Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()

ASN1_item_d2i_bio(): Do not report errors in queue on BIO input being NULL

Reviewed-by: Tomas Mraz <tomas@

Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()

ASN1_item_d2i_bio(): Do not report errors in queue on BIO input being NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15147)

show more ...

A few cleanups of the provider build.infos

Remove a TODO that is no longer relevant and
drop some more non-fips sources from the fips checksums.

Reviewed-by: Paul Dale <pauli@op

A few cleanups of the provider build.infos

Remove a TODO that is no longer relevant and
drop some more non-fips sources from the fips checksums.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15191)

show more ...

Allow arbitrary digests with ECDSA and DSA

Unless the FIPS security check is enabled we allow arbitrary digests
with ECDSA and DSA.

Fixes #14696

Reviewed-by: Paul Dale

Allow arbitrary digests with ECDSA and DSA

Unless the FIPS security check is enabled we allow arbitrary digests
with ECDSA and DSA.

Fixes #14696

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15220)

show more ...

apps: make list -help not continue with listing

All the commands return after printing their help. List doesn't.
This brings them in line.

Reviewed-by: Tim Hudson <tjh@openssl.

apps: make list -help not continue with listing

All the commands return after printing their help. List doesn't.
This brings them in line.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15211)

show more ...

apps: change list command to only list fetchable algorithms.

The -propquery option will work with this change. By default the output will
be the same.

Also address some inconsi

apps: change list command to only list fetchable algorithms.

The -propquery option will work with this change. By default the output will
be the same.

Also address some inconsistencies in the code with respects to error checking.

Fixes #15196

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15211)

show more ...

encoder: add a _name() function for encoders and decoders

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15211)

doc: document the encoder and decoder name functions

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15211)

Checksum update

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

property: add test case for setting default user properties before fetching

Shamelessly culled from #15218.

Co-authored-by: Dr Paul Dale <pauli@openssl.org>

Reviewed-by: Ti

property: add test case for setting default user properties before fetching

Shamelessly culled from #15218.

Co-authored-by: Dr Paul Dale <pauli@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15222)

show more ...

property: create property names more eagerly.

User defined property names were not created before the first fetch. The
rationale for this was to only maintain the user names defined by

property: create property names more eagerly.

User defined property names were not created before the first fetch. The
rationale for this was to only maintain the user names defined by providers.
This was intended to prevent malicious memory use attacks.

Not being able to specify a default query before the first fetch is wrong. This
changes the behaviour of the property query parsing to always create property
names.

Fixes #15218

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15222)

show more ...

Run-checker converted to GitHub Actions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)

coveralls: fix comment to indicate daily not weekly

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)

Add OID for RPKI id-ct-signedChecklist

References: draft-ietf-sidrops-rpki-rsc - Resource Public Key Infrastructure
(RPKI) object profile for Signed Checklist (RSC)

OID listed u

Add OID for RPKI id-ct-signedChecklist

References: draft-ietf-sidrops-rpki-rsc - Resource Public Key Infrastructure
(RPKI) object profile for Signed Checklist (RSC)

OID listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

CLA: Trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15207)

show more ...

find-doc-nits fix courtesy Rich Salz

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from ht

find-doc-nits fix courtesy Rich Salz

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11481)

show more ...

use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by:

use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11481)

show more ...

Checksum update

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>

evp: fix return code check.

The return from evp_do_md_getparams() is 0 for failure and -1 for not being
a provided algorithm. The code in evp_md_cache_constants() failed to check
th

evp: fix return code check.

The return from evp_do_md_getparams() is 0 for failure and -1 for not being
a provided algorithm. The code in evp_md_cache_constants() failed to check
the return code properly. In this case it was harmless but better to fix it.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15208)

show more ...

coverity: fix 1484542 dereference after null check

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/

coverity: fix 1484542 dereference after null check

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15208)

show more ...

coverity: fix 1484540 resource leak

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15

coverity: fix 1484540 resource leak

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15208)

show more ...

coverity: fix 1484539 resource leak

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15

coverity: fix 1484539 resource leak

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15208)

show more ...

80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!

This now correctly fixes #14966.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl

80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!

This now correctly fixes #14966.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15217)

show more ...

Fix missing $CPUIDDEF in libdefault.a

This fixes a build error caused by missing $CPUIDDEF when
compiling libdefault.a, and some functions(like armv8_aes_gcm_encrypt)
become undefine

Fix missing $CPUIDDEF in libdefault.a

This fixes a build error caused by missing $CPUIDDEF when
compiling libdefault.a, and some functions(like armv8_aes_gcm_encrypt)
become undefined.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15215)

show more ...

Update FIPS checksums

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)

Exclude child provider code from the FIPS module

We don't need the child provider code in the FIPS module so we exclude
it.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merge

Exclude child provider code from the FIPS module

We don't need the child provider code in the FIPS module so we exclude
it.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)

show more ...

Update documentation following addition of OSSL_LIB_CTX_new_child()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)