replace use of ossltest engine with provider in TLSProxy and update all
dependent tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28461)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28529)
Switching from ANSI-C we can use implementation of printf like
function provided by libc on target platform. This applies
starting from 3.6 and onwards.
The slight exception here is old windows printf functions
before 2015, those are supported.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28305)
The reports about undocumented environment variables coming from files
in submodules are superfluous; get the list of directories
from .gitmodules and exclude them from processing.
Resolves: https://github.com/openssl/openssl/issues/28109
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28378)
Fix the script now that we are at version 4.0
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28423)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
These make it possible to split the build into two
parts, e.g., when tests should be built with different
compiler flags than installed software.
Also use these as dependecies where appropriate.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28302)
Support BN as an available type.
If a param name is repeated, use the extra fields for the first not the last.
Include the parameter name in a comment in the generated parser. This
Fixes#28257
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28273)
These problems only occur in edge cases when using conditional parameters.
I.e. not a problem before now.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28243)
Such routines allow alleviating the need to perform explicit integer
overflow check during allocation size calculation and generally make
the allocations more semantic (as they signify that a collection
of NUM items, each occupying SIZE bytes is being allocated), which paves
the road for additional correctness checks in the future.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
Also added darwin8-ppc-cc and darwin8-ppc64-cc build configurations for
handling OS X 10.4 PowerPC specific configuration options, specifically
disabling async by default.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27578)
This eliminates locking during writing out of the lock contation report
data, which claws back some of the lost performance degradation imposed
by the lock contention reporting instrumentation:
[Without -DREPORT_RWLOCK_CONTENTION]
~/dev/perftools/source$ ./evp_fetch 100
Average time per fetch call: 4.502162us
~/dev/perftools/source$ ./evp_fetch 200
Average time per fetch call: 8.224920us
[Before]
~/dev/perftools/source$ ./evp_fetch 100
Average time per fetch call: 13.079795us
~/dev/perftools/source$ ./evp_fetch 200
Average time per fetch call: 23.420235us
[After]
~/dev/perftools/source$ ./evp_fetch 100
Average time per fetch call: 6.557428us
~/dev/perftools/source$ ./evp_fetch 200
Average time per fetch call: 13.415148us
The downside is that it produces a file for each TID, which floods
the working directory with debug files, but that mich be an acceptable
trade-off.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27983)
While the majority of the file uses 4 spaces for indentation, some parts
contain 8-wide tabs. Use the spaces for indentation consistently
throughout the file.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28162)
This is in addition to returning an error code.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)
This is to avoid a change of behaviour even though it is a result of user
error. When params are duplicated, all but the first are ignored and no
error is returned.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)
We allowed multiple names for the same parameter in a number of places.
This is best dealt with in the generated code.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)
These are in the name decoder and structure but do not appear in the parameter
listing.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)
Also add support for ML-KEM in CMS (draft-ietf-lamps-cms-kyber).
Add the -recip_kdf and -recip_ukm parameters to `openssl cms -encrypt`
to allow the user to specify the KDF algorithm and optional user
keying material for each recipient.
A provider may indicate which RecipientInfo type is supported
for a key, otherwise CMS will try to figure it out itself. A
provider may also indicate which KDF to use in KEMRecipientInfo
if the user hasn't specified one.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27681)
Check the code (source files and .in files) for undocumented ENV
variable names. The variable name should be documented in openssl-env or
in a designated man page in the "ENVIRONMENT" section.
Resolves: https://github.com/openssl/openssl/issues/28050
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
Add its mention to doc/man3/OPENSSL_malloc.pod,
doc/man7/openssl-env.pod, and util/other.syms.
Also, reorder the variable order in doc/man7/openssl-env.pod
to a lexicographical one.
Complements: 3df5736cf3 "Improve Malloc Failure Test"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
The list includes OPENSSL_ia32cap, OPENSSL_riscvcap, and OPENSSL_s390xcap,
but not OPENSSL_armcap, OPENSSL_ppccap, or OPENSSL_sparcv9cap; fix that.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
The aim of HARNESS_OSSL_PREFIX environment variable is to avoid contaminating
TAP producer's output with stanzas that can be interpreted by a TAP producer
by prefixing them with comment; this can be achieved by processing
the output within the runner instead, as it already does for non-standard
prefixes; it also has the added benefit of alleviating the need
to reset it for the external tests in order to avoid messing
with their output checks.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
Co-authored-by: Michael Krueger
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20945)
X509_CRL_get0_tbs_sigalg() corresponds to X509_get0_tbs_sigalg() and
retrieves the AlgorithmIdentifier inside the TBSCertList which is not
currently accessible in any sane way from public API.
This PR adds X509_get0_tbs_sigalg() to the public API, documents it,
adds a simple regress check so there is coverage and mentions the
addition in CHANGES.md.
On top of that, fix a typo in .gitignore and clean up some order
inconsistencies in X509_get0_signature.pod.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27971)
IO::Socket::IP is an optionally used package in our perl scripts, and a
recent change of mine used it unilaterally, causing breakage on older
perl installations. Fix it up to use it optionally again, falling back
to IO::Socket::INET when needed.
Fixes#27940
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27941)
Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-cmp) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-cms) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-default-thread-pool) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-dgram) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-dh) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-dtls) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ec) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ecx) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-http) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-legacy) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ml-dsa) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ml-kem) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-quic) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-sock) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ssl-trace) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-stdio) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-thread-pool) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-threads) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ui) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-pie) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-dso) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-err) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-filenames) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-module) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-ocsp) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-pinshared) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-srp) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-srtp) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-ts) (push) Has been cancelledDetails
Run-checker merge / jitter (push) Has been cancelledDetails
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelledDetails
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2025]) (push) Has been cancelledDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2025]) (push) Has been cancelledDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2022]) (push) Has been cancelledDetails
Windows GitHub CI / plain (windows-2022) (push) Has been cancelledDetails
Windows GitHub CI / minimal (windows-2022) (push) Has been cancelledDetails
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Has been cancelledDetails
Co-authored-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27912)
With the introduction of REPORT_RWLOCK_CONTENTION, it would be nice
if we could do some quick analysis on it.
This script parses the log, and generates a histogram of lock contention
events, uniquely identified by the stack trace that caused it, and
prints out all unique latency event, sorted from largest (as measured
by cumulative latency in that path).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27912)
Introduces SSL_ACCEPT_STREAM_UNI and SSL_ACCEPT_STREAM_BIDI flags to SSL_accept_stream, allowing callers to specify whether to accept only unidirectional or bidirectional streams. Returns the first of its type from the queue
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27883)
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to runDetails
Run-checker merge / run-checker (enable-zlib) (push) Waiting to runDetails
Run-checker merge / run-checker (no-dso) (push) Waiting to runDetails
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to runDetails
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to runDetails
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to runDetails
Run-checker merge / run-checker (no-err) (push) Waiting to runDetails
Run-checker merge / run-checker (no-filenames) (push) Waiting to runDetails
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to runDetails
Run-checker merge / run-checker (no-module) (push) Waiting to runDetails
Run-checker merge / run-checker (no-ocsp) (push) Waiting to runDetails
Run-checker merge / run-checker (no-pinshared) (push) Waiting to runDetails
Run-checker merge / run-checker (no-srp) (push) Waiting to runDetails
Run-checker merge / run-checker (no-srtp) (push) Waiting to runDetails
Run-checker merge / run-checker (no-ts) (push) Waiting to runDetails
Run-checker merge / jitter (push) Waiting to runDetails
Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to runDetails
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2025]) (push) Waiting to runDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2025]) (push) Waiting to runDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2022]) (push) Waiting to runDetails
Windows GitHub CI / plain (windows-2022) (push) Waiting to runDetails
Windows GitHub CI / minimal (windows-2022) (push) Waiting to runDetails
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to runDetails
Windows Compression GitHub CI / zstd (push) Waiting to runDetails
Windows Compression GitHub CI / brotli (push) Waiting to runDetails
With the move to structure based parameter decoding, some of the support
functions are now unnecessary and are removed.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27847)
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to runDetails
Run-checker merge / run-checker (enable-zlib) (push) Waiting to runDetails
Run-checker merge / run-checker (no-dso) (push) Waiting to runDetails
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to runDetails
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to runDetails
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to runDetails
Run-checker merge / run-checker (no-err) (push) Waiting to runDetails
Run-checker merge / run-checker (no-filenames) (push) Waiting to runDetails
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to runDetails
Run-checker merge / run-checker (no-module) (push) Waiting to runDetails
Run-checker merge / run-checker (no-ocsp) (push) Waiting to runDetails
Run-checker merge / run-checker (no-pinshared) (push) Waiting to runDetails
Run-checker merge / run-checker (no-srp) (push) Waiting to runDetails
Run-checker merge / run-checker (no-srtp) (push) Waiting to runDetails
Run-checker merge / run-checker (no-ts) (push) Waiting to runDetails
Run-checker merge / jitter (push) Waiting to runDetails
Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to runDetails
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2025]) (push) Waiting to runDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2025]) (push) Waiting to runDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2022]) (push) Waiting to runDetails
Windows GitHub CI / plain (windows-2022) (push) Waiting to runDetails
Windows GitHub CI / minimal (windows-2022) (push) Waiting to runDetails
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to runDetails
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27854)
Neil Horman
Pauli
sashan
Pauli
Eugene Syromiatnikov
Matt Caswell
openssl-machine
Dmitry Belyavskiy
Pavol Žáčik
GAlvare
Daniel Van Geest
Norbert Pocs
martin
Theo Buehler
Andrew Dinh
Tomas Mraz
Dr. David von Oheimb