Skip newly added blocked OAEP SHAKE testcases with old fips providers

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://gith

Skip newly added blocked OAEP SHAKE testcases with old fips providers

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24529)

show more ...

Remove the dead store in EVP_DecryptFinal_ex

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas M

Remove the dead store in EVP_DecryptFinal_ex

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24526)

show more ...

[Docs] SSL_*_use will increment reference counter

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope

[Docs] SSL_*_use will increment reference counter

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24520)

show more ...

enable AES-XTS optimization for AIX

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

enable AES-XTS optimization for AIX

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24518)

show more ...

cmp_hdr_test.c: Fix leaks in error cases

Fixes #24475

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com

cmp_hdr_test.c: Fix leaks in error cases

Fixes #24475

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24511)

show more ...

uefi: move variables

Fixes "unused variable" warnings with OPENSSL_SYS_UEFI.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>

uefi: move variables

Fixes "unused variable" warnings with OPENSSL_SYS_UEFI.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24459)

show more ...

uefi: add typedef for uintptr_t

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Rev

uefi: add typedef for uintptr_t

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24459)

show more ...

Fix potential memory leak in OSSL_IETF_ATTR_SYNTAX_add1_value()

The function may leak memory if it deals with an unknown type.
Issue reported by LuMingYinDetect.

Fixes #24452

Fix potential memory leak in OSSL_IETF_ATTR_SYNTAX_add1_value()

The function may leak memory if it deals with an unknown type.
Issue reported by LuMingYinDetect.

Fixes #24452

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24454)

show more ...

CHANGES.md: add an entry about newly deprecated time-related functions

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewe

CHANGES.md: add an entry about newly deprecated time-related functions

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24307)

show more ...

ssl_sess.c: deprecate SSL_SESSION_get_time/SSL_SESSION_set_time

Adjust the manpages at the same time so that only the new
functions are being presented.

Fixes: #23648

S

ssl_sess.c: deprecate SSL_SESSION_get_time/SSL_SESSION_set_time

Adjust the manpages at the same time so that only the new
functions are being presented.

Fixes: #23648

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24307)

show more ...

ssl_sess.c: deprecate SSL_CTX_flush_sessions in favour of _ex() replacement

The original function is using long for time and is therefore
not Y2038-safe.

Signed-off-by: Alexande

ssl_sess.c: deprecate SSL_CTX_flush_sessions in favour of _ex() replacement

The original function is using long for time and is therefore
not Y2038-safe.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24307)

show more ...

include/openssl/macros.h: define deprecation macros for 3.4

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil

include/openssl/macros.h: define deprecation macros for 3.4

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24307)

show more ...

util/perl/OpenSSL/ParseC.pm: correctly parse OSSL_DEPRECATEDIN_..._FOR

Suggested by Matt Caswell.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Ca

util/perl/OpenSSL/ParseC.pm: correctly parse OSSL_DEPRECATEDIN_..._FOR

Suggested by Matt Caswell.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24307)

show more ...

Removed hard coded value for cap in function ossl_rsa_multip_cap

As suggested at https://github.com/openssl/openssl/pull/23280#discussion_r1452113014, removing hard coded value for cap.

Removed hard coded value for cap in function ossl_rsa_multip_cap

As suggested at https://github.com/openssl/openssl/pull/23280#discussion_r1452113014, removing hard coded value for cap.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23311)

show more ...

VMS: Redefine _XOPEN_SOURCE_EXTENDED with the value 1

Some versions if the VMS C system header files seem to require this.

Fixes #24466

Reviewed-by: Tomas Mraz <tomas@opens

VMS: Redefine _XOPEN_SOURCE_EXTENDED with the value 1

Some versions if the VMS C system header files seem to require this.

Fixes #24466

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24470)

show more ...

Fix potential memory leak in test_bad_dtls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Mer

Fix potential memory leak in test_bad_dtls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24464)

show more ...

Update configurable sigalgs documentation for providers

also adding to SignatureAlgorithms section

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.sho

Update configurable sigalgs documentation for providers

also adding to SignatureAlgorithms section

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24499)

show more ...

threads_pthread.c: change inline to ossl_inline

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/op

threads_pthread.c: change inline to ossl_inline

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24502)

show more ...

ecstresstest.c: Fix memory leak on error

Fixes #24476
CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fro

ecstresstest.c: Fix memory leak on error

Fixes #24476
CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24488)

show more ...

Further extend the SSL_free_buffers testing

We extend the testing to test what happens when pipelining is in use.

Follow on from CVE-2024-4741

Reviewed-by: Tomas Mraz <toma

Further extend the SSL_free_buffers testing

We extend the testing to test what happens when pipelining is in use.

Follow on from CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)

show more ...

Move the ability to load the dasync engine into ssltestlib.c

The sslapitest has a helper function to load the dasync engine which is
useful for testing pipelining. We would like to have

Move the ability to load the dasync engine into ssltestlib.c

The sslapitest has a helper function to load the dasync engine which is
useful for testing pipelining. We would like to have the same facility
from sslbuffertest, so we move the function to the common location
ssltestlib.c

Follow on from CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)

show more ...

Extend the SSL_free_buffers testing

Test that attempting to free the buffers at points where they should not
be freed works as expected.

Follow on from CVE-2024-4741

Re

Extend the SSL_free_buffers testing

Test that attempting to free the buffers at points where they should not
be freed works as expected.

Follow on from CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)

show more ...

Set rl->packet to NULL after we've finished using it

In order to ensure we do not have a UAF we reset the rl->packet pointer
to NULL after we free it.

Follow on from CVE-2024-47

Set rl->packet to NULL after we've finished using it

In order to ensure we do not have a UAF we reset the rl->packet pointer
to NULL after we free it.

Follow on from CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)

show more ...

Only free the read buffers if we're not using them

If we're part way through processing a record, or the application has
not released all the records then we should not free our buffer b

Only free the read buffers if we're not using them

If we're part way through processing a record, or the application has
not released all the records then we should not free our buffer because
they are still needed.

CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)

show more ...

Move stack of compression methods from libssl to OSSL_LIB_CTX

The compression methods are now a global variable in libssl.
This change moves it into OSSL library context.

It is

Move stack of compression methods from libssl to OSSL_LIB_CTX

The compression methods are now a global variable in libssl.
This change moves it into OSSL library context.

It is necessary to eliminate atexit call from libssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24414)

show more ...