Matt Caswell [Wed, 11 Oct 2023 09:46:46 +0000 (10:46 +0100)]
Ignore a bad signature in a CertificateVerify message while fuzzing
We ignore such a bad signature when fuzzing - it will never be correct.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Wed, 11 Oct 2023 09:45:14 +0000 (10:45 +0100)]
Don't fail on a bad dcid in the tranport params when fuzzing
We accept a bad original destination connection id in the transport params
while we are fuzzing since this may change every time.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Wed, 11 Oct 2023 09:43:58 +0000 (10:43 +0100)]
Updates to the quic client fuzzer
Handle retryable errors from SSL_read(). Also ensure the underlying BIO
handles the destination address capability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Fri, 6 Oct 2023 16:32:14 +0000 (17:32 +0100)]
Don't encrypt/decrypt packet data during fuzzing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Kurt Roeckx [Wed, 23 Nov 2022 13:24:13 +0000 (14:24 +0100)]
Add quic client fuzzer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
наб [Wed, 18 Oct 2023 13:35:55 +0000 (15:35 +0200)]
Reference the non-"legacy" provider names directly from EVP_md5(3) &c.
Earlier today, it took me five manuals! to find what on earth the
"Performance"/"EVP_MD_fetch(3)" crosslinks actually mean:
EVP_sha1(3)
crypto(7)
EVP_MD_fetch(3) (but not there! don't read that!)
OSSL_PROVIDER-default(7)
EVP_MD-SHA1(7)
If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/,
which it should do, since it's supposed to be what you're replacing it
with, but it doesn't actually say that, maybe people would use it.
I know I didn't because it's basically just deadass buried
As found by git grep -l 'and should consider using'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22420)
Matt Caswell [Thu, 19 Oct 2023 10:37:28 +0000 (11:37 +0100)]
Add a test for converting OSSL_TIME to struct timeval
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)
Matt Caswell [Thu, 19 Oct 2023 10:00:39 +0000 (11:00 +0100)]
Round up nano secs when converting OSSL_TIME to struct timeval
struct timeval doesn't support nanosecs but OSSL_TIME does. We round up
any nanosecs to ensure that a non-zero input always results in a non-zero
output.
This fixes a quic-client fuzzer hang.
Fixes #22437
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)
Hugo Landau [Thu, 19 Oct 2023 10:58:26 +0000 (11:58 +0100)]
QUIC: Test handling of post-connection session tickets
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22439)
Hugo Landau [Thu, 19 Oct 2023 08:27:11 +0000 (09:27 +0100)]
QUIC: Prevent incoming oversize tokens
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22436)
Neil Horman [Wed, 18 Oct 2023 14:01:21 +0000 (10:01 -0400)]
Convert jdkTrustedKeyUsage to be a pkcs12 cmd line option
Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 file.
Additionally the JDK currently requires that pkcs12 files setting this
oid _not_ contain any additional keys, and in response will produce
unpredictable results.
This could be solved by implying --nokeys when the pkcs12 utility is run
and the config option is set, but thatcould confuse users who didn't
specify nokeys on the command line. As such, remove the config file
setting for this feature, and replace it with a -jdktrust command line
option, that is documented to assert nokeys when a users specifies the
new command line option.
Fixes #22215
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22422)
Tomas Mraz [Tue, 17 Oct 2023 08:00:58 +0000 (10:00 +0200)]
QUIC: Add handling of SSL_get_shutdown()
Return SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN with semantics
similar to TLS connections.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)
Tomas Mraz [Tue, 17 Oct 2023 06:58:22 +0000 (08:58 +0200)]
Postpone two TODO(QUIC) items appropriately
The one in ch_rx_handle_packet() is a tuning thing -> QUIC FUTURE
The one in ossl_quic_tserver_shutdown() is a server thing -> QUIC SERVER
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)
Matthias St. Pierre [Mon, 16 Oct 2023 21:48:03 +0000 (23:48 +0200)]
rand: add callbacks to cleanup the user entropy resp. nonce
The `get_user_{entropy,nonce}` callbacks were add recently to the
dispatch table in commit
4cde7585ce8e. Instead of adding corresponding
`cleanup_user_{entropy,nonce}` callbacks, the `cleanup_{entropy,nonce}`
callbacks were reused. This can cause a problem in the case where the
seed source is replaced by a provider: the buffer gets allocated by
the provider but cleared by the core.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22423)
Matt Caswell [Tue, 17 Oct 2023 13:55:48 +0000 (14:55 +0100)]
Ignore ping deadline when calculating tick deadline if we can't send
If the CC TX allowance is zero then we cannot send a PING frame at the
moment, so do not take into account the ping deadline when calculating the
tick deadline in that case.
This avoids the hang found by the fuzzer mentioned in
https://github.com/openssl/openssl/pull/22368#issuecomment-
1765131727
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22410)
Matt Caswell [Tue, 17 Oct 2023 15:26:13 +0000 (16:26 +0100)]
Ignore retry packets that arrive too late
RFC 9000 s 17.2.5.2 says
> After the client has received and processed an Initial or Retry packet
> from the server, it MUST discard any subsequent Retry packets that it
> receives.
We were checking for multiple Retry packets, but not if we had already
processed an Initial packet.
Fixes the assertion failure noted in
https://github.com/openssl/openssl/pull/22368#issuecomment-
1765618884
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22411)
Tomas Mraz [Thu, 19 Oct 2023 07:23:43 +0000 (09:23 +0200)]
cms_enc.c: Include crypto/asn1.h for struct asn1_object_st
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)
Tomas Mraz [Thu, 19 Oct 2023 07:18:37 +0000 (09:18 +0200)]
Do not include crypto/asn1.h from internal/cryptlib.h
This is unnecessary and conceptualy wrong as
headers from internal should not include headers from crypto
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)
Tomas Mraz [Mon, 9 Oct 2023 09:39:12 +0000 (11:39 +0200)]
apps.c: Remove a redundant error print-out
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22318)
Tomas Mraz [Mon, 9 Oct 2023 09:36:50 +0000 (11:36 +0200)]
apps: Print out a proper message when a store cannot be opened
Fixes #22306
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22318)
Hugo Landau [Mon, 16 Oct 2023 14:02:10 +0000 (15:02 +0100)]
Fix markdown
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)
Hugo Landau [Mon, 16 Oct 2023 13:58:36 +0000 (14:58 +0100)]
Add SNI
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)
Hugo Landau [Mon, 16 Oct 2023 12:33:11 +0000 (13:33 +0100)]
Rename
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)
Hugo Landau [Mon, 16 Oct 2023 12:33:11 +0000 (13:33 +0100)]
Add link to nghttp3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)
Hugo Landau [Mon, 16 Oct 2023 12:33:11 +0000 (13:33 +0100)]
Add copyright headers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)
Hugo Landau [Mon, 16 Oct 2023 12:33:11 +0000 (13:33 +0100)]
QUIC: Add comments to HTTP/3 demo
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)
Hugo Landau [Mon, 16 Oct 2023 12:33:11 +0000 (13:33 +0100)]
QUIC: Add HTTP/3 demo using nghttp3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)
Neil Horman [Wed, 11 Oct 2023 16:45:44 +0000 (12:45 -0400)]
Add a test to confirm that legacy rsa keys work
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
Neil Horman [Tue, 10 Oct 2023 15:06:44 +0000 (11:06 -0400)]
Dont require CRT params on ossl_rsa_set0_all_params
Its not required that crt params be available in an RSA key, so don't
perform an error check on them
Fixes #29135
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
Neil Horman [Tue, 5 Sep 2023 16:08:19 +0000 (12:08 -0400)]
remove sanity check from ossl_rsa_todata
Theres no reason we should gate ossl_rsa_todata on there being a minimum
set of parameters. EVP_PKEY_todata makes no guarantees about the
validity of a key, it only returns the parameters that are set in the
requested key, whatever they may be. Remove the check.
Fixes #21935
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
Tomas Mraz [Mon, 4 Sep 2023 09:10:42 +0000 (11:10 +0200)]
ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs
This makes them zeroes otherwise
where NULLs actually mean the values aren't present.
Fixes #21935
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22334)
Neil Horman [Wed, 11 Oct 2023 13:34:02 +0000 (09:34 -0400)]
ensure that ossl_obj_nid_lock is allocated before use
external calls to OBJ_new_nid will fail on an attempt to lock the
ossl_obj_nid_lock as it won't have been initalized yet.
Bifurcate OBJ_new_nid into an external and internal variant, in which
the former calls ossl_obj_write_lock (ensuring that the nid_lock is
initalized), while OBJ_create (the sole internal caller) uses the latter
to avoid having to drop and re-acquire the lock
Fixes #22337
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22350)
James Muir [Sat, 14 Oct 2023 23:36:57 +0000 (19:36 -0400)]
cms encrypt, better OBJ_nid2obj() return check
Fixes #22225
In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to
the special "undefined" ASN1_OBJECT is returned. Check for the
undefined-ASN1_OBJECT and return an error. Also, add a test for this
in 80-test_cms.t.
Testing:
#!/bin/bash -x
shopt -s expand_aliases
alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl"
echo "This is a confidential message. It should be encrypted." > msg.txt
## this should fail b/c there is no OID for aes-256-ctr
openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem
echo $?
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22392)
Pavel Stetsuk [Thu, 14 Sep 2023 20:05:49 +0000 (23:05 +0300)]
fix: LINEAR search doesn't work properly (if CHARSET_EBCDIC is defined)
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22108)
Daiki Ueno [Mon, 16 Oct 2023 05:42:12 +0000 (14:42 +0900)]
rsa: Accept NULL OAEP label for backward compatibility
According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label()
should accept NULL as the label argument, though the function
currently rejects it while setting the corresponding octet string
parameter with OSSL_PARAM_construct_octet_string, which expects
non-NULL input. This adds a workaround to the caller for backward
compatibility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22397)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:27:31 +0000 (22:27 +0200)]
EVP shake_ctrl(): add missing NULL evp_ctx check
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:12:22 +0000 (22:12 +0200)]
CMS_add1_signer(): add missing ERR_raise() calls
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:39:25 +0000 (22:39 +0200)]
CMS_add1_signer.pod: add missing info on CMS_SignerInfo_sign() return values
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:30:31 +0000 (22:30 +0200)]
PKCS7_SIGNER_INFO: point out confusing names of digest_enc_alg and enc_digest fields
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
Tomas Mraz [Fri, 13 Oct 2023 14:22:59 +0000 (16:22 +0200)]
Avoid another copy of key schedule pointer in PROV_GCM_CTX
This copy would need an update on dupctx but
rather than doing it just remove the copy.
This fixes failures of evp_test on Windows with
new CPUs.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22384)
Hugo Landau [Tue, 10 Oct 2023 11:19:29 +0000 (12:19 +0100)]
QUIC APL: Fix incoming default stream popping
Fixes #22106
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22333)
Pauli [Wed, 11 Oct 2023 21:46:19 +0000 (08:46 +1100)]
cmp: add null pointer check in tear_down test function
problem reported by: 2ourc3
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22355)
James Muir [Wed, 11 Oct 2023 22:11:42 +0000 (18:11 -0400)]
Fix parenthesis, use a colon
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22356)
James Muir [Tue, 10 Oct 2023 16:41:59 +0000 (12:41 -0400)]
Update unix Makefile template to handle paths with spaces
Fixes #4668 (on unix-like platforms)
Testing:
rm -rf "$HOME/tmp/beforespace afterspace"
./Configure -Werror --strict-warnings --prefix="$HOME/tmp/beforespace afterspace"
make -j6 update
make -j6
make install
make test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21821)
Tomas Mraz [Wed, 11 Oct 2023 10:55:41 +0000 (12:55 +0200)]
trace_api_test.c: Separate tracing statements
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
Tomas Mraz [Wed, 11 Oct 2023 09:20:02 +0000 (11:20 +0200)]
Windows: use srand() instead of srandom()
This is used for memory allocation failure debugging only
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
Tomas Mraz [Wed, 11 Oct 2023 09:05:37 +0000 (11:05 +0200)]
Windows CI: Add some non-default options to check they are working
Some of the non-default options that enable more
code to be built need to be enabled in one of the
Windows builds to avoid regressions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
Tomas Mraz [Thu, 5 Oct 2023 09:11:16 +0000 (11:11 +0200)]
DH_check_pub_key() should not fail when setting result code
The semantics of ossl_ffc_validate_public_key() and
ossl_ffc_validate_public_key_partial() needs to be changed
to not return error on non-fatal problems.
Fixes #22287
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22291)
Richard Levitte [Tue, 10 Oct 2023 10:32:40 +0000 (12:32 +0200)]
test/recipes/05-test_rand.t: replace 'and' with '&&'
The lower priority 'and' seems to have some "interesting" interactions with
function argument parsing in some perl versions (presumably because 'and' is
lower priority than the comma).
For the lines that are changed here, perl v5.20.1 says this:
Useless use of string eq in void context at [.test.recipes]05-test_rand.t line 33.
Useless use of numeric eq (==) in void context at [.test.recipes]05-test_rand.t line 39.
Replacing 'and' with '&&' in these two cases fixes the problem.
Replacing
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22331)
Hugo Landau [Mon, 9 Oct 2023 18:11:39 +0000 (19:11 +0100)]
Ensure struct timeval is defined when including ssl.h
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22323)
Bernd Edlinger [Mon, 18 Sep 2023 06:16:01 +0000 (08:16 +0200)]
Improve Malloc Failure Test
Allow 2 digits after the comma in percentage in OPENSSL_MALLOC_FAILURES.
Add OPENSSL_MALLOC_SEED to allow for some randomization.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22127)
Dr. David von Oheimb [Sun, 11 Jun 2023 15:41:03 +0000 (17:41 +0200)]
CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS
Fixes #21120
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)
Dr. David von Oheimb [Sun, 11 Jun 2023 16:19:50 +0000 (18:19 +0200)]
OSSL_CMP_CTX_new.pod: remove overlap with OSSL_HTTP_transfer.pod; improve the latter
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)
Dr. David von Oheimb [Sun, 11 Jun 2023 15:36:55 +0000 (17:36 +0200)]
apps/cmp.c: -tls_used may be implied by -server https:...; improve related checks and doc
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)
Klavishnik [Thu, 10 Aug 2023 10:56:24 +0000 (13:56 +0300)]
Added check for the return value of the RAND_bytes() function
Call app_bail_out if RAND_bytes() fails.
Also changed the output parameter of RAND_bytes() to inp as
writing to encrypted output buffer does not make sense.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21706)
Tomas Mraz [Mon, 9 Oct 2023 15:32:53 +0000 (17:32 +0200)]
ECDSA with SHA3 verification does not depend on FIPS provider version
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22322)
Tomas Mraz [Mon, 9 Oct 2023 14:47:07 +0000 (16:47 +0200)]
provider-compatibility.yml: Correct the directory where opensslwrap.sh is being run
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22322)
Evgeny Karpov [Mon, 7 Aug 2023 12:28:20 +0000 (14:28 +0200)]
* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21673)
Matt Caswell [Fri, 6 Oct 2023 14:56:15 +0000 (15:56 +0100)]
When calling ossl_crypto_condvar_wait_timeout() we must use real time
Although many of the QUIC tests use fake time, the time we pass to the
ossl_crypto_condvar_wait_timeout() must be a real time.
Passing fake time was causing the QUIC tserver test to hang because
ossl_crypto_convar_wait_timeout() always timed out immediately and never
relinquished the CPU.
If using fake time we adjust the time to real time just before using it.
Fixes #22020
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22301)
Klavishnik [Wed, 9 Aug 2023 14:05:03 +0000 (17:05 +0300)]
Avoid divide-by-zero in kmac_prov.c's bytepad()
This would happen if EVP_MD_get_block_size() returned 0
so we return an error instead.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21698)
Matt Caswell [Thu, 5 Oct 2023 16:11:25 +0000 (17:11 +0100)]
Fix the BIO_addr test
The BIO_addr test is failing on non-stop. The length of the data is larger
than the size we have allocated for it. We dynamically allocate instead.
Fixes #22218
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22294)
Tomas Mraz [Thu, 31 Aug 2023 08:26:22 +0000 (10:26 +0200)]
test_provider_ex(): Add missing call failure checks
Fixes Coverity
1542440
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21913)
Matt Caswell [Wed, 4 Oct 2023 16:55:33 +0000 (17:55 +0100)]
Timeout in the tserver test using real time
When running the tserver test we bail out if a timeout expires. We
shouldn't use fake time for that timeout, because fake time might never
actually get incremented.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22284)
Matt Caswell [Wed, 4 Oct 2023 16:50:53 +0000 (17:50 +0100)]
Don't wait in the tesrver idle testing every time around the loop
If we wait for 100ms 600 times - then the test takes a minute to complete
which is far too long. The purpose of the wait is to give the assistance
thread a chance to catch up. We only do that if the event timeout has
actually expired - otherwise we are waiting for no reason.
Fixes #22156
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22284)
Tomas Mraz [Thu, 5 Oct 2023 13:24:38 +0000 (15:24 +0200)]
Windows CI: Continue on error during cpuinfo
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22293)
Tomas Mraz [Wed, 4 Oct 2023 15:23:27 +0000 (17:23 +0200)]
Always back off on the first packet noise from client to server
The test server cannot really cope with modifications
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22267)
Tomas Mraz [Tue, 3 Oct 2023 15:19:16 +0000 (17:19 +0200)]
Add testing of bitflips in packet headers
A new type of noise is introduced in the noisy dgram bio
filter.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22267)
Vladimir Kotal [Wed, 4 Oct 2023 14:11:42 +0000 (16:11 +0200)]
avoid sun as variable name
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22281)
Tomas Mraz [Tue, 3 Oct 2023 13:45:13 +0000 (15:45 +0200)]
d2i_X509.pod: Better document using the reuse capability for libctx setup
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22265)
Neil Horman [Wed, 4 Oct 2023 13:48:37 +0000 (09:48 -0400)]
embed bio_dgram_data inside bio_dgram_sctp_data
the sctp BIO implementation uses the generic BIO dgram implementation
under the covers for some operations. However, the private data for
each bio is incongruous, leading to segfaults when doing things like
passing a dgram_sctp_ctrl operation to the underlying dgram_ctrl method.
Fix this by removing the common fields between the two strcutres and
embedding a bio_dgram_data as the first member of the
bio_dgram_sctp_data struct. This allows implicit casting when that call
path is taken, avoiding any memory mis-use
Fixes #20643
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22278)
Matt Caswell [Wed, 4 Oct 2023 15:32:31 +0000 (16:32 +0100)]
Fix coverity alert on use of uninitialised data
The function `ossl_blake2b_param_init` should initialise only, and not
read the data it is initialising
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22282)
Tomas Mraz [Wed, 4 Oct 2023 07:30:43 +0000 (09:30 +0200)]
BN_gcd(): Avoid shifts of negative values
Fixes #22216
Thanks to Leland Mills for investigation and testing.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22272)
Tomas Mraz [Tue, 3 Oct 2023 12:43:13 +0000 (14:43 +0200)]
DH_check: Emphasize the importance of return value check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22262)
Richard Levitte [Mon, 18 Sep 2023 07:30:13 +0000 (09:30 +0200)]
[design] Make it possible to use explicitly fetched signature implementation
This design is to allow the use of explicitly fetched EVP_SIGNATURE
implementations.
Ref: openssl/project#171
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22129)
Richard Levitte [Thu, 21 Sep 2023 12:39:30 +0000 (14:39 +0200)]
[design] Make it possible to pass AlgorithmIdentifier parameter data
This design is to allow passing AlgorithmIdentifier parameter data to and
from any cryptograpfic operation, with convenience functions for them all,
not just for symmetric ciphers.
This is crucial to support CMS, among others.
Ref: openssl/project#172
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22162)
Pauli [Sun, 24 Sep 2023 23:34:07 +0000 (09:34 +1000)]
ossl_property_list_to_string: handle quoted strings
ossl_property_list_to_string() didn't quote strings correctly which
could result in a generated property string being unparsable.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22182)
dependabot[bot] [Wed, 4 Oct 2023 17:03:39 +0000 (17:03 +0000)]
Bump suisei-cn/actions-download-file from 1.3.0 to 1.4.0
Bumps [suisei-cn/actions-download-file](https://github.com/suisei-cn/actions-download-file) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/suisei-cn/actions-download-file/releases)
- [Commits](https://github.com/suisei-cn/actions-download-file/compare/v1.3.0...v1.4.0)
---
updated-dependencies:
- dependency-name: suisei-cn/actions-download-file
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22268)
Tomas Mraz [Wed, 4 Oct 2023 10:30:22 +0000 (12:30 +0200)]
d2i_PKCS8PrivateKey_bio.pod: evp.h include is unnecessary
It is also not allowed by doc nits check to have
multiple includes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22276)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 13:53:28 +0000 (15:53 +0200)]
Added info on change to HISTORY of SSL_CTX_set_msg_callback()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 11:08:56 +0000 (13:08 +0200)]
Update documentation on SSL_CTX_set_msg_callback() to match the actual functionality.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 10:00:58 +0000 (12:00 +0200)]
Print record version for DTLSv1_listen()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 09:11:29 +0000 (11:11 +0200)]
Pass the dtls record version to the record layer msg_callback function.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22241)
Matthias St. Pierre [Mon, 2 Oct 2023 10:10:01 +0000 (12:10 +0200)]
Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init
The initialization was introduced in commit
dc8de3e6f1ee and
changes the behaviour of the `init` method for DSA and DH
between 1.1.1 and 3.0, while the behaviour for RSA and EC_KEY
remains unchanged.
The initialization is not necessary in 3.x and master imho and
breaks the use-case of intercepting the methods of an existing
key.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)
Matthias St. Pierre [Sat, 23 Sep 2023 23:13:20 +0000 (01:13 +0200)]
test: evp_extra: test signing with legacy app method based keys
This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression
test for the bug fix in commit
1acc3e8cc3c6 (pull request #22163).
It is analogous to `test_EVP_PKEY_sign`, only with a fake app method
based key. (The EC key test case was omitted, because there is no
`EC_KEY_METHOD_dup` method.)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)
Matthias St. Pierre [Sat, 23 Sep 2023 23:24:59 +0000 (01:24 +0200)]
test: evp_extra: fix indentation error
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)
Sumitra Sharma [Tue, 3 Oct 2023 03:58:44 +0000 (09:28 +0530)]
Correct documentation for PKCS5_PBKDF2_HMAC
In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states
that an iter value less than 1 is treated as a single iteration. Upon further
investigation in providers/implementations/kdfs/pbkdf2.c, it appears that
invalid iter values will result in failure and raise the
PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation
to accurately reflect the behavior in OpenSSL 3.x.
Closes openssl#22168
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22252)
Richard Levitte [Mon, 2 Oct 2023 07:12:12 +0000 (09:12 +0200)]
Restore the meaning of EVP_PKEY_print_private()
With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD
function "priv_print", effectively asking the backend to print whatever it
regards as private key components.
In all backends that were built into libcrypto, this function printed what
was included in the private key structure, which usually includes the
public key components as well.
With OpenSSL 3.0, some of the corresponding key2text encoders got a
slightly different behavior, where the presence of the selector
OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector
OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be
regarded as private key components printed. This isn't entirely consistent,
though, as the RSA key2text encoder will still print the public key
components regardless.
To compensate for the changed backend behavior, EVP_PKEY_print_private()
was made to ask the encoder to print the keypair rather than just the
private key, thereby moving the backend semantics to the application API.
Unfortunately, this causes confusion for providers where the key2text
encoder really should print the private key only.
This change restores the built-in 1.1.1 backend behavior in the encoders
that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its
documented behavior, leaving it to the backend to decide what it regards as
"private key components".
Fixes #22233
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22237)
Dmitry Belyavskiy [Mon, 26 Dec 2022 19:38:44 +0000 (20:38 +0100)]
Improved detection of engine-provided private "classic" keys
Resolves #17092 (?)
Resolves #17286 (?)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19965)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 08:58:48 +0000 (10:58 +0200)]
Remove duplicates of EVP_aes_xxx_wrap() from EVP_aes_128_gcm.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22236)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 07:58:30 +0000 (09:58 +0200)]
Call post_process_record for dtls records
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22239)
Matthias St. Pierre [Tue, 26 Sep 2023 16:25:27 +0000 (18:25 +0200)]
doc/man3: fix misnamed function name
Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`,
fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph
in commit
b3696a55a5ed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22242)
Matt Caswell [Mon, 2 Oct 2023 10:47:08 +0000 (11:47 +0100)]
Back off on generating noise in the event of a PING frame
If either endpoint issues a PING frame while we are introducing noise
into the communication then there is a danger that the connection itself
will fail. We detect the PING and then back off on generating noise for a
short while. It should be sufficient to just ensure that the next datagram
does not get dropped for each endpoint.
Fixes #22199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22243)
Tomas Mraz [Mon, 2 Oct 2023 15:07:52 +0000 (17:07 +0200)]
CHANGES.md: Mention new features added after 3.2 alpha1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22251)
Sumitra Sharma [Mon, 2 Oct 2023 15:23:52 +0000 (20:53 +0530)]
Add openssl/pem.h inclusion for d2i_PKCS8PrivateKey
Include the necessary header file openssl/pem.h in the
documentation to ensure that all functions related to
d2i_PKCS8PrivateKey are correctly defined.
Closes openssl#22188
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22253)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 07:49:34 +0000 (09:49 +0200)]
Occupy the rec_version field of a decoded dtls record
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22238)
Tomas Mraz [Mon, 2 Oct 2023 13:49:42 +0000 (15:49 +0200)]
macros.h: There are just 3.1 deprecations, no 3.2 deprecations
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22247)
Tomas Mraz [Mon, 2 Oct 2023 13:38:12 +0000 (15:38 +0200)]
All lh_stats functions were deprecated in 3.1
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22247)
Tomas Mraz [Fri, 29 Sep 2023 12:55:05 +0000 (14:55 +0200)]
quicapitest: Enable test_ssl_trace with enable-zlib
To improve Coverage mapping in Coveralls make it
possible to run test_ssl_trace() with enable-zlib
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22222)
Tomas Mraz [Fri, 29 Sep 2023 10:09:10 +0000 (12:09 +0200)]
coveralls: Drop no-shared and -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22222)
Dmitry Misharov [Thu, 28 Sep 2023 08:50:55 +0000 (11:50 +0300)]
GH action workflows: Add cpu report before 'make test'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22232)