Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21194)

When determining the next tick deadline we cannot actually issue an
ack if the CC will not let us, or the enc_level is not yet provisioned.

This avoids a bug where we can end up in a busy loop because the next
event deadline is reported as "now" because we want to send an ack, but
we can't actually send anything yet.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21181)

Also use OSSL_NELEM instead of hardcoding array size.
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21183)

The FIPS provider accesses it's current state under lock.
This is overkill, little or no synchronisation is actually required in
practice (because it's essentially a read only setting).  Switch to using
TSAN operations in preference.

Fixes #21179
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21187)

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)

We split the page into two: one covering basic TLS introductory material
that applies to both clients and servers, and one with the specific
material on writing a blocking TLS client.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)

For tutorial type pages it doesn't make any sense to have a DESCRIPTION
section.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)

Provide guidance on the steps needed to write a very simple blocking TLS
client.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)

This blocking client is intended to be used to explain how to implement
a simple client in the documentation.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)

This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).
Signed-off-by: NYi Li <yi1.li@intel.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)

In a non-"no-deprecated" libcrypto build with a default configuration,
RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to
the RAND_seed call (used in "no-deprecated" builds) to perform a reseed.

CLA: trivial
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21167)

To match the BN_CTX_start, it should be better to add
BN_CTX_end in the end of the function.
Signed-off-by: NJiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19266)

CLA: trivial

Fixes #21156
Reviewed-by: NTodd Short <todd.short@me.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21155)

    1. Update cmac test cases, fullfilling test data by short string
       instead of using long string directly.
    2. Modify the wording of comments in cmac.c
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21177)

The libcrypto library uses shared library pinning to prevent its
cleanup handlers from crashing at program termination because of a
premature unloading of the shared library.

However, shared library pinning is enabled also for static builds,
which may lead to surpising behaviour if libcrypto is linked
statically to a shared third-party library, because in this case
the third-party library gets pinned.

This surprising behaviour is caused by the fact that the `no-shared`
configure option does not imply `no-pinshared`. Since this quirk
can't be changed without potentially breaking existing code, we just
document it here and provide a workaround.

Fixes #20977
Reviewed-by: NTodd Short <todd.short@me.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20985)

A few ERR_raise() calls in v3_purp.c use the wrong library. For example,
in OpenSSL 3.1.1 we get

00000000:error:0580009E:x509 certificate routines:ossl_x509v3_cache_extensions:reason(158):crypto/x509/v3_purp.c:635:

instead of

00000000:error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate:crypto/x509/v3_purp.c:635:
Reviewed-by: NTodd Short <todd.short@me.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21168)

Reviewed-by: NTodd Short <todd.short@me.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21006)

Fixes #19531
Reviewed-by: NTodd Short <todd.short@me.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21006)

Toolchains that target a non-MMU architecture may not have the `madvise`
function available, even if the `sys/mman.h` header provides a define
for `MADV_DONTDUMP` (e.g. when targeting ARMv7-M with uClibc). The
following tweaks the implementation to use `HAVE_MADVISE`/`NO_MADVISE`
defines to help indicate when to attempt to use `madvise`. This change
operates in the same manner as the original implementation (i.e. relies
on `MADV_DONTDUMP` to indicate if `madvise` can be used); however, this
change now allows a builder to override the internal detection by
explicitly providing the `HAVE_MADVISE` define at compile time. This
should give flexibility for environments which do not have `madvise`
when there is no easy logic to set `NO_MADVISE`.
Signed-off-by: NJames Knight <james.d.knight@live.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTodd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20851)

To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the 32+64bit aes implementations using the Zkn extension.
Signed-off-by: NHeiko Stuebner <heiko.stuebner@vrull.eu>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTodd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21018)

To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the recently added GCM ghash functions.
Signed-off-by: NHeiko Stuebner <heiko.stuebner@vrull.eu>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTodd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20649)

wvalue is always initialized at the beginning of each cycle
and used only within the cycle
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTodd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21145)

It is used only within the loop and always initialized

Also some move redirection_url inside loop
where it is only used.

It is used only within the loop and initialized at the beginning

wvalue is always initialized at the beginning of each cycle
and used only within the cycle

ctx is used only within the loop and always assigned at start

Also moving the call to setup_tests() where it
fits better.

Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NAnton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)

Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NAnton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)

Also add missing prototype for rc4_md5_enc.

Fixes #21150
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21153)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21151)

Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)

The asn1parse command now supports three different input formats:

     openssl asn1parse -inform PEM|DER|B64

       PEM: base64 encoded data enclosed by PEM markers (RFC7462)
       DER: der encoded binary data
       B64: raw base64 encoded data

The PEM input format is the default format. It is equivalent
to the former `-strictpem` option which is now marked obsolete
and kept for backward compatibility only.

The B64 is equivalent to the former default input format of the
asn1parse command (without `-strictpem`)

Fixes #7317
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)

- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)

    Reduce the number of EVP_Cipher function calls in CMAC_Update,
    to improve performance of CMAC.
    Below are command and result of performance improvement.

    COMMAND: openssl speed -cmac ALGORITHM

    IMPROVEMENT(%):
    A72   stands for Cortex A72
    N1    stands for Neoverse N1
    N2    stands for Neoverse N2
                        A72	N1	N2	x86
    aes-128-cbc@256	65.4	54.6	37.9	86.6
    aes-128-cbc@1024	156.0	105.6	65.8	197.1
    aes-128-cbc@8192	237.7	139.2	80.5	285.8
    aes-128-cbc@16384	249.1	143.5	82.2	294.1
    aes-192-cbc@256	65.6	46.5	30.9	77.8
    aes-192-cbc@1024	154.2	87.5	50.8	167.4
    aes-192-cbc@8192	226.5	117.0	60.5	231.7
    aes-192-cbc@16384	236.3	120.1	61.7	238.4
    aes-256-cbc@256	66.0	40.3	22.2	69.5
    aes-256-cbc@1024	136.8	74.6	35.7	142.2
    aes-256-cbc@8192	189.7	93.5	41.5	191.7
    aes-256-cbc@16384	196.6	95.8	42.2	195.9
    des-ede3-cbc@64	6.9	4.4	2.9	7.2
    des-ede3-cbc@256	9.3	6.1	4.3	13.1
    des-ede3-cbc@1024	10.0	6.4	4.8	14.9
    des-ede3-cbc@8192	10.3	6.5	5.1	15.5
    des-ede3-cbc@16384	10.3	6.4	5.1	15.5
    sm4-cbc@256		9.5	3.0	-	18.0
    sm4-cbc@1024	12.3	3.6	-	24.6
    sm4-cbc@8192	13.2	3.8	-	27.0
    sm4-cbc@16384	13.5	3.8	-	27.2
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)