DOCS: provider-keymgmt(7) - params for EVP_PKEY_get_default_digest_{name,nid}()

This describes them in detail in provider-keymgmt(7).

Reviewed-by: Matt Caswell <matt@openssl.org>

DOCS: provider-keymgmt(7) - params for EVP_PKEY_get_default_digest_{name,nid}()

This describes them in detail in provider-keymgmt(7).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20430)

show more ...

stream_frame_new(): Add missing allocation check

Reported by Marc Schönefeld.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Me

stream_frame_new(): Add missing allocation check

Reported by Marc Schönefeld.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)

show more ...

test_rstream_random(): Test adding final empty frame

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/opens

test_rstream_random(): Test adding final empty frame

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)

show more ...

Test new ossl_quic_rstream API calls

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Test new ossl_quic_rstream API calls

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)

show more ...

Improve the QUIC_RSTREAM implementation

Add API calls to avoid copying data when reading
These are ossl_quic_rstream_get_record() and
ossl_quic_rstream_release_record().

Add

Improve the QUIC_RSTREAM implementation

Add API calls to avoid copying data when reading
These are ossl_quic_rstream_get_record() and
ossl_quic_rstream_release_record().

Add side storage for the stream frame data.
When there are too many packets referenced by the
receiving stream the function ossl_quic_rstream_move_to_rbuf()
can be called to move the data to a ring buffer.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)

show more ...

VMS knows POSIX threads too!

include/internal/thread_arch.h didn't indicate this, now it does.

This also removes ossl_crypto_mem_barrier(), because we isn't used
anywhere, and d

VMS knows POSIX threads too!

include/internal/thread_arch.h didn't indicate this, now it does.

This also removes ossl_crypto_mem_barrier(), because we isn't used
anywhere, and doesn't build with compilers that don't support the GNU
extension __asm__.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20440)

show more ...

Improve the performance of EVP_PKCS82PKEY_ex

We can easily find out the keytype which should significantly improve
the performance of this function because we don't have to try every loa

Improve the performance of EVP_PKCS82PKEY_ex

We can easily find out the keytype which should significantly improve
the performance of this function because we don't have to try every loaded
decoder.

Partial fix for #20399

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20412)

show more ...

Test that there are no errors on the stack for rejected early data

If we reject early data then it is normal for decryption operations to
fail. We should ensure there are no spurious err

Test that there are no errors on the stack for rejected early data

If we reject early data then it is normal for decryption operations to
fail. We should ensure there are no spurious errors on the stack in that
case. This adds a test for that scenario.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20401)

show more ...

Remove spurious error queue entries on early data

Early data decryption is expected to fail sometimes. If it does we should
not leave spurious error entries on the queue.

Fixes

Remove spurious error queue entries on early data

Early data decryption is expected to fail sometimes. If it does we should
not leave spurious error entries on the queue.

Fixes #20377

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20401)

show more ...

Fix cast.

Fixes #20424

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Fix cast.

Fixes #20424

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20425)

show more ...

Add "make help" option

Based on kubernetes controller Makefile help.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fr

Add "make help" option

Based on kubernetes controller Makefile help.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20407)

show more ...

Fix typo in base provider example code


CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://g

Fix typo in base provider example code


CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20411)

show more ...

Tidy up aarch64 feature detection code in armcap.c

Make the SIGILL-based code easier to read, and don't use it on Apple Silicon.

Also fix "error: 'HWCAP(2)_*' macro redefined" warni

Tidy up aarch64 feature detection code in armcap.c

Make the SIGILL-based code easier to read, and don't use it on Apple Silicon.

Also fix "error: 'HWCAP(2)_*' macro redefined" warnings on FreeBSD.

Fixes #20188

Change-Id: I5618bbe9444cc40cb5705c6ccbdc331c16bab794

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20305)

show more ...

Coverity 1521557: Error handling issues

Check the return from DSA_set0_key and generate an error on failure.
Technically a false positive since the function always returns success.

Coverity 1521557: Error handling issues

Check the return from DSA_set0_key and generate an error on failure.
Technically a false positive since the function always returns success.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20409)

show more ...

Include supported branches in coveralls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.

Include supported branches in coveralls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20383)

show more ...

Bump coverallsapp/github-action from 1.2.3 to 1.2.4

Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.2.3 to 1.2.4.
- [Release notes](https://githu

Bump coverallsapp/github-action from 1.2.3 to 1.2.4

Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20417)

show more ...

Bump coverallsapp/github-action from 1.1.3 to 1.2.3

Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.1.3 to 1.2.3.
- [Release notes](https://githu

Bump coverallsapp/github-action from 1.1.3 to 1.2.3

Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.1.3 to 1.2.3.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/1.1.3...v1.2.3)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20405)

show more ...

Add fuzz test for v3name

v3name_fuzzer build modifications

create 99-test_fuzz_v3name_fuzzer.t

test corpus for cve-2023-0286

Reviewed-by: Kurt Roeckx <kurt@roeckx.

Add fuzz test for v3name

v3name_fuzzer build modifications

create 99-test_fuzz_v3name_fuzzer.t

test corpus for cve-2023-0286

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20274)

show more ...

Remove ossl_rsa_pss_params_30_set_maskgenalg().

This is an unused internal function. It should be added back
in if there is a need to set this value to something other than
NID_mgf1

Remove ossl_rsa_pss_params_30_set_maskgenalg().

This is an unused internal function. It should be added back
in if there is a need to set this value to something other than
NID_mgf1 (which is not likely).

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20321)

show more ...

Update AES documentation excluding AES SIV from the FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <

Update AES documentation excluding AES SIV from the FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20386)

show more ...

Remove AES SIV ciphers from the FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.

Remove AES SIV ciphers from the FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20386)

show more ...

Don't do AES SIV tests with the FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.

Don't do AES SIV tests with the FIPS provider

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20386)

show more ...

Ensure we use a non-zero time for tickets in early data

Our tests run so quickly that the ticket age is virtually zero. This may
not show up problems in the age calculations, so we artif

Ensure we use a non-zero time for tickets in early data

Our tests run so quickly that the ticket age is virtually zero. This may
not show up problems in the age calculations, so we artificially add some
age to the tickets in some runs.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20387)

show more ...

Fix early_data age calculation

The ticket_age/age_add values use ms granualarity. We were incorrectly
treating them as seconds and so the ticket was always being rejected for
early d

Fix early_data age calculation

The ticket_age/age_add values use ms granualarity. We were incorrectly
treating them as seconds and so the ticket was always being rejected for
early data. We also clarify a comment which could have been the source of
the confusion.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20387)

show more ...

Fix FFC mdprop setting bugs.

Coverage testing showed that ossl_ffc_params_fromdata() was not setting
OSSL_PKEY_PARAM_FFC_DIGEST_PROPS.
Adding a negative test also showed that ossl_ff

Fix FFC mdprop setting bugs.

Coverage testing showed that ossl_ffc_params_fromdata() was not setting
OSSL_PKEY_PARAM_FFC_DIGEST_PROPS.
Adding a negative test also showed that ossl_ffc_params_copy() did not
do a shallow copy of the digest or digest property.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20385)

show more ...