EVP_DecodeUpdate() should not produce zeros for input padding `=` signs to avoid writing to non-allocated memory regions.
To achieve this:
- Add `eof` parameter to `evp_decodeblock_int` function in `openssl/crypto/evp`. The parameter should either contain the number of the input padding characters to ignore or `-1` if the function has to count them.
- Use precalculated `eof` in `EVP_DecodeUpdate` to fix its behaviour.
- Use `eof = -1` in `EVP_DecodeFinal` to count it in `evp_decodeblock_int`.
- Do not ignore padding in `EVP_DecodeBlock` (`eof = 0`) because it should write padding zeros according to the documentation.
- Add the HISTORY section to EVP_EncodeInit documentation to describe the fix.
Other changes:
- Update AUTHORS.md
- Update the copyright date in the documentation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26678)
- When used as KEMs in TLS the ECDHE algorithms are NOT subjected to
HPKE Extract/Expand key derivation. Instead the TLS HKDF is used
as usual.
- Consequently these KEMs are just the usual ECDHE key exchange
operations, be it with the encap ECDH private key unavoidably
ephemeral.
- A new "MLX" KEM provider is added that supports four hybrids of EC/ECX
DH with ML-KEM:
* ML-KEM-768 + X25519
* ML-KEM-1024 + X448
* P-256 + ML-KEM-768
* P-384 + ML-KEM-1024
- Support listing of implemented TLS groups.
The SSL_CTX_get0_implemented_groups() function and new
`openssl list -tls-groups` and `openssl list -all-tls-groups`
commands make it possible to determine which groups are
implemented by the SSL library for a particular TLS version
or range of versions matching an SSL_CTX.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26220)
