From nobody Fri Aug 11 02:37:06 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RMScM2g10z4m35c; Fri, 11 Aug 2023 02:37:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RMScM1ZLvz4KZ2; Fri, 11 Aug 2023 02:37:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691721427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KV305mQkXZwDhaCeZMyAwOssIuabOSMjCVZOk8uLEyE=; b=nuh3EvrlzRIaIpe22/QDDHLcgnAUz5JnkfMELY3fR5XsOcIIvNq0JYC4IcjdSIwW3lbuYs TfbTl0NAtBp3KCtDo73LqireHXY2NPIoN6vavIoLb3kAW4Yk4sed1f0LCfpVk3Ll+NVd6Z lN24B3ADBA/0z5i8m2afhr/dTlAnKU+QhSvWmaq92A1zJRu5Yr4YC0YLgal+wwb+hiYNoW YK06wjpK6mhObAN4eDAGjUFmTXfIFV8ydE6iqKWqmpV9rgT3ildXHQQcFUyFU8AZFuqYQV ++aL+u5zn7KTeQHjagh97Lo5b4ByhYr4ROUxRJX9m2dcTTy5w66YUzaO+oIXJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691721427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KV305mQkXZwDhaCeZMyAwOssIuabOSMjCVZOk8uLEyE=; b=FD1Y8mDEsIdhqvayg3IMpbC7HRfAwqSoXIKY53CJzYJa/WSyp7XJiEaIGqLbJAQiPoivFp m/GOTJAhWGVhnCsdpNbmti6WDhk14h416t764pUZwxCnZjg22KM7+wZtE/N4Cj72Q/isJR lH9vJmQrVZT0XY90g+XovRirHrdoAkyMXgcMlcu9pyBCXJMp6sl2JS3hgEprshsnTIsiSK K3V/RAaUxUXzX0NjQRaQF33EFjtGCdYYQOqy8UNaeQInLdcfgcXIKi8mqvaNOnw/vqeghF LJ5SW0bzgPA/e4Hs+zs9sdPGektZ+JQAU9Bb3b6HNWFREjd+7wY66LBPvnPMwg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691721427; a=rsa-sha256; cv=none; b=XKnIJUVauptT7W+Ku4linYD+HJEvqapRMyZprhQSp7TdiX9aoiXnAeQNIg0ZUGQ48WHOvF D9ya8o+s6DgXB+kTyhTIwdlok6ZAKQsAYDAh1I5ztSsupfbkfIOVcYg0tlfzLdrAQ412UY 01HUc+Npe0kGicWazo3ZU6SODN3/gVWpB2DR5D9hBFkGM02XT79D4Zt8J0gFdSP8hk0L1t Rltwz7AaKg4pwPKsmezNqZ2Q9e4SBWA2AiOQmjQ9i4mqsPc5AGoOsXDiyhfEiXvTPfQ1EK hioFETqxHBgHB4tOEAbEKYia8K3gbHvS9inqXjN1OgmK6Oz2K/68aPY7PltzHQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RMScM0gGJz71P; Fri, 11 Aug 2023 02:37:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37B2b6SW041879; Fri, 11 Aug 2023 02:37:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37B2b6CY041876; Fri, 11 Aug 2023 02:37:06 GMT (envelope-from git) Date: Fri, 11 Aug 2023 02:37:06 GMT Message-Id: <202308110237.37B2b6CY041876@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jung-uk Kim Subject: git: 6b405053c997 - main - OpenSSL: clean up botched merges in OpenSSL 3.0.9 import List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jkim X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6b405053c9977e2991a8a880f197f56107e29d87 Auto-Submitted: auto-generated The branch main has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=6b405053c9977e2991a8a880f197f56107e29d87 commit 6b405053c9977e2991a8a880f197f56107e29d87 Author: Jung-uk Kim AuthorDate: 2023-08-11 02:36:15 +0000 Commit: Jung-uk Kim CommitDate: 2023-08-11 02:36:15 +0000 OpenSSL: clean up botched merges in OpenSSL 3.0.9 import No functional change intended. --- crypto/openssl/crypto/bn/bn_local.h | 20 -------------------- crypto/openssl/doc/man3/SSL_CTX_set_options.pod | 23 ----------------------- 2 files changed, 43 deletions(-) diff --git a/crypto/openssl/crypto/bn/bn_local.h b/crypto/openssl/crypto/bn/bn_local.h index 7c4d1d3ab78a..50e9d26e215b 100644 --- a/crypto/openssl/crypto/bn/bn_local.h +++ b/crypto/openssl/crypto/bn/bn_local.h @@ -62,26 +62,6 @@ # define BN_SOFT_LIMIT (4096 / BN_BYTES) # endif -/* - * This should limit the stack usage due to alloca to about 4K. - * BN_SOFT_LIMIT is a soft limit equivalent to 2*OPENSSL_RSA_MAX_MODULUS_BITS. - * Beyond that size bn_mul_mont is no longer used, and the constant time - * assembler code is disabled, due to the blatant alloca and bn_mul_mont usage. - * Note that bn_mul_mont does an alloca that is hidden away in assembly. - * It is not recommended to do computations with numbers exceeding this limit, - * since the result will be highly version dependent: - * While the current OpenSSL version will use non-optimized, but safe code, - * previous versions will use optimized code, that may crash due to unexpected - * stack overflow, and future versions may very well turn this into a hard - * limit. - * Note however, that it is possible to override the size limit using - * "./config -DBN_SOFT_LIMIT=" if necessary, and the O/S specific - * stack limit is known and taken into consideration. - */ -# ifndef BN_SOFT_LIMIT -# define BN_SOFT_LIMIT (4096 / BN_BYTES) -# endif - # ifndef OPENSSL_SMALL_FOOTPRINT # define BN_MUL_COMBA # define BN_SQR_COMBA diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_options.pod b/crypto/openssl/doc/man3/SSL_CTX_set_options.pod index 1d5656b3ca63..176f8d25fc31 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_options.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_options.pod @@ -317,29 +317,6 @@ only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.) -=item SSL_OP_ENABLE_KTLS - -Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must -have been compiled with support for it, and it must be supported by the -negotiated ciphersuites and extensions. The specific ciphersuites and extensions -that are supported may vary by platform and kernel version. - -The kernel TLS data-path implements the record layer, and the encryption -algorithm. The kernel will utilize the best hardware -available for encryption. Using the kernel data-path should reduce the memory -footprint of OpenSSL because no buffering is required. Also, the throughput -should improve because data copy is avoided when user data is encrypted into -kernel memory instead of the usual encrypt then copy to kernel. - -Kernel TLS might not support all the features of OpenSSL. For instance, -renegotiation, and setting the maximum fragment size is not possible as of -Linux 4.20. - -Note that with kernel TLS enabled some cryptographic operations are performed -by the kernel directly and not via any available OpenSSL Providers. This might -be undesirable if, for example, the application requires all cryptographic -operations to be performed by the FIPS provider. - =back The following options no longer have any effect but their identifiers are