OpenSSL::config: determine the MSVC target architecture by asking cl

Since cl knows what architecture it builds fore, all depending on what
the user set up, it makes sense to ask it, and

OpenSSL::config: determine the MSVC target architecture by asking cl

Since cl knows what architecture it builds fore, all depending on what
the user set up, it makes sense to ask it, and use that result primarly,
and only use the POSIX::uname() MACHINE value as a fallback.

Also, this does indeed determine if cl is present or not.

We drop the explicit names in .github/workflows/windows.yml as proof
of concept.

Fixes #19281

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19285)

show more ...

djgpp: Skip test/rsa_complex.c

We don't have <complex.h> on djgpp, so this entire test can be skipped.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landa

djgpp: Skip test/rsa_complex.c

We don't have <complex.h> on djgpp, so this entire test can be skipped.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19286)

show more ...

djgpp: Set TZ=UTC to convert UTC timestamp to time_t

Since djgpp has neither a timezone variable or timegm(), this horrible
method must be used. It is the only one I could find that pro

djgpp: Set TZ=UTC to convert UTC timestamp to time_t

Since djgpp has neither a timezone variable or timegm(), this horrible
method must be used. It is the only one I could find that produces
accurate results, and is recommended as portable alternative to
timegm() by the GNU libc manual. Reference:

https://www.gnu.org/software/libc/manual/html_node/Broken_002ddown-Time.html#index-timegm

Now, a much nicer alternative solution could be:

timestamp_local = mktime(timestamp_tm);
timestamp_utc = timestamp_local + timestamp_tm->tm_gmtoff
- (timestamp_tm->tm_isdst ? 3600 : 0);

This works due to the fact that mktime() populates the tm_gmtoff and
tm_isdst fields in the source timestamp. It is accurate everywhere in
the world, *except* on Lord Howe Island, Australia, where a 30 minute
DST offset is used.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)

show more ...

djgpp: Define WATT32_NO_OLDIES before including socket headers

If this macro is left undefined, Watt-32 will "helpfully" declare some
typedefs such as 'byte' and 'word' in the global nam

djgpp: Define WATT32_NO_OLDIES before including socket headers

If this macro is left undefined, Watt-32 will "helpfully" declare some
typedefs such as 'byte' and 'word' in the global namespace. This broke
compilation of apps/s_client.c.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)

show more ...

djgpp: Use usleep() for ossl_sleep()

This part failed to compile due to a circular dependency between
internal/e_os.h and internal/time.h, when ossl_sleep() falls back to a
busy wait

djgpp: Use usleep() for ossl_sleep()

This part failed to compile due to a circular dependency between
internal/e_os.h and internal/time.h, when ossl_sleep() falls back to a
busy wait. However, djgpp has a usleep function, so it can use the
regular Unix version of ossl_sleep().

It's not great though. The resolution is only ~55ms, and it may break
when a user program hooks the timer interrupt without periodically
updating BIOS time. A high-resolution alternative is uclock(), but
that is generally less desirable since it reprograms the system timer.

The circular dependency is still there and may still cause trouble for
other platforms.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)

show more ...

djgpp: Inherit config from BASE_unix

Build failed on djgpp due to missing config vars 'AR' and 'ARFLAGS'.
Additionally, '-lz' was not added to 'lflags' when zlib support was
enabled.

djgpp: Inherit config from BASE_unix

Build failed on djgpp due to missing config vars 'AR' and 'ARFLAGS'.
Additionally, '-lz' was not added to 'lflags' when zlib support was
enabled. Inheriting configuration variables from BASE_unix solves both
these issues.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)

show more ...

apps/speed.c: Lock buffer in memory

Lock the buffers used for throughput measurements into memory. This removes
some side effects of paging.

Errors from the memory locking func

apps/speed.c: Lock buffer in memory

Lock the buffers used for throughput measurements into memory. This removes
some side effects of paging.

Errors from the memory locking functions are ignored since they are not
critical to the application.

This feature is limited to Linux and Windows.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19091)

show more ...

Test TLS extension ordering

Adding extensions is fragile, with the TLSEXT_TYPE entry needing to be
located at TLSEXT_IDX in the array.

This adds a test to ensure extensions are

Test TLS extension ordering

Adding extensions is fragile, with the TLSEXT_TYPE entry needing to be
located at TLSEXT_IDX in the array.

This adds a test to ensure extensions are in the correct order.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19269)

show more ...

Configurations/descrip.mms.tmpl: Add another inclusion hack

More adaptations are needed for sources in ssl/, which all include
`ssl/ssl_local.h`.

Reviewed-by: Paul Dale <pauli@o

Configurations/descrip.mms.tmpl: Add another inclusion hack

More adaptations are needed for sources in ssl/, which all include
`ssl/ssl_local.h`.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19276)

show more ...

test/trace_api_test.c: fix gcc error on -Werror=strict-prototypes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheim

test/trace_api_test.c: fix gcc error on -Werror=strict-prototypes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19277)

show more ...

dgram_pair_read_inner(): Do not move buf pointer if it is NULL

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://gith

dgram_pair_read_inner(): Do not move buf pointer if it is NULL

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19284)

show more ...

tls_write_records_default(): Remove unused variable

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/open

tls_write_records_default(): Remove unused variable

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19284)

show more ...

A static const variable is implicitly zero initialized

Older clang versions complain about the explicit initializer
because the first member of the struct is a struct.
But it is not

A static const variable is implicitly zero initialized

Older clang versions complain about the explicit initializer
because the first member of the struct is a struct.
But it is not necessary to explicitly initialize it anyway.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19284)

show more ...

ssl_log_secret call in tls13_key_update

Newly computed traffic secrets are now logged upon key update

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hland

ssl_log_secret call in tls13_key_update

Newly computed traffic secrets are now logged upon key update

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19241)

show more ...

Fix HPKE and DHKEM for X25519 and X448 on s390x

The IKM was not respected by the s390x specific implementations of X25519 and
X448 keygen. This caused test failures and wrong results if

Fix HPKE and DHKEM for X25519 and X448 on s390x

The IKM was not respected by the s390x specific implementations of X25519 and
X448 keygen. This caused test failures and wrong results if the PCC
instruction was actually available and supported X25519 and/or X448.

Fixes: 78c44b05945b ("Add HPKE DHKEM provider support for EC, X25519 and X448.")
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19278)

show more ...

Coverity 1515538: resource leak

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19275)

Coverity 1515540: resource leak

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19275)

QUIC Flow Control

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.

QUIC Flow Control

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19040)

show more ...

Add documentation for the OPENSSL_gmtime functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.or

Add documentation for the OPENSSL_gmtime functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19257)

show more ...

Allow PKCS12 export to set arbitrary bag attributes

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/op

Allow PKCS12 export to set arbitrary bag attributes

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19025)

show more ...

Modify test/quic_record_test.c to also depacketize

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.or

Modify test/quic_record_test.c to also depacketize

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

show more ...

Implement packet type checks in the RX Depacketizer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o

Implement packet type checks in the RX Depacketizer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

show more ...

Extend the RX Depacketizer frame table with what packet types they are valid in

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by:

Extend the RX Depacketizer frame table with what packet types they are valid in

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

show more ...

Implement the RX Depacketizer

Implements the design doc/designs/quic-design/rx-depacketizer.md.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@open

Implement the RX Depacketizer

Implements the design doc/designs/quic-design/rx-depacketizer.md.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

show more ...

Move the QUIC_CONNECTION typedef to internal headers

Also add internal functionality to get a QUIC_CONNECTION pointer from
an SSL pointer, and setters / getters for the GQX and ACKM fiel

Move the QUIC_CONNECTION typedef to internal headers

Also add internal functionality to get a QUIC_CONNECTION pointer from
an SSL pointer, and setters / getters for the GQX and ACKM fields.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

show more ...