Fix a typo found by codespell in a variable name

The change is limited to a single C file.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Rich

Fix a typo found by codespell in a variable name

The change is limited to a single C file.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20912)

show more ...

restrict rsaBITS algorithm name check in speed

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl

restrict rsaBITS algorithm name check in speed

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20898)

show more ...

CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFO

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlan

CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFO

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)

show more ...

CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)

Fixes #20031

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.o

CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)

Fixes #20031

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)

show more ...

Fix a typo found by codespell in a Makefile variable

I have no experience with building on Windows, so I don't know the
effect of fixing this typo. I guess that this will fix a bug at wo

Fix a typo found by codespell in a Makefile variable

I have no experience with building on Windows, so I don't know the
effect of fixing this typo. I guess that this will fix a bug at worst.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20911)

show more ...

DLTS → DTLS

Fix a typo that is confusing for newcomers.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Revi

DLTS → DTLS

Fix a typo that is confusing for newcomers.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20909)

show more ...

Fix memory leak in engine_cleanup_add_first()

Fixes #20870

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas M

Fix memory leak in engine_cleanup_add_first()

Fixes #20870

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20880)

show more ...

aes-gcm-armv8_64 asm support bigdian

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

aes-gcm-armv8_64 asm support bigdian

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20489)

(cherry picked from commit 32344a74b7ee2693a5bfda361c40ec60ab5be624)

show more ...

Fix stack use-after-free in QUIC

When running test_quicapi on master on a Fedora 38 with santizier, a stack
use-after-free is reported:

```
75-test_quicapi.t ..
========

Fix stack use-after-free in QUIC

When running test_quicapi on master on a Fedora 38 with santizier, a stack
use-after-free is reported:

```
75-test_quicapi.t ..
=================================================================
==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550
READ of size 8 at 0x03ffa22a2961 thread T0
#0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c)
#1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221
#2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813
#3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957
#4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290
#5 0x113d797 in read_state_machine ssl/statem/statem.c:712
#6 0x113d797 in state_machine ssl/statem/statem.c:478
#7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669
#8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717
#9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296
#10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79
#11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160
#12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273
#13 0x102b81d in test_quic_write_read test/quicapitest.c:54
#14 0x12035a9 in run_tests test/testutil/driver.c:370
#15 0x1013203 in main test/testutil/main.c:30
#16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
#17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
#18 0x101efb9 (/root/openssl/test/quicapitest+0x101efb9) (BuildId: 075e387adf6d0032320aaa18061f13e9565ab481)
Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame
#0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49
This frame has 1 object(s):
[32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy
Shadow bytes around the buggy address:
0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28379==ABORTING
../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1
not ok 1 - running quicapitest
```

Fix this be making the protocols to select static constants and thereby moving
them out of the stack frame of the callback function.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20904)

show more ...

Update the corpora submodule

We update the corpora submodule to include a fuzz testcase for the conf
timeout.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hud

Update the corpora submodule

We update the corpora submodule to include a fuzz testcase for the conf
timeout.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20839)

show more ...

Prevent a fuzzing timeout in the conf fuzzer

The fuzzer was creating a config file with large numbers of includes
which are expensive to process. However this should not cause a security

Prevent a fuzzing timeout in the conf fuzzer

The fuzzer was creating a config file with large numbers of includes
which are expensive to process. However this should not cause a security
issue, and should never happen in normal operation so we can ignore it.

Fixes ossfuzz issue 57718.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20839)

show more ...

Don't attempt a QUIC connection without specifying ALPN

ALPN is required for a successful QUIC connection, so do not allow the
-quic option for s_client without -alpn

Reviewed-b

Don't attempt a QUIC connection without specifying ALPN

ALPN is required for a successful QUIC connection, so do not allow the
-quic option for s_client without -alpn

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)

show more ...

Add some documentation for the new QUIC mode in s_client

Also mentions the new FIN command in s_client advance mode

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: T

Add some documentation for the new QUIC mode in s_client

Also mentions the new FIN command in s_client advance mode

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)

show more ...

Add the ability to send FIN on a QUIC stream from s_client

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/op

Add the ability to send FIN on a QUIC stream from s_client

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)

show more ...

Add QUIC support to s_client

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)

remove unused macro in common.h

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from ht

remove unused macro in common.h

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20881)

show more ...

Revert "win-onecore: Build with /APPCONTAINER for UWP compat"
This reverts commit 2c61a670ebf2f1923a3bd2ef0ee4b2fa6261eaeb.

Not all OneCore based SKUs (or editions) of Windows (Server, X

Revert "win-onecore: Build with /APPCONTAINER for UWP compat"
This reverts commit 2c61a670ebf2f1923a3bd2ef0ee4b2fa6261eaeb.

Not all OneCore based SKUs (or editions) of Windows (Server, XBOX, etc) require /APPCONTAINER. The /APPCONTAINER link option is only relevant for Universal Windows Platform (UWP) apps for which there are already dedicated configurations (VC-WIN32-UWP, VC-WIN64A-UWP, etc) where the /APPCONTAINER link option is added.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20872)

show more ...

Fix the padlock engine

... after it was broken for almost 5 years,
since the first 1.1.1 release.
Note: The last working version was 1.1.0l release.

Fixes #20073

Re

Fix the padlock engine

... after it was broken for almost 5 years,
since the first 1.1.1 release.
Note: The last working version was 1.1.0l release.

Fixes #20073

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20146)

show more ...

Add libctx to x931 keygen.

Added coverage test that failed without the change.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewe

Add libctx to x931 keygen.

Added coverage test that failed without the change.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19677)

show more ...

Extend the min/max protocol testing

Add more test cases and ensure we test DTLS and QUIC too

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org

Extend the min/max protocol testing

Add more test cases and ensure we test DTLS and QUIC too

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)

show more ...

Be more accurate about what we accept as a valid DTLS version

We accepted more version numbers as valid DTLS then we really should do.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Be more accurate about what we accept as a valid DTLS version

We accepted more version numbers as valid DTLS then we really should do.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)

show more ...

Update the min/max proto function documentation for QUIC

These functions do nothing if used with a QUIC object, so we document
this behaviour.

Reviewed-by: Tim Hudson <tjh@opens

Update the min/max proto function documentation for QUIC

These functions do nothing if used with a QUIC object, so we document
this behaviour.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)

show more ...

25-test_x509.t: test dots in CA file path

Test whether dots in the CA file path breaks the default CA serial
number file path.

Tests for:
- https://github.com/openssl/open

25-test_x509.t: test dots in CA file path

Test whether dots in the CA file path breaks the default CA serial
number file path.

Tests for:
- https://github.com/openssl/openssl/issues/6203
- https://github.com/openssl/openssl/issues/6489
- https://github.com/openssl/openssl/pull/6566
- https://github.com/openssl/openssl/issues/10442

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20873)

show more ...

feature: openssl req -verify output to stderr instead of stdout #20728

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https:

feature: openssl req -verify output to stderr instead of stdout #20728

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20858)

show more ...

Fix broken links on asym_cipher manpages

Links were missing starting tags

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
R

Fix broken links on asym_cipher manpages

Links were missing starting tags

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20729)

show more ...