Ubuntu
openssl package

openssl is not LTO-safe

Bug #2058017 reported by Adrien Nader on 2024-03-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openssl (Ubuntu)	Fix Released	High	Adrien Nader	Ubuntu ubuntu-24.04

Bug Description

tl;dr: since it's too much work to make openssl LTO-safe, upstream doesn't see it as a goal and doesn't test it, and there are probably no performance gains to LTO for this package.

Openssl is an old project and the codebase wasn't written with aliasing rules in mind. There are several reports of issues related to LTO. The openssl technical commitee says "currently we're not going to fix all the strict aliasing and other LTO problems" and "Fixes raised in pull requests will be considered."; in other words: if you find a violation, we'll merge your fixes but we're not going to dedicate time to fixing them ourselves.

We don't have specific reports on launchpad at the moment but there has been at least one issue experienced by the FIPS: the compiler decided a 0-filled array could be removed and proceeded to do so. In addition to that, compilers are only pushing this further and further. Issues are impossible to predict and even security updates could trigger issues.

Gentoo prevents usage of LTO for openssl and has some links related to this at https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/openssl-3.2.1-r1.ebuild#n131 :
- https://github.com/llvm/llvm-project/issues/55255
- https://github.com/openssl/openssl/issues/12247
- https://github.com/openssl/openssl/issues/18225
- https://github.com/openssl/openssl/issues/18663
- https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057

Gentoo also prevents usage of -fstrict-aliasing and always set -fno-strict-aliasing. I don't plan to do the same at least at the moment and for Noble since I don't have time to investigate more changes.

Performance shouldn't be impacted much if at all:
- crypto algorithms are implemented in ASM (funnily, using C implementations can trigger issues because these got miscompiled)
- the rest of the openssl codebase probably doesn't benefit from LTO because source files match codepaths quite well
- at the moment, openssl performance for servers is bad due to algorithmic/architectural issues, not micro-optimizations and these wouldn't be noticed
- if LTO-compliance was doable and thought to be useful by upstream, they would have certainly pushed that forward, especially in the wake of openssl 3.0's performance issues.

Code size increases by a few percents except for libcrypto which gets 17% larger. The corresponding .deb file increases by 2.6% only.

I ran "openssl speed" with a long benchmark time in order to get good results (there is a variation of several percents with the default times). I then scripted a diff which output is shown below; "....." means the difference is within 2% which is the vast majority. Also note that some important ciphers are not present due to how openssl speed works; small aes-*-cbc are negatively impacted, up to -10% but that would -50% if you compared between "software" and "hardware" implementations, the results would be reversed at anything but the smallest data sizes, and the fact that you want to use hardware implementations as much as possible means that you also want to avoid places where LTO could have an effect.

type md5 sha1 rmd160 sha256 sha512 hmac(md5) des-ede3 aes-128-cbc aes-192-cbc aes-256-cbc camellia-128-cbc ..... camellia-192-cbc ..... camellia-256-cbc ..... ghash rand sign rsa rsa rsa rsa rsa rsa rsa sign dsa dsa dsa sign 160 192 224 256 384 521 163 233 283 409 571 163 233 283 409 571 256 256 384 384 512 512 op op/s
160 192 224 256 384 521 163 233 283 409 571 163 233 283 409 571 256 256 384 384 512 512 253 448 sign 253 456 sign 256 op op/s
2048 3072 4096 6144 8192 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
..... ..... ..... ..... ..... .....
..... ..... ..... ..... ..... .....
..... ..... ..... ..... ..... .....
+2.3% ..... ..... ..... ..... .....
..... ..... ..... ..... ..... .....
..... ..... ..... ..... ..... .....
..... ..... ..... ..... ..... .....
-10.0% ..... ..... ..... ..... .....
-7.6% ..... ..... ..... ..... .....
-5.2% ..... ..... ..... ..... .....
..... ..... ..... ..... .....
..... ..... ..... ..... .....
..... ..... ..... ..... .....
..... ..... +21.2% -27.3% +30.5% +39.3%
-2.8% -2.9% -2.9% -2.8% ..... .....
verify sign/s verify/s
512 bits 0.000031s 0.000002s -2.7% .....
1024 bits ..... 0.000005s ..... .....
2048 bits +2.4% 0.000015s -2.3% .....
3072 bits ..... 0.000032s ..... .....
4096 bits ..... ..... ..... .....
7680 bits ..... ..... 30.2 .....
15360 bits ..... ..... 5.9 .....
verify sign/s verify/s
512 bits +4.8% 0.000024s -3.9% .....
1024 bits +2.5% -3.3% ..... +2.4%
2048 bits ..... ..... ..... +2.0%
verify sign/s verify/s
bits ecdsa (secp160r1) +100.0% +100.0% ..... -2.2%
bits ecdsa (nistp192) 0.0002s 0.0002s -3.6% -3.3%
bits ecdsa (nistp224) 0.0000s 0.0001s ..... .....
bits ecdsa (nistp256) 0.0000s 0.0001s ..... .....
bits ecdsa (nistp384) +14.3% 0.0006s -3.2% .....
bits ecdsa (nistp521) 0.0002s 0.0005s ..... .....
bits ecdsa (nistk163) 0.0002s 0.0003s -3.2% -3.0%
bits ecdsa (nistk233) 0.0002s +25.0% ..... -2.2%
bits ecdsa (nistk283) 0.0004s 0.0008s ..... -3.5%
bits ecdsa (nistk409) 0.0007s 0.0013s -2.1% -2.0%
bits ecdsa (nistk571) 0.0015s 0.0029s ..... .....
bits ecdsa (nistb163) 0.0002s 0.0003s ..... .....
bits ecdsa (nistb233) 0.0002s 0.0005s ..... .....
bits ecdsa (nistb283) 0.0004s 0.0008s -2.4% -2.7%
bits ecdsa (nistb409) 0.0007s +7.7% -2.5% -3.5%
bits ecdsa (nistb571) 0.0016s 0.0031s ..... .....
bits ecdsa (brainpoolP256r1) 0.0003s 0.0003s -2.5% .....
bits ecdsa (brainpoolP256t1) 0.0003s 0.0003s -2.9% -3.2%
bits ecdsa (brainpoolP384r1) +14.3% 0.0007s -2.9% .....
bits ecdsa (brainpoolP384t1) +14.3% 0.0006s -2.9% -2.0%
bits ecdsa (brainpoolP512r1) 0.0011s 0.0009s -2.8% -3.1%
bits ecdsa (brainpoolP512t1) +10.0% +12.5% -3.4% -4.5%
bits ecdh (secp160r1) 0.0001s -5.8%
bits ecdh (nistp192) 0.0002s -7.4%
bits ecdh (nistp224) 0.0001s .....
bits ecdh (nistp256) 0.0000s .....
bits ecdh (nistp384) 0.0007s -4.0%
bits ecdh (nistp521) 0.0003s -4.1%
bits ecdh (nistk163) 0.0002s -4.6%
bits ecdh (nistk233) 0.0002s -4.7%
bits ecdh (nistk283) 0.0004s -2.9%
bits ecdh (nistk409) 0.0006s -3.6%
bits ecdh (nistk571) 0.0014s .....
bits ecdh (nistb163) 0.0002s .....
bits ecdh (nistb233) 0.0002s .....
bits ecdh (nistb283) 0.0004s -2.5%
bits ecdh (nistb409) +16.7% -3.2%
bits ecdh (nistb571) 0.0015s .....
bits ecdh (brainpoolP256r1) 0.0003s -3.9%
bits ecdh (brainpoolP256t1) 0.0003s -4.9%
bits ecdh (brainpoolP384r1) 0.0007s -3.7%
bits ecdh (brainpoolP384t1) 0.0007s -3.9%
bits ecdh (brainpoolP512r1) 0.0010s .....
bits ecdh (brainpoolP512t1) 0.0010s -2.1%
bits ecdh (X25519) 0.0000s .....
bits ecdh (X448) 0.0002s .....
verify sign/s verify/s
bits EdDSA (Ed25519) 0.0000s 0.0001s ..... .....
bits EdDSA (Ed448) 0.0002s 0.0002s ..... .....
verify sign/s verify/s
bits SM2 (CurveSM2) 0.0003s 0.0003s -2.9% -3.2%
bits ffdh 0.0002s .....
bits ffdh 0.0006s -2.4%
bits ffdh 0.0013s .....
bits ffdh 0.0029s .....
bits ffdh ..... .....

PS: I used a ZSH script for that (because bash cannot do floating point arithmetic operations) which is below, using two files "speed-lto" and "speed-no-lto":

a=speed-lto; b=speed-no-lto; l=$(wc -l speed-lto | cut -f1 -d' '); exec 3<$a; exec 4<$b; for i in $(seq 1 $l); do read -A -u 3 c; read -A -u 4 d; for j in $(seq 1 ${#c}); do x="${c[$j]}"; y="${d[$j]}"; if [[ "$x" == "$y" ]]; then printf '%s ' "$x"; else xm=$(echo "$x" | tr -dc '0-9'); ym=$(echo "$y" | tr -dc '0-9'); p=$(((100. * (ym - xm)) / xm)); if (( p > 2 || p < -2)); then printf '%+0.1f%% ' "$p"; else printf '..... '; fi; fi; done; printf '\n'; done | column -t; exec 3>&-; exec 4>&-

See original description

Related branches

~ravi-sharma/ubuntu/+source/openssl:merge-lp2110006-questing

Merged into ubuntu/+source/openssl:debian/sid at revision afe05e2aee41b57f2aa694d6253f888ec7cc0071

Simon Chopin (community): Approve on 2025-06-11

git-ubuntu import: Pending requested 2025-06-04

~ravi-sharma/ubuntu/+source/openssl:merge-lp2110006-questing

Superseded for merging into ubuntu/+source/openssl:debian/sid

git-ubuntu import: Pending requested 2025-06-04

~ravi-sharma/ubuntu/+source/openssl:merge-lp2110006-questing

Superseded for merging into ubuntu/+source/openssl:ubuntu/devel

git-ubuntu import: Pending requested 2025-06-03

Diff: 172003 lines (+126569/-9028) (has conflicts)

1151 files modified

AUTHORS.md (+2/-0)
CHANGES.md (+310/-20)
Configurations/50-cppbuilder.conf (+59/-0)
Configurations/50-nonstop.conf (+31/-0)
Configurations/unix-Makefile.tmpl (+2/-3)
Configure (+29/-7)
INSTALL.md (+70/-4)
NEWS.md (+63/-2)
NOTES-NONSTOP.md (+7/-0)
NOTES-WINDOWS.md (+5/-3)
README-FIPS.md (+40/-21)
README-QUIC.md (+29/-1)
README.md (+8/-9)
VERSION.dat (+3/-3)
apps/build.info (+1/-1)
apps/ca.c (+2/-0)
apps/cmp.c (+106/-13)
apps/cms.c (+10/-12)
apps/crl2pkcs7.c (+8/-3)
apps/dgst.c (+153/-67)
apps/dhparam.c (+4/-4)
apps/dsaparam.c (+4/-4)
apps/ecparam.c (+14/-14)
apps/enc.c (+77/-16)
apps/engine.c (+6/-3)
apps/fipsinstall.c (+40/-15)
apps/genpkey.c (+32/-19)
apps/include/apps.h (+2/-3)
apps/include/cmp_mock_srv.h (+2/-1)
apps/include/opt.h (+4/-1)
apps/lib/app_provider.c (+76/-1)
apps/lib/app_rand.c (+1/-0)
apps/lib/apps.c (+96/-20)
apps/lib/cmp_mock_srv.c (+36/-2)
apps/lib/engine_loader.c (+1/-0)
apps/lib/http_server.c (+3/-1)
apps/lib/names.c (+3/-2)
apps/lib/s_cb.c (+25/-13)
apps/lib/s_socket.c (+2/-1)
apps/lib/vms_term_sock.c (+1/-1)
apps/list.c (+199/-27)
apps/ocsp.c (+9/-5)
apps/openssl-vms.cnf (+2/-2)
apps/openssl.c (+2/-0)
apps/openssl.cnf (+2/-2)
apps/passwd.c (+1/-2)
apps/pkcs8.c (+5/-3)
apps/pkey.c (+4/-4)
apps/pkeyparam.c (+3/-3)
apps/pkeyutl.c (+128/-70)
apps/prime.c (+6/-2)
apps/rehash.c (+1/-0)
apps/req.c (+11/-4)
apps/s_client.c (+51/-16)
apps/s_server.c (+47/-7)
apps/skeyutl.c (+135/-0)
apps/smime.c (+2/-8)
apps/speed.c (+14/-12)
apps/storeutl.c (+13/-9)
apps/ts.c (+2/-2)
apps/x509.c (+5/-3)
crypto/aes/asm/aesni-xts-avx512.pl (+2872/-0)
crypto/aes/asm/aesv8-armx.pl (+16/-0)
crypto/aes/asm/bsaes-armv8.pl (+18/-10)
crypto/aes/asm/vpaes-armv8.pl (+37/-18)
crypto/aes/asm/vpaes-loongarch64.pl (+4/-4)
crypto/aes/build.info (+4/-1)
crypto/armcap.c (+4/-3)
crypto/asn1/a_int.c (+14/-8)
crypto/asn1/asn_mime.c (+2/-2)
crypto/asn1/d2i_pr.c (+12/-1)
crypto/asn1/p8_pkey.c (+23/-5)
crypto/asn1/standard_methods.h (+1/-2)
crypto/asn1/tasn_enc.c (+4/-1)
crypto/async/async_wait.c (+1/-0)
crypto/bio/bio_addr.c (+1/-0)
crypto/bio/bio_meth.c (+20/-0)
crypto/bio/bio_sock.c (+23/-3)
crypto/bio/bss_acpt.c (+2/-2)
crypto/bio/bss_dgram_pair.c (+21/-1)
crypto/bio/bss_log.c (+1/-1)
crypto/bio/bss_mem.c (+1/-1)
crypto/bn/asm/armv8-mont.pl (+1/-0)
crypto/bn/asm/rsaz-2k-avxifma.pl (+863/-0)
crypto/bn/asm/rsaz-3k-avxifma.pl (+1087/-0)
crypto/bn/asm/rsaz-4k-avxifma.pl (+1157/-0)
crypto/bn/bn_exp.c (+2/-2)
crypto/bn/bn_gf2m.c (+1/-1)
crypto/bn/bn_lib.c (+8/-7)
crypto/bn/bn_ppc.c (+4/-1)
crypto/bn/build.info (+5/-1)
crypto/bn/rsaz_exp.h (+3/-1)
crypto/bn/rsaz_exp_x2.c (+74/-28)
crypto/build.info (+3/-3)
crypto/chacha/asm/chacha-armv8-sve.pl (+14/-3)
crypto/chacha/asm/chacha-armv8.pl (+10/-5)
crypto/chacha/asm/chacha-loongarch64.pl (+2/-1)
crypto/cmp/cmp_asn.c (+7/-5)
crypto/cmp/cmp_client.c (+6/-3)
crypto/cmp/cmp_err.c (+7/-1)
crypto/cmp/cmp_http.c (+29/-11)
crypto/cmp/cmp_local.h (+6/-4)
crypto/cmp/cmp_msg.c (+109/-24)
crypto/cmp/cmp_protect.c (+21/-17)
crypto/cmp/cmp_server.c (+13/-4)
crypto/cms/cms_asn1.c (+2/-1)
crypto/cms/cms_dh.c (+1/-1)
crypto/cms/cms_ec.c (+1/-1)
crypto/cms/cms_env.c (+7/-3)
crypto/cms/cms_kari.c (+3/-1)
crypto/cms/cms_lib.c (+59/-1)
crypto/cms/cms_local.h (+2/-0)
crypto/cms/cms_pwri.c (+7/-5)
crypto/cms/cms_rsa.c (+1/-1)
crypto/cms/cms_sd.c (+51/-8)
crypto/cms/cms_smime.c (+3/-2)
crypto/conf/conf_lib.c (+3/-2)
crypto/context.c (+2/-0)
crypto/core_fetch.c (+5/-1)
crypto/core_namemap.c (+20/-8)
crypto/cpuid.c (+35/-20)
crypto/crmf/crmf_asn.c (+16/-1)
crypto/crmf/crmf_err.c (+31/-18)
crypto/crmf/crmf_lib.c (+280/-48)
crypto/crmf/crmf_local.h (+21/-1)
crypto/cversion.c (+2/-2)
crypto/defaults.c (+23/-19)
crypto/dso/dso_win32.c (+1/-1)
crypto/ec/asm/ecp_nistp384-ppc64.pl (+1466/-240)
crypto/ec/asm/ecp_nistz256-armv8.pl (+68/-34)
crypto/ec/asm/ecp_sm2p256-armv8.pl (+16/-8)
crypto/ec/ec_asn1.c (+1/-1)
crypto/ec/ec_key.c (+5/-5)
crypto/ec/ec_lib.c (+1/-1)
crypto/ec/ec_oct.c (+1/-1)
crypto/ec/ecp_mont.c (+2/-2)
crypto/ec/ecp_nistp384.c (+27/-3)
crypto/ec/ecp_nistz256.c (+2/-2)
crypto/ec/ecx_key.c (+3/-0)
crypto/encode_decode/decoder_lib.c (+80/-6)
crypto/encode_decode/decoder_meth.c (+13/-3)
crypto/encode_decode/decoder_pkey.c (+35/-8)
crypto/encode_decode/encoder_lib.c (+182/-1)
crypto/encode_decode/encoder_local.h (+5/-1)
crypto/encode_decode/encoder_meth.c (+13/-3)
crypto/encode_decode/encoder_pkey.c (+4/-1)
crypto/err/openssl.ec (+1/-1)
crypto/err/openssl.txt (+25/-0)
crypto/evp/asymcipher.c (+20/-9)
crypto/evp/build.info (+3/-2)
crypto/evp/ctrl_params_translate.c (+5/-1)
crypto/evp/digest.c (+59/-27)
crypto/evp/encode.c (+51/-13)
crypto/evp/evp_enc.c (+401/-22)
crypto/evp/evp_err.c (+3/-0)
crypto/evp/evp_fetch.c (+33/-3)
crypto/evp/evp_lib.c (+5/-10)
crypto/evp/evp_local.h (+34/-1)
crypto/evp/evp_pbe.c (+3/-2)
crypto/evp/exchange.c (+33/-19)
crypto/evp/kdf_meth.c (+12/-9)
crypto/evp/kem.c (+20/-9)
crypto/evp/keymgmt_meth.c (+17/-7)
crypto/evp/m_sigver.c (+9/-65)
crypto/evp/mac_lib.c (+16/-1)
crypto/evp/mac_meth.c (+35/-12)
crypto/evp/p_legacy.c (+13/-6)
crypto/evp/p_lib.c (+89/-31)
crypto/evp/pmeth_lib.c (+17/-9)
crypto/evp/s_lib.c (+314/-0)
crypto/evp/signature.c (+20/-9)
crypto/evp/skeymgmt_meth.c (+242/-0)
crypto/ffc/ffc_params.c (+1/-1)
crypto/hashtable/build.info (+1/-1)
crypto/hashtable/hashfunc.c (+23/-0)
crypto/hashtable/hashtable.c (+3/-14)
crypto/http/build.info (+5/-1)
crypto/http/http_client.c (+109/-66)
crypto/http/http_lib.c (+4/-0)
crypto/info.c (+10/-3)
crypto/init.c (+34/-1)
crypto/initthread.c (+1/-1)
crypto/loongarch64cpuid.pl (+4/-5)
crypto/md5/asm/md5-aarch64.pl (+65/-65)
crypto/md5/asm/md5-loongarch64.pl (+3/-2)
crypto/md5/asm/md5-x86_64.pl (+3/-4)
crypto/mem.c (+13/-4)
crypto/ml_dsa/build.info (+10/-0)
crypto/ml_dsa/ml_dsa_encoders.c (+1019/-0)
crypto/ml_dsa/ml_dsa_hash.h (+41/-0)
crypto/ml_dsa/ml_dsa_key.c (+547/-0)
crypto/ml_dsa/ml_dsa_key.h (+56/-0)
crypto/ml_dsa/ml_dsa_key_compress.c (+175/-0)
crypto/ml_dsa/ml_dsa_local.h (+161/-0)
crypto/ml_dsa/ml_dsa_matrix.c (+39/-0)
crypto/ml_dsa/ml_dsa_matrix.h (+44/-0)
crypto/ml_dsa/ml_dsa_ntt.c (+198/-0)
crypto/ml_dsa/ml_dsa_params.c (+108/-0)
crypto/ml_dsa/ml_dsa_poly.h (+184/-0)
crypto/ml_dsa/ml_dsa_sample.c (+358/-0)
crypto/ml_dsa/ml_dsa_sign.c (+433/-0)
crypto/ml_dsa/ml_dsa_sign.h (+15/-0)
crypto/ml_dsa/ml_dsa_vector.h (+257/-0)
crypto/ml_kem/build.info (+6/-0)
crypto/ml_kem/ml_kem.c (+2012/-0)
crypto/modes/asm/aes-gcm-armv8_64.pl (+2/-1)
crypto/modes/asm/ghashv8-armx.pl (+2/-1)
crypto/modes/siv128.c (+3/-3)
crypto/objects/obj_dat.h (+821/-6)
crypto/objects/obj_mac.num (+163/-0)
crypto/objects/obj_xref.h (+16/-1)
crypto/objects/obj_xref.txt (+15/-0)
crypto/objects/objects.txt (+182/-1)
crypto/ocsp/ocsp_ext.c (+3/-2)
crypto/params.c (+81/-67)
crypto/params_from_text.c (+106/-0)
crypto/pem/pem_err.c (+3/-1)
crypto/pem/pem_lib.c (+34/-10)
crypto/pem/pem_pk8.c (+1/-1)
crypto/pem/pvkfmt.c (+23/-6)
crypto/perlasm/arm-xlate.pl (+36/-5)
crypto/perlasm/sparcv9_modes.pl (+5/-5)
crypto/perlasm/x86gas.pl (+2/-1)
crypto/perlasm/x86masm.pl (+2/-1)
crypto/perlasm/x86nasm.pl (+2/-1)
crypto/pkcs7/pk7_doit.c (+57/-24)
crypto/pkcs7/pk7_lib.c (+9/-4)
crypto/poly1305/asm/poly1305-armv8.pl (+15/-7)
crypto/property/property.c (+158/-3)
crypto/property/property_parse.c (+2/-3)
crypto/provider.c (+2/-2)
crypto/provider_conf.c (+2/-2)
crypto/provider_core.c (+388/-52)
crypto/rand/build.info (+7/-2)
crypto/rand/rand_err.c (+38/-36)
crypto/rand/rand_lib.c (+297/-157)
crypto/rand/rand_pool.c (+39/-0)
crypto/riscvcap.c (+11/-4)
crypto/rsa/rsa_gen.c (+12/-7)
crypto/rsa/rsa_lib.c (+1/-1)
crypto/sha/asm/keccak1600-armv8.pl (+8/-4)
crypto/sha/asm/sha1-armv8.pl (+6/-2)
crypto/sha/asm/sha512-armv8.pl (+13/-5)
crypto/slh_dsa/build.info (+9/-0)
crypto/slh_dsa/slh_adrs.c (+184/-0)
crypto/slh_dsa/slh_adrs.h (+71/-0)
crypto/slh_dsa/slh_dsa.c (+361/-0)
crypto/slh_dsa/slh_dsa_hash_ctx.c (+113/-0)
crypto/slh_dsa/slh_dsa_key.c (+500/-0)
crypto/slh_dsa/slh_dsa_key.h (+50/-0)
crypto/slh_dsa/slh_dsa_local.h (+95/-0)
crypto/slh_dsa/slh_fors.c (+322/-0)
crypto/slh_dsa/slh_hash.c (+287/-0)
crypto/slh_dsa/slh_hash.h (+66/-0)
crypto/slh_dsa/slh_hypertree.c (+135/-0)
crypto/slh_dsa/slh_params.c (+127/-0)
crypto/slh_dsa/slh_params.h (+39/-0)
crypto/slh_dsa/slh_wots.c (+315/-0)
crypto/slh_dsa/slh_xmss.c (+181/-0)
crypto/sm3/asm/sm3-armv8.pl (+25/-2)
crypto/sm4/asm/sm4-armv8.pl (+16/-5)
crypto/sm4/asm/vpsm4-armv8.pl (+18/-9)
crypto/sm4/asm/vpsm4_ex-armv8.pl (+16/-11)
crypto/srp/srp_vfy.c (+6/-1)
crypto/ssl_err.c (+252/-248)
crypto/sslerr.h (+1/-1)
crypto/store/store_lib.c (+11/-6)
crypto/store/store_meth.c (+6/-3)
crypto/store/store_result.c (+16/-6)
crypto/threads_none.c (+1/-1)
crypto/threads_pthread.c (+51/-211)
crypto/threads_win.c (+67/-77)
crypto/time.c (+1/-0)
crypto/trace.c (+2/-0)
crypto/ts/ts_rsp_sign.c (+8/-3)
crypto/ts/ts_rsp_verify.c (+4/-2)
crypto/ui/ui_util.c (+1/-1)
crypto/x509/build.info (+2/-1)
crypto/x509/by_file.c (+10/-0)
crypto/x509/ext_dat.h (+8/-1)
crypto/x509/pcy_tree.c (+4/-2)
crypto/x509/standard_exts.h (+8/-1)
crypto/x509/t_x509.c (+52/-34)
crypto/x509/v3_aaa.c (+129/-0)
crypto/x509/v3_ac_tgt.c (+4/-0)
crypto/x509/v3_addr.c (+6/-1)
crypto/x509/v3_attrdesc.c (+173/-0)
crypto/x509/v3_attrmap.c (+117/-0)
crypto/x509/v3_authattid.c (+80/-0)
crypto/x509/v3_cpols.c (+3/-1)
crypto/x509/v3_crld.c (+171/-1)
crypto/x509/v3_ncons.c (+41/-33)
crypto/x509/v3_purp.c (+44/-5)
crypto/x509/v3_rolespec.c (+95/-0)
crypto/x509/v3_san.c (+0/-3)
crypto/x509/v3_timespec.c (+598/-0)
crypto/x509/v3_utl.c (+17/-0)
crypto/x509/v3err.c (+52/-50)
crypto/x509/x509_cmp.c (+4/-2)
crypto/x509/x509_local.h (+3/-1)
crypto/x509/x509_lu.c (+22/-120)
crypto/x509/x509_vfy.c (+108/-31)
crypto/x509/x509_vpm.c (+7/-1)
crypto/x509/x_attrib.c (+5/-22)
crypto/x86_64cpuid.pl (+31/-5)
crypto/x86cpuid.pl (+25/-1)
debian/changelog (+48/-0)
debian/control (+2/-2)
debian/gbp.conf (+1/-1)
debian/libssl3t64.symbols (+2/-0)
debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch (+2/-2)
debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch (+34/-0)
debian/patches/fips/two-defines-for-fips-in-libssl-dev-headers.patch (+21/-0)
debian/patches/man-section.patch (+2/-2)
debian/patches/pic.patch (+7/-7)
debian/patches/series (+6/-0)
debian/watch (+1/-1)
demos/bio/sconnect.c (+1/-1)
demos/build.info (+4/-0)
demos/digest/EVP_MD_demo.c (+2/-2)
demos/guide/Makefile (+5/-1)
demos/guide/README.md (+26/-13)
demos/guide/build.info (+13/-1)
demos/guide/quic-client-block.c (+3/-2)
demos/guide/quic-client-non-block.c (+3/-2)
demos/guide/quic-server-block.c (+310/-0)
demos/guide/quic-server-non-block.c (+495/-0)
demos/http3/Makefile (+8/-2)
demos/http3/build.info (+5/-1)
demos/http3/ossl-nghttp3-demo-server.c (+1385/-0)
demos/http3/ossl-nghttp3.h (+1/-1)
demos/quic/README.md (+9/-0)
demos/quic/build.info (+1/-0)
demos/quic/server/Makefile (+30/-0)
demos/quic/server/README.md (+19/-0)
demos/quic/server/build.info (+14/-0)
demos/quic/server/server.c (+243/-0)
demos/sslecho/A-SSL-Docs.txt (+2/-2)
dev/null (+0/-314)
doc/HOWTO/documenting-functions-and-macros.md (+7/-0)
doc/HOWTO/keys.txt (+29/-4)
doc/README.md (+1/-5)
doc/build.info (+122/-0)
doc/designs/ML-KEM.md (+156/-0)
doc/designs/ddd/REPORT.md (+1/-1)
doc/designs/ddd/WINDOWS.md (+5/-5)
doc/designs/evp-cipher-pipeline.md (+219/-0)
doc/designs/evp_skey.md (+148/-0)
doc/designs/fips_indicator.md (+2/-2)
doc/designs/ml-dsa.md (+147/-0)
doc/designs/quic-design/error-handling.md (+1/-1)
doc/designs/quic-design/glossary.md (+60/-34)
doc/designs/quic-design/images/quic-concurrency-models.svg (+1/-0)
doc/designs/quic-design/quic-api-ssl-funcs.md (+1/-1)
doc/designs/quic-design/quic-api.md (+3/-3)
doc/designs/quic-design/quic-concurrency.md (+412/-0)
doc/designs/quic-design/quic-tls.md (+2/-2)
doc/designs/quic-design/server/quic-polling.md (+2134/-0)
doc/designs/quic-design/server/quic-server-api.md (+536/-0)
doc/designs/slh-dsa.md (+133/-0)
doc/images/openssl.svg (+28/-48)
doc/internal/man3/bn_mul_words.pod (+13/-23)
doc/internal/man3/evp_generic_fetch.pod (+12/-7)
doc/internal/man3/ossl_bio_print_hex.pod (+32/-0)
doc/internal/man3/ossl_cms_sign_encrypt.pod (+56/-0)
doc/internal/man3/ossl_provider_new.pod (+29/-13)
doc/internal/man3/ossl_serial_number_print.pod (+38/-0)
doc/internal/man7/EVP_PKEY.pod (+9/-4)
doc/man1/CA.pl.pod (+3/-1)
doc/man1/build.info (+1/-0)
doc/man1/openssl-ciphers.pod.in (+1/-2)
doc/man1/openssl-cmp.pod.in (+47/-18)
doc/man1/openssl-cms.pod.in (+15/-5)
doc/man1/openssl-dgst.pod.in (+8/-4)
doc/man1/openssl-dhparam.pod.in (+6/-4)
doc/man1/openssl-dsaparam.pod.in (+6/-4)
doc/man1/openssl-ecparam.pod.in (+5/-3)
doc/man1/openssl-enc.pod.in (+24/-1)
doc/man1/openssl-fipsinstall.pod.in (+5/-2)
doc/man1/openssl-genpkey.pod.in (+46/-2)
doc/man1/openssl-info.pod.in (+1/-1)
doc/man1/openssl-list.pod.in (+37/-1)
doc/man1/openssl-namedisplay-options.pod (+5/-3)
doc/man1/openssl-ocsp.pod.in (+11/-8)
doc/man1/openssl-pkcs12.pod.in (+4/-2)
doc/man1/openssl-pkcs8.pod.in (+10/-6)
doc/man1/openssl-pkey.pod.in (+8/-3)
doc/man1/openssl-pkeyparam.pod.in (+4/-1)
doc/man1/openssl-pkeyutl.pod.in (+90/-22)
doc/man1/openssl-rehash.pod.in (+2/-1)
doc/man1/openssl-req.pod.in (+13/-0)
doc/man1/openssl-s_client.pod.in (+1/-81)
doc/man1/openssl-s_server.pod.in (+3/-96)
doc/man1/openssl-s_time.pod.in (+1/-1)
doc/man1/openssl-skeyutl.pod.in (+76/-0)
doc/man1/openssl-smime.pod.in (+10/-8)
doc/man1/openssl-storeutl.pod.in (+5/-2)
doc/man1/openssl-ts.pod.in (+3/-1)
doc/man1/openssl.pod (+18/-1)
doc/man3/ASN1_STRING_length.pod (+2/-2)
doc/man3/ASYNC_start_job.pod (+2/-0)
doc/man3/BIO_get_ex_new_index.pod (+2/-2)
doc/man3/BIO_get_rpoll_descriptor.pod (+2/-2)
doc/man3/BIO_meth_new.pod (+46/-22)
doc/man3/BIO_new.pod (+1/-1)
doc/man3/BIO_s_accept.pod (+1/-1)
doc/man3/BIO_s_connect.pod (+1/-1)
doc/man3/BIO_s_dgram_pair.pod (+18/-2)
doc/man3/BIO_s_file.pod (+2/-1)
doc/man3/BIO_s_mem.pod (+1/-1)
doc/man3/BN_bn2bin.pod (+2/-2)
doc/man3/CMS_EnvelopedData_create.pod (+11/-6)
doc/man3/CMS_add1_signer.pod (+2/-1)
doc/man3/CMS_sign.pod (+2/-1)
doc/man3/CRYPTO_THREAD_run_once.pod (+5/-1)
doc/man3/EC_GROUP_new.pod (+3/-1)
doc/man3/ERR_error_string.pod (+1/-1)
doc/man3/ERR_set_mark.pod (+2/-1)
doc/man3/EVP_DigestInit.pod (+6/-2)
doc/man3/EVP_DigestSignInit.pod (+1/-1)
doc/man3/EVP_EncodeInit.pod (+7/-1)
doc/man3/EVP_EncryptInit.pod (+124/-23)
doc/man3/EVP_KDF.pod (+1/-3)
doc/man3/EVP_MAC.pod (+10/-4)
doc/man3/EVP_PKEY_CTX_ctrl.pod (+6/-4)
doc/man3/EVP_PKEY_CTX_get_algor.pod (+4/-0)
doc/man3/EVP_PKEY_CTX_set_params.pod (+5/-1)
doc/man3/EVP_PKEY_decapsulate.pod (+32/-10)
doc/man3/EVP_PKEY_encapsulate.pod (+41/-19)
doc/man3/EVP_PKEY_fromdata.pod (+26/-9)
doc/man3/EVP_PKEY_keygen.pod (+16/-3)
doc/man3/EVP_PKEY_new.pod (+78/-14)
doc/man3/EVP_PKEY_set1_encoded_public_key.pod (+26/-10)
doc/man3/EVP_PKEY_todata.pod (+15/-4)
doc/man3/EVP_SKEY.pod (+162/-0)
doc/man3/EVP_SKEYMGMT.pod (+151/-0)
doc/man3/EVP_set_default_properties.pod (+19/-3)
doc/man3/MD5.pod (+1/-1)
doc/man3/OPENSSL_LH_COMPFUNC.pod (+3/-0)
doc/man3/OPENSSL_ia32cap.pod (+149/-55)
doc/man3/OPENSSL_load_u16_le.pod (+84/-0)
doc/man3/OPENSSL_malloc.pod (+4/-2)
doc/man3/OSSL_CMP_CTX_new.pod (+12/-2)
doc/man3/OSSL_CMP_ITAV_new_caCerts.pod (+22/-22)
doc/man3/OSSL_CMP_MSG_http_perform.pod (+21/-8)
doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod (+66/-2)
doc/man3/OSSL_HTTP_REQ_CTX.pod (+39/-27)
doc/man3/OSSL_HTTP_parse_url.pod (+1/-1)
doc/man3/OSSL_HTTP_transfer.pod (+8/-27)
doc/man3/OSSL_PARAM.pod (+1/-1)
doc/man3/OSSL_PARAM_print_to_bio.pod (+42/-0)
doc/man3/OSSL_PROVIDER.pod (+45/-3)
doc/man3/OSSL_QUIC_client_method.pod (+10/-3)
doc/man3/OpenSSL_version.pod (+1/-1)
doc/man3/PEM_read.pod (+34/-11)
doc/man3/PEM_read_bio_PrivateKey.pod (+4/-1)
doc/man3/PKCS12_SAFEBAG_set0_attrs.pod (+5/-1)
doc/man3/RAND_bytes.pod (+17/-3)
doc/man3/SSL_CONF_cmd.pod (+101/-36)
doc/man3/SSL_CTX_load_verify_locations.pod (+2/-1)
doc/man3/SSL_CTX_set1_curves.pod (+208/-33)
doc/man3/SSL_CTX_set1_sigalgs.pod (+6/-3)
doc/man3/SSL_CTX_set1_verify_cert_store.pod (+1/-1)
doc/man3/SSL_CTX_set_cert_store.pod (+1/-1)
doc/man3/SSL_CTX_set_cert_verify_callback.pod (+1/-1)
doc/man3/SSL_CTX_set_cipher_list.pod (+1/-1)
doc/man3/SSL_CTX_set_domain_flags.pod (+120/-0)
doc/man3/SSL_CTX_set_info_callback.pod (+1/-1)
doc/man3/SSL_CTX_set_max_cert_list.pod (+1/-1)
doc/man3/SSL_CTX_set_new_pending_conn_cb.pod (+73/-0)
doc/man3/SSL_CTX_set_options.pod (+3/-2)
doc/man3/SSL_CTX_set_quiet_shutdown.pod (+1/-1)
doc/man3/SSL_CTX_set_verify.pod (+1/-1)
doc/man3/SSL_CTX_use_certificate.pod (+2/-2)
doc/man3/SSL_SESSION_free.pod (+1/-1)
doc/man3/SSL_SESSION_get0_hostname.pod (+3/-5)
doc/man3/SSL_accept_stream.pod (+2/-2)
doc/man3/SSL_clear.pod (+2/-2)
doc/man3/SSL_connect.pod (+1/-1)
doc/man3/SSL_do_handshake.pod (+1/-1)
doc/man3/SSL_get0_group_name.pod (+4/-3)
doc/man3/SSL_get1_builtin_sigalgs.pod (+1/-1)
doc/man3/SSL_get_current_cipher.pod (+1/-1)
doc/man3/SSL_get_peer_signature_nid.pod (+27/-9)
doc/man3/SSL_get_value_uint.pod (+1/-1)
doc/man3/SSL_get_verify_result.pod (+1/-1)
doc/man3/SSL_handle_events.pod (+1/-1)
doc/man3/SSL_in_init.pod (+2/-0)
doc/man3/SSL_inject_net_dgram.pod (+1/-1)
doc/man3/SSL_new_domain.pod (+119/-0)
doc/man3/SSL_new_listener.pod (+232/-0)
doc/man3/SSL_new_stream.pod (+12/-1)
doc/man3/SSL_poll.pod (+61/-23)
doc/man3/SSL_set_blocking_mode.pod (+4/-3)
doc/man3/SSL_set_quic_tls_cbs.pod (+183/-0)
doc/man3/SSL_shutdown.pod (+3/-3)
doc/man3/SSL_want.pod (+1/-1)
doc/man3/X509V3_get_d2i.pod (+5/-0)
doc/man3/X509_STORE_CTX_get_error.pod (+3/-2)
doc/man3/X509_STORE_add_cert.pod (+1/-1)
doc/man3/X509_VERIFY_PARAM_set_flags.pod (+13/-4)
doc/man3/X509_check_purpose.pod (+105/-3)
doc/man3/X509_dup.pod (+157/-1)
doc/man3/X509_get0_notBefore.pod (+6/-4)
doc/man3/X509_get_subject_name.pod (+4/-1)
doc/man3/X509_get_version.pod (+3/-0)
doc/man3/X509_load_http.pod (+1/-1)
doc/man3/d2i_X509.pod (+106/-1)
doc/man5/config.pod (+7/-0)
doc/man7/EVP_KDF-X942-ASN1.pod (+1/-1)
doc/man7/EVP_KEM-EC.pod (+6/-2)
doc/man7/EVP_KEM-ML-KEM.pod (+64/-0)
doc/man7/EVP_KEM-RSA.pod (+6/-2)
doc/man7/EVP_KEM-X25519.pod (+6/-2)
doc/man7/EVP_PKEY-ML-DSA.pod (+305/-0)
doc/man7/EVP_PKEY-ML-KEM.pod (+325/-0)
doc/man7/EVP_PKEY-SLH-DSA.pod (+156/-0)
doc/man7/EVP_RAND-CTR-DRBG.pod (+7/-1)
doc/man7/EVP_RAND-HASH-DRBG.pod (+7/-1)
doc/man7/EVP_RAND-HMAC-DRBG.pod (+7/-1)
doc/man7/EVP_RAND-JITTER.pod (+10/-1)
doc/man7/EVP_SIGNATURE-ML-DSA.pod (+141/-0)
doc/man7/EVP_SIGNATURE-SLH-DSA.pod (+136/-0)
doc/man7/OSSL_PROVIDER-FIPS.pod (+76/-2)
doc/man7/OSSL_PROVIDER-base.pod (+75/-1)
doc/man7/OSSL_PROVIDER-default.pod (+158/-10)
doc/man7/RAND.pod (+11/-2)
doc/man7/fips_module.pod (+2/-2)
doc/man7/openssl-env.pod (+12/-0)
doc/man7/openssl-quic-concurrency.pod (+339/-0)
doc/man7/openssl-quic.pod (+124/-46)
doc/man7/ossl-guide-introduction.pod (+6/-2)
doc/man7/ossl-guide-libssl-introduction.pod (+2/-2)
doc/man7/ossl-guide-migration.pod (+23/-13)
doc/man7/ossl-guide-quic-client-block.pod (+24/-1)
doc/man7/ossl-guide-quic-client-non-block.pod (+9/-2)
doc/man7/ossl-guide-quic-introduction.pod (+8/-2)
doc/man7/ossl-guide-quic-server-block.pod (+281/-0)
doc/man7/ossl-guide-quic-server-non-block.pod (+372/-0)
doc/man7/provider-base.pod (+16/-6)
doc/man7/provider-cipher.pod (+73/-20)
doc/man7/provider-decoder.pod (+4/-2)
doc/man7/provider-digest.pod (+14/-2)
doc/man7/provider-encoder.pod (+4/-2)
doc/man7/provider-keymgmt.pod (+14/-4)
doc/man7/provider-mac.pod (+12/-3)
doc/man7/provider-signature.pod (+3/-1)
doc/man7/provider-skeymgmt.pod (+200/-0)
doc/man7/provider.pod (+1/-1)
doc/perlvars.pm (+4/-1)
engines/e_capi.c (+5/-2)
engines/e_loader_attic.c (+3/-2)
funding.json (+105/-0)
fuzz/build.info (+61/-2)
fuzz/ml-dsa.c (+679/-0)
fuzz/ml-kem.c (+670/-0)
fuzz/oids.txt (+164/-1)
fuzz/quic-client.c (+2/-2)
fuzz/quic-server.c (+258/-0)
fuzz/slh-dsa.c (+608/-0)
fuzz/x509.c (+10/-7)
include/crypto/aes_platform.h (+21/-1)
include/crypto/decoder.h (+6/-1)
include/crypto/evp.h (+31/-2)
include/crypto/evperr.h (+1/-1)
include/crypto/ml_dsa.h (+119/-0)
include/crypto/ml_kem.h (+281/-0)
include/crypto/pem.h (+2/-2)
include/crypto/rand.h (+12/-1)
include/crypto/rand_pool.h (+2/-0)
include/crypto/randerr.h (+1/-1)
include/crypto/riscv_arch.h (+7/-1)
include/crypto/slh_dsa.h (+67/-0)
include/crypto/types.h (+3/-1)
include/crypto/x509.h (+6/-3)
include/internal/bio_addr.h (+1/-0)
include/internal/cms.h (+22/-0)
include/internal/constant_time.h (+9/-1)
include/internal/cryptlib.h (+2/-0)
include/internal/e_os.h (+2/-21)
include/internal/e_winsock.h (+52/-0)
include/internal/encoder.h (+27/-0)
include/internal/fips.h (+21/-0)
include/internal/hashfunc.h (+19/-0)
include/internal/hashtable.h (+21/-1)
include/internal/list.h (+1/-1)
include/internal/numbers.h (+1/-1)
include/internal/provider.h (+3/-4)
include/internal/quic_channel.h (+27/-2)
include/internal/quic_engine.h (+27/-4)
include/internal/quic_lcidm.h (+13/-1)
include/internal/quic_port.h (+55/-5)
include/internal/quic_predef.h (+9/-2)
include/internal/quic_reactor.h (+105/-20)
include/internal/quic_reactor_wait_ctx.h (+114/-0)
include/internal/quic_record_rx.h (+15/-2)
include/internal/quic_ssl.h (+41/-7)
include/internal/quic_stream_map.h (+3/-1)
include/internal/quic_thread_assist.h (+2/-6)
include/internal/quic_tls.h (+13/-9)
include/internal/quic_trace.h (+20/-0)
include/internal/quic_tserver.h (+4/-1)
include/internal/quic_txp.h (+17/-1)
include/internal/quic_types.h (+2/-2)
include/internal/quic_wire_pkt.h (+11/-2)
include/internal/recordmethod.h (+1/-9)
include/internal/rio_notifier.h (+69/-0)
include/internal/sizes.h (+2/-1)
include/internal/skey.h (+32/-0)
include/internal/sockets.h (+4/-3)
include/internal/ssl.h (+3/-1)
include/internal/ssl_unwrap.h (+130/-0)
include/internal/statem.h (+4/-2)
include/internal/time.h (+2/-1)
include/internal/tlsgroups.h (+7/-1)
include/openssl/asn1.h.in (+16/-15)
include/openssl/bio.h.in (+27/-20)
include/openssl/byteorder.h (+339/-0)
include/openssl/cmperr.h (+4/-1)
include/openssl/cms.h.in (+4/-1)
include/openssl/core_dispatch.h (+123/-4)
include/openssl/core_names.h.in (+8/-1)
include/openssl/crmf.h.in (+24/-6)
include/openssl/crmferr.h (+8/-1)
include/openssl/crypto.h.in (+3/-0)
include/openssl/engine.h (+1/-1)
include/openssl/evp.h (+80/-1)
include/openssl/evperr.h (+2/-0)
include/openssl/http.h (+8/-7)
include/openssl/macros.h (+11/-0)
include/openssl/ml_kem.h (+31/-0)
include/openssl/obj_mac.h (+817/-1)
include/openssl/params.h (+3/-0)
include/openssl/pem.h (+5/-1)
include/openssl/pemerr.h (+2/-1)
include/openssl/proverr.h (+8/-1)
include/openssl/provider.h (+29/-1)
include/openssl/quic.h (+6/-1)
include/openssl/rand.h (+11/-5)
include/openssl/randerr.h (+2/-1)
include/openssl/self_test.h (+15/-1)
include/openssl/ssl.h.in (+57/-2)
include/openssl/ssl3.h (+2/-1)
include/openssl/sslerr.h (+4/-1)
include/openssl/trace.h (+3/-2)
include/openssl/types.h (+4/-1)
include/openssl/x509_acert.h.in (+7/-0)
include/openssl/x509_vfy.h.in (+2/-1)
include/openssl/x509v3.h.in (+330/-6)
include/openssl/x509v3err.h (+2/-1)
providers/baseprov.c (+2/-1)
providers/build.info (+4/-0)
providers/common/capabilities.c (+209/-95)
providers/common/der/ML_DSA.asn1 (+15/-0)
providers/common/der/SLH_DSA.asn1 (+24/-0)
providers/common/der/build.info (+38/-0)
providers/common/der/der_ml_dsa_gen.c.in (+19/-0)
providers/common/der/der_ml_dsa_key.c (+41/-0)
providers/common/der/der_slh_dsa_gen.c.in (+19/-0)
providers/common/der/der_slh_dsa_key.c (+47/-0)
providers/common/include/prov/der_ml_dsa.h.in (+22/-0)
providers/common/include/prov/der_slh_dsa.h.in (+22/-0)
providers/common/include/prov/proverr.h (+1/-1)
providers/common/include/prov/provider_ctx.h (+10/-1)
providers/common/include/prov/provider_util.h (+3/-1)
providers/common/include/prov/providercommon.h (+5/-0)
providers/common/provider_ctx.c (+61/-1)
providers/common/provider_err.c (+13/-1)
providers/common/provider_util.c (+10/-3)
providers/decoders.inc (+55/-5)
providers/defltprov.c (+110/-1)
providers/encoders.inc (+159/-10)
providers/fips-sources.checksums (+212/-145)
providers/fips.checksum (+1/-1)
providers/fips.module.sources (+68/-1)
providers/fips/fipsprov.c (+119/-1)
providers/fips/self_test.c (+11/-1)
providers/fips/self_test_data.inc (+1791/-51)
providers/fips/self_test_kats.c (+345/-158)
providers/implementations/asymciphers/rsa_enc.c (+1/-1)
providers/implementations/asymciphers/sm2_enc.c (+2/-1)
providers/implementations/build.info (+1/-1)
providers/implementations/ciphers/build.info (+14/-0)
providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c (+2/-2)
providers/implementations/ciphers/cipher_aes_ccm.c (+1/-1)
providers/implementations/ciphers/cipher_aes_gcm.c (+1/-1)
providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc (+3/-7)
providers/implementations/ciphers/cipher_aes_gcm_siv.c (+2/-9)
providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c (+3/-3)
providers/implementations/ciphers/cipher_aes_ocb.c (+2/-2)
providers/implementations/ciphers/cipher_aes_siv.c (+5/-14)
providers/implementations/ciphers/cipher_aes_siv_hw.c (+9/-5)
providers/implementations/ciphers/cipher_aes_wrp.c (+2/-2)
providers/implementations/ciphers/cipher_aes_xts.c (+24/-2)
providers/implementations/ciphers/cipher_aes_xts.h (+25/-0)
providers/implementations/ciphers/cipher_aes_xts_hw.c (+29/-2)
providers/implementations/ciphers/cipher_aes_xts_s390x.inc (+167/-0)
providers/implementations/ciphers/cipher_chacha20.c (+1/-1)
providers/implementations/ciphers/cipher_chacha20_poly1305.c (+1/-1)
providers/implementations/ciphers/cipher_rc2.c (+1/-1)
providers/implementations/ciphers/cipher_rc4_hmac_md5.c (+1/-1)
providers/implementations/ciphers/cipher_rc5.c (+1/-1)
providers/implementations/ciphers/cipher_sm4_xts.c (+1/-1)
providers/implementations/ciphers/ciphercommon.c (+27/-3)
providers/implementations/ciphers/ciphercommon_ccm.c (+1/-1)
providers/implementations/ciphers/ciphercommon_gcm.c (+1/-1)
providers/implementations/digests/blake2_prov.c (+12/-2)
providers/implementations/digests/md5_sha1_prov.c (+1/-1)
providers/implementations/digests/mdc2_prov.c (+1/-1)
providers/implementations/digests/sha2_prov.c (+1/-1)
providers/implementations/digests/sha3_prov.c (+12/-2)
providers/implementations/encode_decode/build.info (+12/-0)
providers/implementations/encode_decode/decode_der2key.c (+482/-34)
providers/implementations/encode_decode/decode_epki2pki.c (+27/-13)
providers/implementations/encode_decode/decode_pem2der.c (+67/-6)
providers/implementations/encode_decode/decode_spki2typespki.c (+27/-11)
providers/implementations/encode_decode/encode_key2any.c (+468/-180)
providers/implementations/encode_decode/encode_key2text.c (+91/-235)
providers/implementations/encode_decode/ml_common_codecs.c (+92/-0)
providers/implementations/encode_decode/ml_common_codecs.h (+98/-0)
providers/implementations/encode_decode/ml_dsa_codecs.c (+449/-0)
providers/implementations/encode_decode/ml_dsa_codecs.h (+39/-0)
providers/implementations/encode_decode/ml_kem_codecs.c (+488/-0)
providers/implementations/encode_decode/ml_kem_codecs.h (+39/-0)
providers/implementations/exchange/dh_exch.c (+1/-1)
providers/implementations/exchange/ecdh_exch.c (+1/-1)
providers/implementations/include/prov/ciphercommon.h (+7/-1)
providers/implementations/include/prov/decoders.h (+20/-0)
providers/implementations/include/prov/digestcommon.h (+7/-0)
providers/implementations/include/prov/implementations.h (+270/-10)
providers/implementations/include/prov/ml_dsa.h (+6/-2)
providers/implementations/include/prov/ml_kem.h (+14/-0)
providers/implementations/include/prov/mlx_kem.h (+47/-0)
providers/implementations/include/prov/names.h (+50/-1)
providers/implementations/kdfs/argon2.c (+2/-2)
providers/implementations/kdfs/hkdf.c (+7/-7)
providers/implementations/kdfs/hmacdrbg_kdf.c (+1/-1)
providers/implementations/kdfs/kbkdf.c (+1/-1)
providers/implementations/kdfs/krb5kdf.c (+2/-2)
providers/implementations/kdfs/pbkdf2.c (+2/-2)
providers/implementations/kdfs/pkcs12kdf.c (+1/-1)
providers/implementations/kdfs/pvkkdf.c (+1/-1)
providers/implementations/kdfs/scrypt.c (+1/-1)
providers/implementations/kdfs/sshkdf.c (+1/-1)
providers/implementations/kdfs/sskdf.c (+5/-5)
providers/implementations/kdfs/tls1_prf.c (+1/-1)
providers/implementations/kdfs/x942kdf.c (+1/-1)
providers/implementations/kem/build.info (+12/-0)
providers/implementations/kem/ec_kem.c (+3/-2)
providers/implementations/kem/ecx_kem.c (+3/-2)
providers/implementations/kem/ml_kem_kem.c (+268/-0)
providers/implementations/kem/mlx_kem.c (+341/-0)
providers/implementations/kem/rsa_kem.c (+3/-3)
providers/implementations/kem/template_kem.c (+193/-0)
providers/implementations/keymgmt/build.info (+22/-0)
providers/implementations/keymgmt/dh_kmgmt.c (+1/-1)
providers/implementations/keymgmt/dsa_kmgmt.c (+2/-2)
providers/implementations/keymgmt/ec_kmgmt.c (+6/-13)
providers/implementations/keymgmt/ecx_kmgmt.c (+3/-3)
providers/implementations/keymgmt/ml_dsa_kmgmt.c (+577/-0)
providers/implementations/keymgmt/ml_kem_kmgmt.c (+856/-0)
providers/implementations/keymgmt/mlx_kmgmt.c (+820/-0)
providers/implementations/keymgmt/rsa_kmgmt.c (+2/-3)
providers/implementations/keymgmt/slh_dsa_kmgmt.c (+457/-0)
providers/implementations/keymgmt/template_kmgmt.c (+437/-0)
providers/implementations/macs/blake2_mac_impl.c (+1/-1)
providers/implementations/macs/cmac_prov.c (+1/-1)
providers/implementations/macs/gmac_prov.c (+1/-1)
providers/implementations/macs/hmac_prov.c (+1/-1)
providers/implementations/macs/kmac_prov.c (+1/-1)
providers/implementations/macs/siphash_prov.c (+1/-1)
providers/implementations/rands/build.info (+4/-0)
providers/implementations/rands/drbg.c (+4/-3)
providers/implementations/rands/drbg_ctr.c (+43/-5)
providers/implementations/rands/drbg_hash.c (+58/-3)
providers/implementations/rands/drbg_hmac.c (+82/-7)
providers/implementations/rands/seed_src.c (+10/-9)
providers/implementations/rands/seed_src_jitter.c (+34/-11)
providers/implementations/rands/seeding/rand_unix.c (+28/-23)
providers/implementations/rands/test_rng.c (+1/-1)
providers/implementations/signature/build.info (+12/-0)
providers/implementations/signature/dsa_sig.c (+29/-23)
providers/implementations/signature/ecdsa_sig.c (+33/-22)
providers/implementations/signature/eddsa_sig.c (+1/-1)
providers/implementations/signature/ml_dsa_sig.c (+368/-0)
providers/implementations/signature/rsa_sig.c (+3/-6)
providers/implementations/signature/slh_dsa_sig.c (+388/-0)
providers/implementations/signature/sm2_sig.c (+1/-1)
providers/implementations/skeymgmt/aes_skmgmt.c (+52/-0)
providers/implementations/skeymgmt/build.info (+8/-0)
providers/implementations/skeymgmt/generic.c (+93/-0)
providers/implementations/skeymgmt/skeymgmt_lcl.h (+19/-0)
providers/implementations/storemgmt/file_store.c (+50/-5)
providers/implementations/storemgmt/file_store_any2obj.c (+76/-23)
providers/implementations/storemgmt/winstore_store.c (+2/-1)
ssl/bio_ssl.c (+11/-4)
ssl/build.info (+8/-6)
ssl/d1_lib.c (+3/-1)
ssl/d1_msg.c (+2/-1)
ssl/d1_srtp.c (+2/-2)
ssl/quic/build.info (+26/-21)
ssl/quic/qlog_event_helpers.c (+5/-3)
ssl/quic/quic_channel.c (+511/-99)
ssl/quic/quic_channel_local.h (+19/-1)
ssl/quic/quic_engine.c (+66/-12)
ssl/quic/quic_impl.c (+1716/-591)
ssl/quic/quic_lcidm.c (+74/-13)
ssl/quic/quic_local.h (+71/-90)
ssl/quic/quic_method.c (+6/-1)
ssl/quic/quic_obj.c (+137/-0)
ssl/quic/quic_obj_local.h (+341/-0)
ssl/quic/quic_port.c (+1187/-64)
ssl/quic/quic_port_local.h (+25/-2)
ssl/quic/quic_reactor.c (+228/-24)
ssl/quic/quic_reactor_wait_ctx.c (+85/-0)
ssl/quic/quic_record_rx.c (+239/-3)
ssl/quic/quic_record_tx.c (+11/-7)
ssl/quic/quic_rx_depack.c (+33/-3)
ssl/quic/quic_thread_assist.c (+8/-17)
ssl/quic/quic_tls.c (+146/-85)
ssl/quic/quic_tls_api.c (+208/-0)
ssl/quic/quic_trace.c (+12/-6)
ssl/quic/quic_tserver.c (+10/-9)
ssl/quic/quic_txp.c (+148/-47)
ssl/quic/quic_wire_pkt.c (+21/-4)
ssl/record/methods/ktls_meth.c (+2/-2)
ssl/record/methods/tlsany_meth.c (+5/-1)
ssl/record/rec_layer_d1.c (+3/-2)
ssl/record/rec_layer_s3.c (+5/-2)
ssl/rio/build.info (+3/-0)
ssl/rio/poll_builder.c (+175/-0)
ssl/rio/poll_builder.h (+77/-0)
ssl/rio/poll_immediate.c (+381/-29)
ssl/rio/poll_method.h (+26/-0)
ssl/rio/rio_notifier.c (+379/-0)
ssl/s3_enc.c (+2/-1)
ssl/s3_lib.c (+95/-13)
ssl/s3_msg.c (+2/-1)
ssl/ssl_cert.c (+40/-14)
ssl/ssl_cert_comp.c (+5/-1)
ssl/ssl_ciph.c (+2/-1)
ssl/ssl_conf.c (+42/-11)
ssl/ssl_err_legacy.c (+3/-3)
ssl/ssl_init.c (+2/-33)
ssl/ssl_lib.c (+496/-74)
ssl/ssl_local.h (+144/-93)
ssl/ssl_rsa.c (+46/-11)
ssl/ssl_rsa_legacy.c (+23/-5)
ssl/ssl_sess.c (+20/-11)
ssl/ssl_stat.c (+2/-1)
ssl/statem/extensions.c (+6/-29)
ssl/statem/extensions_clnt.c (+117/-49)
ssl/statem/extensions_cust.c (+2/-1)
ssl/statem/extensions_srvr.c (+357/-75)
ssl/statem/statem.c (+13/-3)
ssl/statem/statem_clnt.c (+9/-3)
ssl/statem/statem_dtls.c (+2/-1)
ssl/statem/statem_lib.c (+7/-3)
ssl/statem/statem_local.h (+2/-2)
ssl/statem/statem_srvr.c (+22/-3)
ssl/t1_enc.c (+2/-1)
ssl/t1_lib.c (+1060/-266)
ssl/t1_trce.c (+14/-2)
ssl/tls13_enc.c (+2/-1)
ssl/tls_depr.c (+11/-5)
ssl/tls_srp.c (+2/-1)
test/README-external.md (+37/-9)
test/bio_prefix_text.c (+4/-2)
test/bioprinttest.c (+1/-1)
test/bntest.c (+1/-1)
test/build.info (+114/-60)
test/byteorder_test.c (+89/-0)
test/cert_comp_test.c (+2/-1)
test/certs/ext-aAissuingDistributionPoint.pem (+12/-0)
test/certs/ext-allowedAttributeAssignments.pem (+12/-0)
test/certs/ext-attributeDescriptor.pem (+13/-0)
test/certs/ext-attributeMappings.pem (+12/-0)
test/certs/ext-authorityAttributeIdentifier.pem (+12/-0)
test/certs/ext-roleSpecCertIdentifier.pem (+13/-0)
test/certs/ext-timeSpecification-absolute.pem (+12/-0)
test/certs/ext-timeSpecification-periodic.pem (+14/-0)
test/certs/nc-uri-cert.pem (+21/-0)
test/certs/ncca4-cert.pem (+19/-0)
test/certs/ncca4-key.pem (+28/-0)
test/certs/p256-ee-rsa-ca-cert.pem (+15/-0)
test/certs/p256-ee-rsa-ca-key.pem (+5/-0)
test/certs/root-ml-dsa-44-cert.pem (+85/-0)
test/certs/root-ml-dsa-44-key.pem (+56/-0)
test/certs/server-ml-dsa-44-cert.pem (+85/-0)
test/certs/server-ml-dsa-44-key.pem (+56/-0)
test/certs/setup.sh (+17/-0)
test/certs/tab-in-dn.pem (+8/-0)
test/certs/tab-in-dn.text (+27/-0)
test/clienthellotest.c (+7/-50)
test/cmactest.c (+1/-1)
test/cmp_client_test.c (+9/-4)
test/cmp_protect_test.c (+2/-2)
test/cmp_vfy_test.c (+1/-1)
test/conf_include_test.c (+2/-2)
test/crltest.c (+28/-8)
test/ct_test.c (+6/-2)
test/default-for-evptest.cnf (+21/-0)
test/dtls_mtu_test.c (+2/-1)
test/endecode_test.c (+187/-6)
test/enginetest.c (+1/-1)
test/evp_extra_test.c (+899/-47)
test/evp_extra_test2.c (+96/-0)
test/evp_libctx_test.c (+15/-5)
test/evp_pkey_dhkem_test.c (+4/-4)
test/evp_skey_test.c (+267/-0)
test/evp_test.c (+360/-63)
test/fake_cipherprov.c (+321/-0)
test/fake_cipherprov.h (+19/-0)
test/fake_pipelineprov.c (+344/-0)
test/fake_pipelineprov.h (+14/-0)
test/filterprov.c (+41/-2)
test/generate_ssl_tests.pl (+20/-4)
test/helpers/handshake.c (+2/-1)
test/helpers/noisydgrambio.c (+7/-5)
test/helpers/pktsplitbio.c (+5/-7)
test/helpers/quictestlib.c (+87/-52)
test/helpers/quictestlib.h (+6/-1)
test/helpers/ssltestlib.c (+9/-3)
test/http_test.c (+87/-15)
test/lhash_test.c (+2/-2)
test/ml_dsa.inc (+1960/-0)
test/ml_dsa_test.c (+591/-0)
test/ml_kem_evp_extra_test.c (+435/-0)
test/ml_kem_internal_test.c (+268/-0)
test/mldsa_parse.py (+145/-0)
test/mldsa_wycheproof_parse.py (+144/-0)
test/mlkem_parse.py (+109/-0)
test/p_test.c (+1/-1)
test/pkcs7_test.c (+294/-0)
test/quic-openssl-docker/Dockerfile (+10/-5)
test/quic-openssl-docker/build.info (+6/-0)
test/quic-openssl-docker/hq-interop/build.info (+10/-0)
test/quic-openssl-docker/hq-interop/quic-hq-interop-server.c (+794/-0)
test/quic-openssl-docker/hq-interop/quic-hq-interop.c (+1050/-0)
test/quic-openssl-docker/run_endpoint.sh (+64/-41)
test/quic_multistream_test.c (+156/-20)
test/quic_record_test.c (+2/-2)
test/quic_tserver_test.c (+16/-3)
test/quic_txp_test.c (+8/-1)
test/quic_wire_test.c (+2/-2)
test/quicapitest.c (+459/-23)
test/radix/README.md (+114/-0)
test/radix/main.c (+61/-0)
test/radix/quic_bindings.c (+843/-0)
test/radix/quic_ops.c (+1222/-0)
test/radix/quic_radix.c (+13/-0)
test/radix/quic_tests.c (+243/-0)
test/radix/terp.c (+882/-0)
test/rand_test.c (+84/-1)
test/recipes/02-test_byteorder.t (+12/-0)
test/recipes/03-test_evp_extra_ml_kem.t (+19/-0)
test/recipes/03-test_fipsinstall.t (+56/-12)
test/recipes/03-test_internal_ml_kem.t (+18/-0)
test/recipes/15-test_dsaparam.t (+11/-2)
test/recipes/15-test_ecparam.t (+25/-3)
test/recipes/15-test_ml_dsa_codecs.t (+215/-0)
test/recipes/15-test_ml_dsa_codecs_data/ml-dsa.cnf (+18/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-bare-priv.pem (+56/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-bare-seed.pem (+4/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-oqskeypair.pem (+84/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-priv-only.pem (+56/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-priv.txt (+262/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-seed-only.pem (+4/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-seed-priv.pem (+57/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-44-seed.txt (+266/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-bare-priv.pem (+87/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-bare-seed.pem (+4/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-oqskeypair.pem (+128/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-priv-only.pem (+87/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-priv.txt (+403/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-seed-only.pem (+4/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-seed-priv.pem (+88/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-65-seed.txt (+407/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-bare-priv.pem (+105/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-bare-seed.pem (+4/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-oqskeypair.pem (+159/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-priv-only.pem (+105/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-priv.txt (+503/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-seed-only.pem (+4/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-seed-priv.pem (+106/-0)
test/recipes/15-test_ml_dsa_codecs_data/prv-87-seed.txt (+507/-0)
test/recipes/15-test_ml_dsa_codecs_data/pub-44.pem (+30/-0)
test/recipes/15-test_ml_dsa_codecs_data/pub-44.txt (+90/-0)
test/recipes/15-test_ml_dsa_codecs_data/pub-65.pem (+44/-0)
test/recipes/15-test_ml_dsa_codecs_data/pub-65.txt (+133/-0)
test/recipes/15-test_ml_dsa_codecs_data/pub-87.pem (+57/-0)
test/recipes/15-test_ml_dsa_codecs_data/pub-87.txt (+175/-0)
test/recipes/15-test_ml_kem_codecs.t (+225/-0)
test/recipes/15-test_ml_kem_codecs_data/ml-kem.cnf (+18/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-bare-priv.pem (+69/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-bare-seed.pem (+4/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-oqskeypair.pem (+102/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-priv-only.pem (+69/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-priv.txt (+320/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-seed-only.pem (+4/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-seed-priv.pem (+71/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-1024-seed.txt (+326/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-bare-priv.pem (+37/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-bare-seed.pem (+4/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-oqskeypair.pem (+54/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-priv-only.pem (+37/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-priv.txt (+166/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-seed-only.pem (+4/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-seed-priv.pem (+39/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-512-seed.txt (+172/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-bare-priv.pem (+53/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-bare-seed.pem (+4/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-oqskeypair.pem (+78/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-priv-only.pem (+53/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-priv.txt (+242/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-seed-only.pem (+4/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-seed-priv.pem (+55/-0)
test/recipes/15-test_ml_kem_codecs_data/prv-768-seed.txt (+248/-0)
test/recipes/15-test_ml_kem_codecs_data/pub-1024.pem (+36/-0)
test/recipes/15-test_ml_kem_codecs_data/pub-512.pem (+20/-0)
test/recipes/15-test_ml_kem_codecs_data/pub-768.pem (+28/-0)
test/recipes/15-test_ml_kem_codecs_data/ss-1024.dat (+2/-0)
test/recipes/15-test_ml_kem_codecs_data/ss-768.dat (+2/-0)
test/recipes/15-test_pkey.t (+129/-0)
test/recipes/20-test_dgst.t (+23/-4)
test/recipes/20-test_dhparam.t (+12/-3)
test/recipes/20-test_pkeyutl.t (+68/-18)
test/recipes/25-test_pkcs8.t (+23/-9)
test/recipes/25-test_req.t (+150/-2)
test/recipes/25-test_verify.t (+5/-2)
test/recipes/25-test_x509.t (+139/-2)
test/recipes/30-test_evp.t (+35/-2)
test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt (+37/-1)
test/recipes/30-test_evp_data/evpciph_aes_siv.txt (+3616/-1)
test/recipes/30-test_evp_data/evppkey_ecx_kem.txt (+31/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_sign.txt (+549/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_verify.txt (+691/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_65_wycheproof_sign.txt (+559/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_65_wycheproof_verify.txt (+712/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_87_wycheproof_sign.txt (+487/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_87_wycheproof_verify.txt (+658/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_keygen.txt (+535/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_siggen.txt (+1942/-0)
test/recipes/30-test_evp_data/evppkey_ml_dsa_sigver.txt (+1003/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_1024_decap.txt (+2286/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_1024_encap.txt (+2235/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_1024_keygen.txt (+711/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_512_decap.txt (+711/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_512_encap.txt (+811/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_512_keygen.txt (+711/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_768_decap.txt (+2286/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_768_encap.txt (+2235/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_768_keygen.txt (+711/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_encap_decap.txt (+852/-0)
test/recipes/30-test_evp_data/evppkey_ml_kem_keygen.txt (+537/-0)
test/recipes/30-test_evp_data/evppkey_rsa.txt (+14/-36)
test/recipes/30-test_evp_data/evppkey_rsa_kem.txt (+110/-0)
test/recipes/30-test_evp_data/evppkey_slh_dsa_keygen.txt (+850/-0)
test/recipes/30-test_evp_data/evppkey_slh_dsa_siggen.txt (+3676/-0)
test/recipes/30-test_evp_data/evppkey_slh_dsa_sigver.txt (+3826/-0)
test/recipes/30-test_evp_extra.t (+12/-2)
test/recipes/30-test_evp_skey.t (+13/-0)
test/recipes/30-test_ml_dsa.t (+97/-0)
test/recipes/30-test_slh_dsa.t (+42/-0)
test/recipes/70-test_clienthello.t (+2/-2)
test/recipes/70-test_key_share.t (+3/-3)
test/recipes/70-test_quic_multistream.t (+2/-2)
test/recipes/70-test_quic_radix.t (+21/-0)
test/recipes/70-test_sslkeylogfile.t (+77/-0)
test/recipes/70-test_sslsigalgs.t (+16/-4)
test/recipes/70-test_tls13cookie.t (+17/-17)
test/recipes/70-test_tls13groupselection.t (+26/-0)
test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt (+156/-59)
test/recipes/75-test_quicapi_data/ssltraceref.txt (+156/-59)
test/recipes/80-test_cmp_http.t (+8/-1)
test/recipes/80-test_cmp_http_data/Mock/server.cnf (+1/-0)
test/recipes/80-test_cmp_http_data/Mock/server.crt (+20/-19)
test/recipes/80-test_cmp_http_data/test_commands.csv (+14/-2)
test/recipes/80-test_cms.t (+138/-2)
test/recipes/80-test_ocsp.t (+24/-3)
test/recipes/80-test_ssl_new.t (+4/-10)
test/recipes/90-test_store.t (+8/-1)
test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh (+1/-3)
test/recipes/95-test_external_pkcs11_provider.t (+28/-0)
test/recipes/95-test_external_pkcs11_provider_data/pkcs11-provider.sh (+70/-0)
test/recipes/95-test_external_tlsfuzzer_data/cert.json.in (+37/-17)
test/recipes/99-test_fuzz_ml-dsa.t (+25/-0)
test/recipes/99-test_fuzz_ml-kem.t (+25/-0)
test/recipes/99-test_fuzz_quic_server.t (+25/-0)
test/recipes/99-test_fuzz_sl-dsa.t (+25/-0)
test/recipes/tconversion.pl (+15/-19)
test/rpktest.c (+1/-1)
test/slh_dsa.inc (+282/-0)
test/slh_dsa_test.c (+667/-0)
test/slhdsa_parse.py (+149/-0)
test/smime-certs/mksmime-certs.sh (+14/-1)
test/smime-certs/sm_mldsa44.pem (+99/-0)
test/smime-certs/sm_slhdsa_sha2_128s.pem (+19/-0)
test/smime-certs/sm_slhdsa_shake_128s.pem (+19/-0)
test/smime-certs/sm_slhdsa_shake_256s.pem (+22/-0)
test/ssl-tests/01-simple.cnf (+2/-2)
test/ssl-tests/01-simple.cnf.in (+15/-3)
test/ssl-tests/04-client_auth.cnf (+2/-2)
test/ssl-tests/04-client_auth.cnf.in (+13/-1)
test/ssl-tests/13-fragmentation.cnf (+162/-162)
test/ssl-tests/13-fragmentation.cnf.in (+91/-83)
test/ssl-tests/14-curves.cnf.in (+37/-29)
test/ssl-tests/17-renegotiate.cnf.in (+9/-3)
test/ssl-tests/18-dtls-renegotiate.cnf.in (+3/-2)
test/ssl-tests/19-mac-then-encrypt.cnf.in (+5/-1)
test/ssl-tests/20-cert-select.cnf (+68/-38)
test/ssl-tests/20-cert-select.cnf.in (+82/-41)
test/ssl-tests/26-tls13_client_auth.cnf (+4/-4)
test/ssl-tests/26-tls13_client_auth.cnf.in (+17/-5)
test/ssl-tests/28-seclevel.cnf (+6/-0)
test/ssl-tests/28-seclevel.cnf.in (+7/-1)
test/ssl-tests/ssltests_base.pm (+3/-1)
test/ssl_ctx_test.c (+2/-2)
test/ssl_handshake_rtt_test.c (+2/-1)
test/ssl_test.c (+7/-3)
test/sslapitest.c (+787/-93)
test/sslbuffertest.c (+7/-1)
test/test.cnf (+0/-1)
test/testmldsa44.pem (+57/-0)
test/testmldsa44pub.pem (+30/-0)
test/testmldsa65.pem (+88/-0)
test/testmldsa65pub.pem (+44/-0)
test/testmldsa87.pem (+106/-0)
test/testmldsa87pub.pem (+57/-0)
test/testutil.h (+5/-2)
test/testutil/basic_output.c (+114/-5)
test/testutil/stanza.c (+8/-7)
test/threadstest.c (+9/-6)
test/tls-provider.c (+4/-3)
test/tls13groupselection_test.c (+556/-0)
test/tls13secretstest.c (+2/-1)
test/trace_api_test.c (+51/-32)
test/v3ext.c (+2/-2)
test/v3nametest.c (+3/-2)
test/verify_extra_test.c (+1/-1)
test/wpackettest.c (+1/-1)
test/x509_internal_test.c (+51/-1)
util/build.info (+0/-7)
util/find-doc-nits (+69/-7)
util/libcrypto.num (+203/-13)
util/libssl.num (+19/-0)
util/missingcrypto.txt (+1/-11)
util/other.syms (+33/-0)
util/perl/OpenSSL/paramnames.pm (+31/-0)
util/platform_symbols/unix-symbols.txt (+2/-0)
util/platform_symbols/windows-symbols.txt (+1/-0)

~adrien/ubuntu/+source/openssl:merge-3.2.2-1

Merged into ubuntu/+source/openssl:ubuntu/devel at revision 621417f622415e5102b64a3933f98fcd49c09117

Dan Bungert: Pending requested 2024-07-05

Simon Chopin: Pending requested 2024-07-05

Diff: 12988 lines (+3784/-3273) (has conflicts)

217 files modified

.ctags.d/add-dir.ctags (+11/-0)
.ctags.d/exclude.ctags (+13/-0)
.ctags.d/openssl-stage1/10extrac-macrodefs.ctags (+18/-0)
.ctags.d/openssl-stage2/10expand-macros.ctags (+9/-0)
CHANGES.md (+82/-8)
CONTRIBUTING.md (+5/-3)
Configurations/10-main.conf (+8/-1)
Configurations/15-ios.conf (+3/-3)
Configurations/unix-Makefile.tmpl (+7/-7)
Configure (+5/-3)
INSTALL.md (+8/-1)
NEWS.md (+27/-4)
NOTES-NONSTOP.md (+7/-1)
VERSION.dat (+2/-2)
apps/lib/cmp_mock_srv.c (+17/-4)
apps/lib/s_cb.c (+5/-3)
apps/list.c (+2/-1)
apps/ocsp.c (+2/-2)
apps/pkcs12.c (+11/-5)
apps/req.c (+1/-1)
apps/speed.c (+6/-2)
apps/ts.c (+7/-4)
apps/x509.c (+4/-3)
crypto/aes/asm/bsaes-armv8.pl (+6/-3)
crypto/aes/build.info (+1/-1)
crypto/bio/bio_lib.c (+7/-3)
crypto/bio/bio_sock.c (+5/-1)
crypto/bio/bss_conn.c (+8/-4)
crypto/bio/bss_dgram.c (+26/-8)
crypto/bn/bn_lib.c (+47/-6)
crypto/bn/bn_rand.c (+126/-40)
crypto/bn/bn_shift.c (+4/-4)
crypto/chacha/asm/chacha-loongarch64.pl (+1/-1)
crypto/chacha/asm/chachap10-ppc.pl (+4/-2)
crypto/cmp/cmp_asn.c (+21/-14)
crypto/cmp/cmp_genm.c (+5/-3)
crypto/cms/cms_asn1.c (+18/-3)
crypto/cms/cms_env.c (+4/-11)
crypto/cms/cms_lib.c (+2/-15)
crypto/cms/cms_local.h (+2/-2)
crypto/cms/cms_sd.c (+19/-3)
crypto/cms/cms_smime.c (+3/-2)
crypto/deterministic_nonce.c (+49/-7)
crypto/dsa/dsa_check.c (+41/-5)
crypto/dsa/dsa_ossl.c (+6/-5)
crypto/dsa/dsa_sign.c (+7/-2)
crypto/ec/asm/ecp_sm2p256-armv8.pl (+7/-7)
crypto/ec/build.info (+1/-1)
crypto/ec/curve448/arch_64/f_impl64.c (+4/-4)
crypto/ec/ecdsa_ossl.c (+16/-6)
crypto/encode_decode/encoder_lib.c (+6/-1)
crypto/engine/eng_pkey.c (+1/-43)
crypto/err/openssl.ec (+2/-0)
crypto/err/openssl.txt (+4/-1)
crypto/ess/ess_lib.c (+2/-2)
crypto/evp/keymgmt_lib.c (+7/-2)
crypto/evp/p_lib.c (+10/-2)
crypto/evp/pmeth_lib.c (+67/-2)
crypto/evp/signature.c (+24/-9)
crypto/hpke/hpke.c (+2/-2)
crypto/init.c (+8/-6)
crypto/o_str.c (+2/-2)
crypto/params.c (+5/-5)
crypto/property/property_parse.c (+2/-1)
crypto/provider_core.c (+9/-6)
crypto/sha/build.info (+1/-1)
crypto/sleep.c (+2/-11)
crypto/sm2/sm2_crypt.c (+28/-5)
crypto/sm2/sm2_sign.c (+15/-3)
crypto/sm4/asm/vpsm4-armv8.pl (+4/-4)
crypto/sm4/asm/vpsm4_ex-armv8.pl (+4/-4)
crypto/sm4/build.info (+1/-1)
crypto/store/store_lib.c (+4/-3)
crypto/x509/by_dir.c (+4/-4)
crypto/x509/by_file.c (+3/-1)
crypto/x509/v3_addr.c (+2/-2)
debian/changelog (+35/-0)
debian/gbp.conf (+0/-2)
debian/openssl.docs (+0/-1)
debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch (+3/-3)
debian/patches/debian-targets.patch (+18/-9)
debian/patches/default-configuration-read-dropins-and-crypto-config.patch (+30/-0)
debian/patches/man-section.patch (+1/-1)
debian/patches/series (+7/-0)
debian/rules (+13/-2)
demos/digest/BIO_f_md.c (+7/-2)
demos/digest/EVP_MD_demo.c (+2/-2)
demos/digest/EVP_MD_stdin.c (+2/-2)
demos/sslecho/main.c (+2/-1)
dev/null (+0/-2003)
doc/build.info (+12/-0)
doc/fingerprints.txt (+3/-0)
doc/internal/man3/ossl_method_construct.pod (+2/-2)
doc/man1/openssl-ciphers.pod.in (+11/-5)
doc/man1/openssl-crl.pod.in (+4/-1)
doc/man1/openssl-mac.pod.in (+11/-6)
doc/man1/openssl-req.pod.in (+23/-10)
doc/man1/openssl-smime.pod.in (+5/-13)
doc/man1/openssl-storeutl.pod.in (+4/-1)
doc/man1/openssl-ts.pod.in (+4/-4)
doc/man3/DEFINE_STACK_OF.pod (+3/-3)
doc/man3/EVP_DigestInit.pod (+2/-2)
doc/man3/EVP_DigestSignInit.pod (+11/-8)
doc/man3/EVP_DigestVerifyInit.pod (+4/-1)
doc/man3/EVP_EncryptInit.pod (+4/-4)
doc/man3/EVP_KDF.pod (+2/-2)
doc/man3/EVP_PKEY_CTX_ctrl.pod (+4/-3)
doc/man3/EVP_PKEY_CTX_set_params.pod (+4/-2)
doc/man3/EVP_PKEY_check.pod (+6/-1)
doc/man3/EVP_PKEY_decrypt.pod (+12/-3)
doc/man3/OSSL_CMP_ITAV_new_caCerts.pod (+5/-2)
doc/man3/RSA_public_encrypt.pod (+11/-4)
doc/man3/SSL_CIPHER_get_name.pod (+2/-2)
doc/man3/SSL_CONF_cmd.pod (+17/-11)
doc/man3/SSL_CTX_set_cert_store.pod (+4/-2)
doc/man3/SSL_CTX_set_verify.pod (+4/-1)
doc/man3/SSL_CTX_use_certificate.pod (+3/-2)
doc/man3/SSL_load_client_CA_file.pod (+18/-2)
doc/man3/SSL_set_session_secret_cb.pod (+69/-0)
doc/man3/X509_STORE_CTX_new.pod (+4/-2)
doc/man7/EVP_PKEY-SM2.pod (+4/-1)
doc/man7/OSSL_PROVIDER-base.pod (+2/-2)
doc/man7/OSSL_PROVIDER-default.pod (+2/-2)
doc/man7/OSSL_STORE-winstore.pod (+86/-0)
doc/man7/ossl-guide-migration.pod (+25/-3)
doc/man7/provider-asym_cipher.pod (+2/-2)
engines/e_afalg.c (+4/-2)
engines/e_dasync.c (+2/-2)
fuzz/asn1.c (+11/-5)
fuzz/decoder.c (+14/-4)
include/crypto/bn.h (+11/-2)
include/internal/constant_time.h (+24/-1)
include/internal/e_os.h (+2/-1)
include/internal/quic_reactor.h (+3/-2)
include/internal/quic_stream_map.h (+36/-1)
include/internal/refcount.h (+2/-2)
include/internal/thread_arch.h (+3/-3)
include/openssl/e_os2.h (+2/-1)
include/openssl/hpke.h (+2/-2)
include/openssl/sslerr.h (+3/-1)
os-dep/Apple/PrivacyInfo.xcprivacy (+23/-0)
providers/fips-sources.checksums (+161/-161)
providers/fips.checksum (+1/-1)
providers/fips/fipsprov.c (+3/-1)
providers/fips/self_test_data.inc (+26/-26)
providers/implementations/ciphers/cipher_aes_gcm_hw.c (+3/-3)
providers/implementations/ciphers/cipher_aes_hw.c (+3/-3)
providers/implementations/ciphers/cipher_aes_ocb_hw.c (+3/-3)
providers/implementations/ciphers/cipher_aes_xts_hw.c (+2/-2)
providers/implementations/exchange/kdf_exch.c (+43/-1)
providers/implementations/kdfs/hkdf.c (+9/-1)
providers/implementations/rands/drbg.c (+3/-2)
providers/implementations/rands/drbg_ctr.c (+4/-3)
providers/implementations/rands/drbg_hash.c (+3/-2)
providers/implementations/rands/drbg_hmac.c (+3/-2)
providers/implementations/rands/drbg_local.h (+2/-1)
ssl/quic/quic_impl.c (+50/-24)
ssl/quic/quic_thread_assist.c (+2/-2)
ssl/quic/quic_tserver.c (+2/-2)
ssl/quic/quic_txp.c (+15/-5)
ssl/record/methods/tls_common.c (+12/-1)
ssl/record/rec_layer_s3.c (+45/-1)
ssl/record/record.h (+3/-2)
ssl/s3_lib.c (+5/-5)
ssl/ssl_err.c (+5/-1)
ssl/ssl_lib.c (+16/-43)
ssl/ssl_local.h (+2/-2)
ssl/ssl_sess.c (+31/-8)
ssl/statem/statem_lib.c (+7/-4)
ssl/statem/statem_srvr.c (+9/-9)
ssl/t1_lib.c (+34/-11)
test/bad_dtls_test.c (+2/-2)
test/build.info (+2/-1)
test/cmp_hdr_test.c (+33/-18)
test/ct_test.c (+8/-3)
test/dsatest.c (+7/-3)
test/ecdsatest.c (+27/-3)
test/ecstresstest.c (+2/-2)
test/evp_extra_test.c (+47/-1)
test/evp_pkey_provided_test.c (+45/-18)
test/evp_test.c (+10/-9)
test/helpers/ssltestlib.c (+34/-1)
test/helpers/ssltestlib.h (+3/-1)
test/keymgmt_internal_test.c (+7/-3)
test/pathed.cnf (+22/-0)
test/pkey_meth_kdf_test.c (+43/-12)
test/prov_config_test.c (+55/-1)
test/quic_client_test.c (+68/-18)
test/quic_multistream_test.c (+124/-6)
test/quicapitest.c (+28/-15)
test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem (+57/-0)
test/recipes/25-test_req.t (+2/-1)
test/recipes/30-test_evp_data/evpciph_sm4.txt (+7/-1)
test/recipes/30-test_prov_config.t (+5/-3)
test/recipes/60-test_x509_load_cert_file.t (+2/-1)
test/recipes/80-test_cmp_http_data/Mock/test.cnf (+2/-2)
test/recipes/80-test_cmp_http_data/test_commands.csv (+1/-1)
test/recipes/80-test_cms.t (+8/-1)
test/recipes/80-test_pkcs12.t (+13/-1)
test/recipes/90-test_shlibload.t (+2/-1)
test/recipes/90-test_sslapi.t (+16/-19)
test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh (+3/-3)
test/sm2_internal_test.c (+32/-9)
test/ssl-tests/14-curves.cnf.in (+6/-2)
test/ssl-tests/20-cert-select.cnf (+108/-108)
test/ssl-tests/20-cert-select.cnf.in (+35/-35)
test/ssl-tests/28-seclevel.cnf.in (+6/-2)
test/sslapitest.c (+561/-66)
test/sslbuffertest.c (+175/-1)
test/test.cnf (+6/-0)
test/threadpool_test.c (+42/-38)
test/tls-provider.c (+28/-11)
test/v3ext.c (+13/-4)
test/x509_load_cert_file_test.c (+7/-1)
util/missingssl.txt (+0/-1)
util/other.syms (+1/-0)
util/perl/OpenSSL/paramnames.pm (+2/-2)

~adrien/ubuntu/+source/openssl:merge-3.2.2-1

Merged into ubuntu/+source/openssl:ubuntu/devel at revision 621417f622415e5102b64a3933f98fcd49c09117

Simon Chopin (community): Approve on 2024-07-08

Diff: 12988 lines (+3784/-3273) (has conflicts)

217 files modified

~adrien/ubuntu/+source/openssl:merge-3.2

Merged into ubuntu/+source/openssl:debian/sid at revision 6fb328c2a1dba388961d61b4013ab168ec7c91a4

Simon Chopin (community): Approve on 2024-06-24

git-ubuntu import: Pending requested 2024-05-29

~adrien/ubuntu/+source/openssl:fips-avx512-and-lto

Merged into ubuntu/+source/openssl:ubuntu/devel at revision eb649aba51aad5f5a86e4ee9df407fa7d7b661f9

Simon Chopin (community): Approve on 2024-03-18

Adrien Nader (adrien) on 2024-03-15

summary:

- openssl is not LTO-safe
+ [FFe] openssl is not LTO-safe

Adrien Nader (adrien) on 2024-03-15

description:

updated

Adrien Nader (adrien) on 2024-03-15

summary:

- [FFe] openssl is not LTO-safe
+ openssl is not LTO-safe

Adrien Nader (adrien) on 2024-03-15

Changed in openssl (Ubuntu):
milestone:	none → ubuntu-24.04
assignee:	nobody → Adrien Nader (adrien-n)
status:	New → In Progress

Adrien Nader (adrien) on 2024-03-17

description:	updated
description:	updated

Adrien Nader (adrien) on 2024-03-17

description:

updated

Adrien Nader (adrien) on 2024-03-18

Changed in openssl (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-03-28:

This bug was fixed in the package openssl - 3.0.13-0ubuntu2

---------------
openssl (3.0.13-0ubuntu2) noble; urgency=medium

  [ Tobias Heider ]
  * Add fips-mode detection and adjust defaults when running in fips mode
    (LP: #2056593):
    - d/p/fips/crypto-Add-kernel-FIPS-mode-detection.patch:
      Detect if kernel fips mode is enabled
    - d/p/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch:
      Load FIPS provider if running in FIPS mode
    - d/p/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch:
      Limit openssl-speed to FIPS compliant algorithms when running in FIPS mode
    - d/p/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch
      Make sure DRBG respects query properties
    - d/p/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch:
      Make sure encoding runs with correct library context and provider

  [ Adrien Nader ]
  * Re-enable intel/0002-AES-GCM-enabled-with-AVX512-vAES-and-vPCLMULQDQ.patch
    (LP: #2030784)
    Thanks Bun K Tan and Dan Zimmerman
  * Disable LTO with which the codebase is generally incompatible (LP: #2058017)

-- Adrien Nader <email address hidden> Fri, 15 Mar 2024 09:46:33 +0100

Changed in openssl (Ubuntu):
status:	Fix Committed → Fix Released

Adrien Nader (adrien) on 2024-05-29

Changed in openssl (Ubuntu):
importance:	Undecided → High

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenssl package

openssl is not LTO-safe

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
openssl package