Improve documentation of standard IANA cipher suite names.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/

Improve documentation of standard IANA cipher suite names.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23539)

show more ...

Add appropriate lower bound checks for GeneralizedTime and UTCTime

ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTi

Add appropriate lower bound checks for GeneralizedTime and UTCTime

ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.

Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)

show more ...

apps/engine: add EC to list of capabilities

openssl engine -c wasn't showing if an engine implemented EC

cla: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Rev

apps/engine: add EC to list of capabilities

openssl engine -c wasn't showing if an engine implemented EC

cla: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23538)

show more ...

Ensure `$(MAKE)` commands and `CFLAGS` are appropriately quoted in the Makefile.

If a user's `make` command came from a path that contained a space then both the
`$(MAKE)` variable (and

Ensure `$(MAKE)` commands and `CFLAGS` are appropriately quoted in the Makefile.

If a user's `make` command came from a path that contained a space then both the
`$(MAKE)` variable (and parts of the generated `CFLAGS`, when building for iOS)
would not be properly quoted and the build would fail.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23663)

show more ...

Apply the AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100

Performance improvements range from 18% to 32%.

Change-Id: Ifb89eeac3c0625a582a25ff07cf7f9c9ec8f5ba6

Re

Apply the AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100

Performance improvements range from 18% to 32%.

Change-Id: Ifb89eeac3c0625a582a25ff07cf7f9c9ec8f5ba6

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23651)

show more ...

chachap10-ppc.pl: Fix truncated relocation

Fix error: relocation truncated to fit: R_PPC64_REL14 (stub)
against symbol `ChaCha20_ctr32_vsx_8x'

CLA: trivial

Reviewed-by:

chachap10-ppc.pl: Fix truncated relocation

Fix error: relocation truncated to fit: R_PPC64_REL14 (stub)
against symbol `ChaCha20_ctr32_vsx_8x'

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23618)

show more ...

SSL_set1_groups_list(): Fix memory corruption with 40 groups and more

Fixes #23624

The calculation of the size for gid_arr reallocation was wrong.
A multiplication by gid_arr ar

SSL_set1_groups_list(): Fix memory corruption with 40 groups and more

Fixes #23624

The calculation of the size for gid_arr reallocation was wrong.
A multiplication by gid_arr array item size was missing.

Testcase is added.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23625)

show more ...

s_cb.c: Add missing return value checks

Return value of function 'SSL_CTX_ctrl', that is called from
SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(),
is not chec

s_cb.c: Add missing return value checks

Return value of function 'SSL_CTX_ctrl', that is called from
SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(),
is not checked, but it is usually checked for this function.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23647)

(cherry picked from commit 6f794b461c6e16c8afb996ee190e084cbbddb6b8)

show more ...

Minor wording fixes related to no-atexit

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/o

Minor wording fixes related to no-atexit

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23642)

(cherry picked from commit 66e6f72c3e4221580a7f456ddeaa5027f0bbb8b7)

show more ...

Don't print excessively long ASN1 items in fuzzer

Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively
long.

This fixes a false positive encountered by OSS

Don't print excessively long ASN1 items in fuzzer

Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively
long.

This fixes a false positive encountered by OSS-Fuzz.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23640)

show more ...

Extended SSL_SESSION functions using time_t

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/opens

Extended SSL_SESSION functions using time_t

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21206)

show more ...

Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://

Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23611)

show more ...

Correct the defined name of the parameter "micalg" in the documentation

The EVP_DigestInit(3) manual page contains wrong name for the define
macro for the OSSL_DIGEST_PARAM_MICALG param.

Correct the defined name of the parameter "micalg" in the documentation

The EVP_DigestInit(3) manual page contains wrong name for the define
macro for the OSSL_DIGEST_PARAM_MICALG param.

Fixes #23580

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23615)

show more ...

Minor updates

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.

Minor updates

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

Fix warning

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.co

Fix warning

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

JSON_ENC: Ensure ossl_json_flush() really flushes the BIO

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@o

JSON_ENC: Ensure ossl_json_flush() really flushes the BIO

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC CHANNEL: Defer QLOG instantiation until first event

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@op

QUIC CHANNEL: Defer QLOG instantiation until first event

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC TXP: Allow QLOG instance retrieval via callback

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openss

QUIC TXP: Allow QLOG instance retrieval via callback

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC QTX: Allow QLOG instance retrieval via callback

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openss

QUIC QTX: Allow QLOG instance retrieval via callback

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC FIFD: Allow QLOG instance retrieval via callback

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@opens

QUIC FIFD: Allow QLOG instance retrieval via callback

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

Add entry to CHANGES.md

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https

Add entry to CHANGES.md

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC MULTISTREAM TEST: Test explicit event handling mode

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@op

QUIC MULTISTREAM TEST: Test explicit event handling mode

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC APL: Add implementation of SSL_VALUE_EVENT_HANDLING_MODE

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tom

QUIC APL: Add implementation of SSL_VALUE_EVENT_HANDLING_MODE

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC: Add API for SSL_VALUE_EVENT_HANDLING_MODE

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org

QUIC: Add API for SSL_VALUE_EVENT_HANDLING_MODE

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...

QUIC: Add docs for SSL_VALUE_EVENT_HANDLING_MODE

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.or

QUIC: Add docs for SSL_VALUE_EVENT_HANDLING_MODE

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)

show more ...