oweals/openssl.git
5 years agoIgnore duplicated undocumented things
Rich Salz [Wed, 17 Oct 2018 14:25:00 +0000 (10:25 -0400)]
Ignore duplicated undocumented things

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7423)

5 years agoVMS build: better treatment of .S -> .obj compilation
Richard Levitte [Wed, 12 Dec 2018 20:22:29 +0000 (21:22 +0100)]
VMS build: better treatment of .S -> .obj compilation

It turned out that .S files aren't to be treated as lightly as I
thought.  They need to go through a preprocessing step, which .s files
don't need to.

Corrects #7703

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7889)

5 years agodoc/man3: remove copy&paste leftover
Dr. Matthias St. Pierre [Wed, 12 Dec 2018 06:38:07 +0000 (07:38 +0100)]
doc/man3: remove copy&paste leftover

Fixes #7883

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7884)

5 years agoUse the correct function name
Jakub Jelen [Wed, 12 Dec 2018 10:22:00 +0000 (11:22 +0100)]
Use the correct function name

CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7887)

5 years agoFix error in processing $target{enable}
Richard Levitte [Wed, 12 Dec 2018 08:27:48 +0000 (09:27 +0100)]
Fix error in processing $target{enable}

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7885)

5 years agoFixed typo (vi leftover).
Tobias Stoeckmann [Tue, 11 Dec 2018 19:34:21 +0000 (20:34 +0100)]
Fixed typo (vi leftover).

There was a trailing :w at a line, which didn't make sense in context
of the sentence/styling. Removed it, because I think it's a leftover
vi command.

CLA: trivial
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7875)

5 years agoAdd RFC5297 AES-SIV support
Todd Short [Fri, 19 May 2017 14:27:28 +0000 (10:27 -0400)]
Add RFC5297 AES-SIV support

Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)

5 years agoAdd an Ed448 malleability test
Matt Caswell [Mon, 3 Dec 2018 16:36:50 +0000 (16:36 +0000)]
Add an Ed448 malleability test

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)

5 years agoDisallow Ed448 signature malleability
Matt Caswell [Mon, 3 Dec 2018 17:01:07 +0000 (17:01 +0000)]
Disallow Ed448 signature malleability

Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.2.7

Fixes #7706

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)

5 years agotypo ANS1 -> ASN1
nxtstep [Mon, 10 Dec 2018 09:39:24 +0000 (10:39 +0100)]
typo ANS1 -> ASN1

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7857)

5 years agoutil/mkdef.pl: Remove a ';' that snuck in
Richard Levitte [Tue, 11 Dec 2018 09:31:40 +0000 (10:31 +0100)]
util/mkdef.pl: Remove a ';' that snuck in

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7868)

5 years agoConfiguration: $config{shlib_version_number} -> $config{shlib_version}
Richard Levitte [Mon, 10 Dec 2018 18:48:37 +0000 (19:48 +0100)]
Configuration: $config{shlib_version_number} -> $config{shlib_version}

This was forgotten in a few places

Fixes #7862

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7865)

5 years agoapps/tsget.in: use the full version in the user agent string
Richard Levitte [Mon, 10 Dec 2018 19:09:17 +0000 (20:09 +0100)]
apps/tsget.in: use the full version in the user agent string

Fixes #7861

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7866)

5 years agoVMS: fix library compatibility settings in util/mkdef.pl
Richard Levitte [Mon, 10 Dec 2018 10:37:19 +0000 (11:37 +0100)]
VMS: fix library compatibility settings in util/mkdef.pl

The regexp to parse the incoming version number was flawed, and since
we allow ourselves to add missing APIs in PATCH releases, the
compatibility settings still need to include the PATCH part of the
version number.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7858)

5 years agoeng_devcrypto: add command to dump driver info
Eneas U de Queiroz [Wed, 7 Nov 2018 00:54:07 +0000 (22:54 -0200)]
eng_devcrypto: add command to dump driver info

This is useful to determine the kernel driver running each algorithm.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: add configuration options
Eneas U de Queiroz [Sat, 3 Nov 2018 18:41:10 +0000 (15:41 -0300)]
eng_devcrypto: add configuration options

USE_SOFTDRIVERS: whether to use software (not accelerated) drivers
CIPHERS: list of ciphers to enable
DIGESTS: list of digests to enable

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT
Eneas U de Queiroz [Mon, 5 Nov 2018 17:54:17 +0000 (15:54 -0200)]
eng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT

Since each ioctl causes a context switch, slowing things down, if
EVP_MD_CTX_FLAG_ONESHOT is set, then:
 - call the ioctl in digest_update, saving the result; and
 - just copy the result in digest_final, instead of using another ioctl.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: make sure digest can do copy
Eneas U de Queiroz [Sat, 8 Dec 2018 20:01:04 +0000 (18:01 -0200)]
eng_devcrypto: make sure digest can do copy

Digest must be able to do partial-state copy to be used.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: fix ctr mode
Eneas U de Queiroz [Wed, 28 Nov 2018 13:26:27 +0000 (11:26 -0200)]
eng_devcrypto: fix ctr mode

Make CTR mode behave like a stream cipher.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: add cipher CTX copy function
Eneas U de Queiroz [Tue, 13 Nov 2018 11:23:22 +0000 (09:23 -0200)]
eng_devcrypto: add cipher CTX copy function

The engine needs a custom cipher context copy function to open a new
/dev/crypto session.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: close session on cleanup, not final
Eneas U de Queiroz [Mon, 5 Nov 2018 17:59:44 +0000 (15:59 -0200)]
eng_devcrypto: close session on cleanup, not final

Close the session in digest_cleanup instead of digest_final.  A failure
in closing the session does not mean a previous successful digest final
has failed as well.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: fix copy of unitilialized digest
Eneas U de Queiroz [Wed, 14 Nov 2018 15:58:06 +0000 (13:58 -0200)]
eng_devcrypto: fix copy of unitilialized digest

If the source ctx has not been initialized, don't initialize the copy
either.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: expand digest failure cases
Eneas U de Queiroz [Wed, 14 Nov 2018 13:22:14 +0000 (11:22 -0200)]
eng_devcrypto: expand digest failure cases

Return failure when the digest_ctx is null in digest_update and
digest_final, and when md is null in digest_final.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoeng_devcrypto: don't leak methods tables
Eneas U de Queiroz [Mon, 5 Nov 2018 19:59:42 +0000 (17:59 -0200)]
eng_devcrypto: don't leak methods tables

Call functions to prepare methods after confirming that /dev/crytpo was
sucessfully open and that the destroy function has been set.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoINSTALL: add note about devcrypto engine
Eneas U de Queiroz [Thu, 8 Nov 2018 13:16:20 +0000 (11:16 -0200)]
INSTALL: add note about devcrypto engine

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

5 years agoDocument the num_tickets s_server option
Matt Caswell [Tue, 4 Dec 2018 12:31:17 +0000 (12:31 +0000)]
Document the num_tickets s_server option

Fixes #7727

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7756)

5 years agoPreserve errno on dlopen
Matt Caswell [Wed, 21 Nov 2018 11:57:04 +0000 (11:57 +0000)]
Preserve errno on dlopen

For the same reasons as in the previous commit we must preserve errno
across dlopen calls. Some implementations (e.g. solaris) do not preserve
errno even on a successful dlopen call.

Fixes #6953

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)

5 years agoMake sure build_SYS_str_reasons() preserves errno
Matt Caswell [Wed, 21 Nov 2018 11:44:42 +0000 (11:44 +0000)]
Make sure build_SYS_str_reasons() preserves errno

This function can end up being called during ERR_get_error() if we are
initialising. ERR_get_error() must preserve errno since it gets called via
SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
supposed to inspect errno.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)

5 years agomake update
Richard Levitte [Sun, 9 Dec 2018 13:20:30 +0000 (14:20 +0100)]
make update

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)

5 years agoPrevent calling decryption in an encryption context and vice versa
Richard Levitte [Sun, 9 Dec 2018 13:18:50 +0000 (14:18 +0100)]
Prevent calling decryption in an encryption context and vice versa

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)

5 years agoCleaner disposal of ephemeral engine ids and names
Viktor Dukhovni [Sun, 9 Dec 2018 23:37:56 +0000 (18:37 -0500)]
Cleaner disposal of ephemeral engine ids and names

Engine names and ids are typically static strings.  If an application
actually dynamically allocated these, the application owns the
storage, and should dispose of it via the original handle, rather
than the "const char *" returned by the engine.

In any case, this resolves the test code issue without resort to
"unconst" macros/casts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
5 years agoEliminate NOP cast
Viktor Dukhovni [Sun, 9 Dec 2018 23:37:26 +0000 (18:37 -0500)]
Eliminate NOP cast

Reviewed-by: Richard Levitte <levitte@openssl.org>
5 years agochange into hex string constants to avoid overflow warnings
Christos Zoulas [Mon, 1 Oct 2018 23:09:16 +0000 (19:09 -0400)]
change into hex string constants to avoid overflow warnings

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoAdd a format attribute to the format functions and fix the broken format
Christos Zoulas [Sun, 30 Sep 2018 21:16:07 +0000 (17:16 -0400)]
Add a format attribute to the format functions and fix the broken format
strings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoFix const issues
Christos Zoulas [Sun, 30 Sep 2018 20:59:46 +0000 (16:59 -0400)]
Fix const issues

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoAvoid const castaway warning
Christos Zoulas [Sun, 30 Sep 2018 20:57:56 +0000 (16:57 -0400)]
Avoid const castaway warning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoUse a const variable
Christos Zoulas [Sun, 30 Sep 2018 20:57:14 +0000 (16:57 -0400)]
Use a const variable

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoUse the proper fonst cast
Christos Zoulas [Sun, 30 Sep 2018 20:56:49 +0000 (16:56 -0400)]
Use the proper fonst cast

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agodon't pass const string where a modifyable string is expected
Christos Zoulas [Sun, 30 Sep 2018 20:56:14 +0000 (16:56 -0400)]
don't pass const string where a modifyable string is expected

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoadd missing "void" in prototype.
Christos Zoulas [Sun, 30 Sep 2018 20:55:05 +0000 (16:55 -0400)]
add missing "void" in prototype.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoadd missing const in cast
Christos Zoulas [Sun, 30 Sep 2018 20:54:25 +0000 (16:54 -0400)]
add missing const in cast

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoadd missing const
Christos Zoulas [Sun, 30 Sep 2018 20:53:22 +0000 (16:53 -0400)]
add missing const

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agouse the proper types to eliminate casts
Christos Zoulas [Sun, 30 Sep 2018 20:52:44 +0000 (16:52 -0400)]
use the proper types to eliminate casts

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoerr/err.c: improve err_clear_last_constant_time's portability.
Andy Polyakov [Fri, 7 Dec 2018 21:19:57 +0000 (22:19 +0100)]
err/err.c: improve err_clear_last_constant_time's portability.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7850)

5 years agoUpdate kmac.c
terry zhao [Fri, 7 Dec 2018 03:13:49 +0000 (11:13 +0800)]
Update kmac.c

fix nmake compiler error

```
crypto\kmac\kmac.c : warning treated as error - no object file generated
crypto\kmac\kmac.c : warning C4819: The file contains a character that cannot be represented in the current code page (936). Save the file in Unicode format to prevent data loss
```

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7846)

5 years agoConfigure: fix the version string in the configure output
Dr. Matthias St. Pierre [Thu, 6 Dec 2018 23:32:43 +0000 (00:32 +0100)]
Configure: fix the version string in the configure output

Since `$config{version}` and `$config{version_num}` were removed
in commit 3a63dbef15b6, the configure output displays an empty
version number string in parentheses instead of the version number.

This pull request fixes that by adding new config variables
`version` and `full_version`, analogous to `OPENSSL_VERSION_STR`
and `OPENSSL_FULL_VERSION_STR`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7841)

5 years agoRemove all NOEXIST symbols from ordinals files
Richard Levitte [Fri, 7 Dec 2018 11:17:33 +0000 (12:17 +0100)]
Remove all NOEXIST symbols from ordinals files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)

5 years agomake update
Richard Levitte [Fri, 7 Dec 2018 11:16:21 +0000 (12:16 +0100)]
make update

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)

5 years agoutil/perl/OpenSSL/Ordinals.pm: introduce a base version
Richard Levitte [Sun, 2 Dec 2018 12:53:47 +0000 (13:53 +0100)]
util/perl/OpenSSL/Ordinals.pm: introduce a base version

The idea is that a base version is the minimum version that must be
assigned to all symbols.  The practical result is that, for any new
major release, the version number for all symbols will automatically
be bumped to the new release's version number, if necessary.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)

5 years agoutil/perl/OpenSSL/Ordinals.pm: use OpenSSL::Util::cmp_versions
Richard Levitte [Sun, 2 Dec 2018 12:50:56 +0000 (13:50 +0100)]
util/perl/OpenSSL/Ordinals.pm: use OpenSSL::Util::cmp_versions

OpenSSL::Util::cmp_versions() is introduced to be used everywhere
where versions are compared.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)

5 years agoutil/perl/OpenSSL/Ordinals.pm: shift to dotted versions internally
Richard Levitte [Sun, 2 Dec 2018 12:46:35 +0000 (13:46 +0100)]
util/perl/OpenSSL/Ordinals.pm: shift to dotted versions internally

Any version from an ordinals file will have '_' changed to '.' on
input, and changed back on output.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)

5 years agoapps: print Kernel TLS in s_client and s_server
Boris Pismenny [Wed, 14 Nov 2018 21:53:57 +0000 (23:53 +0200)]
apps: print Kernel TLS in s_client and s_server

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agoCHANGES: Add Linux Kernel TLS data-path
Boris Pismenny [Wed, 14 Nov 2018 19:13:05 +0000 (21:13 +0200)]
CHANGES: Add Linux Kernel TLS data-path

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agosslapitest: add test ktls
Boris Pismenny [Tue, 13 Feb 2018 18:22:09 +0000 (20:22 +0200)]
sslapitest: add test ktls

Add a unit-test for ktls.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agossl: Linux TLS Tx Offload
Boris Pismenny [Thu, 1 Jun 2017 06:25:47 +0000 (09:25 +0300)]
ssl: Linux TLS Tx Offload

This patch adds support for the Linux TLS Tx socket option.
If the socket option is successful, then the data-path of the TCP socket
is implemented by the kernel.
We choose to set this option at the earliest - just after CCS is complete.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agoevp/e_aes: Expose IV
Boris Pismenny [Thu, 1 Jun 2017 05:54:55 +0000 (08:54 +0300)]
evp/e_aes: Expose IV

This commit exposes the cipher's IV to applications.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agobio: Linux TLS Offload
Boris Pismenny [Thu, 1 Jun 2017 05:46:33 +0000 (08:46 +0300)]
bio: Linux TLS Offload

Add support for Linux TLS offload in the BIO layer
and specifically in bss_sock.c.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agoConfigure Kernel TLS datapath
Boris Pismenny [Thu, 1 Feb 2018 12:10:22 +0000 (14:10 +0200)]
Configure Kernel TLS datapath

Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agoLinux ktls infrastructure
Boris Pismenny [Wed, 31 Jan 2018 14:43:35 +0000 (16:43 +0200)]
Linux ktls infrastructure

Introduce a compatability layer that exposes the required structures
and constants for supporting ktls.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

5 years agoMake EVP_PKEY_asn1_add0() stricter about its input
Richard Levitte [Fri, 7 Dec 2018 08:26:04 +0000 (09:26 +0100)]
Make EVP_PKEY_asn1_add0() stricter about its input

It turns out that the strictness that was implemented in
EVP_PKEY_asn1_new() (see Github openssl/openssl#6880) was badly placed
for some usages, and that it's better to do this check only when the
method is getting registered.

Fixes #7758

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7847)

5 years agoOnly include opensslconf.h once
Matt Caswell [Thu, 6 Dec 2018 15:44:45 +0000 (15:44 +0000)]
Only include opensslconf.h once

Fixes a pyca cryptography test failure.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7839)

5 years agoRemove the cast from the definition of OPENSSL_VERSION_NUMBER
Matt Caswell [Thu, 6 Dec 2018 14:42:17 +0000 (14:42 +0000)]
Remove the cast from the definition of OPENSSL_VERSION_NUMBER

If a cast is included in the definition it cannot be used in preprocessor
expressions, e.g. "#if OPENSSL_VERSION_NUMBER > 0x10000000L"

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7839)

5 years agoDoc: fix reference to deprecated methods.
FdaSilvaYY [Wed, 17 Oct 2018 20:30:32 +0000 (22:30 +0200)]
Doc: fix reference to deprecated methods.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7705)

5 years agocurve25519.c: improve formula alignment
Dr. Matthias St. Pierre [Tue, 4 Dec 2018 22:59:24 +0000 (23:59 +0100)]
curve25519.c: improve formula alignment

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7750)

5 years agocurve25519.c: reformat code to follow coding guidelines
Dr. Matthias St. Pierre [Mon, 3 Dec 2018 21:01:18 +0000 (22:01 +0100)]
curve25519.c: reformat code to follow coding guidelines

Fixes #7698

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7750)

5 years agoRemaining boilerplate change in doc/man3/OpenSSL_version.pod
Richard Levitte [Thu, 6 Dec 2018 14:44:29 +0000 (15:44 +0100)]
Remaining boilerplate change in doc/man3/OpenSSL_version.pod

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7838)

5 years agoFollowing the license change, modify the boilerplates in include/ and crypto/include/
Richard Levitte [Thu, 6 Dec 2018 12:12:35 +0000 (13:12 +0100)]
Following the license change, modify the boilerplates in include/ and crypto/include/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7770)

5 years agoFollowing the license change, modify the boilerplates in last few
Richard Levitte [Thu, 6 Dec 2018 13:08:43 +0000 (14:08 +0100)]
Following the license change, modify the boilerplates in last few

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7836)

5 years agoFollowing the license change, modify the boilerplates in external/
Richard Levitte [Thu, 6 Dec 2018 13:07:05 +0000 (14:07 +0100)]
Following the license change, modify the boilerplates in external/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7835)

5 years agoFollowing the license change, modify the boilerplates in demos/
Richard Levitte [Thu, 6 Dec 2018 13:08:15 +0000 (14:08 +0100)]
Following the license change, modify the boilerplates in demos/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7834)

5 years agoFollowing the license change, modify the boilerplates in fuzz/
Richard Levitte [Thu, 6 Dec 2018 13:07:47 +0000 (14:07 +0100)]
Following the license change, modify the boilerplates in fuzz/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7833)

5 years agoFollowing the license change, modify the boilerplates in engines/
Richard Levitte [Thu, 6 Dec 2018 13:07:27 +0000 (14:07 +0100)]
Following the license change, modify the boilerplates in engines/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7832)

5 years agoFollowing the license change, modify the boilerplates in doc/man7/
Richard Levitte [Thu, 6 Dec 2018 13:05:22 +0000 (14:05 +0100)]
Following the license change, modify the boilerplates in doc/man7/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7831)

5 years agoFollowing the license change, modify the boilerplates in doc/man5/
Richard Levitte [Thu, 6 Dec 2018 13:05:02 +0000 (14:05 +0100)]
Following the license change, modify the boilerplates in doc/man5/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7830)

5 years agoFollowing the license change, modify the boilerplates in doc/man3/
Richard Levitte [Thu, 6 Dec 2018 13:04:44 +0000 (14:04 +0100)]
Following the license change, modify the boilerplates in doc/man3/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)

5 years agoFollowing the license change, modify the boilerplates in doc/man1/
Richard Levitte [Thu, 6 Dec 2018 13:04:11 +0000 (14:04 +0100)]
Following the license change, modify the boilerplates in doc/man1/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7828)

5 years agoFollowing the license change, modify the boilerplates in crypto/
Richard Levitte [Thu, 6 Dec 2018 13:03:01 +0000 (14:03 +0100)]
Following the license change, modify the boilerplates in crypto/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7827)

5 years agoFollowing the license change, modify the boilerplates in crypto/ui/
Richard Levitte [Thu, 6 Dec 2018 12:59:46 +0000 (13:59 +0100)]
Following the license change, modify the boilerplates in crypto/ui/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7826)

5 years agoFollowing the license change, modify the boilerplates in crypto/x509v3/
Richard Levitte [Thu, 6 Dec 2018 13:00:54 +0000 (14:00 +0100)]
Following the license change, modify the boilerplates in crypto/x509v3/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7825)

5 years agoFollowing the license change, modify the boilerplates in crypto/x509/
Richard Levitte [Thu, 6 Dec 2018 13:00:36 +0000 (14:00 +0100)]
Following the license change, modify the boilerplates in crypto/x509/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7824)

5 years agoFollowing the license change, modify the boilerplates in crypto/whrlpool/
Richard Levitte [Thu, 6 Dec 2018 13:00:09 +0000 (14:00 +0100)]
Following the license change, modify the boilerplates in crypto/whrlpool/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7823)

5 years agoFollowing the license change, modify the boilerplates in crypto/ts/
Richard Levitte [Thu, 6 Dec 2018 12:58:46 +0000 (13:58 +0100)]
Following the license change, modify the boilerplates in crypto/ts/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7822)

5 years agoFollowing the license change, modify the boilerplates in crypto/store/
Richard Levitte [Thu, 6 Dec 2018 12:58:30 +0000 (13:58 +0100)]
Following the license change, modify the boilerplates in crypto/store/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7821)

5 years agoFollowing the license change, modify the boilerplates in crypto/stack/
Richard Levitte [Thu, 6 Dec 2018 12:58:11 +0000 (13:58 +0100)]
Following the license change, modify the boilerplates in crypto/stack/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7820)

5 years agoFollowing the license change, modify the boilerplates in crypto/srp/
Richard Levitte [Thu, 6 Dec 2018 12:56:57 +0000 (13:56 +0100)]
Following the license change, modify the boilerplates in crypto/srp/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7819)

5 years agoFollowing the license change, modify the boilerplates in crypto/smN/
Richard Levitte [Thu, 6 Dec 2018 12:56:38 +0000 (13:56 +0100)]
Following the license change, modify the boilerplates in crypto/smN/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7818)

5 years agoFollowing the license change, modify the boilerplates in crypto/siphash/
Richard Levitte [Thu, 6 Dec 2018 12:56:12 +0000 (13:56 +0100)]
Following the license change, modify the boilerplates in crypto/siphash/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7817)

5 years agoFollowing the license change, modify the boilerplates in crypto/sha/
Richard Levitte [Thu, 6 Dec 2018 12:54:58 +0000 (13:54 +0100)]
Following the license change, modify the boilerplates in crypto/sha/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7816)

5 years agoFollowing the license change, modify the boilerplates in crypto/seed/
Richard Levitte [Thu, 6 Dec 2018 12:54:23 +0000 (13:54 +0100)]
Following the license change, modify the boilerplates in crypto/seed/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7815)

5 years agoFollowing the license change, modify the boilerplates in crypto/rsa/
Richard Levitte [Thu, 6 Dec 2018 12:54:02 +0000 (13:54 +0100)]
Following the license change, modify the boilerplates in crypto/rsa/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7814)

5 years agoFollowing the license change, modify the boilerplates in crypto/ripemd/
Richard Levitte [Thu, 6 Dec 2018 12:53:00 +0000 (13:53 +0100)]
Following the license change, modify the boilerplates in crypto/ripemd/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7813)

5 years agoFollowing the license change, modify the boilerplates in crypto/rcN/
Richard Levitte [Thu, 6 Dec 2018 12:52:38 +0000 (13:52 +0100)]
Following the license change, modify the boilerplates in crypto/rcN/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7812)

5 years agoFollowing the license change, modify the boilerplates in crypto/rand/
Richard Levitte [Thu, 6 Dec 2018 12:52:15 +0000 (13:52 +0100)]
Following the license change, modify the boilerplates in crypto/rand/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7811)

5 years agoFollowing the license change, modify the boilerplates in crypto/poly1305/
Richard Levitte [Thu, 6 Dec 2018 12:50:47 +0000 (13:50 +0100)]
Following the license change, modify the boilerplates in crypto/poly1305/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7810)

5 years agoFollowing the license change, modify the boilerplates in crypto/pkcs7/
Richard Levitte [Thu, 6 Dec 2018 12:50:13 +0000 (13:50 +0100)]
Following the license change, modify the boilerplates in crypto/pkcs7/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7809)

5 years agoFollowing the license change, modify the boilerplates in crypto/pkcs12/
Richard Levitte [Thu, 6 Dec 2018 12:49:51 +0000 (13:49 +0100)]
Following the license change, modify the boilerplates in crypto/pkcs12/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7808)

5 years agoFollowing the license change, modify the boilerplates in crypto/perlasm/
Richard Levitte [Thu, 6 Dec 2018 12:48:38 +0000 (13:48 +0100)]
Following the license change, modify the boilerplates in crypto/perlasm/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7807)

5 years agoFollowing the license change, modify the boilerplates in crypto/pem/
Richard Levitte [Thu, 6 Dec 2018 12:48:17 +0000 (13:48 +0100)]
Following the license change, modify the boilerplates in crypto/pem/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7806)

5 years agoFollowing the license change, modify the boilerplates in crypto/ocsp/
Richard Levitte [Thu, 6 Dec 2018 12:47:55 +0000 (13:47 +0100)]
Following the license change, modify the boilerplates in crypto/ocsp/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7805)

5 years agoFollowing the license change, modify the boilerplates in crypto/objects/
Richard Levitte [Thu, 6 Dec 2018 12:46:38 +0000 (13:46 +0100)]
Following the license change, modify the boilerplates in crypto/objects/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7804)