Pauli [Mon, 30 Jun 2025 22:43:54 +0000 (08:43 +1000)]
ci: enable LMS in a number of different builds
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 30 Jun 2025 22:20:54 +0000 (08:20 +1000)]
Make LMS disabled by default
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 26 Jun 2025 21:17:12 +0000 (07:17 +1000)]
lms_test: add key gen negative test
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 26 Jun 2025 08:44:56 +0000 (18:44 +1000)]
lms: add negative tests
For EVP_PKEY_sign_message_init and EVP_PKEY_paramgen_init.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 26 Jun 2025 08:36:37 +0000 (18:36 +1000)]
lms: add signing negative test
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Wed, 25 Jun 2025 23:03:38 +0000 (09:03 +1000)]
packet: add new utility function PACKET_get_4_len()
Get 4 bytes in network order from |pkt| and store the value in |*data|
Similar to PACKET_get_net_4() except the data is uint32_t
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 3 Feb 2025 23:47:24 +0000 (10:47 +1100)]
test: get provider compatibily tests working
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 23 Jan 2025 20:55:48 +0000 (07:55 +1100)]
Add changes entry for LMS verification
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 13 Jan 2025 01:43:10 +0000 (12:43 +1100)]
doc: document the additional LMS self test description
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 13 Jan 2025 01:41:49 +0000 (12:41 +1100)]
fips: add self test CAST for LMS verify
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 13 Jan 2025 01:41:04 +0000 (12:41 +1100)]
fips: add LMS description
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Sun, 12 Jan 2025 23:23:50 +0000 (10:23 +1100)]
Fix indentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Thu, 3 Oct 2024 07:52:49 +0000 (17:52 +1000)]
Add LMS documentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Tue, 1 Oct 2024 06:17:05 +0000 (16:17 +1000)]
Add LMS to the fips provider.
This required the LMS keymanager to have an export function.
The self test will be provided by HSS, which covers the LMS case.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Allow SHA256-192 to be used internally in the FIPS provider.
Created an internal digest table that contains sha256_192.
Also moved the KECCAK_KMAC_128/256 entries to this internal table
since it is only used by KMAC.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Tue, 1 Oct 2024 02:35:43 +0000 (12:35 +1000)]
Add LMS Signature verification.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
This uses OSSL_DECODER_CTX_new_for_pkey().
"XDR" can be specified for the input type, and the key type is "LMS"
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Thu, 3 Oct 2024 01:16:15 +0000 (11:16 +1000)]
Add base code to load a LMS public key.
This loads a XDR encoded LMS public key.
It adds a simple LMS keymanager to import this key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Thu, 3 Oct 2024 01:10:01 +0000 (11:10 +1000)]
Add Configurable "lms" option
This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
- prevent fixed-digest HKDF from having its digest changed
- implement gettable params in HKDF
- update fixed-digest HKDF tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)
Add HKDF-SHA256, HKDF-SHA384 and HKDF-SHA512 which are versions
of HKDF that have the digest pre-set. The digest cannot be changed
for contexts of these types.
RFC 8619 defines algorithm identifiers for these combinations.
These algorithm identifiers will be used in future features, e.g.
KEMRecipientInfo.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)
Fixes: https://github.com/openssl/project/issues/1267 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27989)
Fixes: https://github.com/openssl/project/issues/1267 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27989)
Neil Horman [Tue, 1 Jul 2025 18:19:17 +0000 (14:19 -0400)]
Fixup non-optional use of IO::Socket::IP
IO::Socket::IP is an optionally used package in our perl scripts, and a
recent change of mine used it unilaterally, causing breakage on older
perl installations. Fix it up to use it optionally again, falling back
to IO::Socket::INET when needed.
Fixes #27940
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27941)
Theo Buehler [Wed, 9 Jul 2025 09:33:57 +0000 (11:33 +0200)]
Update rpki-client-portable to fix build
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28004)
Daniel Frink [Mon, 9 Jun 2025 21:26:32 +0000 (16:26 -0500)]
Separate public and private ML-KEM allocations
Previously, this change had grouped the public and private
portions of the ML-KEM key structure into one allocation that
was changed to use secure memory. There were concerns raised
that there may be use cases where storage of many ML-KEM public
keys may be necessary. Since the total secure memory size is configured
by the user, reduce the footprint of secure memory usage to
reduce the impact of these changes on users of these flows.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27625)
Julian Zhu [Wed, 28 May 2025 05:24:24 +0000 (13:24 +0800)]
RISC-V: Provide optimized SM3 implementation using Zbb extension
Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27709)
Neil Horman [Fri, 4 Jul 2025 11:57:19 +0000 (07:57 -0400)]
Add .[ch].in files to ctags
Pull in our templates for various c and h files for searching
Fixes #27966
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27967)
Neil Horman [Wed, 2 Jul 2025 11:03:36 +0000 (07:03 -0400)]
Update util/analyze-contention-log.sh
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27912)
Neil Horman [Thu, 26 Jun 2025 17:38:43 +0000 (13:38 -0400)]
Add lock contention log analyzer
With the introduction of REPORT_RWLOCK_CONTENTION, it would be nice
if we could do some quick analysis on it.
This script parses the log, and generates a histogram of lock contention
events, uniquely identified by the stack trace that caused it, and
prints out all unique latency event, sorted from largest (as measured
by cumulative latency in that path).
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27912)
Matt Caswell [Thu, 3 Jul 2025 13:45:09 +0000 (14:45 +0100)]
Fix some conversion from size_t to const int errors
When #27806 was merged these fixes were missed
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27960)
The check-ansi job is failing in the openssl-3.5 branch as a result of commit 60775e3. Fix that.
I guess this job doesn't run on PRs in master?
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27944)
Andrew Dinh [Tue, 24 Jun 2025 12:26:38 +0000 (19:26 +0700)]
Add stream type flags to SSL_accept_stream
Introduces SSL_ACCEPT_STREAM_UNI and SSL_ACCEPT_STREAM_BIDI flags to SSL_accept_stream, allowing callers to specify whether to accept only unidirectional or bidirectional streams. Returns the first of its type from the queue
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27883)
Neil Horman [Wed, 25 Jun 2025 18:26:24 +0000 (14:26 -0400)]
Remove need for BN_BLINDING lock
Issue https://github.com/openssl/project/issues/1245 has identified that
we encounter a significant amount of time waiting to acquire the
BN_BLINDING_lock when running our handshake perf test with 10 threads
using an rsa key. Specifically, with 10 threads we spend about 19327731
usecs just waiting. So it would be great if we could eliminate the need
to get the write lock here.
Currently, the need for the lock is based off the fact that each rsa key
has only a single blinding pointer, for which exclusive access is
needed, with an attempt to use a fallback mt_blinding pointer in the
shared case. If a key is shared by many threads, then we find ourselves
needing to maniuplate this lock quite frequently if we are doing lots of
ssl connections.
To address this, I've come up with this approach. It replaces the
blinding pointer with a pointer to a sparse array. The sparse array is
then indexed by thread id. This allows us to do two things:
When getting the blinding, we only need to take the read lock in the
common case when looking up this threads blinding structure. Only in
the first lookup for any thread do we need to take the write side lock
when updating the table, and only then for a very brief critical section
(i.e. we don't need to hold the lock when allocating/setting the
blinding up via RSA_setup_blinding
This trades off some extra memory usage for the above significant
reduction in execution time.
it also allows us to simplify the blinding code quite a bit by
eliminating the need to handle shared blindings because blindings are
never shared anymore
Fixes openssl/project#1245
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27913)
Chris [Sat, 28 Jun 2025 10:49:11 +0000 (20:49 +1000)]
Remove accidentally left debug statements from ec.c
CLA: trivial
- Cleaned up hardcoded debug statements that were inadvertently
left in the open source distribution
- No functional changes to the EC key processing logic
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27921)
Jiasheng Jiang [Thu, 26 Jun 2025 19:07:39 +0000 (19:07 +0000)]
test/quic_multistream_test.c: Add OPENSSL_free() to avoid memory leak
Add OPENSSL_free() to free bdata if an error occurs to avoid memory leak.
Fixes: a55b689499 ("Use reported short conn id len in qtestlib") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27914)
Jiasheng Jiang [Wed, 25 Jun 2025 19:22:30 +0000 (19:22 +0000)]
test/bio_pw_callback_test.c: Add BIO_free() to avoid memory leak
Add BIO_free() if PEM_read_bio_PrivateKey fails to avoid memory leak.
Fixes: fa6ae88a47 ("Add test for BIO password callback functionality") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27898)
Jiasheng Jiang [Thu, 26 Jun 2025 00:01:35 +0000 (00:01 +0000)]
apps/lib/apps.c: Add check for BIO_new()
Add checks for the return value of BIO_new() to guarantee successful
allocation, consistent with other usages.
Fixes: a412b89 ("dup_bio_* and bio_open_* are utility functions and belong in apps.c") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27894)
Daniel Van Geest [Mon, 23 Jun 2025 11:45:59 +0000 (12:45 +0100)]
decoders: Fix prioritization of decoders via property query
When a property query string was used, it was not being applied to decoders.
When multiple providers supporting the same algorithm were loaded, it was
undefined which provider would be used when decoding a key, even when a
propquery string was provided. This fix scores decoder instances based on
property query matching and selects the highest scored decoder instance when
building the decoder chain.
The fake_rsa test provider is updated to support basic encoding and decoding.
A test is added using the fake_rsa provider to ensure that property query
strings are respected when loading decoders.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27876)
Jakub Zelenka [Thu, 6 Feb 2025 18:07:28 +0000 (19:07 +0100)]
Introduce cms kekcipher option to select cipher for pwri
This is useful for AEAD ciphers where it is not possible to use AEAD
cipher (currently only AES GCM supported) for password recipient info
because the same cipher is used for encrypting the password and it is
not possible to store tag for this purpose so different cipher (e.g.
AES CBC) needs to be selected.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26871)
INDIA\kanagavels [Wed, 18 Jun 2025 13:12:54 +0000 (18:42 +0530)]
Fixes #27831: Decreased NAMEMAP_HT_BUCKETS to 512.
Decreased the NAMEMAP_HT_BUCKETS value to 512, to avoid memory
allocation fail issues.
CLA: Trivial
Signed-off-by: Kanagavel S <kanagavels@ami.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27850)
noctuelles [Thu, 29 May 2025 19:01:21 +0000 (21:01 +0200)]
fix: msg callback in dtls1_do_write that incorrectly shows message (like a certificate) that spans over multiple fragments.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27811)
Christian Vögl [Thu, 26 Jun 2025 16:37:37 +0000 (18:37 +0200)]
Fix nullpointer dereference in OSSL_PARAM_merge
OSSL_PARAM_merge contained an error, where a nullpointer was
dereferenced when both parameter arrays ended with the same key
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27910)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27895)
Ingo Franzki [Mon, 23 Jun 2025 11:42:08 +0000 (13:42 +0200)]
speed: Increase MAX_SIG_NUM and fix its usage in loopargs_t fields
Increase the maximum number of signature algorithms.
With the introduction of the SignMessage and VerifyMessage API with
OpenSSL 3.4 the providers that support combined digest and sign algorithms
register quite a lot more signature algorithms, so the current limit of
111 is hit easily.
While at it correct the definitions of the signature fields within the
loopargs_t structure to use MAX_SIG_NUM instead of MAX_KEM_NUM.
Closes: https://github.com/openssl/openssl/issues/27873 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27878)
test/build.info: minimize use of static libcrypto.a and libssl.a
Fixes #27874
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/27881)
Pauli [Fri, 20 Jun 2025 02:37:56 +0000 (12:37 +1000)]
eddsa: convert to using struct based TRIE decoder for params processing
Also return correct param list for the variant settables.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:37:29 +0000 (12:37 +1000)]
update build infrastructure to support generated eddsa_sig.c
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:17:22 +0000 (12:17 +1000)]
rename eddsa_sig.c for autogeneration
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:14:24 +0000 (12:14 +1000)]
eddsa: remove impossible parameters from gettable array
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:08:13 +0000 (12:08 +1000)]
digest: convert algorithm gettable parameters to use struct based TRIE decoding
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:08:08 +0000 (12:08 +1000)]
update build infrastructure for digestcommon.c.in
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 01:29:00 +0000 (11:29 +1000)]
mlx: use TRIE & struct based param decoding
Also fix two bugs with the properties parameter to the set_params call:
- the parameter wasn't listed in the settables table
- the parameter was ignored unless there was a public key present
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 05:08:17 +0000 (15:08 +1000)]
update build instructions for mlx key management
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 05:08:01 +0000 (15:08 +1000)]
rename mlx_kmgmt.c to mlx_kmgmt.c.in
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 03:45:14 +0000 (13:45 +1000)]
ml-dsa: use TRIE & struct based param name decoders
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 03:44:50 +0000 (13:44 +1000)]
build infrastructure updates for ml_dsa signatures
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 03:44:27 +0000 (13:44 +1000)]
rename ml_dsa_sig.c to ml_dsa_sig.c.in
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 01:40:46 +0000 (11:40 +1000)]
cipher: use table based param decoding for ciphers
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 01:40:16 +0000 (11:40 +1000)]
cipher: declare common OSSL_PARAM structures and helper functions
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 01:39:43 +0000 (11:39 +1000)]
paramnams: add new line to break long function declaration
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 00:07:40 +0000 (10:07 +1000)]
3des: remove redundant OSSL_PARAMs from settable list
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Richard Levitte [Fri, 20 Jun 2025 12:29:04 +0000 (14:29 +0200)]
Nit: macro parameters should always be parenthesised in expressions
Affected macros: ossl_likely and ossl_unlikely
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27862)
Neil Horman [Thu, 19 Jun 2025 16:38:41 +0000 (12:38 -0400)]
Fix exit code for s_time when -new command line switch specified
When operating with the -new switch in apps/openssl s_time, we neglect
to set the exit code properly, and so the app exits with a code of 1
rather than 0 as expected
Fixes #27856
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27857)
Neil Horman [Thu, 19 Jun 2025 13:52:07 +0000 (09:52 -0400)]
Clean up thread_local function names in initthread.c
The naming of the thread-local management functions in initthread.c is a
bit...much. init_manage_thread_local/init_fetch_clear_thread_local, etc
are better written as just manage_thread_local/clear_thread_local/etc.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Wed, 18 Jun 2025 15:16:47 +0000 (11:16 -0400)]
Refactor init_get_thread_local to be more understandable
We currently have a single function that does thread_local key
allocation/cleanup/fetching for our OSSL_init_thread_start/stop apis,
and its pretty confusing. Wrap it up in some helper functions to make
it more clear at the call sites what we're trying to do.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Wed, 18 Jun 2025 11:33:47 +0000 (07:33 -0400)]
Restore use of crypto_thread_default_context
This thread-local key isn't per thread*context, and is potentially in a
hot path for users of openssl that switch their default contexts
regularly, so lets leave it as an OS level key, rather than a library
managed key.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 17:32:44 +0000 (13:32 -0400)]
Fix fips cleanup of master key
With the conversion to a fixed array, we can no longer just clean the
top level sparse array, as we don't enjoy the NULL check within the
sa_doall loop.
Add a NULL check in the fips cleanup routine to make up for this
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 15:49:54 +0000 (11:49 -0400)]
Allow for differentiating between default and NULL context
Allow for use of default context in the thread-local api by using
get_concrete
This creates a problem however in that get_concrete access a
thread-local api, creating a recursive call that exhausts stack space
So create a special context token that identifys the no context use case
when we want to store thread-local data without an explicit context
index
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 14:53:58 +0000 (10:53 -0400)]
Check setting of master key value
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 14:18:20 +0000 (10:18 -0400)]
reduce memory overhead of CTX_TABLE_ENTRY
We don't need to allocate entries for the ctx table. we can just make
it a sparse array of void* values, and set the thread-local data
directly. This saves on allocation and cleanup costs
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 12:52:23 +0000 (08:52 -0400)]
convert master_key to use a top level fixed array
Since we have a pre-defined list of keys, save some computation time
by just looking up by index rather than via a sparse array
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:17:34 +0000 (13:17 -0400)]
Move the async-job api to use the new thread-local api
Make the async-job api use our new thread-local storage api. Not
strictly needed, but reduces our OS level key usage
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
projects / thirdparty / openssl.git / log
