Fix BLAKE2s reporting the same EVP_MD_get_size() as BLAKE2b (64)

Fixes: commit 6d1e730a1ea2c64bdffa88c6b3bee4c3f5bed602 ("Implement
BLAKE2s with the same macro as BLAKE2b")
Closes:

Fix BLAKE2s reporting the same EVP_MD_get_size() as BLAKE2b (64)

Fixes: commit 6d1e730a1ea2c64bdffa88c6b3bee4c3f5bed602 ("Implement
BLAKE2s with the same macro as BLAKE2b")
Closes: #22708

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22710)

show more ...

README: add link to OpenSSL 3.2 manual pages

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/op

README: add link to OpenSSL 3.2 manual pages

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22625)

show more ...

ppc64: Fix SHA3_squeeze

Fix the conditional on the 'next' parameter passed into SHA3_squeeze.

Reported-by: David Benjamin <davidben@davidben.net>
Signed-off-by: Rohan McLure <rm

ppc64: Fix SHA3_squeeze

Fix the conditional on the 'next' parameter passed into SHA3_squeeze.

Reported-by: David Benjamin <davidben@davidben.net>
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22722)

show more ...

Document the exporter change in CHANGES.md and NEWS.md

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/

Document the exporter change in CHANGES.md and NEWS.md

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)

show more ...

Add exporters for CMake

CMake's older package finder, FindOpenSSL.cmake, does a best guess effort
and doesn't always get it right.

By CMake's own documentation, that's what such

Add exporters for CMake

CMake's older package finder, FindOpenSSL.cmake, does a best guess effort
and doesn't always get it right.

By CMake's own documentation, that's what such modules are (best effort
attempts), and package producers are (strongly) encouraged to help out by
producing and installing <PackageName>Config.cmake files to get a more
deterministic configuration.

The resulting OpenSSLConfig.cmake tries to mimic the result from CMake's
FindOpenSSL.cmake, by using the same variable and imported target names.
It also adds a few extra variables of its own, such as:

OPENSSL_MODULES_DIR Indicates the default installation directory
for OpenSSL loadable modules, such as providers.
OPENSSL_RUNTIME_DIR Indicates the default runtime directory, where
for example the openssl program is located.
OPENSSL_PROGRAM Is the full directory-and-filename of the
openssl program.

The imported targets OpenSSL::Crypto and OpenSSL::SSL are as precisely
specified as possible, so for example, they are specified with the both the
import library and the DLL on Windows, which should make life easier on that
platform.

For the moment, one of the following must be done in your CMake project for
this CMake configuration to take priority over CMake's FindOpenSSL.cmake:

- The variable CMAKE_FIND_PACKAGE_PREFER_CONFIG must be set to true prior
to the 'find_package(OpenSSL)' call.
- The 'find_package' call itself must use the "Full Signature". If you
don't know any better, simply add the 'CONFIG' option, i.e. from this
example:

find_package(OpenSSL 3.0 REQUIRED)

to this:

find_package(OpenSSL 3.0 REQUIRED CONFIG)

Just as with the 'pkg-config' exporters, two variants of the .cmake files
are produced:

- Those in 'exporters/' are installed in the location that 'pkg-config'
itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
directly against an OpenSSL build tree.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)

show more ...

Clean up exporters, specifically those we have for pkg-config

The pkg-config exporters were a special hack, all in
Configurations/unix-Makefile.tmpl, and this was well and good as long

Clean up exporters, specifically those we have for pkg-config

The pkg-config exporters were a special hack, all in
Configurations/unix-Makefile.tmpl, and this was well and good as long
as that was the only main package interface configuration system that we
cared about.

Things have changed, though, so we move the pkg-config production to be
templatable in a more flexible manner. Additional templates for other
interface configuration systems can then be added fairly easily.

Two variants of the .pc files are produced:

- Those in 'exporters/' are installed in the location that 'pkg-config'
itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
directly against an OpenSSL build tree.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)

show more ...

Exclude more in the fuzz introspector report

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Exclude more in the fuzz introspector report

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22707)

show more ...

Rearrange some CI jobs

Those less useful should be in daily or on-push runs.

Those more likely triggering CI failure that do not
take too much time should be in main on pull req

Rearrange some CI jobs

Those less useful should be in daily or on-push runs.

Those more likely triggering CI failure that do not
take too much time should be in main on pull request CI.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22693)

show more ...

Correct 50-nonstop.conf to support QUIC tests under SPT threading models.

This fix also separates the FLOSS from SPT configurations which should not
have been conflated in the 3.0 series

Correct 50-nonstop.conf to support QUIC tests under SPT threading models.

This fix also separates the FLOSS from SPT configurations which should not
have been conflated in the 3.0 series.

Related-to: #22588

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22697)

(cherry picked from commit e3c38759608bb48d70ddfdaa1c88bcd86069952d)

show more ...

Enable AES and SHA3 optimisations on Apple Silicon M3-based macOS systems

AES gets a performance enhancement of 19-36%, similar to the M1 and M2.

SHA3 gets an improvement of 4-7% on

Enable AES and SHA3 optimisations on Apple Silicon M3-based macOS systems

AES gets a performance enhancement of 19-36%, similar to the M1 and M2.

SHA3 gets an improvement of 4-7% on buffers 256 bytes or larger.

Tested on an M3 Pro, but the CPU cores are the same on M3 and M3 Max.

Change-Id: I2bf40bbde824823bb8cf2efd1bd945da9f23a703

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22685)

show more ...

Force Nonstop to use fcntl(F_GETFL) in BIO_sock_nbio

In tracking down a hang, we found that nonstop platforms were falling
into the if #ifdef FIONBIO clause in the implementation of

Force Nonstop to use fcntl(F_GETFL) in BIO_sock_nbio

In tracking down a hang, we found that nonstop platforms were falling
into the if #ifdef FIONBIO clause in the implementation of
BIO_sock_nbio. While the platform defines this macro, sockets set with
this continued to operate in blocking mode. Given that the platform
also support O_NONBLOCK, adjust the ifdef to have the nonstop platform
use that method to ensure that sockets enter blocking mode

Related-To #22588

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22696)

show more ...

set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL

This currently cannot happen without an application overriding
the session with some bogus data so this is an os

set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL

This currently cannot happen without an application overriding
the session with some bogus data so this is an ossl_assert()
check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22418)

show more ...

Augment rand argument parsing to allow scaling

Instead of just accepting a number of bytes, allows openssl rand to
accept a k|m|g suffix to scale to kbytes/mbytes/gbytes

Fixes #

Augment rand argument parsing to allow scaling

Instead of just accepting a number of bytes, allows openssl rand to
accept a k|m|g suffix to scale to kbytes/mbytes/gbytes

Fixes #22622

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22624)

show more ...

Properly limit the variable output size for BLAKE2

The upper limit of the output size is the default output size of
the respective algorithm variants.

Reviewed-by: Matt Caswell

Properly limit the variable output size for BLAKE2

The upper limit of the output size is the default output size of
the respective algorithm variants.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22659)

show more ...

Fix CI breakage due to ABIDIFF failure

Also sync libcrypto.num and libssl.num with 3.2 branch and
fix the EVP_DigestSqueeze symbol version.

Reviewed-by: Matt Caswell <matt@opens

Fix CI breakage due to ABIDIFF failure

Also sync libcrypto.num and libssl.num with 3.2 branch and
fix the EVP_DigestSqueeze symbol version.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22688)

show more ...

Support EVP_DigestSqueeze() for in the digest provider for s390x.

The new EVP_DigestSqueeze() API requires changes to all keccak-based
digest provider implementations. Update the s390x-p

Support EVP_DigestSqueeze() for in the digest provider for s390x.

The new EVP_DigestSqueeze() API requires changes to all keccak-based
digest provider implementations. Update the s390x-part of the SHA3
digest provider.

Squeeze for SHA3 is not supported, so add an empty function pointer
(NULL).

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)

show more ...

Fix state handling of keccak_final for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_keccac_final() according to the updated state

Fix state handling of keccak_final for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_keccac_final() according to the updated state
diagram.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)

show more ...

Fix state handling of shake_final for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_shake_final() according to the updated state

Fix state handling of shake_final for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_shake_final() according to the updated state
diagram.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)

show more ...

Fix state handling of sha3_final for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_final() according to the updated state

Fix state handling of sha3_final for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_final() according to the updated state
diagram.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)

show more ...

Fix state handling of sha3_absorb for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_aborb() according to the updated state

Fix state handling of sha3_absorb for s390x.

The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_aborb() according to the updated state
diagram.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)

show more ...

Add xof state handing for generic sha3 absorb.

The digest life-cycle diagram specifies state transitions to `updated`
(aka XOF_STATE_ABSORB) only from `initialised` and `updated`. Add th

Add xof state handing for generic sha3 absorb.

The digest life-cycle diagram specifies state transitions to `updated`
(aka XOF_STATE_ABSORB) only from `initialised` and `updated`. Add this
checking to the generic sha3 absorb implementation.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)

show more ...

Support multiple calls of low level SHA3_squeeze() for s390x.

The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. Support this on s39

Support multiple calls of low level SHA3_squeeze() for s390x.

The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. Support this on s390x
architecture as well.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)

show more ...

Add EVP_DigestSqueeze() API.

Fixes #7894

This allows SHAKE to squeeze multiple times with different output sizes.

The existing EVP_DigestFinalXOF() API has been left as a o

Add EVP_DigestSqueeze() API.

Fixes #7894

This allows SHAKE to squeeze multiple times with different output sizes.

The existing EVP_DigestFinalXOF() API has been left as a one shot
operation. A similar interface is used by another toolkit.

The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. This involves changing the
assembler code so that it passes a boolean to indicate whether
the Keccak function should be called on entry.
At the provider level, the squeeze is buffered, so that it only requests
a multiple of the blocksize when SHA3_Squeeze() is called. On the first
call the value is zero, on subsequent calls the value passed is 1.

This PR is derived from the excellent work done by @nmathewson in
https://github.com/openssl/openssl/pull/7921

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21511)

show more ...

cms demos: print signingTime attributes

Add a makefile for the cms demos, and add a routine to cms_ver.c to
print any signingTime attributes from the CMS_ContentInfo object.
This pro

cms demos: print signingTime attributes

Add a makefile for the cms demos, and add a routine to cms_ver.c to
print any signingTime attributes from the CMS_ContentInfo object.
This provides an example that could be extended if an application
wants to examine the purported signing times.

Part of #8026

Testing:

$ cd demos/cms
$ make test

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22618)

show more ...

apps/list.c: Check the result of inserting a provider into provider's stack

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:

apps/list.c: Check the result of inserting a provider into provider's stack

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22492)

(cherry picked from commit 15b83e04a5e125ab873ace1e474790a4a5b44647)

show more ...