[openssl/openssl] ee2462: Refactor: a separate func for provider activation ...
Matt Caswell
noreply at github.com
Mon Nov 21 09:59:09 UTC 2022
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: ee246234bf591cd2a9779a4ad3a2ee3c53848213
https://github.com/openssl/openssl/commit/ee246234bf591cd2a9779a4ad3a2ee3c53848213
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/provider_conf.c
Log Message:
-----------
Refactor: a separate func for provider activation from config
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17099)
(cherry picked from commit 07ba69483a7d8005a53284cbde55b9dac8c5c554)
Commit: 8436ef8bdb96c0a977a15ec707d28404d97c3a6c
https://github.com/openssl/openssl/commit/8436ef8bdb96c0a977a15ec707d28404d97c3a6c
Author: Hugo Landau <hlandau at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/bio/bss_core.c
M crypto/context.c
M crypto/core_namemap.c
M crypto/encode_decode/decoder_meth.c
M crypto/encode_decode/encoder_meth.c
M crypto/evp/evp_fetch.c
M crypto/initthread.c
M crypto/property/defn_cache.c
M crypto/property/property.c
M crypto/property/property_string.c
M crypto/provider_child.c
M crypto/provider_conf.c
M crypto/provider_core.c
M crypto/rand/rand_lib.c
M crypto/self_test_core.c
M crypto/store/store_meth.c
M doc/internal/man3/ossl_lib_ctx_get_data.pod
A include/crypto/context.h
M include/internal/cryptlib.h
M providers/fips/fipsprov.c
M providers/implementations/rands/crngt.c
M providers/implementations/rands/drbg.c
M test/context_internal_test.c
Log Message:
-----------
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA
This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized
eagerly rather than lazily, which avoids the need for locking on access
in most cases.
Fixes #17116.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17881)
(cherry picked from commit 927d0566ded0dff9d6c5abc8a40bb84068446b76)
Commit: a48081ac606c7bbce5e3adad7ad2d6dfc1b4f215
https://github.com/openssl/openssl/commit/a48081ac606c7bbce5e3adad7ad2d6dfc1b4f215
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/params.c
Log Message:
-----------
OSSL_PARAM_get_*_ptr: Drop errors from ptr/string mismatch
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17997)
(cherry picked from commit 327a720d5dd011b853acbdd0223933f6ecd22928)
Commit: 519481c7748dded8577164f137f62ecd9424b7be
https://github.com/openssl/openssl/commit/519481c7748dded8577164f137f62ecd9424b7be
Author: Todd C. Miller <Todd.Miller at quest.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M Configurations/10-main.conf
Log Message:
-----------
Add -static-libgcc to solaris-sparcv7-gcc shared_ldflag
This avoids a run-time dependency on libgcc_s.so which may not be
present on all systems. OpenSSL already uses -static-libgcc for
the solaris-x86-gcc and solaris64-x86_64-gcc configurations.
CLA: trivial
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14538)
(cherry picked from commit 1c529128f53ed1cb33a829dafe7fb4201c7ce69a)
Commit: 553e125aff68274e9a5883fd7d51a7c57e60734e
https://github.com/openssl/openssl/commit/553e125aff68274e9a5883fd7d51a7c57e60734e
Author: Hugo Landau <hlandau at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/context.c
M include/internal/cryptlib.h
Log Message:
-----------
Remove unused libctx functions (runonce, onfree)
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18031)
(cherry picked from commit ed7c64fc540c5808efe4092465af1147c76555a1)
Commit: 2535075bf0bd1a599a7f483d06b3ef019104ee7c
https://github.com/openssl/openssl/commit/2535075bf0bd1a599a7f483d06b3ef019104ee7c
Author: Daniel Hu <Daniel.Hu at arm.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/evp/e_sm4.c
A crypto/sm4/asm/vpsm4-armv8.pl
M crypto/sm4/build.info
M include/crypto/sm4_platform.h
M providers/implementations/ciphers/cipher_sm4_gcm_hw.c
M providers/implementations/ciphers/cipher_sm4_hw.c
Log Message:
-----------
SM4 optimization for ARM by ASIMD
This patch optimizes SM4 for ARM processor using ASIMD instruction
It will improve performance if both of following conditions are met:
1) Input data equal to or more than 4 blocks
2) Cipher mode allows parallelism, including ECB,CTR,GCM or CBC decryption
This patch implements SM4 SBOX lookup in vector registers, with the
benefit of constant processing time over existing C implementation.
It is only enabled for micro-architecture N1/V1. In the ideal scenario,
performance can reach up to 2.7X
When either of above two conditions is not met, e.g. single block input
or CFB/OFB mode, CBC encryption, performance could drop about 50%.
The assembly code has been reviewed internally by ARM engineer
Fangming.Fang at arm.com
Signed-off-by: Daniel Hu <Daniel.Hu at arm.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17951)
(cherry picked from commit 4908787f21f4f5fa24b721ed3ebbc4d3e93ef70c)
Commit: e3bcb12b6e9a07d7c65f979c99d36df99583bc3b
https://github.com/openssl/openssl/commit/e3bcb12b6e9a07d7c65f979c99d36df99583bc3b
Author: Juergen Christ <jchrist at linux.ibm.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/s390xcap.c
M doc/man3/OPENSSL_s390xcap.pod
Log Message:
-----------
s390: Add new machine generation
Allow to specify "z16" as machine generation in environment variable
OPENSSL_s390xcap. It is an alias for "z15".
Signed-off-by: Juergen Christ <jchrist at linux.ibm.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18054)
(cherry picked from commit 42f111ad41141e2ecd67f0a6954625a5ad01890b)
Commit: 0c6bca7908523cd26acfd43c8841a5f199d7b45e
https://github.com/openssl/openssl/commit/0c6bca7908523cd26acfd43c8841a5f199d7b45e
Author: bobwirka <bobwirka at yahoo.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M demos/README.txt
A demos/sslecho/A-SSL-Docs.txt
A demos/sslecho/README.md
A demos/sslecho/cert.pem
A demos/sslecho/key.pem
A demos/sslecho/main.c
A demos/sslecho/makefile
Log Message:
-----------
Added Simple SSL Echo Client/Server to demos.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17260)
(cherry picked from commit 801c638c50406c93d683c1ab8bd1d430cff4b6d0)
Commit: a06a72f797d615eefb47dbc5037cb90f8f87027a
https://github.com/openssl/openssl/commit/a06a72f797d615eefb47dbc5037cb90f8f87027a
Author: philippe lhardy <pl at artisanlogiciel.net>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M demos/sslecho/main.c
Log Message:
-----------
fix for sslecho in demos echoing garbage #18165
- getline does set &txbufp content at return, make sure it can be done.
- fixes warning 'passing argument 1 of ‘getline’ from incompatible pointer type'
- remove OPENSSL_free on non allocated fixed size array
- fixes 'free(): invalid pointer'
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18177)
(cherry picked from commit 3c0e8bc4a797d29b2152aebc6e687ddfa941160b)
Commit: afb3f8ad95f8f72635788931f1e24b99ec01c517
https://github.com/openssl/openssl/commit/afb3f8ad95f8f72635788931f1e24b99ec01c517
Author: cuishuang <imcusg at gmail.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M providers/implementations/kdfs/x942kdf.c
Log Message:
-----------
fix some typos
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18023)
(cherry picked from commit 1ab8b7cd3bef5ae3bcb516a1c2f2fff4abd63c5b)
Commit: a44616e9464a9f07188a0d0fb9b96995b1531342
https://github.com/openssl/openssl/commit/a44616e9464a9f07188a0d0fb9b96995b1531342
Author: Tom Cosgrove <tom.cosgrove at arm.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/aes/asm/bsaes-armv8.pl
Log Message:
-----------
Fix gcc 6.3 builds of aarch64 BSAES
gcc6.3 doesn't seem to support the register aliases fp and lr for x29 and x30,
so use the x names.
Fixes #18114
Change-Id: I077edda42af4c7cdb7b24f28ac82d1603f550108
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18127)
(cherry picked from commit 5adddcd96255112ff04b350d661518302159e7e2)
Commit: 092f0eded32ae50ffaa8c51e44c6c941f9b93562
https://github.com/openssl/openssl/commit/092f0eded32ae50ffaa8c51e44c6c941f9b93562
Author: zhouzilong <zhouzilong at uniontech.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/x509/t_x509.c
Log Message:
-----------
Clear unused variables in X509_print_ex()
CLA: trivial
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18167)
(cherry picked from commit 36699c12d37c5bef000cbe3d9b4b2b89bee4e17e)
Commit: dbe58ce23e7b51a130726687fd4b9820f46bb937
https://github.com/openssl/openssl/commit/dbe58ce23e7b51a130726687fd4b9820f46bb937
Author: yavtuk <yavtuk at ya.ru>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/arm64cpuid.pl
Log Message:
-----------
Prefer .inst rather than .long for probe instructions in arm64cpuid.pl
Fixes an issue disassembling the functions because the symtab contains
an attribute indicating the presence of data within them.
CLA: trivial
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18086)
(cherry picked from commit 4d63eaf99b4c546fede9a732c2693d0b84641cf9)
Commit: 708bf3dde8f53446cccded5dadafb853e7e9d38b
https://github.com/openssl/openssl/commit/708bf3dde8f53446cccded5dadafb853e7e9d38b
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/evp/digest.c
M crypto/evp/m_sigver.c
M include/crypto/evp.h
Log Message:
-----------
evp_md_init_internal: Avoid reallocating algctx if digest unchanged
Fixes #16947
Also refactor out algctx freeing into a separate function.
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18105)
(cherry picked from commit fe5c5cb85197aec7d68ab095b866ed22076850d0)
Commit: b9b91dad9f1cae0b218fcb57a4545027c4951678
https://github.com/openssl/openssl/commit/b9b91dad9f1cae0b218fcb57a4545027c4951678
Author: Jonathan Swinney <jswinney at amazon.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
A crypto/md5/asm/md5-aarch64.pl
M crypto/md5/build.info
M crypto/md5/md5_local.h
Log Message:
-----------
md5: add assembly implementation for aarch64
This change improves md5 performance significantly by using a hand-optimized
assembly implementation of the inner loop of md5 calculation. The instructions
are carefully ordered to separate data dependencies as much as possible.
Test with:
$ openssl speed md5
AWS Graviton 2
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
md5 46990.60k 132778.65k 270376.96k 364718.08k 405962.75k 409201.32k
md5-modified 51725.23k 152236.22k 323469.14k 453869.57k 514102.61k 519056.04k
+10% +15% +20% +24% +27% +27%
Apple M1
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
md5 74634.39k 195561.25k 375434.45k 491004.23k 532361.40k 536636.48k
md5-modified 84637.11k 229017.09k 444609.62k 588069.50k 655114.24k 660850.56k
+13% +17% +18% +20% +23% +23%
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16928)
(cherry picked from commit 04904a0fff639c058d38b355d75485ca5dde0a89)
Commit: a14eff6319ec254901e051d61e93d3272c451ebe
https://github.com/openssl/openssl/commit/a14eff6319ec254901e051d61e93d3272c451ebe
Author: Daniel Hu <Daniel.Hu at arm.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/arm64cpuid.pl
M crypto/arm_arch.h
M crypto/armcap.c
A crypto/chacha/asm/chacha-armv8-sve.pl
M crypto/chacha/asm/chacha-armv8.pl
M crypto/chacha/build.info
Log Message:
-----------
Acceleration of chacha20 on aarch64 by SVE
This patch accelerates chacha20 on aarch64 when Scalable Vector Extension
(SVE) is supported by CPU. Tested on modern micro-architecture with
256-bit SVE, it has the potential to improve performance up to 20%
The solution takes a hybrid approach. SVE will handle multi-blocks that fit
the SVE vector length, with Neon/Scalar to process any tail data
Test result:
With SVE
type 1024 bytes 8192 bytes 16384 bytes
ChaCha20 1596208.13k 1650010.79k 1653151.06k
Without SVE (by Neon/Scalar)
type 1024 bytes 8192 bytes 16384 bytes
chacha20 1355487.91k 1372678.83k 1372662.44k
The assembly code has been reviewed internally by
ARM engineer Fangming.Fang at arm.com
Signed-off-by: Daniel Hu <Daniel.Hu at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17916)
(cherry picked from commit b1b2146ded9ce5a84c62f30c6c4a922b449f6c90)
Commit: f68b78e307661a23275d42497cf5121b6846689b
https://github.com/openssl/openssl/commit/f68b78e307661a23275d42497cf5121b6846689b
Author: JHH20 <jhh.20 at icloud.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M apps/lib/apps.c
M apps/s_server.c
M crypto/cmp/cmp_http.c
M crypto/cms/cms_lib.c
M crypto/crmf/crmf_pbm.c
M crypto/dh/dh_kdf.c
M crypto/evp/evp_fetch.c
M crypto/evp/p_seal.c
M crypto/sm2/sm2_sign.c
M providers/implementations/digests/sha2_prov.c
M providers/implementations/kdfs/scrypt.c
M providers/implementations/rands/seeding/rand_unix.c
M providers/implementations/signature/dsa_sig.c
M providers/implementations/signature/eddsa_sig.c
M ssl/statem/extensions.c
Log Message:
-----------
Remove duplicated #include headers
CLA: trivial
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18220)
(cherry picked from commit e257d3e76ffb848b7607b04057257323dc51c3b4)
Commit: 4a929c7c5cb06dcf1952691ee8732007cc1a41d4
https://github.com/openssl/openssl/commit/4a929c7c5cb06dcf1952691ee8732007cc1a41d4
Author: Pauli <pauli at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/encode_decode/decoder_meth.c
M crypto/encode_decode/encoder_meth.c
M crypto/evp/evp_fetch.c
M crypto/evp/evp_local.h
M crypto/evp/keymgmt_meth.c
M crypto/store/store_local.h
M crypto/store/store_meth.c
M doc/internal/man3/evp_generic_fetch.pod
M include/crypto/decoder.h
M include/crypto/encoder.h
Log Message:
-----------
Remove the _fetch_by_number functions
These functions are unused and untested. They are also implemented rather
inefficiently. If we ever needed them in the future, they'd almost surely
need to be rewritten more efficiently.
Fixes #18227
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18237)
(cherry picked from commit 16ff70a58cfb5c40197e6a940cf4666226f31b79)
Commit: a8b6c9f83ce49b6192137c7600532441db885e19
https://github.com/openssl/openssl/commit/a8b6c9f83ce49b6192137c7600532441db885e19
Author: Pauli <pauli at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M NEWS.md
M ssl/ssl_cert.c
M test/bad_dtls_test.c
M test/recipes/80-test_ssl_old.t
M test/ssl-tests/20-cert-select.cnf
M test/ssl-tests/20-cert-select.cnf.in
Log Message:
-----------
tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above
This is in line with the NEWS entry (erroneously) announcing such for 3.0.
Fixes #18194
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
(cherry picked from commit 7bf2e4d7f0c7ae19b7a8c416910886a7171e9820)
Commit: 0f6ff63bdf3d83eaa7c00ef100ff570618d1768b
https://github.com/openssl/openssl/commit/0f6ff63bdf3d83eaa7c00ef100ff570618d1768b
Author: Pauli <pauli at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M doc/man3/SSL_CTX_set_security_level.pod
Log Message:
-----------
doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
(cherry picked from commit 54b0c534eeb283878092e006e7f1e9315ec62ad6)
Commit: b595301793cd8c944791d2da19f042eb832ad752
https://github.com/openssl/openssl/commit/b595301793cd8c944791d2da19f042eb832ad752
Author: Nathan Sidwell <nathan at acm.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M include/openssl/asn1.h.in
M include/openssl/conf.h.in
M include/openssl/dh.h
M include/openssl/dsa.h
M include/openssl/ec.h
M include/openssl/lhash.h.in
M include/openssl/pem.h
M include/openssl/pkcs12.h.in
M include/openssl/pkcs7.h.in
M include/openssl/rsa.h
M include/openssl/ssl.h.in
M include/openssl/ts.h
M include/openssl/x509.h.in
M include/openssl/x509v3.h.in
Log Message:
-----------
Header file cleanup for C++20 header-units
C++20 adds 'header units' as a stepping-stone to modules. Header
units are regular header-files that have a 'self-contained' property
-- they do not require previously-included headers to provide typedefs
and what not.
This addresses 2 problems discovered when using clang modules (as a
proxy for C++20 header-units).
a) Some headers that pay attention to OPENSSL_NO_STDIO to determine
whether to declare certain FILE*-taking functions do not #include
<stdio.h> themselves, relying on their includer already having done
that. That breaks the above mentioned encapuslation requirement.
Fixed by conditionally including stdio.h in those headers. I chose to
always include stdio.h in such headers, even when they included
another such header that transitively included stdio. That way they
do not rely on an artifact of that intermediate header's behaviour.
b) Some headers have #includes inside 'extern "C" { ... }' regions.
That has a bad code-smell, but GCC and clang have extensions to permit
it with implementation-defined effects. Clang needs annotation on the
included files to know that they themselves are entirely inside a
similar region. GCC behavesq as-if there's an extern "C++" region
wrapping the included header (which must therefore wrap its contents
in extern "C", if that is what it wants. In effect the includer's
extern "C" region is just misleading. I didn't audit all the headers
for this, only those I noticed when addressing #a.
\#a is necessary to build the headers as a set of clang-modules. #b
is not necessary, but as I mentioned, avoids potentially
implementation-defined behaviour.
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18221)
(cherry picked from commit eab9dbbdd1f102dc1a26549a77fcc5c167385cd5)
Commit: 9c5104948b83155a928bdd8c88c01a9f6adaeb32
https://github.com/openssl/openssl/commit/9c5104948b83155a928bdd8c88c01a9f6adaeb32
Author: Max Bachmann <kontakt at maxbachmann.de>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/bio/bio_addr.c
M crypto/bio/bio_local.h
M crypto/bio/bss_acpt.c
M crypto/bio/bss_conn.c
Log Message:
-----------
Exclude IPv6 code using OPENSSL_USE_IPV6 instead of AF_INET6
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18250)
(cherry picked from commit 836bb0890dc4d139215824cc9ac35591361f8117)
Commit: c606775c4e402561aa037155fd1a1a3baf6b4318
https://github.com/openssl/openssl/commit/c606775c4e402561aa037155fd1a1a3baf6b4318
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/evp/digest.c
Log Message:
-----------
evp_md: assert digest is provided for algctx reuse
When reusing an algctx (it was always freed on reinitialization,
prior to #18105), assert that the associated digest is provided.
We implicitly rely on this for algctx reuse to be safe (since
an implicit fetch could potentially change the digest object used,
including provider, which accordingly could change the layout of the
algctx object.
>From code inspection, this is currently always the case -- the only
way to set an algctx requires the provider to be set, and the only
ways to change or remove a provider without destroying the entier
EVP_MD_CTX will also free the algctx. Adding an assertion will help
ensure that this remains true as the code evolves.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18224)
(cherry picked from commit 221d65ba534d23a240ccadd0c2679b222aae35b1)
Commit: 45e16e9e45dee677e0daa9f6832b5ae605c1eab4
https://github.com/openssl/openssl/commit/45e16e9e45dee677e0daa9f6832b5ae605c1eab4
Author: Mark Fedorov <mark.fedorov at cloudbear.ru>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/sha/sha256.c
Log Message:
-----------
RISC-V support for the SHA256
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16710)
(cherry picked from commit 657d1927c68bdc3fb0250d16df2a8439e8e043f1)
Commit: 5c03d5ddce0f3183a24868eb515bf615bc515314
https://github.com/openssl/openssl/commit/5c03d5ddce0f3183a24868eb515bf615bc515314
Author: Henry Brausen <henry.brausen at vrull.eu>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M Configurations/10-main.conf
M crypto/sha/sha256.c
M crypto/sha/sha512.c
Log Message:
-----------
Add riscv64 asm_arch to linux64-riscv64 target
Reviewed-by: Philipp Tomsich <philipp.tomsich at vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen at vrull.eu>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18275)
(cherry picked from commit cb2764f2a8165421dc5ab52159af99cbf766fa2c)
Commit: e12f0f11b3051e403736ea349aa47c3e5e7364d1
https://github.com/openssl/openssl/commit/e12f0f11b3051e403736ea349aa47c3e5e7364d1
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M providers/implementations/include/prov/ciphercommon.h
Log Message:
-----------
Make IV/buf in prov_cipher_ctx_st aligned
Make IV/buf aligned will drastically improve performance
as some architecture performs badly on misaligned memory
access.
Ref to
https://gist.github.com/ZenithalHourlyRate/7b5175734f87acb73d0bbc53391d7140#file-2-openssl-long-md
Ref to
openssl#18197
Signed-off-by: Hongren (Zenithal) Zheng <i at zenithal.me>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18267)
(cherry picked from commit 2787a709c984d3884e1726383c2f2afca428d795)
Commit: 5b8b7bcbab15dd9620a2e592aeae061f9c4bf841
https://github.com/openssl/openssl/commit/5b8b7bcbab15dd9620a2e592aeae061f9c4bf841
Author: Hubert Kario <hkario at redhat.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/evp/evp_pbe.c
Log Message:
-----------
add support for SHA-3 based PRF to PBES2
As there are no limitations for HMACs used in PBKDF2 inside PBES2,
as more specifically the SHA-3 hashes are drop-in replacements for
SHA-2 hashes, we can easily add support for SHA-3 here.
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16237)
(cherry picked from commit c73ba81899c291d60851321e6de8913d4800c456)
Commit: b28fbe26f5d22c7b86ee09435ff82bd0ee1384c9
https://github.com/openssl/openssl/commit/b28fbe26f5d22c7b86ee09435ff82bd0ee1384c9
Author: Hubert Kario <hkario at redhat.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt
M test/recipes/30-test_evp_data/evppbe_pbkdf2.txt
Log Message:
-----------
add tests for PBKDF2 with SHA-3
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16237)
(cherry picked from commit 5702392f73e679fd9ed9dd912cf4c9dc613c4d71)
Commit: 1aadae96206d44c21de6b69f53729f2369e13b70
https://github.com/openssl/openssl/commit/1aadae96206d44c21de6b69f53729f2369e13b70
Author: Randall S. Becker <rsbecker at nexbridge.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M Configurations/50-nonstop.conf
M include/openssl/e_os2.h
Log Message:
-----------
Prepare NonStop for fixed-size integer types.
This commit removes platform defines the interfere with loading and resolution
of platform and memory model variants of integer types and includes the
appropriate files, stdint.h and sys/types.h where the types are defined.
Fixes #17669
Signed-off-by: Randall S. Becker <rsbecker at nexbridge.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18325)
(cherry picked from commit ec26144288fd6dce6dd76bd9e2b192b495033723)
Commit: b60603c5e3ac6396306bbaafd829f8340d22e1a0
https://github.com/openssl/openssl/commit/b60603c5e3ac6396306bbaafd829f8340d22e1a0
Author: Henry Brausen <henry.brausen at vrull.eu>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
A crypto/aes/asm/aes-riscv64.pl
M crypto/aes/build.info
Log Message:
-----------
Add AES implementation in generic riscv64 asm
This implementation is based on the four-table approach, along the same
lines as the non-constant-time implementation in aes_core.c The
implementation is in perlasm.
Utility functions are defined to automatically stack/unstack registers
as needed for prologues and epilogues. See riscv-elf-psabi-doc at
https://github.com/riscv-non-isa/riscv-elf-psabi-doc/ for ABI details.
Reviewed-by: Philipp Tomsich <philipp.tomsich at vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen at vrull.eu>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
(cherry picked from commit b3504b600c028a00f36cdbfedc928a48df9818ff)
Commit: 8448432a3be6cd5eb2576594c742e3d54d92f78a
https://github.com/openssl/openssl/commit/8448432a3be6cd5eb2576594c742e3d54d92f78a
Author: Henry Brausen <henry.brausen at vrull.eu>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/build.info
A crypto/riscv64cpuid.pl
A crypto/riscvcap.c
M doc/man7/openssl-env.pod
A include/crypto/riscv_arch.def
A include/crypto/riscv_arch.h
Log Message:
-----------
Add basic RISC-V cpuid and OPENSSL_riscvcap
RISC-V cpuid implementation allows bitmanip extensions Zb[abcs] to
be enabled at runtime using OPENSSL_riscvcap environment variable.
For example, to specify 64-bit RISC-V with the G,C,Zba,Zbb,Zbc
extensions, one could write: OPENSSL_riscvcap="rv64gc_zba_zbb_zbc"
Architecture string parsing is still very primitive, but can be
expanded in the future. Currently, only bitmanip extensions Zba, Zbb,
Zbc and Zbs are supported.
Includes implementation of constant-time CRYPTO_memcmp in riscv64 asm,
as well as OPENSSL_cleanse. Assembly implementations are written using
perlasm.
Reviewed-by: Philipp Tomsich <philipp.tomsich at vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen at vrull.eu>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
(cherry picked from commit 360f6dcc5aa1a86ec3ff9a94612b88e3d960ee2e)
Commit: 58901bfaf9f195c9056bcc4986e7d2283373ddea
https://github.com/openssl/openssl/commit/58901bfaf9f195c9056bcc4986e7d2283373ddea
Author: Henry Brausen <henry.brausen at vrull.eu>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
A crypto/modes/asm/ghash-riscv64.pl
M crypto/modes/build.info
M crypto/modes/gcm128.c
Log Message:
-----------
Add clmul-based gmult for riscv64 with Zbb, Zbc
ghash-riscv64.pl implements 128-bit galois field multiplication for
use in the GCM mode using RISC-V carryless multiplication primitives.
The clmul-accelerated routine can be selected by setting the Zbb and
Zbc bits of the OPENSSL_riscvcap environment variable at runtime.
Reviewed-by: Philipp Tomsich <philipp.tomsich at vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen at vrull.eu>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
(cherry picked from commit 999376dcf33986c468361ede16fa9de409dc4e2e)
Commit: 2a24b6f170f5c47d0a5dc8349f6b29ab4faf21e8
https://github.com/openssl/openssl/commit/2a24b6f170f5c47d0a5dc8349f6b29ab4faf21e8
Author: Henry Brausen <henry.brausen at vrull.eu>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M include/crypto/modes.h
Log Message:
-----------
Add BSWAP4/BSWAP8 routines for riscv64 with Zbb
These routines make use of the rev8 instruction in the Zbb extension
to accelerate byte-swapping when OpenSSL is built specifically for
a machine that supports Zbb.
Reviewed-by: Philipp Tomsich <philipp.tomsich at vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen at vrull.eu>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
(cherry picked from commit e4fd3fc379d76d9cd33ea6699268485606447737)
Commit: 8af5c6c4d340961dcb853a6126831ebc5a86b311
https://github.com/openssl/openssl/commit/8af5c6c4d340961dcb853a6126831ebc5a86b311
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/core_namemap.c
Log Message:
-----------
ossl_namemap_name2_num: Avoid unnecessary OPENSSL_strndup().
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18341)
(cherry picked from commit dab5098eacb9e264c32a33332ba047f234a3de68)
Commit: fca5d6a2b76d0c1f20e63cec5ac1b927eeba7b43
https://github.com/openssl/openssl/commit/fca5d6a2b76d0c1f20e63cec5ac1b927eeba7b43
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/core_namemap.c
M doc/internal/man3/ossl_namemap_new.pod
M include/internal/namemap.h
Log Message:
-----------
Drop ossl_namemap_add_name_n() and simplify ossl_namemap_add_names()
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18341)
(cherry picked from commit b00cf0e790661636e1df1026554f712cc513592d)
Commit: d295e4b1da6d223242eb43bfae10479616c5236d
https://github.com/openssl/openssl/commit/d295e4b1da6d223242eb43bfae10479616c5236d
Author: Pauli <pauli at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/lhash/lhash.c
Log Message:
-----------
performance: improve ossl_lh_strcasehash
This improvement seems to roughly halve the time it takes to run the
ossl_lh_strcasehash function.
It should have no impact on the strings we hash and search for often (algorithm
names, property strings).
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18354)
(cherry picked from commit a4e21d18d5b7cb4fef66c10f13b1b3b55945439f)
Commit: 2e7f6ca65d49b9321431192f916667e29651c851
https://github.com/openssl/openssl/commit/2e7f6ca65d49b9321431192f916667e29651c851
Author: XiaokangQian <xiaokang.qian at arm.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/arm_arch.h
M crypto/armcap.c
Log Message:
-----------
Apply the AES-GCM unroll8 optimization patch to Neoverse N2
The loop unrolling and use of EOR3 can improve N2 performance
by up to 32%
Signed-off-by: XiaokangQian <xiaokang.qian at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18350)
(cherry picked from commit 9224a407f9bb4c2af087ecf6e691c9027b594ec0)
Commit: c251c628f807a4b9cbbab8f2dea8d2286df27dc7
https://github.com/openssl/openssl/commit/c251c628f807a4b9cbbab8f2dea8d2286df27dc7
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M Configurations/10-main.conf
Log Message:
-----------
Add riscv64 asm_arch to BSD-riscv64 target
Following cb2764f2a8 Add riscv64 asm_arch to linux64-riscv64 target
Current ASM does not have Linux specific thing thus this is
suitable for BSD
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18309)
(cherry picked from commit d1460afdfcb3c90df612896d40d35c6627a5967c)
Commit: e373c086c4daf9cbc98178a9b37d7de18f0f1de5
https://github.com/openssl/openssl/commit/e373c086c4daf9cbc98178a9b37d7de18f0f1de5
Author: Todd Short <tshort at akamai.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M test/README.ssltest.md
M test/recipes/80-test_ssl_new.t
Log Message:
-----------
Make running individual ssl-test easier
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18407)
(cherry picked from commit eec204f4b19f86e726aa09c5c919a57bdf2ee1d0)
Commit: fbb9a1f99713b5277d5658963c1706069061e015
https://github.com/openssl/openssl/commit/fbb9a1f99713b5277d5658963c1706069061e015
Author: Samuel Lee <saml at microsoft.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M include/openssl/types.h
M test/build.info
A test/build_wincrypt_test.c
Log Message:
-----------
Move types.h #undefs for wincrypt.h compatibility
+ Always undef the symbols that may have been #define-d
by wincrypt.h after the first inclusion of types.h to
avoid errors from wincrypt.h symbols being used to
compile OpenSSL code
+ Also need to remove #pragma once for this approach to work
+ Define WINCRYPT_USE_SYMBOL_PREFIX to enable wincrypt
symbol prefix at some point in future
Fixes #9981
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/18131)
(cherry picked from commit 3c58d447497b37f7b4f458aaa2956a7e226c6d65)
Commit: 73cf79101c40479b2e0d82831d7af14864b33f30
https://github.com/openssl/openssl/commit/73cf79101c40479b2e0d82831d7af14864b33f30
Author: Jiuhai Zhang <jiuhai.zhang at gmail.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/evp/e_aes.c
Log Message:
-----------
Fix code format: BLOCK_CIPHER_custom
CLA: trivial
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18412)
(cherry picked from commit 1c5a4e3b5e05494876ebba9d8272d2cbca1e20a3)
Commit: a85f5cd635d68672f1bf4bcca80d4a28d19c5678
https://github.com/openssl/openssl/commit/a85f5cd635d68672f1bf4bcca80d4a28d19c5678
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
A crypto/aes/asm/aes-riscv64-zkn.pl
Log Message:
-----------
Add AES implementation in riscv64 zkn asm
Signed-off-by: Hongren (Zenithal) Zheng <i at zenithal.me>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
(cherry picked from commit 608cadfbdbdba076a07e172f834a0afb6aafa59b)
Commit: 3c2287309c6d22d3b6751379f908d5f9f7c01cd6
https://github.com/openssl/openssl/commit/3c2287309c6d22d3b6751379f908d5f9f7c01cd6
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/aes/build.info
Log Message:
-----------
add build support for riscv64 aes zkn
Signed-off-by: Hongren (Zenithal) Zheng <i at zenithal.me>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
(cherry picked from commit 9912c38ed69c97ca737c66c68ae454c5cd265133)
Commit: 67026390bf7610be86cfcd9fe3a1f91f8efeccb8
https://github.com/openssl/openssl/commit/67026390bf7610be86cfcd9fe3a1f91f8efeccb8
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M include/crypto/riscv_arch.def
Log Message:
-----------
Add riscv scalar crypto extension capability
Signed-off-by: Hongren (Zenithal) Zheng <i at zenithal.me>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
(cherry picked from commit d5dd608364074fadbf4776142ccd8c7b268845cc)
Commit: 9243129b5f30c0d8fdbe2b78fb5b713687594b6c
https://github.com/openssl/openssl/commit/9243129b5f30c0d8fdbe2b78fb5b713687594b6c
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M include/crypto/aes_platform.h
Log Message:
-----------
aes_platform: add riscv64 zkn asm support
Signed-off-by: Hongren (Zenithal) Zheng <i at zenithal.me>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
(cherry picked from commit 77d29ff041edcdc6a3d33251d6270a4cfe0be9b3)
Commit: 03b825f74f429ede35f86f196553460810922746
https://github.com/openssl/openssl/commit/03b825f74f429ede35f86f196553460810922746
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M providers/implementations/ciphers/cipher_aes_ccm_hw.c
A providers/implementations/ciphers/cipher_aes_ccm_hw_rv64i_zknd_zkne.inc
M providers/implementations/ciphers/cipher_aes_gcm_hw.c
A providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i_zknd_zkne.inc
M providers/implementations/ciphers/cipher_aes_hw.c
A providers/implementations/ciphers/cipher_aes_hw_rv64i_zknd_zkne.inc
M providers/implementations/ciphers/cipher_aes_ocb_hw.c
M providers/implementations/ciphers/cipher_aes_xts_hw.c
Log Message:
-----------
providers: cipher: aes: add riscv64 zkn support
Signed-off-by: Hongren (Zenithal) Zheng <i at zenithal.me>
Tested-by: Jiatai He <jiatai2021 at iscas.ac.cn>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
(cherry picked from commit ee11118deb65d2b22b94721125a5649d05591e7b)
Commit: d8813ae09a2a29bcd9a9cf2f4ed9485f8801e0e2
https://github.com/openssl/openssl/commit/d8813ae09a2a29bcd9a9cf2f4ed9485f8801e0e2
Author: Billy Brumley <bbrumley at gmail.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/bn/bn_lib.c
M test/bntest.c
Log Message:
-----------
[crypto/bn] BN_consttime_swap: remove superfluous early exit
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18518)
(cherry picked from commit a644cb7c1c19c78e2ca393c8ca36989e7ca61715)
Commit: 31117e602a44e99b482d17c36208dbc78f7282a8
https://github.com/openssl/openssl/commit/31117e602a44e99b482d17c36208dbc78f7282a8
Author: Daniel Fiala <daniel at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
R Configurations/90-team.norelease.conf
Log Message:
-----------
Remove debug and other outdated build targets.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18571)
(cherry picked from commit 909d590fe7a0935e7856ec618afd652ae03a9260)
Commit: c25f2c187357c1f8d2886af1f61ebecdea4bab34
https://github.com/openssl/openssl/commit/c25f2c187357c1f8d2886af1f61ebecdea4bab34
Author: Lutz Jaenicke <ljaenicke at phoenixcontact.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
A test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem
A test/certs/ee-timestampsign-CABforum-crlsign.pem
A test/certs/ee-timestampsign-CABforum-keycertsign.pem
A test/certs/ee-timestampsign-CABforum-noncritxku.pem
A test/certs/ee-timestampsign-CABforum-serverauth.pem
A test/certs/ee-timestampsign-CABforum.pem
A test/certs/ee-timestampsign-rfc3161-digsig.pem
A test/certs/ee-timestampsign-rfc3161-noncritxku.pem
A test/certs/ee-timestampsign-rfc3161.pem
M test/certs/setup.sh
M test/recipes/25-test_verify.t
Log Message:
-----------
Add test cases for verification of time stamping certificates
Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and according to CAB forum (keyUsage
extension must be digitalSignature and be set critical) are accepted. Misuse
cases as stated in CAB forum are rejected, only exeption is a missing
"critial" flag on keyUsage.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18597)
(cherry picked from commit 386ab7f1fefdd77521e670d9593e9894e2774be0)
Commit: 2adb7908ef89a01955d9d27365aacff19edf4d57
https://github.com/openssl/openssl/commit/2adb7908ef89a01955d9d27365aacff19edf4d57
Author: Daniel Hu <Daniel.Hu at arm.com>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/chacha/asm/chacha-armv8-sve.pl
Log Message:
-----------
Optimize chacha20 on aarch64 by SVE2
This patch improves existing chacha20 SVE patch by using SVE2,
which is an optional architecture feature of aarch64, with XAR
instruction that can improve the performance of chacha20.
Signed-off-by: Daniel Hu <Daniel.Hu at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18522)
(cherry picked from commit bcb52bcc9f9c36a85d037976676fd5ca52f307cd)
Commit: 433471084e4955bbab01d1803a3cf4320031a5c3
https://github.com/openssl/openssl/commit/433471084e4955bbab01d1803a3cf4320031a5c3
Author: Hugo Landau <hlandau at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M CHANGES.md
M apps/include/function.h
M crypto/core_namemap.c
M crypto/engine/eng_local.h
M crypto/lhash/lh_stats.c
M crypto/objects/obj_local.h
M crypto/property/defn_cache.c
M crypto/property/property.c
M crypto/property/property_string.c
M crypto/store/store_local.h
M doc/internal/man7/deprecation.pod
M doc/man3/OPENSSL_LH_COMPFUNC.pod
M doc/man3/OPENSSL_LH_stats.pod
M doc/man7/migration_guide.pod
M include/internal/cryptlib.h
M include/openssl/lhash.h.in
M include/openssl/macros.h
M ssl/ssl_local.h
M test/lhash_test.c
M util/find-doc-nits
M util/libcrypto.num
M util/missingmacro.txt
M util/perl/OpenSSL/ParseC.pm
Log Message:
-----------
Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17937)
(cherry picked from commit 5317b6ee1fc3db20de5976fbb46cc49a45c0768a)
Commit: 674ecc0c5a125ec20fa09173e6f401f43d89fe05
https://github.com/openssl/openssl/commit/674ecc0c5a125ec20fa09173e6f401f43d89fe05
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/sm3/sm3_local.h
Log Message:
-----------
Add SM3 implementation in RISC-V Zksh asm
This works for both RV32 and RV64
Signed-off-by: Hongren (Zenithal) Zheng <i at zenithal.me>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18287)
(cherry picked from commit 7ae2bc9df6e0916a8f16183f07dfa1815dd4b66d)
Commit: 72f022b994050ea15482494b2169fb63eab2ac9a
https://github.com/openssl/openssl/commit/72f022b994050ea15482494b2169fb63eab2ac9a
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/sm3/sm3_local.h
M include/crypto/md32_common.h
Log Message:
-----------
Add ROTATE inline asm support for SM3
And move ROTATE inline asm to header.
Now this benefits SM3, SHA (when with Zbb only and no Zknh)
and other hash functions
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18287)
(cherry picked from commit eea820f3e239a4c11d618741fd5d00a6bc877347)
Commit: 81bfb11b8d6fae64f0476ec8309903b216a89247
https://github.com/openssl/openssl/commit/81bfb11b8d6fae64f0476ec8309903b216a89247
Author: Richard Levitte <levitte at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M Configurations/descrip.mms.tmpl
Log Message:
-----------
VMS: use selective search when linking with shareable images
VMS linking complains a lot about multiply defined symbols unless told
otherwise, especially when shareable images are involved. For example, this
involves the legacy provider, where there are overriding implementations of
certain ERR functions.
To quiet the linker down, we need to say that symbols should be searched
selectively in shareable images.
However, that's not quite enough. The order in which the VMS linker
processes files isn't necessarily top to bottom as given on the command line
or the option file(s), which may result in some symbols appearing undefined,
even though they are. To remedy that, it's necessary to explicitly include
all object files and object libraries into a cluster, thus ensuring that
they will be processed first. This allows the search for remaining symbol
references to be done in the as desired in the shareable images that follow.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19327)
(cherry picked from commit c62a9cd720eccdbb388890ee4a36801d01315be4)
Commit: 01c7d59f0358ec6cf3dd45012a2dc8abee670f3e
https://github.com/openssl/openssl/commit/01c7d59f0358ec6cf3dd45012a2dc8abee670f3e
Author: Richard Levitte <levitte at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M Configurations/descrip.mms.tmpl
Log Message:
-----------
VMS: For executables, process the use of /INCLUDE=main a bit differently
The way it was implemented didn't play well with perl's join(), so it's
reimplemented a bit differently.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19347)
(cherry picked from commit 1ec0acf264652bd981e95842723e5414d634cd93)
Commit: 713f6a14e2510b9de56559f2433da3179fdc9c84
https://github.com/openssl/openssl/commit/713f6a14e2510b9de56559f2433da3179fdc9c84
Author: Matt Caswell <matt at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M test/dtlstest.c
M test/helpers/ssltestlib.c
M test/helpers/ssltestlib.h
Log Message:
-----------
Add a DTLS next epoch test
Test that if we receive a packet from the next epoch, we can buffer it
and still use it.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18601)
(cherry picked from commit e1c153d31d4f913ebe2202a4bc20305919274d1f)
Commit: dc6daead2f2111de077e2c350d999291223fe749
https://github.com/openssl/openssl/commit/dc6daead2f2111de077e2c350d999291223fe749
Author: Max Bachmann <kontakt at maxbachmann.de>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/bio/bio_addr.c
M crypto/bio/bio_local.h
M include/internal/sockets.h
Log Message:
-----------
Add config option OPENSSL_NO_UNIX_SOCK
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18256)
(cherry picked from commit 081f3484593cdd3be2b7fdd8818c3f928ce729bc)
Commit: 1f664896b90f7e57ee831bfa38ac03992da0e2a4
https://github.com/openssl/openssl/commit/1f664896b90f7e57ee831bfa38ac03992da0e2a4
Author: Hongren (Zenithal) Zheng <i at zenithal.me>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M crypto/chacha/chacha_enc.c
Log Message:
-----------
Add ROTATE inline RISC-V zbb/zbkb asm for chacha
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18289)
(cherry picked from commit ca6286c382a7eb527fac9aba2a018354acb27b16)
Commit: ac214d7015572bd8d715d79631c2d15b6d06f6ac
https://github.com/openssl/openssl/commit/ac214d7015572bd8d715d79631c2d15b6d06f6ac
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M CHANGES.md
M crypto/dh/dh_gen.c
Log Message:
-----------
Use as small dh key size as possible to support the security
Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.
We use minimum key sizes as defined in RFC7919.
For arbitrary parameters we cannot know whether they are safe
primes (we could test but that would be too inefficient) we have
to keep generating large keys.
However we now set a small dh->length when we are generating safe prime
parameters because we know it is safe to use small keys with them.
That means users need to regenerate the parameters if they
want to take the performance advantage of small private key.
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
(cherry picked from commit ddb13b283be84d771deba1e964610b1670641f03)
Commit: 4890f26e398835dca66af837a4134ac3af6f93e7
https://github.com/openssl/openssl/commit/4890f26e398835dca66af837a4134ac3af6f93e7
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M test/recipes/20-test_dhparam.t
Log Message:
-----------
dhparam_test: Test that we add private key length on generation and print it
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
(cherry picked from commit 2b11a8ecc8ed1355b99a6d88b8e7e7a75a67bd0a)
Commit: ba86c086c72d168353434531db7954681e20ac0b
https://github.com/openssl/openssl/commit/ba86c086c72d168353434531db7954681e20ac0b
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M doc/man1/openssl-dhparam.pod.in
Log Message:
-----------
dhparam: Correct the documentation of -dsaparam
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
(cherry picked from commit 2885b2ca4eee5586baa50208e41a1ca54532eb3a)
Commit: 6f6f413312934e5ab8250741e2535293e1d7b237
https://github.com/openssl/openssl/commit/6f6f413312934e5ab8250741e2535293e1d7b237
Author: Matt Caswell <matt at openssl.org>
Date: 2022-11-21 (Mon, 21 Nov 2022)
Changed paths:
M test/dtlstest.c
Log Message:
-----------
Fix no-dtls1_2
dtlstest.c needs some adjusting to handle no-dtls1_2 since commit
7bf2e4d7f0c banned DTLSv1 at the default security level - causing the
test to fail.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18848)
(cherry picked from commit a6843e6ae8ae0551aae8555783f06dab7951f112)
Compare: https://github.com/openssl/openssl/compare/851bbd0f5710...6f6f41331293
More information about the openssl-commits
mailing list