Matt Caswell [Thu, 8 Jun 2023 11:18:38 +0000 (12:18 +0100)]
Add a test quicserver utility
This QUIC server utility is intended for test purposes only and is expected
to be replaced in a future version of OpenSSL by s_server. At that point
it will be removed.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Tomas Mraz [Mon, 26 Jun 2023 15:13:30 +0000 (17:13 +0200)]
s390xcap.c: Avoid copying structure on initialization
This is problematic on old compilers. It also avoids duplicating
the read-only data.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21284)
Fergus Dall [Mon, 12 Jun 2023 10:02:14 +0000 (20:02 +1000)]
Add support for SHA256/192
This is defined in NIST SP 800-208 as the truncation to 192 bits of
SHA256. Unlike other truncated hashes in the SHA2 suite, this variant
doesn't have a different initial state, it is just a pure truncation
of the output.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21180)
Tomas Mraz [Mon, 26 Jun 2023 09:11:57 +0000 (11:11 +0200)]
CONF_modules_load_file_ex(): Do not try to load an empty file name
Fixes #21258
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/21282)
Matt Caswell [Fri, 23 Jun 2023 15:01:41 +0000 (16:01 +0100)]
Add some test_ssl_new tests for the ffdhe groups
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
Matt Caswell [Fri, 23 Jun 2023 14:45:14 +0000 (15:45 +0100)]
Fix supported_groups handing in TLSv1.2
In TLSv1.2 we should not attempt to use a supported_group value that is
intended for use with TLSv1.3 - even if both the server and the client
support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but
not for TLSv1.2.
Fixes #21081
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
Matt Caswell [Fri, 23 Jun 2023 11:05:07 +0000 (12:05 +0100)]
Add a test for pkeyutl encrypt/decrypt using SM2
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
Matt Caswell [Fri, 23 Jun 2023 10:50:17 +0000 (11:50 +0100)]
Don't truncate the input when decrypting in pkeyutl
The pkeyutl app was truncating the input file for decryption leading to
incorrect results. This was probably ok historically when RSA was being
used for decryption which has short maximum sizes. This is not ok with SM2.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
fullwaywang [Wed, 21 Jun 2023 07:00:06 +0000 (15:00 +0800)]
Check for 0 modulus in BN_RECP_CTX_set.
The function BN_RECP_CTX_set did not check whether arg d is zero,
in which case an early failure should be returned to the invoker.
This is a similar fix to the cognate defect of CVE-2015-1794.
Fixes #21111
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21255)
Richard Levitte [Fri, 16 Jun 2023 11:56:36 +0000 (13:56 +0200)]
Add a test case for the password prompt on garbage PKCS#12 file
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)
Richard Levitte [Tue, 13 Jun 2023 18:06:04 +0000 (20:06 +0200)]
OSSL_STORE and PKCS#12: Check if there is a MAC to verify before prompting
When a DER object with unknown contents comes all the way to
ossl_store_handle_load_result(), and it attempts to decode them as different
objects, the PKCS#12 decoding attempt would (almost) always prompt for a
passphrase, even if there isn't a MAC to verify it against in the PKCS#12
object.
This change checks if there is a MAC to verify against before attempting to
prompt for a passphrase, leading to less surprising behavior.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)
Consistency: "Authors" after "The OpenSSL Project"
All source files show "The OpenSSL Project Authors" as the
copyright owner.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21268)
Matt Caswell [Fri, 9 Jun 2023 08:33:11 +0000 (09:33 +0100)]
Add a test for an invalid group in the HRR
Test that if the client sends a key share for a group in the server's
supported_group list but is otherwise invalid, that we don't select it
in the HRR.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
Matt Caswell [Fri, 9 Jun 2023 08:09:06 +0000 (09:09 +0100)]
Don't ask for an invalid group in an HRR
If the client sends us a group in a key_share that is in our
supported_groups list but is otherwise not suitable (e.g. not compatible
with TLSv1.3) we reject it. We should not ask for that same group again
in a subsequent HRR.
Fixes #21157
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
Vladimír Kotal [Thu, 15 Jun 2023 08:02:57 +0000 (10:02 +0200)]
Allow to disable apps building with no-apps
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21212)
updated the end copyright year in README.md to 2023
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21225)
Remove restriction to only cross-sign self-signed certificates
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21137)
Vladimír Kotal [Thu, 15 Jun 2023 19:29:58 +0000 (21:29 +0200)]
add no-http
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21217)
Vladimír Kotal [Thu, 15 Jun 2023 15:03:21 +0000 (17:03 +0200)]
log actual NID causing the 'unknown message digest algorithm error'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21214)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21210)
fisher.yu [Wed, 14 Jun 2023 07:17:49 +0000 (07:17 +0000)]
Fix function signatures in aes-gcm-armv8 comments.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21208)
Hugo Landau [Mon, 12 Jun 2023 13:13:33 +0000 (14:13 +0100)]
QUIC: Allow application to trigger TXKU
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Mon, 12 Jun 2023 13:13:26 +0000 (14:13 +0100)]
QUIC: Minor fixups
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 14:37:34 +0000 (15:37 +0100)]
QUIC CHANNEL: Inform the ACKM when the handshake is confirmed
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC: Test key update works correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Optimise key update using ACKs
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC: Add internal APIs for white-box testing of key update
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Enforce the RX packet forgery limit
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RXDP: Strictly enforce ACK PNs with regard to TX key epochs
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Ensure new packets aren't enforced with old keys
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Handle key updates correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Make TXP use time callback correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC APL: Correct implementation of time callback override
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RX: Support reporting the key epoch a packet was received with
This is needed to support key update validation on the receive side.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Allow callbacks on ACK transmission
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Allow next PN to be used to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RX: Refactor key update callback to provide PN
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC TXP: Remove TX key update handling from TXP
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC TXP: Refactor status output to use an extensible structure
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC ACKM: Allow largest acked PN to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC WIRE: Utility function to determine if PN is in an ACK frame
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC Glossary: TXKU, RXKU, KU
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Richard Levitte [Wed, 8 Mar 2023 10:53:34 +0000 (11:53 +0100)]
apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't been documented, and the meaning has been
left undefined, until now.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20460)
Hugo Landau [Tue, 13 Jun 2023 09:40:22 +0000 (10:40 +0100)]
Partially revert #18070 (Add support for Windows CA certificate store)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21190)
Richard Levitte [Mon, 12 Jun 2023 04:31:25 +0000 (06:31 +0200)]
OpenSSL::paramnames: Use less magic perl
Constructions like $$cursor{whatever} and %$cursor{whatever} were ambiguous
in some perl versions, and it's still better to use the arrow syntax for the
way we use them, i.e. they can both be replaced with $cursor->{whatever}.
Fixes #21152
Fixes #21172
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21178)
Michael Baentsch [Tue, 13 Jun 2023 15:30:30 +0000 (17:30 +0200)]
updated (lib+)oqsprovider to latest releases
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21194)
Matt Caswell [Mon, 12 Jun 2023 15:21:16 +0000 (16:21 +0100)]
Only take note of the ack deadline if we can actually issue an ack
When determining the next tick deadline we cannot actually issue an
ack if the CC will not let us, or the enc_level is not yet provisioned.
This avoids a bug where we can end up in a busy loop because the next
event deadline is reported as "now" because we want to send an ack, but
we can't actually send anything yet.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21181)
Tomas Mraz [Mon, 12 Jun 2023 17:49:03 +0000 (19:49 +0200)]
cmactest.c: Fix no-des and no-sm4 build failures
Also use OSSL_NELEM instead of hardcoding array size.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21183)
Pauli [Tue, 13 Jun 2023 01:39:23 +0000 (11:39 +1000)]
fips: use memory ordering rather than locks
The FIPS provider accesses it's current state under lock.
This is overkill, little or no synchronisation is actually required in
practice (because it's essentially a read only setting). Switch to using
TSAN operations in preference.
Fixes #21179
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21187)
Matt Caswell [Wed, 7 Jun 2023 15:26:58 +0000 (16:26 +0100)]
Fix minor issues in the demo/man pages for TLS client/blocking
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Wed, 7 Jun 2023 14:58:42 +0000 (15:58 +0100)]
Split the blocking TLS client guide page into two
We split the page into two: one covering basic TLS introductory material
that applies to both clients and servers, and one with the specific
material on writing a blocking TLS client.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Wed, 7 Jun 2023 11:10:41 +0000 (12:10 +0100)]
Allow man7 pages to not have a DESCRIPTION section
For tutorial type pages it doesn't make any sense to have a DESCRIPTION
section.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Fri, 2 Jun 2023 11:26:12 +0000 (12:26 +0100)]
Add a tutorial on writing a simple blocking TLS client
Provide guidance on the steps needed to write a very simple blocking TLS
client.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Fri, 2 Jun 2023 15:31:30 +0000 (16:31 +0100)]
Add a very simple blocking TLS client demo
This blocking client is intended to be used to explain how to implement
a simple client in the documentation.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Yi Li [Mon, 17 Apr 2023 08:20:31 +0000 (16:20 +0800)]
configure: introduce no-ecx to remove ECX related feature
This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).
Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)
Mike Kasick [Fri, 9 Jun 2023 17:40:16 +0000 (13:40 -0400)]
rand_lib: RAND_poll: Reseed in non-"no-deprecated" builds.
In a non-"no-deprecated" libcrypto build with a default configuration,
RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to
the RAND_seed call (used in "no-deprecated" builds) to perform a reseed.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21167)
To match the BN_CTX_start, it should be better to add
BN_CTX_end in the end of the function.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19266)
INSTALL: document shared library pinning for static builds
The libcrypto library uses shared library pinning to prevent its
cleanup handlers from crashing at program termination because of a
premature unloading of the shared library.
However, shared library pinning is enabled also for static builds,
which may lead to surpising behaviour if libcrypto is linked
statically to a shared third-party library, because in this case
the third-party library gets pinned.
This surprising behaviour is caused by the fact that the `no-shared`
configure option does not imply `no-pinshared`. Since this quirk
can't be changed without potentially breaking existing code, we just
document it here and provide a workaround.
Fixes #20977
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20985)
James Knight [Sat, 6 May 2023 00:20:02 +0000 (20:20 -0400)]
Introduce [HAVE_/NO_]MADVISE defines
Toolchains that target a non-MMU architecture may not have the `madvise`
function available, even if the `sys/mman.h` header provides a define
for `MADV_DONTDUMP` (e.g. when targeting ARMv7-M with uClibc). The
following tweaks the implementation to use `HAVE_MADVISE`/`NO_MADVISE`
defines to help indicate when to attempt to use `madvise`. This change
operates in the same manner as the original implementation (i.e. relies
on `MADV_DONTDUMP` to indicate if `madvise` can be used); however, this
change now allows a builder to override the internal detection by
explicitly providing the `HAVE_MADVISE` define at compile time. This
should give flexibility for environments which do not have `madvise`
when there is no easy logic to set `NO_MADVISE`.
Signed-off-by: James Knight <james.d.knight@live.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20851)
Heiko Stuebner [Mon, 22 May 2023 12:23:35 +0000 (14:23 +0200)]
riscv: aes: dual-license under Apache + 2-clause BSD
To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the 32+64bit aes implementations using the Zkn extension.
Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21018)
Heiko Stuebner [Thu, 30 Mar 2023 08:29:21 +0000 (10:29 +0200)]
riscv: GCM: dual-license under Apache + 2-clause BSD
To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the recently added GCM ghash functions.
Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20649)
Tomas Mraz [Wed, 7 Jun 2023 12:33:22 +0000 (14:33 +0200)]
Coverity 1528485: Remove unused assignment of wvalue
wvalue is always initialized at the beginning of each cycle
and used only within the cycle
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21145)
Tomas Mraz [Tue, 6 Jun 2023 10:19:10 +0000 (12:19 +0200)]
Include poll.h instead of incorrect sys/poll.h
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
Tomas Mraz [Tue, 6 Jun 2023 09:48:36 +0000 (11:48 +0200)]
Fix failures of OS Zoo CI
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
The asn1parse command now supports three different input formats:
openssl asn1parse -inform PEM|DER|B64
PEM: base64 encoded data enclosed by PEM markers (RFC7462)
DER: der encoded binary data
B64: raw base64 encoded data
The PEM input format is the default format. It is equivalent
to the former `-strictpem` option which is now marked obsolete
and kept for backward compatibility only.
The B64 is equivalent to the former default input format of the
asn1parse command (without `-strictpem`)
Fixes #7317
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
projects / thirdparty / openssl.git / log
