Daniel Van Geest [Wed, 23 Jul 2025 08:30:57 +0000 (10:30 +0200)]
openssl rand command should use the loaded library context
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28075)
Julian Zhu [Thu, 26 Jun 2025 06:14:45 +0000 (14:14 +0800)]
LoongArch: Add SHA-512 assembly implementation for better performance on small-size data
Signed-off-by: Julian Zhu <jz531210@gmail.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27904)
Julian Zhu [Fri, 20 Jun 2025 07:59:08 +0000 (15:59 +0800)]
LoongArch: Add SHA-256 assembly implementation for better performance
It can get about 25%~ better performance than compiler-generated code (gcc version 15.1.1).
Signed-off-by: Julian Zhu <jz531210@gmail.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27904)
Most of the GitHub Actions can be replaced with a couple of commands.
This will reduce dependencies bloating and some attacks surface.
This commit replaces all GitHub Actions which are not from GitHub
and Cygwin for Windows jobs with plain commands.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27467)
Pauli [Wed, 9 Jul 2025 02:50:02 +0000 (12:50 +1000)]
evp_test: add a new global "Test-Entropy" line to allow deterministic `random` input.
When specified, this directive replaces the public and private DRBGs
with a generator that returns the specified bytes. If more bytes are
requested than are specified, the generator loops around the supplied
bytes to satisfy the request.
ECX and ED were sharing the same code for the getter, whilst also
maintaining seperate gettable tables.
The code has been reworked so that common code is shared, and algorithm
specific code is seperated out to make this clearer.
This fixes:
(1) The security category not being in the gettable table for ED
(2) The fips indicator for ED. i.e There is no fips indicator for ED
(previously there was no gettable, but the get() still tried to return
unapproved).
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28039)
Raise PROV_R_NULL_OUTPUT_BUFFER if shsec is NULL in ml_kem_encapsulate()
Signed-off-by: lanming <lanming@huawei.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28009)
quarckster is the owner of the /.github/workflows/ directory.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28060)
Dmitry Misharov [Thu, 27 Mar 2025 15:49:20 +0000 (16:49 +0100)]
pin GitHub Actions revisions from untrusted vendors
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27181)
evp_pkey_type: Make base_id_conversion table static
This commit fixes CI failures (when configured with --strict-warnings)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28061)
Norbert Pocs [Tue, 17 Jun 2025 10:43:12 +0000 (12:43 +0200)]
Deprecate ASN1_METH related tests
ASN1 tests had to be turned off, but the biggest change is the
ssl_test_ctx, where the NID resolution does not equal to the old one and
a little hack had to be used to make the test work.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27727)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
crypto/bn/bn_lib.c: optimize - seems to bring not much benefit
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27961)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28036)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28036)
This was a false positive in a test.
The code has been reordered to make the flow clearer.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28030)
If ctx->key is already set and the passed in key is NULL then ctx->key
should not be set to NULL.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28030)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28029)
the test shows that sec mem is ok-ish up to the number of available cores,
and when the sec mem lock gets contended, performance goes down rapidly.
Tested on Apple M4 Pro.
[1] https://github.com/openssl/openssl/pull/27625
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28011)
Nikola Pajkovsky [Fri, 11 Jul 2025 07:18:12 +0000 (09:18 +0200)]
ci: enable lms only on master
a new config option cannot be enabled globally because the option
was not backported to the older versions.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28019)
Neil Horman [Tue, 24 Jun 2025 17:50:09 +0000 (13:50 -0400)]
Add lock contention checking to our pthreads implementation
Something we're missing in our ability to do performance monitoring
and diagnosis in openssl is the ability to check for lock contention.
While some tools exist for this (valgrinds drd tool for example), they
really only measure the time spent in critical sections, not the
instances in which they are contended. For that we need something more
specific.
This patch introduces the REPORT_RWLOCK_CONTENTION macro. When openssl
is built with:
./Configure -rdynamic -fno-omit-frame-pointer -DREPORT_RWLOCK_CONTENTION
We can now get output sent to a log file that looks like the following:
Which tells us when a thread blocked because someone else was already
holding the lock, how long it was blocked for, and where the blocking
call originated from via its backtrace.
I think this should enable us to better determine where our contended
locking paths are for a given application, and give us some insight on
how to fix them.
Currently its linux only (as the backtrace functionality only exists
there, and there are few warts (like the need to use a file pointer
rather than a bio to record the log, see comments), but I think its
enough to give us a useful diagnostic tool to help drive some
performance improvements.
Fixes openssl/project#1237
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27884)
Nikola Pajkovsky [Thu, 10 Jul 2025 07:48:15 +0000 (09:48 +0200)]
Make the lock in CRYPTO_secure_actual_size a read lock
there is no operations within critical section that would
require write lock.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28014)
Michael Baentsch [Mon, 30 Jun 2025 07:33:46 +0000 (09:33 +0200)]
Add note about use of EVP_PKEY in different libctxs
Co-authored-by: Shane Lontis <slontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26309)
Theo Buehler [Sun, 6 Jul 2025 11:55:52 +0000 (13:55 +0200)]
Provide X509_CRL_get0_tbs_sigalg()
X509_CRL_get0_tbs_sigalg() corresponds to X509_get0_tbs_sigalg() and
retrieves the AlgorithmIdentifier inside the TBSCertList which is not
currently accessible in any sane way from public API.
This PR adds X509_get0_tbs_sigalg() to the public API, documents it,
adds a simple regress check so there is coverage and mentions the
addition in CHANGES.md.
On top of that, fix a typo in .gitignore and clean up some order
inconsistencies in X509_get0_signature.pod.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27971)
QUIC receiver may accidentally ACK packet it fails to process
we set ok to -1 as we enter ossl_quic_handle_frames(). If we
set ok to 0 here we effectively assume successful processing
of all frames found in packet. We do this just before
we return from function:
```
1479
1480 /* Now that special cases are out of the way, parse frames */
1481 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len)
1482 || !depack_process_frames(ch, &pkt, qpacket,
1483 enc_level,
1484 qpacket->time,
1485 &ackm_data))
1486 goto end;
1487
1488 ok = 1;
1489 end:
1490 /*
1491 * ASSUMPTION: If this function is called at all, |qpacket| is
1492 * a legitimate packet, even if its contents aren't.
1493 * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as
1494 * |ackm_data| has at least been initialized.
1495 */
1496 if (ok >= 0)
1497 ossl_ackm_on_rx_packet(ch->ackm, &ackm_data);
1498
1499 return ok > 0;
```
if the call to `depack_process_frames()` at line 1492 fails, because
barticualr frame in packet is corrupted/invalid we take a branch
to `end:` goto target. In this case we must avoid the call to
`ossl_ackm_on_rx_packet()`. Packet with malformed/invalid frame
must not be accepted. See RFC 9000 section 13.1:
Once the packet has been fully processed, a receiver acknowledges
receipt by sending one or more ACK frames containing the packet
number of the received packet.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28002)
SHAKE3 was missing from the list.
Also clarified that KECCAK-KMAC is internal.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
The following changes were done to handle the tests:
(1) Changed LMS to use OSSL_PKEY_PARAM_PUB_KEY instead of
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for import/export.
(There is no reason to have the encoded form for verify operations).
(2) Fixed a bug for W=1 with truncated digests. The checksum was using
a value of 8-w, which was off by 1 for this case. A value was added to
the ots parameters that represents this value.
(3) A check in evp_test for a NID was removed since LMS does not have
OIDS (HSS does).
(4) the unused PROPERTIES param was removed from the LMS keymanager.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Richard Levitte [Sun, 29 Jun 2025 08:41:33 +0000 (10:41 +0200)]
test: get the LMS test recipe run non-FIPS tests
This places the FIPS specific tests in a skippable block.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 30 Jun 2025 22:43:54 +0000 (08:43 +1000)]
ci: enable LMS in a number of different builds
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 30 Jun 2025 22:20:54 +0000 (08:20 +1000)]
Make LMS disabled by default
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 26 Jun 2025 21:17:12 +0000 (07:17 +1000)]
lms_test: add key gen negative test
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 26 Jun 2025 08:44:56 +0000 (18:44 +1000)]
lms: add negative tests
For EVP_PKEY_sign_message_init and EVP_PKEY_paramgen_init.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 26 Jun 2025 08:36:37 +0000 (18:36 +1000)]
lms: add signing negative test
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Wed, 25 Jun 2025 23:03:38 +0000 (09:03 +1000)]
packet: add new utility function PACKET_get_4_len()
Get 4 bytes in network order from |pkt| and store the value in |*data|
Similar to PACKET_get_net_4() except the data is uint32_t
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 3 Feb 2025 23:47:24 +0000 (10:47 +1100)]
test: get provider compatibily tests working
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Thu, 23 Jan 2025 20:55:48 +0000 (07:55 +1100)]
Add changes entry for LMS verification
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 13 Jan 2025 01:43:10 +0000 (12:43 +1100)]
doc: document the additional LMS self test description
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 13 Jan 2025 01:41:49 +0000 (12:41 +1100)]
fips: add self test CAST for LMS verify
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Mon, 13 Jan 2025 01:41:04 +0000 (12:41 +1100)]
fips: add LMS description
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Pauli [Sun, 12 Jan 2025 23:23:50 +0000 (10:23 +1100)]
Fix indentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Thu, 3 Oct 2024 07:52:49 +0000 (17:52 +1000)]
Add LMS documentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Tue, 1 Oct 2024 06:17:05 +0000 (16:17 +1000)]
Add LMS to the fips provider.
This required the LMS keymanager to have an export function.
The self test will be provided by HSS, which covers the LMS case.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Allow SHA256-192 to be used internally in the FIPS provider.
Created an internal digest table that contains sha256_192.
Also moved the KECCAK_KMAC_128/256 entries to this internal table
since it is only used by KMAC.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Tue, 1 Oct 2024 02:35:43 +0000 (12:35 +1000)]
Add LMS Signature verification.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
This uses OSSL_DECODER_CTX_new_for_pkey().
"XDR" can be specified for the input type, and the key type is "LMS"
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Thu, 3 Oct 2024 01:16:15 +0000 (11:16 +1000)]
Add base code to load a LMS public key.
This loads a XDR encoded LMS public key.
It adds a simple LMS keymanager to import this key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
slontis [Thu, 3 Oct 2024 01:10:01 +0000 (11:10 +1000)]
Add Configurable "lms" option
This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
- prevent fixed-digest HKDF from having its digest changed
- implement gettable params in HKDF
- update fixed-digest HKDF tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)
Add HKDF-SHA256, HKDF-SHA384 and HKDF-SHA512 which are versions
of HKDF that have the digest pre-set. The digest cannot be changed
for contexts of these types.
RFC 8619 defines algorithm identifiers for these combinations.
These algorithm identifiers will be used in future features, e.g.
KEMRecipientInfo.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)
Fixes: https://github.com/openssl/project/issues/1267 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27989)
Fixes: https://github.com/openssl/project/issues/1267 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27989)
Neil Horman [Tue, 1 Jul 2025 18:19:17 +0000 (14:19 -0400)]
Fixup non-optional use of IO::Socket::IP
IO::Socket::IP is an optionally used package in our perl scripts, and a
recent change of mine used it unilaterally, causing breakage on older
perl installations. Fix it up to use it optionally again, falling back
to IO::Socket::INET when needed.
Fixes #27940
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27941)
Theo Buehler [Wed, 9 Jul 2025 09:33:57 +0000 (11:33 +0200)]
Update rpki-client-portable to fix build
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28004)
Daniel Frink [Mon, 9 Jun 2025 21:26:32 +0000 (16:26 -0500)]
Separate public and private ML-KEM allocations
Previously, this change had grouped the public and private
portions of the ML-KEM key structure into one allocation that
was changed to use secure memory. There were concerns raised
that there may be use cases where storage of many ML-KEM public
keys may be necessary. Since the total secure memory size is configured
by the user, reduce the footprint of secure memory usage to
reduce the impact of these changes on users of these flows.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27625)
Julian Zhu [Wed, 28 May 2025 05:24:24 +0000 (13:24 +0800)]
RISC-V: Provide optimized SM3 implementation using Zbb extension
Signed-off-by: Julian Zhu <julian.oerv@isrc.iscas.ac.cn> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27709)
Neil Horman [Fri, 4 Jul 2025 11:57:19 +0000 (07:57 -0400)]
Add .[ch].in files to ctags
Pull in our templates for various c and h files for searching
Fixes #27966
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27967)
Neil Horman [Wed, 2 Jul 2025 11:03:36 +0000 (07:03 -0400)]
Update util/analyze-contention-log.sh
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27912)
Neil Horman [Thu, 26 Jun 2025 17:38:43 +0000 (13:38 -0400)]
Add lock contention log analyzer
With the introduction of REPORT_RWLOCK_CONTENTION, it would be nice
if we could do some quick analysis on it.
This script parses the log, and generates a histogram of lock contention
events, uniquely identified by the stack trace that caused it, and
prints out all unique latency event, sorted from largest (as measured
by cumulative latency in that path).
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27912)
Matt Caswell [Thu, 3 Jul 2025 13:45:09 +0000 (14:45 +0100)]
Fix some conversion from size_t to const int errors
When #27806 was merged these fixes were missed
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27960)
The check-ansi job is failing in the openssl-3.5 branch as a result of commit 60775e3. Fix that.
I guess this job doesn't run on PRs in master?
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27944)
Andrew Dinh [Tue, 24 Jun 2025 12:26:38 +0000 (19:26 +0700)]
Add stream type flags to SSL_accept_stream
Introduces SSL_ACCEPT_STREAM_UNI and SSL_ACCEPT_STREAM_BIDI flags to SSL_accept_stream, allowing callers to specify whether to accept only unidirectional or bidirectional streams. Returns the first of its type from the queue
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27883)
Neil Horman [Wed, 25 Jun 2025 18:26:24 +0000 (14:26 -0400)]
Remove need for BN_BLINDING lock
Issue https://github.com/openssl/project/issues/1245 has identified that
we encounter a significant amount of time waiting to acquire the
BN_BLINDING_lock when running our handshake perf test with 10 threads
using an rsa key. Specifically, with 10 threads we spend about 19327731
usecs just waiting. So it would be great if we could eliminate the need
to get the write lock here.
Currently, the need for the lock is based off the fact that each rsa key
has only a single blinding pointer, for which exclusive access is
needed, with an attempt to use a fallback mt_blinding pointer in the
shared case. If a key is shared by many threads, then we find ourselves
needing to maniuplate this lock quite frequently if we are doing lots of
ssl connections.
To address this, I've come up with this approach. It replaces the
blinding pointer with a pointer to a sparse array. The sparse array is
then indexed by thread id. This allows us to do two things:
When getting the blinding, we only need to take the read lock in the
common case when looking up this threads blinding structure. Only in
the first lookup for any thread do we need to take the write side lock
when updating the table, and only then for a very brief critical section
(i.e. we don't need to hold the lock when allocating/setting the
blinding up via RSA_setup_blinding
This trades off some extra memory usage for the above significant
reduction in execution time.
it also allows us to simplify the blinding code quite a bit by
eliminating the need to handle shared blindings because blindings are
never shared anymore
Fixes openssl/project#1245
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27913)
projects / thirdparty / openssl.git / log
