MUTEX: Assert on locking failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21919)

Bump actions/checkout from 2 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Change

Bump actions/checkout from 2 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21953)

show more ...

VMS: More header inclusion compensation for VMS C compiler

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <toma

VMS: More header inclusion compensation for VMS C compiler

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21959)

show more ...

Use armv8 .quad instead of .dword

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21939)

04-test_encoder_decoder.t: Use algorithm that is non-fips also on 3.0.0

The test encrypted RSA key with DES3 which is still
allowed in the 3.0 fips provider.

Instead use the tra

04-test_encoder_decoder.t: Use algorithm that is non-fips also on 3.0.0

The test encrypted RSA key with DES3 which is still
allowed in the 3.0 fips provider.

Instead use the traditional key format that uses MD5
to create the password based key. MD5 is disallowed
in the 3.0 fips provider.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21957)

show more ...

quicserver.c: Fix build with no-ssl-trace

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>

quicserver.c: Fix build with no-ssl-trace

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21958)

show more ...

internal/numbers.h: Add fallback implementation for UINT32_C and UINT64_C

Other similar macros can be implemented later. Right now, this are the most
likely to be actually useful

internal/numbers.h: Add fallback implementation for UINT32_C and UINT64_C

Other similar macros can be implemented later. Right now, this are the most
likely to be actually useful

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)

show more ...

Include #include "internal/numbers.h" in ssl/quic/quic_cfq.c

It's needed for platforms that don't define UINT64_MAX and similar macros

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.

Include #include "internal/numbers.h" in ssl/quic/quic_cfq.c

It's needed for platforms that don't define UINT64_MAX and similar macros

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)

show more ...

VMS: Add a fallback definition of socklen_t

It is not present in current VMS C headers...

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@opens

VMS: Add a fallback definition of socklen_t

It is not present in current VMS C headers...

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)

show more ...

VMS: More header inclusion compensation for VMS C compiler

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.

VMS: More header inclusion compensation for VMS C compiler

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)

show more ...

Added 'saltlen' option to the OpenSSL enc command line app.

This allows PBKDF2 to change the saltlen to something other than the
new default value of 16. Previously this app hardwired th

Added 'saltlen' option to the OpenSSL enc command line app.

This allows PBKDF2 to change the saltlen to something other than the
new default value of 16. Previously this app hardwired the salt length
to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey()
internally, which is documented to only allow 8 bytes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)

show more ...

Added a 'saltlen' option to the openssl pkcs8 command line app.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com

Added a 'saltlen' option to the openssl pkcs8 command line app.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)

show more ...

Change PBES2 KDF default salt length to 16 bytes.

The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKD

Change PBES2 KDF default salt length to 16 bytes.

The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)

show more ...

Implement dupctx for chacha20 cipher

Implement the dupctx method for the chacha20 cipher, so that
EVP_PKEY_CTX_copy works

Its pretty straightforward, its basically just a memdup

Implement dupctx for chacha20 cipher

Implement the dupctx method for the chacha20 cipher, so that
EVP_PKEY_CTX_copy works

Its pretty straightforward, its basically just a memdup. Checking the
pointers that might need fixing up:

in PROV_CHACHA20_CTX all members are statically declared, so memduping
should be fine

in PROV_CHACHA20_CTX->base (PROV_CIPHER_CTX):
Non statically declared members:
*tlsmac needs to get memduped to avoid double free
conditions, but only if base.alloced is set
*hw pointer is always assigned to the chacha20_hw global
variable, so can be left alone
*libctx can be left alone as provctx is always NULL in
chacha20_newctx
*ks appears unused by chacha20, so can be ignored
Fixes #20978

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21878)

show more ...

Move ALIGN32 and ALIGN64 into common.h, and fix for clang-cl.exe

clang-cl.exe defines __clang__ and _MSC_VER but not __GNUC__, so a clang-
specific guard is needed to get the correct ALI

Move ALIGN32 and ALIGN64 into common.h, and fix for clang-cl.exe

clang-cl.exe defines __clang__ and _MSC_VER but not __GNUC__, so a clang-
specific guard is needed to get the correct ALIGNxx versions.

Fixes #21914

Change-Id: Icdc047b182ad1ba61c7b1b06a1e951eda1a0c33d

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21921)

show more ...

Replace ssl3_get_message() with tls_get_message_header() and/or tls_get_message_body()

Update commit messages that previously used ssl3_get_message()
to now use tls_get_message_header()

Replace ssl3_get_message() with tls_get_message_header() and/or tls_get_message_body()

Update commit messages that previously used ssl3_get_message()
to now use tls_get_message_header() and tls_get_message_body()
due to the split in OpenSSL 1.1.0.

CLA: trivial

Fixes #21582

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21886)

show more ...

Fix typo in openssl-pkeyutl(1)

Changed "than" to "then" for improved clarity and correctness.

CLA: trivial

Fixes #21543

Signed-off-by: Sumitra Sharma <sumitraartsy

Fix typo in openssl-pkeyutl(1)

Changed "than" to "then" for improved clarity and correctness.

CLA: trivial

Fixes #21543

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21925)

show more ...

Add a test for QUIC non IO retry errors

Test that errors such as SSL_ERROR_WANT_RETRY_VERIFY are properly
handled by QUIC connections.

Reviewed-by: Tomas Mraz <tomas@openssl.org

Add a test for QUIC non IO retry errors

Test that errors such as SSL_ERROR_WANT_RETRY_VERIFY are properly
handled by QUIC connections.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)

show more ...

Handle non IO based retry errors in QUIC

SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOO

Handle non IO based retry errors in QUIC

SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOOKUP.
These can occur during a TLS handshake. If they occur when a QUIC Connection
is performing a TLS handshake then we need to propagate these up to the QCSO.

We also handle SSL_ERROR_WANT_CLIENT_HELLO_CB. This one will only ever
occur on the server side which we don't currently support. However adding
the handling for it now is identical to all the other handling so including
it is no cost, and will be needed when we do add server support.

We are not concerned with SSL_ERROR_WANT_ASYNC or SSL_ERROR_WANT_ASYNC_JOB
since we do not support async operation with QUIC.

Fixes openssl/project#199

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)

show more ...

Avoid clobbering non-volatile XMM registers

This affects some Poly1305 assembler functions
which are only used for certain CPU types.

Remove those functions for Windows targets,

Avoid clobbering non-volatile XMM registers

This affects some Poly1305 assembler functions
which are only used for certain CPU types.

Remove those functions for Windows targets,
as a simple interim solution.

Fixes #21522

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21808)

show more ...

QUIC MULTISTREAM TEST: Test SSL_want for consistency with SSL_get_error

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://

QUIC MULTISTREAM TEST: Test SSL_want for consistency with SSL_get_error

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)

show more ...

QUIC APL: Implement SSL_want

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)

QUIC APL: Revise I/O error setting so that the last error is set on success

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from http

QUIC APL: Revise I/O error setting so that the last error is set on success

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)

show more ...

QUIC APL: Adjust expect_quic_conn_only

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2

QUIC APL: Adjust expect_quic_conn_only

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)

show more ...

QUIC RXDP: Reuse allocations between ACK frame processing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

QUIC RXDP: Reuse allocations between ACK frame processing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)

show more ...