Modified OSSL_parse_url to initialize pport_num to 0.

This change is intended to provide some safety for uninitialized stack failures
that have appeared in 80-test_cmp_http on NonStop x8

Modified OSSL_parse_url to initialize pport_num to 0.

This change is intended to provide some safety for uninitialized stack failures
that have appeared in 80-test_cmp_http on NonStop x86 when run in a complex
CI/CD Jenkins environment. This change also adds init_pint() to handle the
initialization of a pointer to int value.

Fixes: #21083

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21109)

(cherry picked from commit 45cd2554efc82f8959b4e8ac53bc419b4d5e195a)

show more ...

quicapitest: Fix SSL_trace() test on big endian platforms

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/op

quicapitest: Fix SSL_trace() test on big endian platforms

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)

show more ...

ossl_quic_wire_encode_pkt_hdr(): Assign ptrs only on static buf wpkt

Pointers can be invalidated when the underlying BUF_MEM grows.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

ossl_quic_wire_encode_pkt_hdr(): Assign ptrs only on static buf wpkt

Pointers can be invalidated when the underlying BUF_MEM grows.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)

show more ...

Bump coverallsapp/github-action from 2.2.0 to 2.2.1

Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.2.0 to 2.2.1.
- [Release notes](https://githu

Bump coverallsapp/github-action from 2.2.0 to 2.2.1

Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21454)

show more ...

Bump actions/setup-python from 4.6.1 to 4.7.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setu

Bump actions/setup-python from 4.6.1 to 4.7.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21455)

show more ...

Add FIPS build instructions

If you are building the latest release source code with enable-fips configured
then the FIPS provider you are using is not likely to be FIPS compliant.

Add FIPS build instructions

If you are building the latest release source code with enable-fips configured
then the FIPS provider you are using is not likely to be FIPS compliant.

This update demonstrates how to build a FIPS provider that is compliant
and use it with the latest source code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20907)

show more ...

Move Keccak rhotates tables to rodata

rhotates tables are placed to .text section which confuses tools such as BOLT.
Move them to rodata to unbreak and avoid polluting icache/iTLB with d

Move Keccak rhotates tables to rodata

rhotates tables are placed to .text section which confuses tools such as BOLT.
Move them to rodata to unbreak and avoid polluting icache/iTLB with data.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21440)

show more ...

Add a NEWS entry covering the FIPS related changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@or

Add a NEWS entry covering the FIPS related changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21386)

(cherry picked from commit dfc4b6c93b99f6666cd958c5643a24bb6edff7b7)

show more ...

Changes to resolve symbol conflict due to gf_mul

CLA: trivial

Changed names of internal functions to resolve symbol conflict when Openssl is used with intel/ISA-L.

Reviewed

Changes to resolve symbol conflict due to gf_mul

CLA: trivial

Changed names of internal functions to resolve symbol conflict when Openssl is used with intel/ISA-L.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21421)

show more ...

use '__builtin_expect' to improve EVP_EncryptUpdate performance for gcc/clang.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Revi

use '__builtin_expect' to improve EVP_EncryptUpdate performance for gcc/clang.

Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21425)

show more ...

EVP_PKEY_{en,de}capsulate.pod: fix glitches and add some detail and hints

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David vo

EVP_PKEY_{en,de}capsulate.pod: fix glitches and add some detail and hints

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21397)

show more ...

Add more fixes for WebAssembly/WASI build

* force use timegm - WASI does not have timezone tables
* use basic implementation for `OPENSSL_issetugid()` - WASI doesn't support forking proc

Add more fixes for WebAssembly/WASI build

* force use timegm - WASI does not have timezone tables
* use basic implementation for `OPENSSL_issetugid()` - WASI doesn't support forking processes

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21389)

show more ...

Add an SSL BIO test for QUIC

We create an SSL BIO using a QUIC based SSL_CTX and then use that BIO
to create a connection and read/write data from streams.

Reviewed-by: Paul Dal

Add an SSL BIO test for QUIC

We create an SSL BIO using a QUIC based SSL_CTX and then use that BIO
to create a connection and read/write data from streams.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21367)

show more ...

Fix no-srtp build failure

SRTP related functions aren't available when built with no-srtp.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.co

Fix no-srtp build failure

SRTP related functions aren't available when built with no-srtp.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21412)

show more ...

Fix test_quic_write_read()

Fix the "test 2" case of test_quic_write_read(). It is intended to be run
in blocking mode.

The result of a bad interaction between #21087 and #21332

Fix test_quic_write_read()

Fix the "test 2" case of test_quic_write_read(). It is intended to be run
in blocking mode.

The result of a bad interaction between #21087 and #21332

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21409)

show more ...

CMP: support specifying certificate to be revoked via issuer and serial number

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed

CMP: support specifying certificate to be revoked via issuer and serial number

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21116)

show more ...

QUIC APL: Tick on SSL_read failure in non-blocking mode

...

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <

QUIC APL: Tick on SSL_read failure in non-blocking mode

...

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21381)

show more ...

Edit question template to direct users to GH Discussions

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Pau

Edit question template to direct users to GH Discussions

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21393)

show more ...

fips: make installations FIPS compliant by default

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/op

fips: make installations FIPS compliant by default

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21363)

show more ...

QUIC err handling: Add multi-stream test

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(M

QUIC err handling: Add multi-stream test

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)

show more ...

Test OSSL_ERR_STATE_save/restore()

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged

Test OSSL_ERR_STATE_save/restore()

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)

show more ...

QUIC err handling: Save and restore error state

We save the error state from the thread that encountered
a permanent error condition caused by system or internal
error to the QUIC_CH

QUIC err handling: Save and restore error state

We save the error state from the thread that encountered
a permanent error condition caused by system or internal
error to the QUIC_CHANNEL.

Then we restore it whenever we are returning to a user
call when protocol is shutdown.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)

show more ...

QUIC err handling: Properly report network errors

We return SSL_ERROR_SYSCALL when network error is encountered.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Lan

QUIC err handling: Properly report network errors

We return SSL_ERROR_SYSCALL when network error is encountered.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)

show more ...

QUIC: Fix multistream script 19 stochastic test failure

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/opens

QUIC: Fix multistream script 19 stochastic test failure

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21379)

show more ...

Remove unused internal functions
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/opens

Remove unused internal functions
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21329)

show more ...