SSL: Test SSL_get_[rw]poll_descriptor, SSL_net_(read|write)_desired

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <p

SSL: Test SSL_get_[rw]poll_descriptor, SSL_net_(read|write)_desired

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21979)

show more ...

QUIC: Update documentation for SSL_get_[rw]poll_descriptor, SSL_net_(read|write)_desired

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Revi

QUIC: Update documentation for SSL_get_[rw]poll_descriptor, SSL_net_(read|write)_desired

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21979)

show more ...

QUIC APL: Wire SSL_get_[rw]poll_descriptor for TLS/DTLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl

QUIC APL: Wire SSL_get_[rw]poll_descriptor for TLS/DTLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21979)

show more ...

QUIC: Wire SSL_net_(read|write)_desired for TLS/DTLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.or

QUIC: Wire SSL_net_(read|write)_desired for TLS/DTLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21979)

show more ...

Add documentation for the function SSL_CONF_CTX_finish.

Add documentation for the function SSL_CONF_CTX_finish() in man3.

Fixes #22084

Signed-off-by: Sumitra Sharma <sumitr

Add documentation for the function SSL_CONF_CTX_finish.

Add documentation for the function SSL_CONF_CTX_finish() in man3.

Fixes #22084

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22128)

show more ...

os zoo ci

Use a Github Actions expression to set value for the environment
variable.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

os zoo ci

Use a Github Actions expression to set value for the environment
variable.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22130)

show more ...

enc: "bad decrypt" only in decryption

CLA: trivial

Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-b

enc: "bad decrypt" only in decryption

CLA: trivial

Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22134)

show more ...

Add provider documentation for the new open_ex

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levit

Add provider documentation for the new open_ex

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20131)

show more ...

Add Test to verify open_ex password checking works

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <l

Add Test to verify open_ex password checking works

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20131)

show more ...

Allow to pass a passprase callback at store open

Some PKCS11 modules require authentication early on to be able to
preload objects, which we want to do to avoid costly roundtrips when th

Allow to pass a passprase callback at store open

Some PKCS11 modules require authentication early on to be able to
preload objects, which we want to do to avoid costly roundtrips when the
HSM is actually reached over a network (Cloud HSM).

Unfortunately at open time we can't interact with the user becaue the
callbacks are only passed at object load time. later on.

This patch corrects this issue by providing a more feature rich open
call for providers.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20131)

show more ...

Postponed further context duplication support for ciphers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/open

Postponed further context duplication support for ciphers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22094)

show more ...

Enhance code safety and readability in SSL_get_shared_ciphers()

This commit introduces two key improvements:

1. Improve code safety by replacing the conditional statement with
`

Enhance code safety and readability in SSL_get_shared_ciphers()

This commit introduces two key improvements:

1. Improve code safety by replacing the conditional statement with
`if (n >= size)` and using OPENSSL_strnlen() instead of strlen().
This change ensures proper buffer size handling and adheres to
secure coding practices.

2. Enhance code readability by substituting `strcpy(p, c->name)` with
`memcpy(p, c->name, n)`. This adjustment prioritizes code clarity and
maintenance, even while mitigating a minimal buffer overflow risk.

These enhancements bolster the code's robustness and comprehensibility,
aligning with secure coding principles and best practices.

Fixes #19837

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21934)

show more ...

Update OPENSSL_buf2hexstr() to use DEFAULT_SEPARATOR.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https:

Update OPENSSL_buf2hexstr() to use DEFAULT_SEPARATOR.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22041)

show more ...

APPS: remove duplicate definition of `trace_data_stack`

Note: It seems like the C compiler doesn't care about the duplicate.
(The first definition is eight lines above.) The C++ compiler

APPS: remove duplicate definition of `trace_data_stack`

Note: It seems like the C compiler doesn't care about the duplicate.
(The first definition is eight lines above.) The C++ compiler however
didn't like it when I reused the tracing code snippets elsewhere.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22117)

show more ...

Fix new typos found by codespell

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fro

Fix new typos found by codespell

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22098)

show more ...

coveralls.yml: Improve coverage mapping and remove 1.1.1

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@o

coveralls.yml: Improve coverage mapping and remove 1.1.1

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22104)

show more ...

Fix a key repointing in various ciphers

In the dupctx fixups I missed a pointer that needed to be repointed to
the surrounding structures AES_KEY structure for the sm4/aes/aria
ccm/g

Fix a key repointing in various ciphers

In the dupctx fixups I missed a pointer that needed to be repointed to
the surrounding structures AES_KEY structure for the sm4/aes/aria
ccm/gcm variants. This caused a colliding use of the key and possible
use after free issues.

Fixes #22076

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22102)

show more ...

Fix regression in evp_test for provider compat CI

If we ignore the faliure to copy on an old fips provider, we need to use
ctx_base, rather than ctx

Fixes #22076

Review

Fix regression in evp_test for provider compat CI

If we ignore the faliure to copy on an old fips provider, we need to use
ctx_base, rather than ctx

Fixes #22076

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22102)

show more ...

Fix PKCS#12 creation error when certificate contains auxiliary data

Prefer friendly name passed by the caller and calculated local
key id to ones found in certificate auxiliary data when

Fix PKCS#12 creation error when certificate contains auxiliary data

Prefer friendly name passed by the caller and calculated local
key id to ones found in certificate auxiliary data when creating
PKCS#12.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21675)

show more ...

Store: API for deletion - documentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl

Store: API for deletion - documentation

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21901)

show more ...

Store: API for deletion - tests

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21

Store: API for deletion - tests

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21901)

show more ...

Store: API for deletion - make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Store: API for deletion - make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21901)

show more ...

Store: API for deletion

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21901)

Fix engine cleanup error handling

Error handling in engine_cleanup_add_first/last was
broken and caused memory leaks.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by

Fix engine cleanup error handling

Error handling in engine_cleanup_add_first/last was
broken and caused memory leaks.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21971)

show more ...

Remove use of _Static_assert

We had some use of the C11 _Static_assert feature which can cause some
problems on some platforms. Everywhere we were using it, it is not really
required

Remove use of _Static_assert

We had some use of the C11 _Static_assert feature which can cause some
problems on some platforms. Everywhere we were using it, it is not really
required so remove it.

Fixes #22017

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22091)

show more ...