d2i_X509.pod: Better document using the reuse capability for libctx setup

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by:

d2i_X509.pod: Better document using the reuse capability for libctx setup

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22265)

show more ...

embed bio_dgram_data inside bio_dgram_sctp_data

the sctp BIO implementation uses the generic BIO dgram implementation
under the covers for some operations. However, the private data for

embed bio_dgram_data inside bio_dgram_sctp_data

the sctp BIO implementation uses the generic BIO dgram implementation
under the covers for some operations. However, the private data for
each bio is incongruous, leading to segfaults when doing things like
passing a dgram_sctp_ctrl operation to the underlying dgram_ctrl method.

Fix this by removing the common fields between the two strcutres and
embedding a bio_dgram_data as the first member of the
bio_dgram_sctp_data struct. This allows implicit casting when that call
path is taken, avoiding any memory mis-use

Fixes #20643

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22278)

show more ...

Fix coverity alert on use of uninitialised data

The function `ossl_blake2b_param_init` should initialise only, and not
read the data it is initialising

Reviewed-by: Richard Levi

Fix coverity alert on use of uninitialised data

The function `ossl_blake2b_param_init` should initialise only, and not
read the data it is initialising

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22282)

show more ...

BN_gcd(): Avoid shifts of negative values

Fixes #22216

Thanks to Leland Mills for investigation and testing.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-b

BN_gcd(): Avoid shifts of negative values

Fixes #22216

Thanks to Leland Mills for investigation and testing.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22272)

show more ...

DH_check: Emphasize the importance of return value check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@o

DH_check: Emphasize the importance of return value check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22262)

show more ...

[design] Make it possible to use explicitly fetched signature implementation

This design is to allow the use of explicitly fetched EVP_SIGNATURE
implementations.

Ref: openssl/pr

[design] Make it possible to use explicitly fetched signature implementation

This design is to allow the use of explicitly fetched EVP_SIGNATURE
implementations.

Ref: openssl/project#171

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22129)

show more ...

[design] Make it possible to pass AlgorithmIdentifier parameter data

This design is to allow passing AlgorithmIdentifier parameter data to and
from any cryptograpfic operation, with conv

[design] Make it possible to pass AlgorithmIdentifier parameter data

This design is to allow passing AlgorithmIdentifier parameter data to and
from any cryptograpfic operation, with convenience functions for them all,
not just for symmetric ciphers.

This is crucial to support CMS, among others.

Ref: openssl/project#172

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22162)

show more ...

ossl_property_list_to_string: handle quoted strings

ossl_property_list_to_string() didn't quote strings correctly which
could result in a generated property string being unparsable.

ossl_property_list_to_string: handle quoted strings

ossl_property_list_to_string() didn't quote strings correctly which
could result in a generated property string being unparsable.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22182)

show more ...

Bump suisei-cn/actions-download-file from 1.3.0 to 1.4.0

Bumps [suisei-cn/actions-download-file](https://github.com/suisei-cn/actions-download-file) from 1.3.0 to 1.4.0.
- [Release notes

Bump suisei-cn/actions-download-file from 1.3.0 to 1.4.0

Bumps [suisei-cn/actions-download-file](https://github.com/suisei-cn/actions-download-file) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/suisei-cn/actions-download-file/releases)
- [Commits](https://github.com/suisei-cn/actions-download-file/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: suisei-cn/actions-download-file
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22268)

show more ...

d2i_PKCS8PrivateKey_bio.pod: evp.h include is unnecessary

It is also not allowed by doc nits check to have
multiple includes.

Reviewed-by: Matt Caswell <matt@openssl.org>
Re

d2i_PKCS8PrivateKey_bio.pod: evp.h include is unnecessary

It is also not allowed by doc nits check to have
multiple includes.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22276)

show more ...

Added info on change to HISTORY of SSL_CTX_set_msg_callback()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com

Added info on change to HISTORY of SSL_CTX_set_msg_callback()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)

show more ...

Update documentation on SSL_CTX_set_msg_callback() to match the actual functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged

Update documentation on SSL_CTX_set_msg_callback() to match the actual functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)

show more ...

Print record version for DTLSv1_listen()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Print record version for DTLSv1_listen()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)

show more ...

Pass the dtls record version to the record layer msg_callback function.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://

Pass the dtls record version to the record layer msg_callback function.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)

show more ...

Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init

The initialization was introduced in commit dc8de3e6f1ee and
changes the behaviour of the `init` method for DSA and DH
be

Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init

The initialization was introduced in commit dc8de3e6f1ee and
changes the behaviour of the `init` method for DSA and DH
between 1.1.1 and 3.0, while the behaviour for RSA and EC_KEY
remains unchanged.

The initialization is not necessary in 3.x and master imho and
breaks the use-case of intercepting the methods of an existing
key.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)

show more ...

test: evp_extra: test signing with legacy app method based keys

This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression
test for the bug fix in commit 1acc3e8cc3c6 (pull requ

test: evp_extra: test signing with legacy app method based keys

This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression
test for the bug fix in commit 1acc3e8cc3c6 (pull request #22163).

It is analogous to `test_EVP_PKEY_sign`, only with a fake app method
based key. (The EC key test case was omitted, because there is no
`EC_KEY_METHOD_dup` method.)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)

show more ...

test: evp_extra: fix indentation error

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/221

test: evp_extra: fix indentation error

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)

show more ...

Correct documentation for PKCS5_PBKDF2_HMAC

In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states
that an iter value less than 1 is treated as a single iteration. Up

Correct documentation for PKCS5_PBKDF2_HMAC

In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states
that an iter value less than 1 is treated as a single iteration. Upon further
investigation in providers/implementations/kdfs/pbkdf2.c, it appears that
invalid iter values will result in failure and raise the
PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation
to accurately reflect the behavior in OpenSSL 3.x.

Closes openssl#22168

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22252)

show more ...

Restore the meaning of EVP_PKEY_print_private()

With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD
function "priv_print", effectively asking the backend to pri

Restore the meaning of EVP_PKEY_print_private()

With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD
function "priv_print", effectively asking the backend to print whatever it
regards as private key components.

In all backends that were built into libcrypto, this function printed what
was included in the private key structure, which usually includes the
public key components as well.

With OpenSSL 3.0, some of the corresponding key2text encoders got a
slightly different behavior, where the presence of the selector
OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector
OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be
regarded as private key components printed. This isn't entirely consistent,
though, as the RSA key2text encoder will still print the public key
components regardless.

To compensate for the changed backend behavior, EVP_PKEY_print_private()
was made to ask the encoder to print the keypair rather than just the
private key, thereby moving the backend semantics to the application API.
Unfortunately, this causes confusion for providers where the key2text
encoder really should print the private key only.

This change restores the built-in 1.1.1 backend behavior in the encoders
that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its
documented behavior, leaving it to the backend to decide what it regards as
"private key components".

Fixes #22233

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22237)

show more ...

Improved detection of engine-provided private "classic" keys

Resolves #17092 (?)
Resolves #17286 (?)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul

Improved detection of engine-provided private "classic" keys

Resolves #17092 (?)
Resolves #17286 (?)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19965)

show more ...

Remove duplicates of EVP_aes_xxx_wrap() from EVP_aes_128_gcm.pod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.co

Remove duplicates of EVP_aes_xxx_wrap() from EVP_aes_128_gcm.pod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22236)

show more ...

Call post_process_record for dtls records

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Call post_process_record for dtls records

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22239)

show more ...

doc/man3: fix misnamed function name

Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`,
fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph
in comm

doc/man3: fix misnamed function name

Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`,
fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph
in commit b3696a55a5ed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22242)

show more ...

Back off on generating noise in the event of a PING frame

If either endpoint issues a PING frame while we are introducing noise
into the communication then there is a danger that the con

Back off on generating noise in the event of a PING frame

If either endpoint issues a PING frame while we are introducing noise
into the communication then there is a danger that the connection itself
will fail. We detect the PING and then back off on generating noise for a
short while. It should be sufficient to just ensure that the next datagram
does not get dropped for each endpoint.

Fixes #22199

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22243)

show more ...

CHANGES.md: Mention new features added after 3.2 alpha1

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openss

CHANGES.md: Mention new features added after 3.2 alpha1

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22251)

show more ...