Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Squashed 'openssl/' changes from 19cc035b6c6..31157bc0b46
31157bc0b46 Prepare for release of 3.0.8 8c0eaeaf7c6 make update 2a4b68ef012 Update copyright year 2ad99281707 Internaly declare the DSA type for no-deprecated builds 071e702aec8 Add CHANGES.md and NEWS.md entries for the 3.0.8 release a0f2359613f Add testcase for missing return check of BIO_set_md() calls d3b6dfd70db pk7_doit.c: Check return of BIO_set_md() calls 2f7530077e0 CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (3.0) 7e371855829 Add test for DSA pubkey without param import and check fab4973801b Do not create DSA keys without parameters by decoder c1b4467a7cc Prevent creating DSA and DH keys without parameters through import 23985bac83f Fix NULL deference when validating FFC public key. 67813d8a4d1 Add test for d2i_PKCS7 NULL dereference 934a04f0e77 Do not dereference PKCS7 object data if not set f596ec8a6f9 Check CMS failure during BIO setup with -stream is handled correctly 8818064ce3c Fix a UAF resulting from a bug in BIO_new_NDEF cbafa34b5a0 Add a test for CVE-2022-4450 63bcf189be7 Avoid dangling ptrs in header and data params for PEM_read_bio_ex 8e257b86e58 Fix Timing Oracle in RSA decryption fe6842f5a5d Add testcase for nc_match_single type confusion c927a349269 Fix type confusion in nc_match_single() 36d85b02cef doc/man1/{storeutl,gendsa}: point out that extra options/arguments are ignored 77f29142b26 Fix incomplete check on EVP_CIPHER_param_to_asn1() 28b78f39560 Use $config{build_file} instead of $target{build_file} 0f67990573f Fix a potential memory leak in crypto/provider_child.c 45e6a974736 BIO_read.pod: fix small typo d36b0450d9d Do not include sparse_array.o in libssl with no-shared 5a1b22fc2e6 Avoid duplicating symbols in legacy.a with some build options 721aca05df2 Fix incomplete check on X509V3_add1_i2d() 39bc59bc83c ChaCha20-Poly1305 no longer supports truncated IV's. da6d4180526 coverity 1520506: error handling 2680cd25ed0 coverity 1520505: error handling 3a0bbaba732 Add notes about ignoring initialization failures on contexts a47eff38d7e Document that the RSA e value is mandatory when importing. d646730b89c Fix Coverity 1520485: logically dead code 84eace37362 Clarify the change of enc -S behavior in 3.0 9c92c4917e1 Fix incomplete checks for EVP_CIPHER_asn1_to_param ce7193b1233 OSSL_trace_set_channel(): add important statement that it takes BIO ownership a478dd11e9e set_trace_data(): prevent double free on OPENSSL_strdup() failure a3dd46d2c63 Fix corruption when searching for CRLs in hashed directories ae0f54d3005 Add DTLS support to the large app data test ecafcd8ad35 Ensure our buffer allocation allows for the Explicit IV 6960fb03d58 Add a test for large app data 299f096ff39 MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones 5f77f91a42f X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc add42e0b3b5 cmp_client.c: fix handling of total_timeout for RR and GENM transactions 538682c62ac cmp_client_test.c: add tests for end_time being initialized for RR/GENM de3b3c9c04e CMP docs: clarify behavior on message/total timeout values given 780e7b11a54 Fixes wrong return type in BIO_do_connect man page. 846d5099f3c Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4() f45c6033ceb Padlock: fix byte swapping assembly for AES-192 and 256 36d03d2f05a Add link to EBNF definition 9db21bebd18 Add negative test for unquoted property string 5aa0554ac37 Correct property EBNF for unquoted strings b9097b0c3b0 Fix incorrect error return value in i2r_ADMISSION_SYNTAX() 60c19d0d61d Fix potential NULL pointer dereference e594a9b7605 Clarify documentation of X509_STORE_CTX_get_current_cert() 46d4cb4d8f1 pkey: Imply public check if -pubin is specified 5701ead8f20 Bump actions/setup-python from 4.4.0 to 4.5.0 d6220d1b7f6 Documenting lack of error codes stability e6b1586ea2b Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime 54eb24982b6 Revert "Limit size of modulus for BN_mod_exp_mont_consttime()" 18308d6616c SSKDF with KMAC should return SIZE_MAX when EVP_KDF_CTX_get_kdf_size() is used. 757fd35182b fix manpage of `d2i_X509(3)` d92a5da5ae2 Do not check definition of a macro and use it in a single condition 1932e595c80 OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated f51b4ebb079 In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1 5601648e91d test/param_build_test.c: test zero BIGNUM 7b807ad6eaa Add testcase for OSSL_trace_set_callback() 318a27d4e9a Avoid ifdefs in trace categories b4419635c99 test/trace_api_test.c: fix gcc error on -Werror=strict-prototypes 5c6936e92df Add tests for trace_api. 2f2176dc8d3 Doc: Update history section of EC_GROUP API's. accd85ce7cd Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey(). b9b411be841 info.c: Fix typos in seed macro name and description string 4f46ff14bec rsaz_exp_x2.c: Remove leftover from broken cherry-pick e3a9668e48b Revert "rsaz_exp_x2.c: Remove unused ALIGN64 macro" 2a57a117a2e rsaz_exp_x2.c: Remove unused ALIGN64 macro dcde8ea8c46 rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasing 842311ae30b Revert "Fix an occasional CI failure due to unaligned access" 6f252dd632a BIO_s_dgram: add documentation and hazard warnings 0a69ca8f635 Avoid possible divide by zero 5b449de0f0a 80-test_cms.t: Fix rsapssSaltlen check on MinGW 7736379c5c0 Cleanse internal BN_generate_dsa_nonce() buffers used to generate k. 1bd53640a2a Bump actions/setup-python from 4.3.1 to 4.4.0 46cf94e5e6e INSTALL.md: Remove trailing space 4a8e7e27649 Docs: Move deprecated ECDSA_ functions into a separate file. 12f64521194 Change HKDF to alloc the info buffer. 053e06bd050 ec_kmgmt.c: check the return of BN_CTX_get() in time. f0bbb25f348 INSTALL.md: Fix typo b65285ba438 Add Demos for DSA params/DSA keygen. b49d8da7745 Fix possible UB in init_info_strings 00323667e3b Add a CMS test for a bad encryption algorithm e979d9aaf5f Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID a923d9bbb52 Fix BIO_f_asn1() to properly report some errors 0a3eeb3346d Fix SMIME_crlf_copy() to properly report an error 1619478374f Fix BIO_f_cipher() flushing 36d6ebad8f6 Update pyca-cryptography submodule to 38.0.4 999509c235a Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED 6651044b4d8 Fix a logic flaw in test_mod_exp_zero c935b89f285 Raise the KMAC limits for key and custom size to 512 bytes 0a229aec0a5 Update FIPS related build instructions. 4ae8fe6cc8d Refine the documents of several APIs 75fa52ddc97 Update HMAC() documentation. 5ba39c0bf79 Fix FIPS Provider compat CI of 3.0 libcrypto with 3.2 FIPS provider 878b00aa336 Coverity: fix 272011 resource leak 53c643f67fe Fix openssl storeutl to allow serial + issuer f92b294563b Make error reason for disallowed legacy sigalg more specific bb3a931f867 crypto/err: expand on error code generation 353521b7720 Run-checker merge CI: Memleak test does not work without ubsan 921e19c20aa Revert "Run-checker merge CI: Replace no-shared with no-modules" 4343b2923ac unbuffer stdin before get passwd from stdin 17bd383dd21 Obtain PSS salt length from provider 39fcc351c2c Run-checker merge CI: Replace no-shared with no-modules bc136fd386b Cross compiles CI: Disable stringop-overflow warning on s390x and m68k 8face2721b7 Fuzz checker CI: Use more generic include dir for fuzzer includes 42cd898bd30 Bump actions/setup-python from 4.3.0 to 4.3.1 c438de07c00 Fix `no-ec enable-ktls` build 6fbbb53477a test: add test case for deadlock reported in #19643 7725e7bfe6f x509: fix double locking problem 9a5c884999a cmp_vfy_test.c: fix name OSSL_CMP_CTX_set0_trusted{,Store} f6fdbe63c7c OSSL_CMP_validate_msg(): make sure to reject protection type mismatch c919280f793 Replace some boldened types with a corresponding man page link 2365be29764 Move the description of the core types into their own pages a0564dc8553 Better sorting of util/other.syms f60dfe81847 Fix treatment of BUILD_METADATA f15d23e2f9e Replace "a RSA" with "an RSA" 544758738da Fix the check of BIO_set_write_buffer_size and BIO_set_read_buffer_size 18e45bd9ead Fix the check of EVP_PKEY_decrypt_init 5812a2d282a Fix the checks in rsautl_main 17345cf10f9 doc: fix EVP_SignInit.pod e3ce39ab344 Clarify the EVP_PKEY_decrypt manual page d4394159918 cmp_client_test.c: add tests for OSSL_CMP_CTX_get_status d1aa7d11363 doc: fix location of AES-SIV ciphers e2758d1a39e Fix occasional assertion failure when storing properties 0e4c201cb88 Drop incorrect skipping of some evp_test testcases with no-gost ff2f8c81a08 Add test for EVP_PKEY_Q_keygen ac591bf69e6 Fix typos in doc/man3/EVP_EncryptInit.pod e7a7aa78348 When using PEM_read_bio_PrivateKey_ex() the public key is optional e2cf3852733 add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function 27a09e77667 add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function 2c65de46785 OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs 327e968c336 CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs 79701dea429 Fix typo in openssl-x509.pod.in 1c8b17358fe Add SM2 support for EVP_PKEY_Q_keygen f2784497264 CMP: fix handling of unset or missing failInfo PKI status information 69d3c81ca5c CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages c28c2e0c7e6 Fix coverity issues in X509v3_addr f35a4be939a Add missing HISTORY sections for OpenSSL 3.0 related documents. 5ac7cfb5621 Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod. 07f21b22ca9 evp_extra_test2: Test DH param checks with non-NULL libctx 2bc3854a6cf DH_check[_params]() use libctx of the dh for prime checks 9aa9d6a9426 ParseC.pm: gracefully handle DOS-style end-of-line in source files 3e0a1c2c18b Add test to confirm IPAddressFamily_check_len catches invalid len 17af63c1df8 Catch incorrect IPAddressFamily lengths 56de1f3ce3d Drop explicit check for engines in opt_legacy_okay b67935515ed Fix the check of EC_GROUP_check_named_curve e29ea41f6d5 apps/speed.c: fix the wrong checks eb153d04294 Add documentation for CPUID bit #64+17 17d20f6159a Add test for EVP_PKEY_eq 38066a07e09 Update documentation for keymgmt export utils aeb80f63d44 Propagate selection all the way on key export d163bd08bb9 apps/ocsp.c: Add missing test if make_ocsp_response failed c3e8128befa fipsinstall test: skip PCT DSA signature test for new providers 00cd0627252 test: add two comparision options to fips version test utility code bb0190e8a4d Use the same encryption growth macro consistently 1aef13c0bdb apps/speed.c: add verifying if fdopen returns NULL 511d8c0fb0e Resign test/certs/rootCA.pem to expire in 100 years 2f27b9363e8 Update the validity period of ed25519 cerificates b697ae10287 Add test for generating safeprime DH parameters 0f68f59dd45 Use libctx when generating DH parameters 2fee530c86d pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey 60d391b6f01 pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional b8a5adf3ec4 Limit size of modulus for BN_mod_exp_mont_consttime() d0f8056c47f Release the drbg in the global default context before engines aa97297427f Add a test case for the engine crash with AES-256-CTR e285a0b5a0e fips-label.yml: Fix the script after actions/github-script upgrade 6feff2e59df Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread f3aa51d6347 Fix documentation for some i2d return values. 424c9521182 Test that signatures using hash name commands work properly 03c5381b41d apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name 76962505be6 Check for private key existence before calling eddsa sign functions 22530d31789 crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case 4aabade09f9 Configurations/*.tmpl: overhaul assembler make rules. 7343f687705 Update GitHub actions as suggested by dependabot de45fecf8ae Coverity 1516624: Fix overrun memory access. f8e6dda7b7c Fix the ceiling on how much encryption growth we can have c5bc976d9a0 providers/common/der/oids_to_c.pm: Remove use of Data::Dumper 716712f378f Potential null pointer reference 7bfbf68ad04 Prepare for 3.0.8 git-subtree-dir: openssl git-subtree-split: 31157bc0b46e04227b8468d3e6915e4d0332777c
- Loading branch information
