Fix test/recipes/01-test_symbol_presence.t to allow for stripped libraries

It's a small change to the 'nm' call, to have it look at dynamic symbols
rather than the normal ones.

Fix test/recipes/01-test_symbol_presence.t to allow for stripped libraries

It's a small change to the 'nm' call, to have it look at dynamic symbols
rather than the normal ones.

Fixes #16810

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16822)

show more ...

feat: Add sm2 signature test case from GM/T 0003.5-2012

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://githu

feat: Add sm2 signature test case from GM/T 0003.5-2012

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16802)

show more ...

cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIO

Fixes #16787

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merg

cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIO

Fixes #16787

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16804)

show more ...

ctrl_params_translate: Fix leak of BN_CTX

Also add a missing allocation failure check.

Fixes #16788

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edli

ctrl_params_translate: Fix leak of BN_CTX

Also add a missing allocation failure check.

Fixes #16788

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16804)

show more ...

req: Do not warn about using stdin when generating new request

Fixes #16773

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16774)

Extend custom extension testing

Test the scenario where we add a custom extension to a cetificate
request and expect a response in the client's certificate message.

Reviewed-by:

Extend custom extension testing

Test the scenario where we add a custom extension to a cetificate
request and expect a response in the client's certificate message.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)

show more ...

New extensions can be sent in a certificate request

Normally we expect a client to send new extensions in the ClientHello,
which may be echoed back by the server in subsequent messages.

New extensions can be sent in a certificate request

Normally we expect a client to send new extensions in the ClientHello,
which may be echoed back by the server in subsequent messages. However the
server can also send a new extension in the certificate request message to
be echoed back in a certificate message

Fixes #16632

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)

show more ...

doc: OPENSSL_CORE_CTX should never be cast to OSSL_LIB_CTX

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16771)

Bugfix: unsafe return check of EVP_PKEY_fromdata

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openss

Bugfix: unsafe return check of EVP_PKEY_fromdata

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16783)

show more ...

Bugfix: unsafe return check of EVP_PKEY_fromdata_init

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@o

Bugfix: unsafe return check of EVP_PKEY_fromdata_init

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16783)

show more ...

Update gost-engine to the latest version

Update the gost-engine submodule to pick up the latest version
including fixes for the default security level of 2.

Reviewed-by: Dmitry

Update gost-engine to the latest version

Update the gost-engine submodule to pick up the latest version
including fixes for the default security level of 2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16760)

show more ...

Update document for default security level change

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16760)

Fix tests for new default security level

Fix tests that were expecting a default security level of 1 to work with
the new default of 2.

Reviewed-by: Dmitry Belyavskiy <beldmit@g

Fix tests for new default security level

Fix tests that were expecting a default security level of 1 to work with
the new default of 2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16760)

show more ...

Increase the default security level to 2

OTC voted to increase the security level from 1 to 2

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/

Increase the default security level to 2

OTC voted to increase the security level from 1 to 2

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16760)

show more ...

doc: document that property names are unique

Both queries and definitions only support each individual name appearing once.
It is an error to have a name appear more than once.

doc: document that property names are unique

Both queries and definitions only support each individual name appearing once.
It is an error to have a name appear more than once.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16716)

show more ...

test: add failure testing for property parsing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16716)

property: produce error if a name is duplicated

Neither queries nor definitions handle duplicated property names well.
Make having such an error.

Fixes #16715

Reviewed-

property: produce error if a name is duplicated

Neither queries nor definitions handle duplicated property names well.
Make having such an error.

Fixes #16715

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16716)

show more ...

Bindhost/bindport should be freed

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16775)

Fix unsafe BIO_get_md_ctx check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16768)

Fix heading in random generator man7 page

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Fix heading in random generator man7 page

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16753)

show more ...

apps/x509: Fix self-signed check to happen before setting issuer name

Fixes #16720

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

apps/x509: Fix self-signed check to happen before setting issuer name

Fixes #16720

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16747)

show more ...

s_socket.c: Avoid possible NULL pointer dereference

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://gi

s_socket.c: Avoid possible NULL pointer dereference

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16736)

show more ...

Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c

This replaces the AES-128-CBC-HMAC-SHA1 cipher with a
non-encrypting version for use the test suite.

[extended tests]

Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c

This replaces the AES-128-CBC-HMAC-SHA1 cipher with a
non-encrypting version for use the test suite.

[extended tests]

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16693)

show more ...

Remove OPENSSL_ia32cap overrides in various test scripts

The removed override was: OPENSSL_ia32cap=~0x200000200000000
which disables AESNI codepaths and PCLMULQDQ (useful for ghash).

Remove OPENSSL_ia32cap overrides in various test scripts

The removed override was: OPENSSL_ia32cap=~0x200000200000000
which disables AESNI codepaths and PCLMULQDQ (useful for ghash).
It is unclear why this was done, but it probably just hides bugs.

[extended tests]

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16693)

show more ...

Fix a memory leak in the afalg engine

Fixes: #16743

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16744)