Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
times.
Fixes#23672
There are many name/value pairs currently that have duplicate names e.g.
'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls",
'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls",
Stripping the .pm file down to just the above entries and running
multiple times gives different results for the produce_decoder.
On multiple runs any iterations over the unordered hash table keys using
foreach my $name (keys %params) results in a different order on multiple
runs. Because of this the mapping from the hash 'value' back to the
'key' will be different.
Note that the code also uses another mechanism in places that uses
"name1" => "value"
"name2" => "*name1"
Rather than fix all the strings the change done was to sort the keys. If
we were to chose to fix the strings then the perl code should be changed
to detect duplicates.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23688)
Android is enabling support for the riscv64 ISA. Add a configuration
option to support building for it, aligned with the existing
linux-riscv64 configuration.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23427)
ubsan on clang17 has started warning about the following undefined
behavior:
crypto/lhash/lhash.c:299:12: runtime error: call to function err_string_data_hash through pointer to incorrect function type 'unsigned long (*)(const void *)'
[...]/crypto/err/err.c:184: note: err_string_data_hash defined here
#0 0x7fa569e3a434 in getrn [...]/crypto/lhash/lhash.c:299:12
#1 0x7fa569e39a46 in OPENSSL_LH_insert [...]/crypto/lhash/lhash.c:119:10
#2 0x7fa569d866ee in err_load_strings [...]/crypto/err/err.c:280:15
[...]
The issue occurs because, the generic hash functions (OPENSSL_LH_*) will
occasionaly call back to the type specific registered functions for hash
generation/comparison/free/etc, using functions of the (example)
prototype:
[return value] <hash|cmp|free> (void *, [void *], ...)
While the functions implementing hash|cmp|free|etc are defined as
[return value] <fnname> (TYPE *, [TYPE *], ...)
The compiler, not knowing the type signature of the function pointed to
by the implementation, performs no type conversion on the function
arguments
While the C language specification allows for pointers to data of one
type to be converted to pointers of another type, it does not
allow for pointers to functions with one signature to be called
while pointing to functions of another signature. Compilers often allow
this behavior, but strictly speaking it results in undefined behavior
As such, ubsan warns us about this issue
This is an potential fix for the issue, implemented using, in effect,
thunking macros. For each hash type, an additional set of wrapper
funtions is created (currently for compare and hash, but more will be
added for free/doall/etc). The corresponding thunking macros for each
type cases the actuall corresponding callback to a function pointer of
the proper type, and then calls that with the parameters appropriately
cast, avoiding the ubsan warning
This approach is adventageous as it maintains a level of type safety,
but comes at the cost of having to implement several additional
functions per hash table type.
Related to #22896
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23192)
It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values
when not provided in the param list to EVP_PKEY_fromdata. Augment the
provider in ossl_rsa_fromdata to preform this generation iff:
a) At least p q n e and e are provided
b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1
Fixes#21826
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21875)
HPE has a weird preference to prefix letters and zero-padding. Properly trim
them before processing.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22891)
In 160f48941d I made L_ENDIAN defined when the system is guessed to be
linux64-loongarch64. Unfortunately now I found it problematic:
1. This should be added into Configurations/10-main.conf, not here.
Having it here causes a different configuration when
linux64-loongarch64 is explicitly specified than guessed.
2. With LTO enabled, this causes many test failures on
linux64-loongarch64 due to #12247.
So I think we should remove it for now (master and 3.2 branch), and
reintroduce it to Configurations/10-main.conf when we finally sort
out #12247.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22812)
VSI C on OpenVMS for x86_64 has a bit more information than on other
hardware. This is no doubt because it's based on LLVM which leaves an
opening for cross compilation.
VSI C on Itanium:
$ CC/VERSION
VSI C V7.4-001 on OpenVMS IA64 V8.4-2L3
VSI C on x86_64:
$ CC/VERSION
VSI C x86-64 X7.4-843 (GEM 50XB9) on OpenVMS x86_64 V9.2-1
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22792)
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG. This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
This also upgrades flags similarly to the Linux configuration.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20896)
Now the default is linux-generic32, it's not good for loongarch64.
We can also test if the assembler supports vector instructions here and
disable asm if not.
Closes#21340.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21510)
Constructions like $$cursor{whatever} and %$cursor{whatever} were ambiguous
in some perl versions, and it's still better to use the arrow syntax for the
way we use them, i.e. they can both be replaced with $cursor->{whatever}.
Fixes#21152Fixes#21172
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21178)
The separate file is a Perl script that generates the appropriate define
directives for inclusion in core_names.h. By having this separation it
will be possible to prebuild data structures to give faster access when
looking up parameters by name.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
A native x86_64 C compiler has appeared.
We preserve the previous config target with a new name to indicate that it's
for cross compilation, at least for the time being.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).
Add APIs
Add unit tests
Add documentation
Add s_client/s_server support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
The mechanism was pretty tentative and wasn't well tested for diverse
situations.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20415)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20201)
to avoid inheriting Linux's linker flags (ie -Wl,-z,defs)
now targetting OpenBSD.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13393)
When header files happen to have \r\n at line end, prevent hick-ups like:
Unmatched parentheses at include/openssl/asn1.h line 520
make[1]: *** [Makefile:4757: util/libcrypto.num] Error 255
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:3387: build_sw] Error 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19686)
The MACHINE value from POSIX::uname() isn't trustworthy at all.
MACHINE names like this has been seen:
_HP__VMM___(1.67GHz/9.0MB)
Perl's `$Config{archname}` is much more trustworthy, especially since
VMS isn't a multiarch operating system, at least yet.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19285)
Since cl knows what architecture it builds fore, all depending on what
the user set up, it makes sense to ask it, and use that result primarly,
and only use the POSIX::uname() MACHINE value as a fallback.
Also, this does indeed determine if cl is present or not.
We drop the explicit names in .github/workflows/windows.yml as proof
of concept.
Fixes#19281
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19285)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18910)
macOS Catalina (10.15) no longer supports 32-bit applications.
Do not wait 5 seconds to give the user the option of using KERNEL_BITS=32
Do not accept the KERNEL_BITS=32 option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17675)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17306)
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17090)
This function tried to shave off the pre-release and build metadata
text from the the version number it gets, but didn't do that quite
right. Since this isn't even a documented behaviour, the easier, and
arguably more correct path is for that function not to try to shave
off anything, and for the callers to feed it the short version number,
"{MAJOR}.{MINOR}.{PATCH}", nothing more.
The build file templates are adjusted accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16556)
This affects bldtop_dir, bldtop_file, srctop_dir, srctop_file,
data_dir, data_file, result_dir, and result_file. They are all
enhanced to check that the resulting path really is a directory or a
file. They only do this if the path exists.
This allows the tests to catch if these functions are used
incorrectly, even on systems where the syntax for directories and
files is the same.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16523)
Looks more like manpage format. :)
Also remove `{{..}}` notation and rewrite around it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16329)
And document the -w option
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Avoid perl "undefined variable in regexp" message.
Not all uses were changed because I wasn't sure.
Add support for CONFIG_NOWAIT environment variable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Missing '(' added into a PowerPC-specific command
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15911)
! is the DCL character that starts a comment, and therefore acts as a
cut-off if not quoted.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15889)
Dimitri Papadopoulos
Richard Levitte
slontis
Frederik Wedel-Heinen
Prashanth Swaminathan
Neil Horman
Michael Osipov
Xi Ruoyao
Pauli
Matt Caswell
Samuel Thibault
Todd Short
Viktor Dukhovni
David Carlier
Dr. David von Oheimb
Piotr Kubaj
Hugo Landau
Bernd Edlinger
Allan Jude
Rich Salz
Beat Bolli
Lőrinczy, Zsigmond