QUIC APL: Provide the QUIC_CHANNEL with a currently unused QUIC_PORT

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

QUIC APL: Provide the QUIC_CHANNEL with a currently unused QUIC_PORT

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

show more ...

QUIC CHANNEL: Keep a reference to a QUIC_PORT

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl

QUIC CHANNEL: Keep a reference to a QUIC_PORT

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

show more ...

QUIC PORT: Add basic unwired QUIC_PORT object

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl

QUIC PORT: Add basic unwired QUIC_PORT object

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

show more ...

QUIC CHANNEL: Consolidate forward object declarations in a single header

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https:/

QUIC CHANNEL: Consolidate forward object declarations in a single header

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

show more ...

QUIC REACTOR: Add utility function for merging tick results

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/o

QUIC REACTOR: Add utility function for merging tick results

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

show more ...

list.h: Add iterator macros

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

list.h: Allow separation of declarations and function definitions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github

list.h: Allow separation of declarations and function definitions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

show more ...

Make SSL_clear_options pass new options to record layer

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas

Make SSL_clear_options pass new options to record layer

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23045)

show more ...

Bump actions/setup-python from 4.7.1 to 5.0.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setu

Bump actions/setup-python from 4.7.1 to 5.0.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.7.1...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22963)

show more ...

LoongArch64 assembly pack: Really implement OPENSSL_rdtsc

LoongArch [rdtimel.w][1] instruction reads the low 32 bits of the
64-bit stable counter, implement OPENSSL_rdtsc with it instead

LoongArch64 assembly pack: Really implement OPENSSL_rdtsc

LoongArch [rdtimel.w][1] instruction reads the low 32 bits of the
64-bit stable counter, implement OPENSSL_rdtsc with it instead of always
returning 0.

[1]:https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#_rdtimelh_w_rdtime_d

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22823)

show more ...

Update IPAddressOrRange_cmp function to handle switch case

As there is no default case for a->type or b->type in the switch()
statements, if the type does not fall into any defined cases

Update IPAddressOrRange_cmp function to handle switch case

As there is no default case for a->type or b->type in the switch()
statements, if the type does not fall into any defined cases
then memcmp() will be done on garbage data.

Adding default cases in both switches.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23082)

show more ...

LoongArch64 assembly pack: Fix ChaCha20 ABI breakage

The [LP64D ABI][1] requires the floating-point registers f24-f31
(aka fs0-fs7) callee-saved. The low 64 bits of a LSX/LASX vector

LoongArch64 assembly pack: Fix ChaCha20 ABI breakage

The [LP64D ABI][1] requires the floating-point registers f24-f31
(aka fs0-fs7) callee-saved. The low 64 bits of a LSX/LASX vector
register aliases with the corresponding FPR, so we must save and restore
the callee-saved FPR when we writes into the corresponding vector
register.

This ABI breakage can be easily demonstrated by injecting the use of a
saved FPR into the test in bio_enc_test.c:

static int test_bio_enc_chacha20(int idx)
{
register double fs7 asm("f31") = 114.514;
asm("#optimize barrier":"+f"(fs7));
return do_test_bio_cipher(EVP_chacha20(), idx) && fs7 == 114.514;
}

So fix it. To make the logic simpler, jump into the scalar
implementation earlier when LSX and LASX are not enumerated in AT_HWCAP,
or the input is too short.

[1]: https://github.com/loongson/la-abi-specs/blob/v2.20/lapcs.adoc#floating-point-registers

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22817)

show more ...

Fix declspec align syntax

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23072)

Fix comment syntax

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23072)

Fix no-des failure in test_cms

The newly introduced test case do not work
when configured with no-des, fix that by
choosing -aes128 as cipher.

Fixes ffed597882ba ("cms: avoi

Fix no-des failure in test_cms

The newly introduced test case do not work
when configured with no-des, fix that by
choosing -aes128 as cipher.

Fixes ffed597882ba ("cms: avoid intermittent test failure")

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23086)

show more ...

test_export_key_mat(): Long context support works with new fips provider only

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merg

test_export_key_mat(): Long context support works with new fips provider only

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23007)

show more ...

openssl-cmp.pod.in: fix grammar glitch

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl

openssl-cmp.pod.in: fix grammar glitch

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21281)

show more ...

CMP app: make -geninfo option accept multiple ITAVs and support string values besides integers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.

CMP app: make -geninfo option accept multiple ITAVs and support string values besides integers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)

show more ...

CMP lib and app: add optional certProfile request message header and respective -profile option

Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

CMP lib and app: add optional certProfile request message header and respective -profile option

Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)

show more ...

Consolidate raising errors in SSL_CONF_cmd()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl

Consolidate raising errors in SSL_CONF_cmd()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)

show more ...

Test that incorrect entry in the ssl section is not fatal

The following entries should be still applied.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belya

Test that incorrect entry in the ssl section is not fatal

The following entries should be still applied.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)

show more ...

Always apply all configuration settings from the ssl section

Even if some configuration entry is incorrect, do not
skip the remaining ones.

Fixes #20789

Reviewed-by: Ne

Always apply all configuration settings from the ssl section

Even if some configuration entry is incorrect, do not
skip the remaining ones.

Fixes #20789

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)

show more ...

Add a daily test for an alternative value for SSL3_ALIGN_PAYLOAD

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://githu

Add a daily test for an alternative value for SSL3_ALIGN_PAYLOAD

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23021)

show more ...

Ensure the default length calculation includes the content type byte

TLSv1.3 includes an extra byte after the payload for the content type.
We should incorporate that in the calculation

Ensure the default length calculation includes the content type byte

TLSv1.3 includes an extra byte after the payload for the content type.
We should incorporate that in the calculation of the default buffer length.

Fixes #23015

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23021)

show more ...

run Windows GitHub CI workflow on self-hosted runners

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/opens

run Windows GitHub CI workflow on self-hosted runners

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23042)

show more ...