Fix the checks of X509_LOOKUP_* functions

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/opens

Fix the checks of X509_LOOKUP_* functions

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18400)

show more ...

Fix the checks of X509_REVOKED_add1_ext_i2d

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope

Fix the checks of X509_REVOKED_add1_ext_i2d

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18400)

show more ...

crypto/http/http_client.c: Add the check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(), it should
be better to check the return value and return error if fails.

crypto/http/http_client.c: Add the check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(), it should
be better to check the return value and return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18624)

show more ...

rsa: fix bn_reduce_once_in_place call for rsaz_mod_exp_avx512_x2

bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size
is moduli bit size.

Fixes #18625.

rsa: fix bn_reduce_once_in_place call for rsaz_mod_exp_avx512_x2

bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size
is moduli bit size.

Fixes #18625.

Signed-off-by: Xi Ruoyao <xry111@xry111.site>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18626)

show more ...

Add ROTATE inline asm support for SM3

And move ROTATE inline asm to header.

Now this benefits SM3, SHA (when with Zbb only and no Zknh)
and other hash functions

Reviewe

Add ROTATE inline asm support for SM3

And move ROTATE inline asm to header.

Now this benefits SM3, SHA (when with Zbb only and no Zknh)
and other hash functions

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18287)

show more ...

Add SM3 implementation in RISC-V Zksh asm

This works for both RV32 and RV64

Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>

Reviewed-by: Paul Dale <pauli@openssl.or

Add SM3 implementation in RISC-V Zksh asm

This works for both RV32 and RV64

Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18287)

show more ...

Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17937)

show more ...

Optimize chacha20 on aarch64 by SVE2

This patch improves existing chacha20 SVE patch by using SVE2,
which is an optional architecture feature of aarch64, with XAR
instruction that ca

Optimize chacha20 on aarch64 by SVE2

This patch improves existing chacha20 SVE patch by using SVE2,
which is an optional architecture feature of aarch64, with XAR
instruction that can improve the performance of chacha20.

Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18522)

show more ...

test/v3nametest.c: Add check for OPENSSL_malloc

As the potential failure of the OPENSSL_malloc(),
it should be better to add the check and return
error if fails.

Signed-off-

test/v3nametest.c: Add check for OPENSSL_malloc

As the potential failure of the OPENSSL_malloc(),
it should be better to add the check and return
error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18573)

show more ...

test/evp_test.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

Sign

test/evp_test.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18592)

show more ...

Improve diagnostics on setting groups

- If keymgmmt is not available, it's not an error but the error message
persists in stack
- when setting groups, it's worth saying which group

Improve diagnostics on setting groups

- If keymgmmt is not available, it's not an error but the error message
persists in stack
- when setting groups, it's worth saying which group is not available
Fixes #18585

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18591)

show more ...

Add test cases for verification of time stamping certificates

Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and accor

Add test cases for verification of time stamping certificates

Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and according to CAB forum (keyUsage
extension must be digitalSignature and be set critical) are accepted. Misuse
cases as stated in CAB forum are rejected, only exeption is a missing
"critial" flag on keyUsage.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18597)

show more ...

apps/s_server.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

Sign

apps/s_server.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18595)

show more ...

crypto/x509/by_store.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

crypto/x509/by_store.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18593)

show more ...

doc: document the new internal time API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

doc: document the new internal time API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)

show more ...

ssl: expose the get time function internally

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/

ssl: expose the get time function internally

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)

show more ...

test: add priority queue unit test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)

doc: priority queue documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)

build.info changes for priority queue

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18

build.info changes for priority queue

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)

show more ...

add priority queue implementation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)

Add dgram API discussion

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18210)

Update CHANGES.md and NEWS.md for new release

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes

c_rehash: Drop the issuer_name_hash= prefix from the CRL hash

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Fix file operations in c_rehash.

CVE-2022-2068

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

providers/implementations/exchange/kdf_exch.c: fix unavailable SIZE_MAX

SIZE_MAX is used in a recent fix of this file, but without including
internal/numbers.h, so that macro ends up not

providers/implementations/exchange/kdf_exch.c: fix unavailable SIZE_MAX

SIZE_MAX is used in a recent fix of this file, but without including
internal/numbers.h, so that macro ends up not existing on some platforms,
resulting in build failures.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18605)

show more ...