summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Configure: add thread-pool and default-thread-poolČestmír Kalina2022-10-171-1/+23
| | | | | | | | Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12255)
* Coverity 1515953: negative loop boundPauli2022-10-141-2/+3
| | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19413)
* Fix LLVM vs Apple LLVM version numbering confusion, for $avx512ifmaRichard Levitte2022-10-133-6/+33
| | | | | | | | | | | | | | | | Apple LLVM has a different version numbering scheme than upstream LLVM. That makes for quite a bit of confusion. https://en.wikipedia.org/wiki/Xcode#Toolchain_versions to the rescue, they have collected quite a lot of useful data. This change is concentrated around the `$avx512ifma` flag Fixes #16670 for the master branch Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19361)
* Add translation for ECX group parameterJuergen Christ2022-10-131-1/+36
| | | | | | | | | | | | | | | | | | | Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19348)
* Fix an occasional CI failure due to unaligned accessBernd Edlinger2022-10-131-7/+9
| | | | | | | | | | | | | | | | | | | This happens rarely, but only because very few CI runs use the exotic CPU type that is necessary to execute anything within rsaz_exp_x2.c and enable UBSAN at the same time. crypto/bn/rsaz_exp_x2.c:562:20: runtime error: load of misaligned address 0x612000022cc6 for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment 0x612000022cc6: note: pointer points here 84 a3 78 e0 8e 8d 4a a5 51 9c 57 d0 d6 41 f3 26 d1 4e e1 98 42 b5 3a 9f 04 f1 73 d2 1d bf 73 44 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crypto/bn/rsaz_exp_x2.c:562:20 in ../../util/wrap.pl ../../fuzz/server-test ../../fuzz/corpora/server => 1 not ok 2 - Fuzzing server Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19394)
* Improve performance of the encoder collectionslontis2022-10-131-29/+51
| | | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19344)
* PKCS12_SAFEBAG_set0_attrs: Remove const from function signatureDaniel Fiala2022-10-133-4/+4
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19359)
* Fix typo in PKCS12_SAFEBAG_set0_attrsDaniel Fiala2022-10-131-1/+1
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19359)
* optimize ossl_sm4_set_key speedzhangzhilei2022-10-131-13/+24
| | | | | | | | | | | | | | | this optimization comes from libgcrypt, increse about 48% speed Benchmark on my AMD Ryzen Threadripper 3990X before: Did 5752000 SM4 setup operations in 1000151us (5751131.6 ops/sec) after: Did 8506000 SM4 setup operations in 1000023us (8505804.4 ops/sec) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19270)
* Update CHANGES.md and NEWS.md for new releaseMatt Caswell2022-10-122-1/+141
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19379)
* Add a test for TLSv1.3 only client sending a correct key_shareMatt Caswell2022-10-122-253/+1052
| | | | | | | | Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19317)
* Add a test for where a client sends a non-TLSv1.3 key shareMatt Caswell2022-10-121-10/+40
| | | | | | | | This should not happen but we should tolerate and send an HRR Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19317)
* Ensure that the key share group is allowed for our protocol versionMatt Caswell2022-10-122-2/+15
| | | | | | | | | We should never send or accept a key share group that is not in the supported groups list or a group that isn't suitable for use in TLSv1.3 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19317)
* Fix a return value in tls_default_read_nMatt Caswell2022-10-121-2/+7
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Introduce a step to prepare the BIO before writingMatt Caswell2022-10-127-19/+44
| | | | | | | | This removes some KTLS specific code from tls_retry_write_records(). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Remove ktls specific code from tls_setup_write_buffersMatt Caswell2022-10-121-19/+16
| | | | | | | | The KTLS code no longer calls this function so this is not necessary. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Add a post encryption processing stepMatt Caswell2022-10-127-68/+103
| | | | | | | | For example in this we add the MAC if we are doing encrypt-then-mac. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Add a prepare for encryption stepMatt Caswell2022-10-127-44/+97
| | | | | | | | | | This applies any mac that might be necessary, ensures that we have enough space in the WPACKET to perform the encryption and sets up the SSL3_RECORD ready for that encryption. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Move record padding out of tls_common.cMatt Caswell2022-10-127-54/+79
| | | | | | | | | Only tls13_meth.c needs to handle adding record padding. All other *_meth.c files can ignore it. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Don't check whether we are using KTLS before calling the cipher functionMatt Caswell2022-10-121-12/+9
| | | | | | | | | The KTLS cipher function is a no-op so it doesn't matter if we call it. We shouldn't special case KTLS in tls_common.c Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Defer record header preparation to the protocol methodsMatt Caswell2022-10-127-38/+76
| | | | | | | | | We introduce a new function to prepare the record header. KTLS has its own version since this is done by the kernel. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Abstract out the record type processingMatt Caswell2022-10-127-12/+34
| | | | | | | | | Remove TLSv1.3 specific processing of the record type out of tls_common.c and into tls13_meth.c Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Defer write buffer and WPACKET allocation/initialisation to protocol codeMatt Caswell2022-10-127-116/+285
| | | | | | | | | We move some protocol specific code for write buffer and WPACKET allocation and initialisation out of tls_common.c and into the protocol specific files. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Remove an old TODO from the codeMatt Caswell2022-10-121-1/+0
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Use the configured max_send_fragment value in the write record layerMatt Caswell2022-10-128-35/+67
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Remove enc_write_stateMatt Caswell2022-10-127-69/+19
| | | | | | | | | | | | | This field was used to track whether a cipher ctx was valid for writing or not, and also whether we should write out plaintext alerts. With the new record layer design we no longer need to track whether a cipher ctx is valid since the whole record layer will be aborted if it is not. Also we have a different mechanism for tracking whether we should write out plaintext alerts. Therefore this field is removed from the SSL object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Remove some unneeded usage of the SSL_CONNECTION objectMatt Caswell2022-10-121-25/+14
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Remove most of the DTLS special casing from the write record codeMatt Caswell2022-10-121-74/+20
| | | | | | | | Most of this was unnecessary anyway since DTLS isn't using these codepaths. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Convert the TLSv1.3 crypto code to the new write record layerMatt Caswell2022-10-129-274/+52
| | | | | | | | | We also clean up some of the KTLS code while we are doing it now that all users of KTLS have been moved to the new write record layer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Add vpaes-loongarch64.pl module.zhuchen2022-10-123-0/+1016
| | | | | | | | | | | Add 128 bit lsx vector expansion optimization code of Loongarch64 architecture to AES. The test result on the 3A5000 improves performance by about 40%~50%. Signed-off-by: zhuchen <zhuchen@loongson.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19364)
* Add LoongArch64 cpuid and OPENSSL_loongarchcap_Pzhuchen2022-10-125-0/+155
| | | | | | | | | | | | | Loongarch64 architecture defines 128 bit vector extension lsx and 256 bit vector extension lasx. The cpucfg instruction can be used to obtain whether the CPU has a corresponding extension. This part of code is added to prepare for the subsequent addition of corresponding vector instruction optimization. Signed-off-by: zhuchen <zhuchen@loongson.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19364)
* nit: fix some pointer comparisonsFdaSilvaYY2022-10-121-11/+11
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* apps & al : Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-1215-27/+27
| | | | | | | | | | | | Mostly revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-126-45/+45
| | | | | | | | | | | | Partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* crypto/*: Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-1221-98/+98
| | | | | | | | | | | | partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* crypto: Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-1220-67/+67
| | | | | | | | | | | | partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - file name -> filename - host name -> hostname Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* eckey_priv_encode(): Call ASN1_STRING_free() only on an ASN1_STRINGTomas Mraz2022-10-111-9/+9
| | | | | | | | | | | Also ASN1_OBJECT_free() never needs to be called on objects returned from OBJ_nid2obj(). Fixes #19138 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19367)
* test: condition out code that relies on CHACHA.Pauli2022-10-102-3/+27
| | | | | | | | | | | | | Run checker does a no-chacha build and tests fail because it can't be fetched. Fixes #19363 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19366)
* Align util/libcrypto.num with the openssl-3.0 branchRichard Levitte2022-10-101-2/+2
| | | | | | | | | | | OPENSSL_strcasecmp() and OPENSSL_strncasecmp() appeared in OpenSSL 3.0.3, and were assigned numbers in util/libcrypto.num. These numbers must be transported up to the master branch as long as development of OpenSSL 3.x is going on there (as indicated by the version info found in VERSION.dat). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19357)
* Fixed some grammar and spellingThiago Suchorski2022-10-0911-64/+64
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/19262)
* Fix older clang warning on initializationTomas Mraz2022-10-071-1/+4
| | | | | | | | We use memset() instead. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19311)
* Add design document for the QUIC Stream Receive Buffers moduleTomas Mraz2022-10-071-0/+131
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19149)
* set MGF1 digest correctlyJames Muir2022-10-072-3/+61
| | | | | | | | | | | | | Fixes #19290 update rsa_set_ctx_params() so that the digest function used in the MGF1 construction is set correctly. Add a test for this to evp_extra_test.c based on the code scaro-axway provided in #19290. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19342)
* Update the SSL_CTX_set1_groups documentationMatt Caswell2022-10-071-7/+9
| | | | | | | | Mention the brainpool curves in the documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
* Add some more brainpool tests for TLSv1.3Matt Caswell2022-10-073-451/+666
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
* Reimplement brainpool TLSv1.3 support group supportMatt Caswell2022-10-079-11/+52
| | | | | | | | Create new TLS_GROUP_ENTRY values for these groups. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
* Partial revert and reimplement "Enable brainpool curves for TLS1.3"Matt Caswell2022-10-077-82/+6
| | | | | | | | | | | | | This partially reverts commit 0a10825a0 in order to reimplement it in a simpler way in the next commit. The reverted aspects are all related to the TLSv1.3 brainpool curves in the supported_groups extension. Rather than special casing the handling of these curves we simply add new entries to the groups table to represent them. They can then be handled without any additional special casing. This makes the code simpler to maintain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
* Fix crypto/dso/dso_vms.cRichard Levitte2022-10-071-0/+3
| | | | | | | | | | In the "Stop raising ERR_R_MALLOC_FAILURE in most places" commit, some fixes of this file weren't done quite right, leading to a symbol being undeclared depending on building circumstances. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19360)
* Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branchRichard Levitte2022-10-0742-117/+118
| | | | | | | | | | 3.1 has been decided to be a FIPS 140-3 release, springing from the branch openssl-3.0, and the master branch to continue with the development of OpenSSL 3.2. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19350)
* VMS: For executables, process the use of /INCLUDE=main a bit differentlyRichard Levitte2022-10-061-8/+11
| | | | | | | | | The way it was implemented didn't play well with perl's join(), so it's reimplemented a bit differently. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19347)
View Lorry Controller Status