Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
21037df Tomas Mraz01 December 2022, 13:21:40 UTCPrepare for release of 3.1 alpha 1 Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes01 December 2022, 13:21:40 UTC
be8d1ef Tomas Mraz01 December 2022, 13:21:26 UTCmake update Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes01 December 2022, 13:21:26 UTC
967f201 Tomas Mraz01 December 2022, 11:29:01 UTCUpdate copyright year Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19803)01 December 2022, 11:47:05 UTC
f73a5b7 Tomas Mraz01 December 2022, 11:24:46 UTCNEWS.md: Update with changes from 3.0.7 and major items from 3.1 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19802)01 December 2022, 11:24:46 UTC
be33920 Dr. David von Oheimb23 November 2022, 12:40:16 UTCcmp_client_test.c: add tests for OSSL_CMP_CTX_get_status This is a follow-up of #19205, adding test cases as requested. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19760) (cherry picked from commit 6ea44d07a7d0acb4af9eab15d9b4a76227f55f4e)30 November 2022, 15:17:37 UTC
ca0dd5f Rohan McLure25 November 2022, 03:41:08 UTCRemove redundant assignment in felem_mul_ref in p521 ftmp4 is assigned immediately before receiving the reduced output of the multiplication of ftmp and ftmp3, without being read inbetween these assignments. Remove redundant assignment. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19766) (cherry picked from commit 3d4dfeb28a5cb944b8300b4cf807e19ab97d04f5)30 November 2022, 07:13:42 UTC
059123b Pauli28 November 2022, 01:25:47 UTCdoc: fix location of AES-SIV ciphers Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19776) (cherry picked from commit d1aa7d11363ebb0dff080966f842fade91135eaa)29 November 2022, 20:53:28 UTC
d656efb Nicola Tuveri27 November 2022, 21:43:16 UTCUpdate pyca-cryptography submodule to 38.0.4 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19681)29 November 2022, 15:02:02 UTC
926db47 Nicola Tuveri18 September 2021, 15:17:39 UTCHonor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED Originally the code to im/export the EC pubkey was meant to be consumed only by the im/export functions when crossing the provider boundary. Having our providers exporting to a COMPRESSED format octet string made sense to avoid memory waste, as it wasn't exposed outside the provider API, and providers had all tools available to convert across the three formats. Later on, with #13139 deprecating the `EC_KEY_*` functions, more state was added among the params imported/exported on an EC provider-native key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`). Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently exposed directly to users outside the provider API, and the choice of COMPRESSED over UNCOMPRESSED as the default became less sensible in light of usability, given the latter is more often needed by applications and protocols. This commit fixes it, by using `EC_KEY_get_conv_form()` to get the point format from the internal state (an `EC_KEY` under the hood) of the provider-side object, and using it on `EVP_PKEY_export()`/`EVP_PKEY_todata()` to format `OSSL_PKEY_PARAM_PUB_KEY`. The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via `EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the more specialized methods. For symmetry, this commit also alters `ec_pkey_export_to()` in `crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC keys: it exclusively used COMPRESSED format, and now it honors the conversion format specified in the EC_KEY object being exported to a provider when this function is called. Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the 3.1 change in behavior for our providers. Fixes #16595 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19681)29 November 2022, 15:01:17 UTC
18e72cb Tomas Mraz24 November 2022, 17:48:10 UTCFix occasional assertion failure when storing properties Fixes #18631 The store lock does not prevent concurrent access to the property cache, because there are multiple stores. We drop the newly created entry and use the exisiting one if there is one already. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19762) (cherry picked from commit 92a25e24e6ec9735dea9ec645502cb075a5f8d24)29 November 2022, 07:22:14 UTC
93d3ad0 Tomas Mraz23 November 2022, 08:09:24 UTCDrop incorrect skipping of some evp_test testcases with no-gost Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19739) (cherry picked from commit d5e1fe9c04c7eb28e21070e3dfe0d2242504a9bc)28 November 2022, 09:52:09 UTC
5462d8d Tomas Mraz24 November 2022, 15:46:38 UTCAdd test for EVP_PKEY_Q_keygen Test for #19736 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19761) (cherry picked from commit 667a8501f0b6e5705fd611d5bb3ca24848b07154)25 November 2022, 17:39:33 UTC
d0f33da Marco Abbadini24 November 2022, 01:11:25 UTCFix typos in doc/man3/EVP_EncryptInit.pod Fixes #19728 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19753) (cherry picked from commit 0dbd3a81e46dd7ea9f7832307fdd0b2ac207a5bf)25 November 2022, 12:11:00 UTC
2c3ea16 Tomas Mraz26 October 2022, 09:29:49 UTCWhen using PEM_read_bio_PrivateKey_ex() the public key is optional Fixes #19498 However the private key part is not optional which was mishandled by the legacy routine. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19505) (cherry picked from commit adb408dc791e83f59f3a86bd90d8e804c814ac30)25 November 2022, 09:32:53 UTC
afc18bf Dr. David von Oheimb19 September 2022, 11:15:04 UTCadd missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function Fixup for glitch while handling merge conflict in OSSL_CMP_CTX_new.pod Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit a2ede0396addd13f7fe9a629b450a14892152a83)25 November 2022, 08:38:33 UTC
23a0b31 Dr. David von Oheimb19 September 2022, 11:15:04 UTCadd missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit a2ede0396addd13f7fe9a629b450a14892152a83)25 November 2022, 08:31:37 UTC
b3d2917 Dr. David von Oheimb14 September 2022, 15:37:27 UTCOSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit 1c04866c671db4a6db0a1784399b351ea061bc16)25 November 2022, 08:29:58 UTC
f494a5c Dr. David von Oheimb17 September 2022, 18:58:16 UTCCMP: fix gen_new() in cmp_msg.c checking wrong ITAVs Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit 7e3034939b40ee15013bdba9ff6178de6bcc26d4)25 November 2022, 08:29:17 UTC
9bf67ed Jan23 November 2022, 15:14:07 UTCFix typo in openssl-x509.pod.in CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19746) (cherry picked from commit 0b7ad5d928f9ee749cfc670ad08067a961217fea)25 November 2022, 00:36:59 UTC
80d89bd Richard Levitte19 November 2022, 12:05:19 UTCtest/timing_load_creds.c: use OPENSSL_SYS_ macros A previous change was only half done. To avoid such mistakes again, we switch to using the OPENSSL_SYS_ macros, as the are clearer than having to check a pile of very platform and compiler specific macros. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19720) (cherry picked from commit 83c1220ad137bb4b651478444c3666c66ec9d640)24 November 2022, 18:20:15 UTC
5e61648 Richard Levitte18 November 2022, 12:28:35 UTCDisable test/timing_load_creds.c on VMS Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19713) (cherry picked from commit 81929ac49aa583b2347348953d8399ad775c6fd1)24 November 2022, 18:19:58 UTC
5d8c9e2 Jiaxun Yang22 November 2022, 19:53:38 UTCAdd SM2 support for EVP_PKEY_Q_keygen There is no reason preventing this API to support SM2, which gives us a simple method to do SM2 key gen. CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19736) (cherry picked from commit 3f32d29ad464591ed968a1e430111e1525280f4c)24 November 2022, 15:30:26 UTC
fb705be Dr. David von Oheimb13 September 2022, 20:22:48 UTCCMP: fix handling of unset or missing failInfo PKI status information Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205) (cherry picked from commit cba0e2afd6a222aa041e05f8455e83c9e959d05b)24 November 2022, 13:22:13 UTC
12dbea7 Dr. David von Oheimb13 September 2022, 13:43:59 UTCCMP: fix status held in OSSL_CMP_CTX, in particular for genp messages On this occasion, replace magic constants by mnemonic ones; update doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205) (cherry picked from commit 19ddcc4cbb43464493a4b82332a1ab96da823451)24 November 2022, 13:22:11 UTC
0703f3f Everton Constantino27 October 2022, 18:07:48 UTCAdd two new build targets to enable the possibility of using clang-cl as an assembler for Windows on Arm builds and also clang-cl as the compiler as well. Make appropriate changes to armcap source and peralsm scripts. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19523) (cherry picked from commit b863e1e4c69068e4166bdfbbf9f04bb07991dd40)24 November 2022, 06:37:39 UTC
bf83658 Dr. David von Oheimb24 May 2022, 18:33:32 UTCOSSL_trace_enabled.pod and OSSL_trace_set_channel.pod: improve doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18386) (cherry picked from commit 3b7398843c1cfd170494a03a4be54042fb821172)23 November 2022, 17:21:54 UTC
59b51db Dr. David von Oheimb23 May 2022, 17:43:56 UTChttp_client.c: Dump response on error when tracing is enabled Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18386) (cherry picked from commit e8fdb0603572bf051dad6abc56291cdf1313a905)23 November 2022, 17:21:54 UTC
d04231c Tobias Girstmair18 October 2022, 11:23:21 UTCc_rehash: Fix file extension matching For some reason, parenthesis were added 8 years ago in commit a787c2590e468585a1a19738e0c7f481ec91b762. This essentially removed the \. and $ constructs from the middle branches. Hence a file called e.g. cert.key would accidentally match the (cer) rule. CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19427) (cherry picked from commit 706fc5f6ebd63e1fcd18d4764248206ab3c18a0a)23 November 2022, 17:21:54 UTC
1829256 Pauli14 October 2022, 01:53:02 UTCCoverity 1515953: negative loop bound Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19413) (cherry picked from commit 9ab57f29c78d8d69b6ba9c579521594d7170ca44)23 November 2022, 17:21:54 UTC
762473f slontis04 October 2022, 23:57:51 UTCImprove performance of the encoder collection Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19344) (cherry picked from commit c3b46409559c18f103ebb2221c6f8af3cd7db00d)23 November 2022, 17:21:54 UTC
69bcdb7 zhangzhilei24 September 2022, 02:32:36 UTCoptimize ossl_sm4_set_key speed this optimization comes from libgcrypt, increse about 48% speed Benchmark on my AMD Ryzen Threadripper 3990X before: Did 5752000 SM4 setup operations in 1000151us (5751131.6 ops/sec) after: Did 8506000 SM4 setup operations in 1000023us (8505804.4 ops/sec) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19270) (cherry picked from commit 704e8090b4a789f52af07de9a3ebbe11db8e19f8)23 November 2022, 17:21:54 UTC
10c2f19 zhuchen29 September 2022, 12:14:00 UTCAdd vpaes-loongarch64.pl module. Add 128 bit lsx vector expansion optimization code of Loongarch64 architecture to AES. The test result on the 3A5000 improves performance by about 40%~50%. Signed-off-by: zhuchen <zhuchen@loongson.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19364) (cherry picked from commit ef917549f5867d269d359155ff67b8ccb5e66a76)23 November 2022, 17:21:54 UTC
e5a5a19 zhuchen29 September 2022, 11:50:52 UTCAdd LoongArch64 cpuid and OPENSSL_loongarchcap_P Loongarch64 architecture defines 128 bit vector extension lsx and 256 bit vector extension lasx. The cpucfg instruction can be used to obtain whether the CPU has a corresponding extension. This part of code is added to prepare for the subsequent addition of corresponding vector instruction optimization. Signed-off-by: zhuchen <zhuchen@loongson.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19364) (cherry picked from commit 7f2d6188c7b16ef7a4deeeedb56f42014156b9f8)23 November 2022, 17:21:53 UTC
bf0e3fa FdaSilvaYY23 August 2022, 18:53:31 UTCnit: fix some pointer comparisons Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059) (cherry picked from commit e1e93f7a07dfc7a8dddd4ddbb79d1d9bc9760d32)23 November 2022, 17:21:53 UTC
fee9986 FdaSilvaYY23 August 2022, 18:45:13 UTCapps & al : Fix various typos, repeated words, align some spelling to LDP. Mostly revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059) (cherry picked from commit 9929c81702381bff54f833d6fe0a3304f4e2b635)23 November 2022, 17:21:53 UTC
f24b716 FdaSilvaYY23 August 2022, 18:40:44 UTCFix various typos, repeated words, align some spelling to LDP. Partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059) (cherry picked from commit d7f3a2cc8691c062ef5bdeef28b66f80c8f7d5c3)23 November 2022, 17:21:47 UTC
2c54276 FdaSilvaYY23 August 2022, 18:37:03 UTCcrypto/*: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059) (cherry picked from commit c7340583097a80a4fe42bacea745b2bbaa6d16db)23 November 2022, 17:21:47 UTC
5af0050 FdaSilvaYY23 August 2022, 18:33:58 UTCcrypto: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - file name -> filename - host name -> hostname Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059) (cherry picked from commit 1567a821a4616f59748fa8982724f88e542867d6)23 November 2022, 17:21:43 UTC
86699ac Thiago Suchorski22 September 2022, 11:27:27 UTCFixed some grammar and spelling Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/19262) (cherry picked from commit af33b200da8040c78dbfd8405878190980727171)23 November 2022, 17:21:43 UTC
cb6f8ae Dr. David von Oheimb26 August 2022, 08:04:01 UTCERR: replace remnant ECerr() and EVPerr() calls in crypto/ except those throwing ERR_R_MALLOC_FAILURE Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19302) (cherry picked from commit bd07cc1c7e3ca38689e59868b5945dc223235a49)23 November 2022, 17:21:43 UTC
98e3f4e Juergen Christ29 August 2022, 15:05:41 UTCapps/speed.c: Lock buffer in memory Lock the buffers used for throughput measurements into memory. This removes some side effects of paging. Errors from the memory locking functions are ignored since they are not critical to the application. This feature is limited to Linux and Windows. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19091) (cherry picked from commit 9710d72b95f4fc218ed613f42dc90ad0d263b14f)23 November 2022, 17:21:43 UTC
a193030 Kan21 June 2022, 06:55:55 UTCAdd config option for speed command Fixed #16986 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18616) (cherry picked from commit 8403c7350fd836ea44baf69c0b7dc3af1189253f)23 November 2022, 17:21:43 UTC
b800396 Dr. David von Oheimb24 September 2022, 21:57:19 UTCtest/trace_api_test.c: fix gcc error on -Werror=strict-prototypes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19277) (cherry picked from commit 1fcd84c7017416a3c9461914d7a943591ad87a82)23 November 2022, 17:21:43 UTC
9099a05 Daniel Fiala05 August 2022, 02:44:51 UTCAdd tests for trace_api. Fixes openssl#17422 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19096) (cherry picked from commit fcff5bd43c85418cc4aa8052e3dc3dba344d763e)23 November 2022, 17:21:43 UTC
24e1432 Tomas Mraz09 September 2022, 12:46:24 UTCFix AES-GCM on Power 8 CPUs Properly fallback to the default implementation on CPUs missing necessary instructions. Fixes #19163 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19182) (cherry picked from commit 9ab6b64ac856157a31a54c0d12207c2338bfa8e2)23 November 2022, 17:21:43 UTC
6466867 David Carlier08 September 2022, 21:16:31 UTCOSSL_CRYPTO_ALLOC attribute introduction proposal. Giving hint to the compiler the returned pointer is not aliased (so realloc-like api is de facto excluded). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19180) (cherry picked from commit e1035957eba1e6ebdefd0e18dcbad5cbfa7a969a)23 November 2022, 17:21:43 UTC
8cef32c Paul Yang09 September 2022, 07:48:24 UTCFix PROV_RC5_CTX's original structure name It looks like a typo when copy & pasting the structure from blowfish. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19186) (cherry picked from commit 53ef02baf80130a81d019e85c528fdc13af9db33)23 November 2022, 17:21:43 UTC
0094d5c a134605408 September 2022, 08:11:53 UTCopenssl.cnf: split option value and comment and remove leading space CLA: trivial Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19173) (cherry picked from commit fd24de9f93049b05a54c48da5316f42882489230)23 November 2022, 17:21:43 UTC
7bfa68f Todd Short01 September 2022, 19:31:21 UTCCleanup EBCDIC string defintions Use a single definiton for protocol string defintions. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19122) (cherry picked from commit 44e47328178328198018c23e6918884af5e8ce4b)23 November 2022, 17:21:43 UTC
150c6f0 Matt Caswell31 August 2022, 11:31:24 UTCAdd some API tests for TLSv1.3 record padding We have some ssl_test_new tests for record padding. But these only use the block padding approach set via a config file on the SSL_CTX. We add tests for all the various API calls. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19103) (cherry picked from commit f3f8e53c852f07d38c124e45f7c678e854be4a54)23 November 2022, 17:21:43 UTC
7bda9e8 Matt Caswell17 May 2022, 13:36:39 UTCAdd a test for read_ahead data crossing a key change If read_ahead is switched on, it should still work even if the data that is read cross epochs. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132) (cherry picked from commit f7565348c22785f69239883feb1f3c91d1cfd675)23 November 2022, 17:21:43 UTC
291f829 Hongren (Zenithal) Zheng13 May 2022, 16:01:11 UTCprovider: cipher: aes: add riscv32 zkn (zbkb) support Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18308) (cherry picked from commit 5ccee69b1384fa9377986a6f7730e0d9a372b42b)23 November 2022, 17:21:43 UTC
8aff1e8 Hongren (Zenithal) Zheng13 May 2022, 15:44:31 UTCaes_platform: add riscv32 zkn asm support Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18308) (cherry picked from commit cbb15b31b98f47276cf9e87453831d96274baf66)23 November 2022, 17:21:43 UTC
fd7953b Hongren (Zenithal) Zheng13 May 2022, 15:29:34 UTCadd build support for riscv32 aes zkn Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18308) (cherry picked from commit b733ce73a423b99c0354b42e268216e0656e556b)23 November 2022, 17:21:43 UTC
2f97366 Hongren (Zenithal) Zheng13 May 2022, 16:02:44 UTCAdd RISC-V 32 cpuid support Mainly from #17640 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18308) (cherry picked from commit 61170642b1ad084ae4f52e43d39c5c1e471b323a)23 November 2022, 17:21:43 UTC
624bd68 Hongren (Zenithal) Zheng13 May 2022, 15:23:29 UTCAdd linux32-riscv32/BSD-riscv32 target Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18308) (cherry picked from commit 42ee6e7be43c57136d71e5612fed22a06f7f5d0e)23 November 2022, 17:21:43 UTC
ef832b3 Hongren (Zenithal) Zheng13 May 2022, 14:24:43 UTCAdd AES implementation in riscv32 zkn asm Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18308) (cherry picked from commit b1b889d1b3fc92a56ead5536bee06f3415b78482)23 November 2022, 17:21:43 UTC
38186a2 Piotr Kubaj29 July 2022, 10:47:29 UTCAdd BSD-armv4 target based on linux-armv4 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18910) (cherry picked from commit a9389c0b75e69ebaf74fdc8fee0c983809e45931)23 November 2022, 17:21:43 UTC
8bee6ac Daniel Hu19 July 2022, 17:43:28 UTCImprove chacha20 perfomance on aarch64 by interleaving scalar with SVE/SVE2 The patch will process one extra block by scalar in addition to blocks by SVE/SVE2 in parallel. This is esp. helpful in the scenario where we only have 128-bit vector length. The actual uplift to performance is complicated, depending on the vector length and input data size. SVE/SVE2 implementation don't always perform better than Neon, but it should prevail in most cases On a CPU with 256-bit SVE/SVE2, interleaved processing can handle 9 blocks in parallel (8 blocks by SVE and 1 by Scalar). on 128-bit SVE/SVE2 it is 5 blocks. Input size that is a multiple of 9/5 blocks on respective CPU can be typically handled at maximum speed. Here are test data for 256-bit and 128-bit SVE/SVE2 by running "openssl speed -evp chacha20 -bytes 576" (and other size) ----------------------------------+--------------------------------- 256-bit SVE | 128-bit SVE2 ----------------------------------|--------------------------------- Input 576 bytes 512 bytes | 320 bytes 256 bytes ----------------------------------|--------------------------------- SVE 1716361.91k 1556699.18k | 1615789.06k 1302864.40k ----------------------------------|--------------------------------- Neon 1262643.44k 1509044.05k | 680075.67k 1060532.31k ----------------------------------+--------------------------------- If the input size gets very large, the advantage of SVE/SVE2 over Neon will fade out. Signed-off-by: Daniel Hu <Daniel.Hu@arm.com> Change-Id: Ieedfcb767b9c08280d7c8c9a8648919c69728fab Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18901) (cherry picked from commit 3f42f41ad19c631287386fd8d58f9e02466c5e3f)23 November 2022, 17:21:42 UTC
6bf9a6e Matt Caswell24 August 2022, 14:10:56 UTCDrop the optimisation level for ppc64le cross-compile The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems buggy and causes a seg fault in sslapitest. This doesn't impact any other CI cross compile platforms and does not seem to impact the gcc 10.3.0 cross compiler. We just drop the optimisation level on that platform. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19056) (cherry picked from commit 200d9521a0d406a7d02778d1c6c5a5230caeecf5)23 November 2022, 17:21:42 UTC
8ba5893 Dr. Matthias St. Pierre15 August 2022, 13:01:11 UTCAdd CODE-OF-CONDUCT.md Fixes #18820 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19002) (cherry picked from commit 63df86b041aaafba3e4998b2e3872fa8695a2377)23 November 2022, 17:21:42 UTC
8a63360 Rohan McLure30 June 2022, 06:21:06 UTCFix unrolled montgomery multiplication for POWER9 In the reference C implementation in bn_asm.c, tp[num + 1] contains the carry bit for accumulations into tp[num]. tp[num + 1] is only ever assigned, never itself incremented. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18883) (cherry picked from commit 2f1112b22a826dc8854b41b60a422c987f8ddafb)23 November 2022, 17:21:42 UTC
3a2da10 Rohan McLure27 June 2022, 02:14:55 UTCRevert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"" This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18883) (cherry picked from commit eae70100fadbc94f18ba7a729bf065cb524a9fc9)23 November 2022, 17:21:42 UTC
40230f6 Dr. David von Oheimb25 July 2022, 07:19:40 UTCtest/timing_load_creds.c: fix coding style and other (mostly minor) issues Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18821) (cherry picked from commit 45479dcee1672661e4f5b6d8b6c9a50453581e65)23 November 2022, 17:21:42 UTC
93485e8 Dr. David von Oheimb18 July 2022, 18:26:57 UTCRename the "timing" program to "timing_load_creds" and integrate it with test/build.info Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18821) (cherry picked from commit c02036e1ad759fca228a2201f1c4752670ad59bd)23 November 2022, 17:21:42 UTC
e5124e1 Rich Salz29 April 2021, 17:48:45 UTCAdd a stand-alone "timing" program Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18821) (cherry picked from commit 6212fc6814e8a8968bb35239cd454afd22b6a083)23 November 2022, 17:21:42 UTC
411a3d8 Hongren (Zenithal) Zheng11 May 2022, 10:32:13 UTCAdd ROTATE inline RISC-V zbb/zbkb asm for DES Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18290) (cherry picked from commit 6136408e6abf10672e399bf95be064868f2f7ca6)23 November 2022, 17:21:42 UTC
41ac1b4 Juergen Christ02 August 2022, 12:41:00 UTCFix GHASH-ASM implementation on s390x s390x GHASH assembler implementation assumed it was called from a gcm128_context structure where the Xi paramter to the ghash function was embedded in that structure. Since the structure layout resembles the paramter block required for kimd-GHASH, the assembler code simply assumed the 128 bytes after Xi are the hash subkey. This assumption was broken with the introduction of AES-GCM-SIV which uses the GHASH implementation without a gcm128_context structure. Furthermore, the bytes following the Xi input parameter to the GHASH function do not contain the hash subkey. To fix this, we remove the assumption about the calling context and build the parameter block on the stack. This requires some copying of data to and from the stack. While this introduces a performance degradation, new systems anyway use kma for GHASH/AES-GCM. Finally fixes #18693 for s390x. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18939) (cherry picked from commit cd854f225bbef9561fad680e2628dfd55be1b141)23 November 2022, 17:21:42 UTC
15c7642 Kurt Roeckx02 August 2022, 16:49:40 UTCChange name of parameter in documentation from sigret to sig The rest of the documentation talks about sig, not sigret Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18943) (cherry picked from commit 2bd8190aace8109a06aff495a3e20c863ef48653)23 November 2022, 17:21:42 UTC
74bfc16 Tomas Mraz14 November 2022, 18:31:17 UTCgcm_get_funcs(): Add missing fallback for ghash on x86_64 Fixes #19673 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19674) (cherry picked from commit be0161ff100bf10c9549fc09ce4513681011da1c)23 November 2022, 17:21:42 UTC
77d99f0 Tomas Mraz28 July 2022, 14:23:51 UTCFix regression from GCM mode refactoring Fixes #18896 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18903) (cherry picked from commit 186be8ed26f5561faf91d6da3ed14cd9cb6617dd)23 November 2022, 17:21:42 UTC
6df6a44 Juergen Christ25 July 2022, 09:31:20 UTCs390x: Optimize kmac Use hardware acceleration for kmac on s390x. Since klmd does not support kmac, perform padding of the last block by hand and use kimd. Yields a performance improvement of between 2x and 3x. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18863) (cherry picked from commit affc070aabc930aeaba50f0dd6b3e0b7a2ddc399)23 November 2022, 17:21:42 UTC
61763c0 Juergen Christ25 July 2022, 08:34:26 UTCs390x: Fix GCM setup Rework of GCM code did not include s390x causing NULL pointer dereferences on GCM operations other than AES-GCM on platforms that support kma. Fix this by a proper setup of the function pointers. Fixes: 92c9086e5c2b ("Use separate function to get GCM functions") Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18862) (cherry picked from commit 48e35b99bd0071207cfe39da22eb2502db5c09dc)23 November 2022, 17:21:42 UTC
5c7a383 Todd Short20 July 2022, 15:11:41 UTCClean up GCM_MUL and remove GCM_FUNCREF_4BIT Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835) (cherry picked from commit d50e0934e5b1537db0ea43986464b8f8f8b4e9fd)23 November 2022, 17:21:42 UTC
aa97317 Todd Short20 July 2022, 15:06:59 UTCClean up use of GHASH macro Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835) (cherry picked from commit 95201ef45711220455e8abf1cc6b334393384af2)23 November 2022, 17:21:42 UTC
6843c1e Todd Short20 July 2022, 14:54:24 UTCUse separate function to get GCM functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835) (cherry picked from commit 92c9086e5c2b63606cd28a7f13f09b9ff35a0de3)23 November 2022, 17:21:42 UTC
a66a116 Todd Short20 July 2022, 14:04:34 UTCRemove some unused 4bit GCM code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835) (cherry picked from commit 7da952bcc54604141ea8ed40ec5ed1fd2f74cc25)23 November 2022, 17:21:42 UTC
be25847 Todd Short20 July 2022, 13:48:21 UTCRemove unused 1bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835) (cherry picked from commit 7b6e19fc4e6cc1a7000f71789ef50636dacdbb85)23 November 2022, 17:21:42 UTC
b2587f0 Todd Short20 July 2022, 13:38:07 UTCRemove unused 8bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835) (cherry picked from commit a8b5128fd724bc23f7454d64e401d15129634a01)23 November 2022, 17:21:42 UTC
6df209b marcfedorow19 July 2022, 16:15:44 UTCEmit rev8 on __riscv_zbkb as on __riscv_zbb Also add early clobber for two-insn bswap. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18827) (cherry picked from commit 48b6776678d794406c625dcb5767102b73081962)23 November 2022, 17:21:42 UTC
fe60601 FdaSilvaYY20 February 2021, 22:39:30 UTCCleanup : directly include of `internal/nelem.h` when required. And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19721) (cherry picked from commit f2a6f83862be3e20260b708288a8f7d0928e9018)23 November 2022, 17:15:39 UTC
3431dd4 slontis02 November 2022, 03:20:55 UTCImprove FIPS RSA keygen performance. Reduce the Miller Rabin counts to the values specified by FIPS 186-5. The old code was using a fixed value of 64. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19579) (cherry picked from commit d2f6e66d2837bff1f5f7636bb2118e3a45c9df61)23 November 2022, 07:27:42 UTC
8647964 Tomas Mraz14 November 2022, 19:02:13 UTCparams_api_test.c: Fix mistake in backported test fix Fixup for e8f1d76b50204d87a0ef7f6879eb1dd507a54368. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19675)22 November 2022, 18:02:58 UTC
d5c02e2 Tomas Mraz11 October 2022, 15:26:23 UTCRelease the drbg in the global default context before engines Fixes #17995 Fixes #18578 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/19386) (cherry picked from commit a88e97fcace01ecf557b207f04328a72df5110df)22 November 2022, 17:03:22 UTC
872dd0a Bernd Edlinger02 April 2022, 11:41:12 UTCAdd a test case for the engine crash with AES-256-CTR Implement the AES-256-CTR cipher in the dasync engine. Use that to reproduce the reported problems with the devcrypto engine in our normal test environment. See #17995 and #17532 for details. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19386) (cherry picked from commit bd363ef32403d58a8b41553b5abd602b30073b10)22 November 2022, 17:02:46 UTC
e4d8eaa Daniel Fiala21 October 2022, 04:28:12 UTCAdd an EVP signature demo using DSA Fixes openssl#14114 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19492) (cherry picked from commit 858b5d12b85b0639519d21206c9da7e1bb976a00)22 November 2022, 16:23:56 UTC
20d3731 Richard Levitte22 November 2022, 14:05:45 UTCtest/recipes/80-test_cms.t: Fix the "CAdES ko" test This test had commands that assumes that runner_loop() is used to perform the tests. These tests still run fine because Unix accepts braces in file names, but other operating systems might not. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19731)22 November 2022, 14:05:45 UTC
b384049 slontis17 November 2022, 01:58:36 UTCFix coverity issues in X509v3_addr CID 1516955 : Null pointer deref (REVERSE_INULL) CID 1516954 : Null pointer deref (REVERSE_INULL) CID 1516953 : RESOURCE_LEAK of child Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19700) (cherry picked from commit 26cfa4cd85f6b26dd7a48c2ff06bfa4a2cea4764)21 November 2022, 11:45:02 UTC
de22633 slontis16 November 2022, 21:26:06 UTCAdd missing HISTORY sections for OpenSSL 3.0 related documents. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19690) (cherry picked from commit 4741c80c0556653c74252ec91425dcb74066b2ec)21 November 2022, 11:06:31 UTC
1136c4d slontis02 November 2022, 02:01:34 UTCImprove FIPS RSA keygen performance. FIPS 186-4 has 5 different algorithms for key generation, and all of them rely on testing GCD(a,n) == 1 many times. Cachegrind was showing that during a RSA keygen operation, the function BN_gcd() was taking a considerable percentage of the total cycles. The default provider uses multiprime keygen, which seemed to be much faster. This is because it uses BN_mod_inverse() instead. For a 4096 bit key, the entropy of a key that was taking a long time to generate was recorded and fed back into subsequent runs. Roughly 40% of the cycle time was BN_gcd() with most of the remainder in the prime testing. Changing to use the inverse resulted in the cycle count being 96% in the prime testing. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19578) (cherry picked from commit dd1d7bcb69994d81662e709b0ad838880b943870)21 November 2022, 10:20:38 UTC
6f6f413 Matt Caswell22 July 2022, 10:12:52 UTCFix no-dtls1_2 dtlstest.c needs some adjusting to handle no-dtls1_2 since commit 7bf2e4d7f0c banned DTLSv1 at the default security level - causing the test to fail. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18848) (cherry picked from commit a6843e6ae8ae0551aae8555783f06dab7951f112)21 November 2022, 09:49:52 UTC
ba86c08 Tomas Mraz12 July 2022, 10:32:44 UTCdhparam: Correct the documentation of -dsaparam Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480) (cherry picked from commit 2885b2ca4eee5586baa50208e41a1ca54532eb3a)21 November 2022, 09:49:52 UTC
4890f26 Tomas Mraz10 June 2022, 08:06:24 UTCdhparam_test: Test that we add private key length on generation and print it Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480) (cherry picked from commit 2b11a8ecc8ed1355b99a6d88b8e7e7a75a67bd0a)21 November 2022, 09:49:52 UTC
ac214d7 Tomas Mraz06 June 2022, 08:22:00 UTCUse as small dh key size as possible to support the security Longer private key sizes unnecessarily raise the cycles needed to compute the shared secret without any increase of the real security. We use minimum key sizes as defined in RFC7919. For arbitrary parameters we cannot know whether they are safe primes (we could test but that would be too inefficient) we have to keep generating large keys. However we now set a small dh->length when we are generating safe prime parameters because we know it is safe to use small keys with them. That means users need to regenerate the parameters if they want to take the performance advantage of small private key. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18480) (cherry picked from commit ddb13b283be84d771deba1e964610b1670641f03)21 November 2022, 09:49:52 UTC
1f66489 Hongren (Zenithal) Zheng11 May 2022, 10:09:46 UTCAdd ROTATE inline RISC-V zbb/zbkb asm for chacha Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18289) (cherry picked from commit ca6286c382a7eb527fac9aba2a018354acb27b16)21 November 2022, 09:49:52 UTC
dc6daea Max Bachmann05 May 2022, 16:46:03 UTCAdd config option OPENSSL_NO_UNIX_SOCK Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18256) (cherry picked from commit 081f3484593cdd3be2b7fdd8818c3f928ce729bc)21 November 2022, 09:49:52 UTC
713f6a1 Matt Caswell17 June 2022, 15:37:24 UTCAdd a DTLS next epoch test Test that if we receive a packet from the next epoch, we can buffer it and still use it. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18601) (cherry picked from commit e1c153d31d4f913ebe2202a4bc20305919274d1f)21 November 2022, 09:49:52 UTC
01c7d59 Richard Levitte05 October 2022, 10:47:32 UTCVMS: For executables, process the use of /INCLUDE=main a bit differently The way it was implemented didn't play well with perl's join(), so it's reimplemented a bit differently. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19347) (cherry picked from commit 1ec0acf264652bd981e95842723e5414d634cd93)21 November 2022, 09:49:52 UTC
81bfb11 Richard Levitte01 October 2022, 09:18:57 UTCVMS: use selective search when linking with shareable images VMS linking complains a lot about multiply defined symbols unless told otherwise, especially when shareable images are involved. For example, this involves the legacy provider, where there are overriding implementations of certain ERR functions. To quiet the linker down, we need to say that symbols should be searched selectively in shareable images. However, that's not quite enough. The order in which the VMS linker processes files isn't necessarily top to bottom as given on the command line or the option file(s), which may result in some symbols appearing undefined, even though they are. To remedy that, it's necessary to explicitly include all object files and object libraries into a cluster, thus ensuring that they will be processed first. This allows the search for remaining symbol references to be done in the as desired in the shareable images that follow. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19327) (cherry picked from commit c62a9cd720eccdbb388890ee4a36801d01315be4)21 November 2022, 09:49:52 UTC
72f022b Hongren (Zenithal) Zheng11 May 2022, 09:18:27 UTCAdd ROTATE inline asm support for SM3 And move ROTATE inline asm to header. Now this benefits SM3, SHA (when with Zbb only and no Zknh) and other hash functions Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18287) (cherry picked from commit eea820f3e239a4c11d618741fd5d00a6bc877347)21 November 2022, 09:49:52 UTC
back to top