Update documentation for global properties mirroring

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

Ensure mirroring of properties works for subsequent updates

If the global properties are updated after a provider with a child libctx
has already started we need to make sure those updat

Ensure mirroring of properties works for subsequent updates

If the global properties are updated after a provider with a child libctx
has already started we need to make sure those updates are mirrored in
that child.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

show more ...

Documentation updates for mirroring of global properties

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

Test that properties are mirrored as we expect

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

Add a callback for providers to know about global properties changes

Where a child libctx is in use it needs to know what the current global
properties are.

Reviewed-by: Paul Da

Add a callback for providers to know about global properties changes

Where a child libctx is in use it needs to know what the current global
properties are.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

show more ...

Add a test for converting a property list to a string

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

Implement the ability to convert a PROPERTY_LIST to a string

We have the ability to parse a string into a PROPERTY_LIST already. Now
we have the ability to go the other way.

Rev

Implement the ability to convert a PROPERTY_LIST to a string

We have the ability to parse a string into a PROPERTY_LIST already. Now
we have the ability to go the other way.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

show more ...

todo: remove TODO(3.0) from the sources.

Almost all were notes about wanting to deprecate CTRLs/utility functions.

Fixes #15325

Reviewed-by: Tomas Mraz <tomas@openssl.org>

todo: remove TODO(3.0) from the sources.

Almost all were notes about wanting to deprecate CTRLs/utility functions.

Fixes #15325

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15328)

show more ...

Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.

This confirms that another merge has addressed this issue.

Fixes #14996

Revie

Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.

This confirms that another merge has addressed this issue.

Fixes #14996

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15303)

show more ...

Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"

This reverts commit da51566b256e0c0536d5b986e676863b0526bf5e.

Fixes #15321

Reviewed-by: Tim H

Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"

This reverts commit da51566b256e0c0536d5b986e676863b0526bf5e.

Fixes #15321

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15364)

show more ...

Add migration guide for 3.0

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14710)

Update SSL_new_session_ticket() manual for triggered send

Document the recently added functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com

Update SSL_new_session_ticket() manual for triggered send

Document the recently added functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)

show more ...

Test new SSL_new_session_ticket() functionality

Now that we can become "in init" directly after the call, test the
various scenarios where explicit SSL_do_handshake() calls can come

Test new SSL_new_session_ticket() functionality

Now that we can become "in init" directly after the call, test the
various scenarios where explicit SSL_do_handshake() calls can come
into play.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)

show more ...

Let SSL_new_session_ticket() enter init immediately

The initial implementation always deferred the generation of the
requested ticket(s) until the next application write, but this
is

Let SSL_new_session_ticket() enter init immediately

The initial implementation always deferred the generation of the
requested ticket(s) until the next application write, but this
is not a great fit for what it actually does, architecturally wise.
A request to send a session ticket means entering back into the
handshake state machine (or "in init", as it's known in the
implementation). The state machine transition is not something that
only occurs at an application-data write, and in general could occur at
any time. The only constraint is that we can't enter "init" while in
the middle of writing application data. In such cases we will need to
wait until the next TLS record boundary to enter the state machine,
as is currently done.

However, there is no reason why we cannot enter the handshake state
machine immediately in SSL_new_session_ticket() if there are no
application writes pending. Doing so provides a cleaner API surface to
the application, as then calling SSL_do_handshake() suffices to drive
the actual ticket generation. In the previous state of affairs a dummy
zero-length SSL_write() would be needed to trigger the ticket
generation, which is a logical mismatch in the type of operation being
performed.

This commit should only change whether SSL_do_handshake() vs zero-length
SSL_write() is needed to immediately generate a ticket after the
SSL_new_session_ticket() call -- the default behavior is still to defer
the actual write until there is other application data to write, unless
the application requests otherwise.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)

show more ...

danetest.c: Improve code formatting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

X509 build_chain(): Fix two potential memory leaks on issuer variable

This also removes an inadequate guard: if (num == ctx->num_untrusted)

Reviewed-by: Tomas Mraz <tomas@openssl.or

X509 build_chain(): Fix two potential memory leaks on issuer variable

This also removes an inadequate guard: if (num == ctx->num_untrusted)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

show more ...

X509 build_chain(): Make the variable 'curr' local to the loop body

This increases readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from http

X509 build_chain(): Make the variable 'curr' local to the loop body

This increases readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

show more ...

X509 build_chain(): Rename variable 'depth' to 'max_depth'

This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

X509 build_chain(): Rename variable 'depth' to 'max_depth'

This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

show more ...

X509 build_chain(): Restrict scope of 'self_signed' variable

This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https

X509 build_chain(): Restrict scope of 'self_signed' variable

This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

show more ...

Make apps/progs.pl not look at apps/progs.c

apps/progs.pl will have apps/progs.c as output, and on some systems,
the output file of a program is locked against reading.
Unfortunately

Make apps/progs.pl not look at apps/progs.c

apps/progs.pl will have apps/progs.c as output, and on some systems,
the output file of a program is locked against reading.
Unfortunately, apps/progs.c is also part of the sources that make up
apps/openssl, so it's necessary to mark that file in a way that makes
progs.pl skip over it.

Fortunately, this is easily done with a special attribute in
apps/build.info and a simple adaptation of apps/progs.pl.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)

show more ...

build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)

speed: Document the deficiencies of the command

Fixes #7032

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15330)

80-test_cms.t: Disable new tests for binary input in Windows

This is a quick workaround for #15347.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/op

80-test_cms.t: Disable new tests for binary input in Windows

This is a quick workaround for #15347.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15351)

show more ...

apps/list: Remove obsolete -missing-help option

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl

apps/list: Remove obsolete -missing-help option

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)

show more ...