Make bitmask table read only

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(M

Make bitmask table read only

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)

show more ...

Make ssl_cert_info read-only

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(M

Make ssl_cert_info read-only

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)

show more ...

Only include winsock2.h for struct timeval if needed

Fixes #22811

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matth

Only include winsock2.h for struct timeval if needed

Fixes #22811

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/22813)

(cherry picked from commit ba58e9f1e22dd9ee2e37078640dcbe9f520a555d)

show more ...

QUIC SRT GEN: Minor updates

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)

QUIC SRT GEN: Add SRT generator

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)

x86_64-xlate.pl: Fix build with icx and nvc compilers

Fixes #22594

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from h

x86_64-xlate.pl: Fix build with icx and nvc compilers

Fixes #22594

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22714)

show more ...

PreferNoDHEKEX changelog and history anticipating inclusion in OpenSSL version 3.3.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged f

PreferNoDHEKEX changelog and history anticipating inclusion in OpenSSL version 3.3.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)

show more ...

Document `SSL_OP_PREFER_NO_DHE_KEX` option.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Document `SSL_OP_PREFER_NO_DHE_KEX` option.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)

show more ...

Add option `SSL_OP_PREFER_NO_DHE_KEX`, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option `PreferNoDHEKEX`, server option `prefer_no_dhe_kex`).

Revi

Add option `SSL_OP_PREFER_NO_DHE_KEX`, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option `PreferNoDHEKEX`, server option `prefer_no_dhe_kex`).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)

show more ...

When abidiff fails print out the XML diff

This can be useful for fixing the CI if needed
without the necessity to run abidw locally.

Also rename the CI job to make its purpose c

When abidiff fails print out the XML diff

This can be useful for fixing the CI if needed
without the necessity to run abidw locally.

Also rename the CI job to make its purpose clearer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22689)

show more ...

openssl-speed: support KMAC128 & KMAC256, refactor mac setup/teardown

Add ability to measure performance of the two kmac algorithms, and
reduce code duplication in mac testing by introdu

openssl-speed: support KMAC128 & KMAC256, refactor mac setup/teardown

Add ability to measure performance of the two kmac algorithms, and
reduce code duplication in mac testing by introducing mac_setup() and
mac_teardown(). Also, start accepting "cmac" as an algorithm string
(similar to how "hmac" is accepted).

We can now compare the performance of KMAC128, KMAC256 (mac algs) to
KECCAK-KMAC128, KECCAK-KMAC256 (digest/xof algs).

Fixes #22619

Testing:

$ LD_LIBRARY_PATH=. ./apps/openssl speed kmac cmac hmac

$ LD_LIBRARY_PATH=. ./apps/openssl speed kmac256
$ LD_LIBRARY_PATH=. ./apps/openssl speed -evp KECCAK-KMAC256

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22764)

show more ...

IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://githu

IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22803)

show more ...

SHA3_squeeze(): The next argument is int

Amend the assembler so it uses only 32bit value.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@or

SHA3_squeeze(): The next argument is int

Amend the assembler so it uses only 32bit value.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)

show more ...

keccak1600-armv4.pl: Further fix for the DigestSqueeze() support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo La

keccak1600-armv4.pl: Further fix for the DigestSqueeze() support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)

show more ...

Cross Compiles CI: Run evp tests on pull requests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@o

Cross Compiles CI: Run evp tests on pull requests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)

show more ...

contributing-doc: give example commit message with "CLA: trivial"

The text "CLA: trivial" should go at the bottom of the commit message.
Also, update the force-push command to include th

contributing-doc: give example commit message with "CLA: trivial"

The text "CLA: trivial" should go at the bottom of the commit message.
Also, update the force-push command to include the repository and
branch, which can avoid unexpected force-push results.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22775)

show more ...

Adapt C compiler detection for VSI C on x86_64

VSI C on OpenVMS for x86_64 has a bit more information than on other
hardware. This is no doubt because it's based on LLVM which leaves an

Adapt C compiler detection for VSI C on x86_64

VSI C on OpenVMS for x86_64 has a bit more information than on other
hardware. This is no doubt because it's based on LLVM which leaves an
opening for cross compilation.

VSI C on Itanium:

$ CC/VERSION
VSI C V7.4-001 on OpenVMS IA64 V8.4-2L3

VSI C on x86_64:

$ CC/VERSION
VSI C x86-64 X7.4-843 (GEM 50XB9) on OpenVMS x86_64 V9.2-1

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22792)

show more ...

speed: make hmac(sha256) the default hmac

prefer hmac(sha256) rather than hmac(md5). Also, drop the "skip_hmac"
label. If we are supposed to do hmac(hash_func) and hash_func cannot

speed: make hmac(sha256) the default hmac

prefer hmac(sha256) rather than hmac(md5). Also, drop the "skip_hmac"
label. If we are supposed to do hmac(hash_func) and hash_func cannot
be found, then error out immediately.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22793)

show more ...

Fix a possible memory leak in SM2 provider

ctx->propq that strdup from input parameter propq in sm2sig_newctx,
is not released. It should be released in sm2sig_freectx and copied
to

Fix a possible memory leak in SM2 provider

ctx->propq that strdup from input parameter propq in sm2sig_newctx,
is not released. It should be released in sm2sig_freectx and copied
to dstctx in sm2sig_dupctx. And dstctx->id and dstctx->propq should
be set NULL to avoid releasing id/propq of srcctx when err occurs.

Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22796)

show more ...

Update fuzz corpora

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22790)

QUIC SRTM: Switch to using AES-128-ECB

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2

QUIC SRTM: Switch to using AES-128-ECB

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)

show more ...

QUIC SRTM: Harden SRTM in event of allocation failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl

QUIC SRTM: Harden SRTM in event of allocation failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)

show more ...

QUIC SRTM: Update fuzz corpora

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)

QUIC SRTM: Amend glossary

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)

QUIC SRTM: Add test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)