 Fix documentation for some i2d return values. REVERT: 424c9521182 Test that signatures using hash name commands work properly REVERT: 03c5381b41d apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name REVERT: 76962505be6 Check for private key existence before calling eddsa sign functions REVERT: 22530d31789 crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case REVERT: 4aabade09f9 Configurations/*.tmpl: overhaul assembler make rules. REVERT: 7343f687705 Update GitHub actions as suggested by dependabot REVERT: de45fecf8ae Coverity 1516624: Fix overrun memory access. REVERT: f8e6dda7b7c Fix the ceiling on how much encryption growth we can have REVERT: c5bc976d9a0 providers/common/der/oids_to_c.pm: Remove use of Data::Dumper REVERT: 716712f378f Potential null pointer reference REVERT: 7bfbf68ad04 Prepare for 3.0.8 REVERT: 19cc035b6c6 Prepare for release of 3.0.7 REVERT: 4539f7486b8 make update REVERT: 2fa4bde7264 Update copyright year REVERT: cf889ec8d9e Update CHANGES.md and NEWS.md for new release REVERT: f0f530216bf punycode: add unit tests REVERT: c42165b5706 Fix CVE-2022-3786 in punycode decoder. REVERT: fe3b639dc19 Fix CVE-2022-3602 in punycode decoder. REVERT: 4bae06d47ae tests: clear error queue before executing a testcase REVERT: e6623693597 Fix parameter names for RSA private key example REVERT: bc84a93a992 Make openVMS seeding less dependent of OpenVMS version REVERT: 34e3cbf99f2 Use RSA CRT parameters in FIPS self tests. REVERT: 1cfc95b25c9 test: driver: fix -Wunused-but-set-variable REVERT: 1b85fc806a7 x509: fix -Wunused-but-set-variable REVERT: e8c8f6faeac txt_db: fix -Wunused-but-set-variable REVERT: 15d698d2f82 pem: fix -Wunused-but-set-variable REVERT: 49c2c81d55d CI: add Clang 15 REVERT: 33da0e2b0d0 CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14 REVERT: e701d98618e CI: add GCC 11 REVERT: 3efb41c026d ssl_cipher_process_rulestr: don't read outside rule_str buffer REVERT: 38acfc30cc7 Add missing ERR_R_XXX_LIB codes REVERT: 840a8298297 Finer grained error records for provider load/init failures REVERT: 9cbd2e1098c Fix a lock in provider_remove_store_methods() git-subtree-dir: openssl git-subtree-split: a92271e03a8d0dee507b6f1e7f49512568b2c7ad
- Loading branch information