OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated

A zero BIGNUM contains zero bytes, while OSSL_PARAMs with an INTEGER (or
UNSIGNED INTEGER) data type are expected to have

OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated

A zero BIGNUM contains zero bytes, while OSSL_PARAMs with an INTEGER (or
UNSIGNED INTEGER) data type are expected to have at least one data byte
allocated, containing a zero. This wasn't handled correctly.

Fixes #20011

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)

show more ...

In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1

This way, we guarantee that a zero is represented with one byte of data
that's set to zero.

Reviewed-by:

In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1

This way, we guarantee that a zero is represented with one byte of data
that's set to zero.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)

show more ...

test/param_build_test.c: test zero BIGNUM

We also add tests where the zero bignum is the only parameter, to test what
that does with the allocated blocks that the OSSL_PARAM_BLD function

test/param_build_test.c: test zero BIGNUM

We also add tests where the zero bignum is the only parameter, to test what
that does with the allocated blocks that the OSSL_PARAM_BLD functionality
handles.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)

show more ...

Add empty migration guide for 3.1

Fixes #19953

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom

Add empty migration guide for 3.1

Fixes #19953

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20008)

show more ...

Doc: Update history section of EC_GROUP API's.

Fixes #8630

The remaining functions are at least as old as 0.9.8 so it is
not worth documenting this.

Reviewed-by: Nicola

Doc: Update history section of EC_GROUP API's.

Fixes #8630

The remaining functions are at least as old as 0.9.8 so it is
not worth documenting this.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19956)

show more ...

Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from http

Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19962)

show more ...

info.c: Fix typos in seed macro name and description string

Fixes: #19996

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@open

info.c: Fix typos in seed macro name and description string

Fixes: #19996

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20001)

show more ...

rsaz_exp_x2.c: Remove unused ALIGN64 macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/p

rsaz_exp_x2.c: Remove unused ALIGN64 macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)

show more ...

rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasing

Fixes #19584

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>

rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasing

Fixes #19584

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)

show more ...

Revert "Fix an occasional CI failure due to unaligned access"

This reverts commit 8511520842b744d1794ea794c032ce5f78cd874b.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-b

Revert "Fix an occasional CI failure due to unaligned access"

This reverts commit 8511520842b744d1794ea794c032ce5f78cd874b.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)

show more ...

Fix SM4 test failures on big-endian ARM processors

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@

Fix SM4 test failures on big-endian ARM processors

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19910)

show more ...

remove extra define for __NR_getrandom and add some comments

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Hugo Landau <hlandau@o

remove extra define for __NR_getrandom and add some comments

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19985)

show more ...

Write SSL_R alerts to error state to keep updated strings

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

Write SSL_R alerts to error state to keep updated strings

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19950)

show more ...

80-test_cms.t: Fix rsapssSaltlen check on MinGW

Fixes #19907

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from h

80-test_cms.t: Fix rsapssSaltlen check on MinGW

Fixes #19907

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19957)

show more ...

25-test_pkcs8.t: Make text comparison ignore extra CR characters

This is needed to pass the test on MinGW.

Fixes #19921

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>

25-test_pkcs8.t: Make text comparison ignore extra CR characters

This is needed to pass the test on MinGW.

Fixes #19921

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19957)

show more ...

Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.

Fixes #9205

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(

Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.

Fixes #9205

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19954)

show more ...

Fixed typos in documentation and comments

Fixed typo: accomodate -> accommodate
Fixed typo: analagous -> analogous
Fixed typo: auxilliary -> auxiliary
Fixed typo: eigth -> eighth

Fixed typos in documentation and comments

Fixed typo: accomodate -> accommodate
Fixed typo: analagous -> analogous
Fixed typo: auxilliary -> auxiliary
Fixed typo: eigth -> eighth
Fixed typo: explotation -> exploitation
Fixed typo: originaly -> originally
Fixed typo: simplier -> simpler
Fixed typo: sucessful -> successful
Fixed typo: recievers -> receivers

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19977)

show more ...

Bump actions/setup-python from 4.3.1 to 4.4.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setu

Bump actions/setup-python from 4.3.1 to 4.4.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.1...v4.4.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19961)

show more ...

INSTALL.md: Remove trailing space

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/

INSTALL.md: Remove trailing space

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19960)

show more ...

Support multibin to allow multiple binary models to co-exist.

This change parallels the implementation of multilib and initially
only applies to the NonStop platform's DLL loader limitat

Support multibin to allow multiple binary models to co-exist.

This change parallels the implementation of multilib and initially
only applies to the NonStop platform's DLL loader limitations.

Fixes: #16460

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16472)

show more ...

Docs: Move deprecated ECDSA_ functions into a separate file.

Fixes #19829

Examples added for setting/getting ECDSA SIG related r and s values

Reviewed-by: Hugo Landau <hlan

Docs: Move deprecated ECDSA_ functions into a separate file.

Fixes #19829

Examples added for setting/getting ECDSA SIG related r and s values

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19936)

show more ...

Change HKDF to alloc the info buffer.

Fixes #19909

I have enforced a maximum bound still but it is much higher.
Note also that TLS13 still uses the 2048 buffer size.

Re

Change HKDF to alloc the info buffer.

Fixes #19909

I have enforced a maximum bound still but it is much higher.
Note also that TLS13 still uses the 2048 buffer size.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19923)

show more ...

ssl3_mac(): Fix possible divide by zero bug

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gith

ssl3_mac(): Fix possible divide by zero bug

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19912)

show more ...

ec_kmgmt.c: check the return of BN_CTX_get() in time.

If x and y are all NULL, then it is unnecessary to do subsequent operations.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com

ec_kmgmt.c: check the return of BN_CTX_get() in time.

If x and y are all NULL, then it is unnecessary to do subsequent operations.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19905)

show more ...

INSTALL.md: Fix typo

CLA:trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org

INSTALL.md: Fix typo

CLA:trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19882)

show more ...