Fix AIX build when no-shared is passed to Configure.

AIX shared libs are also .a files so the AIX platform staticname()
appends a '_a' to the name to avoid a collision. However, this

Fix AIX build when no-shared is passed to Configure.

AIX shared libs are also .a files so the AIX platform staticname()
appends a '_a' to the name to avoid a collision. However, this
must not be done when no-shared is passed to Configure or the
binaries that link with -lcrypto and -lssl be unable to link as
those libraries won't exist without the '_a' suffix.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18006)

show more ...

Redefine macro X509_http_nbio to avoid using ocsp.h

The functions used from ocsp.h are actually just aliases
for functions from http.h. Use them directly to avoid
including ocsp.h.

Redefine macro X509_http_nbio to avoid using ocsp.h

The functions used from ocsp.h are actually just aliases
for functions from http.h. Use them directly to avoid
including ocsp.h.

Fixes openssl#17148

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17980)

show more ...

Add loongarch64 target

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17712)

Fix broken link to coding-style.html

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@op

Fix broken link to coding-style.html

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18015)

show more ...

OSSL_PARAM_get_*_ptr: Drop errors from ptr/string mismatch

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.c

OSSL_PARAM_get_*_ptr: Drop errors from ptr/string mismatch

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17997)

show more ...

Fix Coverity 1503096: out-of-bounds access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com

Fix Coverity 1503096: out-of-bounds access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17898)

show more ...

Fix Coverity 1498612 & 1503221: integer overflow

Both are the same issue and both as false positives. Annotate the line so
that this is ignored.

Reviewed-by: Tomas Mraz <tomas@

Fix Coverity 1498612 & 1503221: integer overflow

Both are the same issue and both as false positives. Annotate the line so
that this is ignored.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/18012)

show more ...

CMS sign digest

CLI changes: New parameter -digest to CLI command openssl cms, to
provide pre-computed digest for use with -sign.

API changes: New function CMS_final_digest(), l

CMS sign digest

CLI changes: New parameter -digest to CLI command openssl cms, to
provide pre-computed digest for use with -sign.

API changes: New function CMS_final_digest(), like CMS_final() but
uses a pre-computed digest instead of computing it from the data.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/15348)

show more ...

req, x509: Allow printing modulus of RSA-PSS keys

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/open

req, x509: Allow printing modulus of RSA-PSS keys

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17990)

show more ...

Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA

This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are in

Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA

This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized
eagerly rather than lazily, which avoids the need for locking on access
in most cases.

Fixes #17116.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17881)

show more ...

disable 5x interleave on buffers shorter than 512 bytes: 3% speedup on Graviton2

d6e4287c9726691e800bff221be71edd894a3c6a introduced 5x interleaving as an
optimization for ThunderX2, and

disable 5x interleave on buffers shorter than 512 bytes: 3% speedup on Graviton2

d6e4287c9726691e800bff221be71edd894a3c6a introduced 5x interleaving as an
optimization for ThunderX2, and that leads to some performance degradation on
when encoding short buffers. We found this performance degradation by measuring
the performance of nginx on Ubuntu 20.04 that comes with OpenSSL 1.1.1f and
Ubuntu 22.04 with OpenSSL 3.0.1.

This patch limits the 5x interleave to buffers larger than 512 bytes.
On Graviton2 we see the following performance with this patch:

$ openssl speed -evp aes-128-gcm -bytes 128

AES-128-GCM 64 bytes 79 bytes 80 bytes 128 bytes 256 bytes 511 bytes 512 bytes 1024 bytes
master 1062564.71k 775113.11k 1069959.33k 1411716.28k 1653114.86k 1585981.16k 1973683.03k 2203214.08k
master+patch 1062729.28k 771915.11k 1103883.42k 1458665.43k 1708701.20k 1647060.84k 1975571.80k 2204038.42k
diff 0% 0% 3% 3% 3% 4% 0% 0%
revert d6e428 1055290.03k 773448.92k 1117411.97k 1441478.57k 1695698.52k 1634598.04k 1981851.65k 2196680.36k

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17984)

show more ...

doc: fix example in ssh KDF man page.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17

doc: fix example in ssh KDF man page.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17972)

show more ...

Remove further uses of __ARMEL__ in AArch64 assembly

The sweep of the source tree in #17373 missed the BSAES assembly due its
PR #14592 having been temporarily backed out at the time.

Remove further uses of __ARMEL__ in AArch64 assembly

The sweep of the source tree in #17373 missed the BSAES assembly due its
PR #14592 having been temporarily backed out at the time.

This constitutes a partial fix for #17958 - covers cases except when
configured with -DOPENSSL_AES_CONST_TIME.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17988)

show more ...

Test processing of a duplicated HRR

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1793

Test processing of a duplicated HRR

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)

show more ...

tls_process_server_hello: Disallow repeated HRR

Repeated HRR must be rejected.

Fixes #17934

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@

tls_process_server_hello: Disallow repeated HRR

Repeated HRR must be rejected.

Fixes #17934

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)

show more ...

sparse array: reduces the block size

This becomes a performance improvement in the ossl_sa_doall_arg function which
has started appearing on profile output. The other ossl_sa_ functions

sparse array: reduces the block size

This becomes a performance improvement in the ossl_sa_doall_arg function which
has started appearing on profile output. The other ossl_sa_ functions don't
contribute significantly to profile output.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17973)

show more ...

document the safe_div_round_up_TYPE functions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl

document the safe_div_round_up_TYPE functions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17884)

show more ...

Use safe math to computer sizes.

The sizes are rounded via the expression: (cmpl + 7) / 8 which overflows if
cmpl is near to the type's maximum. Instead we use the safe_math function to

Use safe math to computer sizes.

The sizes are rounded via the expression: (cmpl + 7) / 8 which overflows if
cmpl is near to the type's maximum. Instead we use the safe_math function to
computer this without any possibility of error.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17884)

show more ...

Add a divide rounding up safe math function.

This function takes arguments a & b and computes a / b rounding any
remainder up.

It is safe with respect to overflow and negative i

Add a divide rounding up safe math function.

This function takes arguments a & b and computes a / b rounding any
remainder up.

It is safe with respect to overflow and negative inputs. It's only fast for
non-negative inputs.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17884)

show more ...

Fix typo in manpage SSL_CONF_cmd(3)

Fixes #17976.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

Fix typo in manpage SSL_CONF_cmd(3)

Fixes #17976.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17977)

show more ...

Remove statistics tracking from LHASH

Fixes #17928. Supercedes #17931.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Toma

Remove statistics tracking from LHASH

Fixes #17928. Supercedes #17931.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17935)

show more ...

Size of random output is now a long, also added option to select chunk size

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https:

Size of random output is now a long, also added option to select chunk size

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17949)

show more ...

Fix Coverity 1503218: negative loop bound

OPENSSL_sk_num returns an integer which can theoretically be negative.
Assigning this to a size_t and using it as a loop bound isn't ideal.

Fix Coverity 1503218: negative loop bound

OPENSSL_sk_num returns an integer which can theoretically be negative.
Assigning this to a size_t and using it as a loop bound isn't ideal.

Rather than adding checked for NULL or negative returns, changing the loop
index and end to int is simpler.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17954)

show more ...

ticket_lifetime_hint may exceed 1 week in TLSv1.3

For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446

Fixes #17948

Reviewed-by: Tomas Mraz <tomas@openssl.org>

ticket_lifetime_hint may exceed 1 week in TLSv1.3

For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446

Fixes #17948

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17952)

show more ...

s390x: Hide internal cpuid symbol and function

The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not
exported by the version script of OpenSSL. However, if someone

s390x: Hide internal cpuid symbol and function

The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not
exported by the version script of OpenSSL. However, if someone uses the
static library without the version script, these symbols all of a sudden
become global symbols and their usage in assembler code does not correctly
reflect that for PIC. Since these symbols should never be used outside of
OpenSSL, hide them inside the binary.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17946)

show more ...