Commit Graph

2915 Commits

Author SHA1 Message Date
Neil Horman
f3be536686 Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata()
It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values
when not provided in the param list to EVP_PKEY_fromdata.  Augment the
provider in ossl_rsa_fromdata to preform this generation iff:
a) At least p q n e and e are provided
b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1

Fixes #21826

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21875)
2024-01-09 12:03:32 +01:00
slontis
f1f0731ddf Add missing documentation for X509_ATTRIBUTE related functions.
Partial fix for #8026

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22656)
2024-01-03 12:50:54 +01:00
Vitalii Koshura
f60559eb95 Disable building quicserver utility when configured with no-apps option
Signed-off-by: Vitalii Koshura <lestat.de.lionkur@gmail.com>

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23149)
2023-12-29 10:16:46 +01:00
Dr. David von Oheimb
bedffe1731 crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-21 23:06:42 +01:00
Rajeev Ranjan
192bfec487 crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-21 22:53:35 +01:00
Hugo Landau
5304d56335 ERR: Add ERR_pop()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
2023-12-21 08:12:06 +00:00
Hugo Landau
e801455446 QUIC CHANNEL: Consolidate forward object declarations in a single header
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
2023-12-21 08:11:59 +00:00
Dr. David von Oheimb
7c6577ba9f CMP lib and app: add optional certProfile request message header and respective -profile option
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
2023-12-19 13:07:19 +01:00
Hugo Landau
75caab2718 LHASH: Document down_load functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22981)
2023-12-13 15:26:59 +00:00
Michael Osipov
253c5667a9 Fix detection on HP-UX (IA64)
HPE has a weird preference to prefix letters and zero-padding. Properly trim
them before processing.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22891)
2023-12-04 09:42:56 +01:00
Xi Ruoyao
d7c0fc5b1a Do not define L_ENDIAN (for now) when we guessed linux64-loongarch64
In 160f48941d I made L_ENDIAN defined when the system is guessed to be
linux64-loongarch64.  Unfortunately now I found it problematic:

1. This should be added into Configurations/10-main.conf, not here.
   Having it here causes a different configuration when
   linux64-loongarch64 is explicitly specified than guessed.
2. With LTO enabled, this causes many test failures on
   linux64-loongarch64 due to #12247.

So I think we should remove it for now (master and 3.2 branch), and
reintroduce it to Configurations/10-main.conf when we finally sort
out #12247.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22812)
2023-11-28 15:27:43 +01:00
Richard Levitte
df5e72d220 Adapt C compiler detection for VSI C on x86_64
VSI C on OpenVMS for x86_64 has a bit more information than on other
hardware.  This is no doubt because it's based on LLVM which leaves an
opening for cross compilation.

VSI C on Itanium:

    $ CC/VERSION
    VSI C V7.4-001 on OpenVMS IA64 V8.4-2L3

VSI C on x86_64:

    $ CC/VERSION
    VSI C x86-64 X7.4-843 (GEM 50XB9) on OpenVMS x86_64 V9.2-1

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22792)
2023-11-23 15:11:33 +00:00
Neil Horman
dcfd8cfd4a Update ci and ABI xml files to validate function parameters
libabigail is currenly only validating symbol presence and version
information in ci.  We should also be validating function parameters,
types, etc.  To do this we need to build the library with -g so the
dwarf information is available for libabigail to interrogate

while we're at it, also add a script to re-generate the xml that abidiff
uses for comparison during ci runs, to make updates easier

Fixes #22712

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22713)
2023-11-15 11:08:17 +01:00
Richard Levitte
c768ccebc7 Add exporters for CMake
CMake's older package finder, FindOpenSSL.cmake, does a best guess effort
and doesn't always get it right.

By CMake's own documentation, that's what such modules are (best effort
attempts), and package producers are (strongly) encouraged to help out by
producing and installing <PackageName>Config.cmake files to get a more
deterministic configuration.

The resulting OpenSSLConfig.cmake tries to mimic the result from CMake's
FindOpenSSL.cmake, by using the same variable and imported target names.
It also adds a few extra variables of its own, such as:

    OPENSSL_MODULES_DIR     Indicates the default installation directory
                            for OpenSSL loadable modules, such as providers.
    OPENSSL_RUNTIME_DIR     Indicates the default runtime directory, where
                            for example the openssl program is located.
    OPENSSL_PROGRAM         Is the full directory-and-filename of the
                            openssl program.

The imported targets OpenSSL::Crypto and OpenSSL::SSL are as precisely
specified as possible, so for example, they are specified with the both the
import library and the DLL on Windows, which should make life easier on that
platform.

For the moment, one of the following must be done in your CMake project for
this CMake configuration to take priority over CMake's FindOpenSSL.cmake:

-   The variable CMAKE_FIND_PACKAGE_PREFER_CONFIG must be set to true prior
    to the 'find_package(OpenSSL)' call.
-   The 'find_package' call itself must use the "Full Signature".  If you
    don't know any better, simply add the 'CONFIG' option, i.e. from this
    example:

        find_package(OpenSSL 3.0 REQUIRED)

    to this:

        find_package(OpenSSL 3.0 REQUIRED CONFIG)

Just as with the 'pkg-config' exporters, two variants of the .cmake files
are produced:

- Those in 'exporters/' are installed in the location that 'pkg-config'
  itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
  directly against an OpenSSL build tree.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)
2023-11-15 08:22:29 +01:00
Richard Levitte
2ac569a67b Clean up exporters, specifically those we have for pkg-config
The pkg-config exporters were a special hack, all in
Configurations/unix-Makefile.tmpl, and this was well and good as long
as that was the only main package interface configuration system that we
cared about.

Things have changed, though, so we move the pkg-config production to be
templatable in a more flexible manner.  Additional templates for other
interface configuration systems can then be added fairly easily.

Two variants of the .pc files are produced:

- Those in 'exporters/' are installed in the location that 'pkg-config'
  itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
  directly against an OpenSSL build tree.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)
2023-11-15 08:22:29 +01:00
Tomas Mraz
9e75a0b911 Fix CI breakage due to ABIDIFF failure
Also sync libcrypto.num and libssl.num with 3.2 branch and
fix the EVP_DigestSqueeze symbol version.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22688)
2023-11-10 16:38:39 +01:00
slontis
5366490822 Add EVP_DigestSqueeze() API.
Fixes #7894

This allows SHAKE to squeeze multiple times with different output sizes.

The existing EVP_DigestFinalXOF() API has been left as a one shot
operation. A similar interface is used by another toolkit.

The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. This involves changing the
assembler code so that it passes a boolean to indicate whether
the Keccak function should be called on entry.
At the provider level, the squeeze is buffered, so that it only requests
a multiple of the blocksize when SHA3_Squeeze() is called. On the first
call the value is zero, on subsequent calls the value passed is 1.

This PR is derived from the excellent work done by @nmathewson in
https://github.com/openssl/openssl/pull/7921

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21511)
2023-11-10 13:27:00 +01:00
Neil Horman
fe26b6b496 Fix quicserver binding when duplicate entries exist
In testing the quic demos, I found that the quicserver refused to start for me,
indicating an inability to bind a socket to listen on

The problem turned out to be that getaddrinfo on my system was returning
multiple entries, due to the fact that /etc/host maps the localhost host name to
both ipv4 (127.0.0.1) and ipv6 (::1), but returns the latter as an ipv4 mapped
address (specifying family == AF_INET)

It seems like the proper fix would be to modify the /etc/hosts file to not make
that mapping, and indeed that works.  However, since several distribution ship
with this setup, it seems like it is worthwhile to manage it in the server code.

its also that some other application may be bound to a given address/port
leading to failure, which I think could be considered erroneous, as any failure
for the full addrinfo list in quicserver would lead to a complete failure

Fix this by modifying the create_dgram_bio function to count the number of
sockets is successfully binds/listens on, skipping any failures, and only exit
the application if the number of bound sockets is zero.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22559)
2023-11-02 11:26:21 +00:00
Neil Horman
796e5f9648 Create a rudimentary symbol scanning script
We would like to be able to log and audit the symbols we use in openssl
so that we might catch when a new platform symbols is referecned

Add such a script (just on unix platforms for now) that gathers the used
symbols not belonging to libcrypto or libssl, and compare it to a prior
known set of used symbols.  Error out if a new symbol is found

Add this script to the ci workflow in CI to capture newly
introduced platform symbols

Fixes #22330

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22478)
2023-11-01 16:32:26 +01:00
Matt Caswell
ddf84fc47e Stop the quicserver if the handshake or receiving the request fails
Previously we entered an infinite loop if these things failed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22557)
2023-11-01 12:11:45 +01:00
Hugo Landau
acf95129bc Adjust mdl configuration
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22405)
2023-10-24 17:34:07 +01:00
Tomas Mraz
6a92159d01 All lh_stats functions were deprecated in 3.1
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22247)
2023-10-04 07:52:41 +11:00
Pauli
fffa78c2fd fips selftest: avoid relying on a real RNG for self tests
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG.  This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
2023-09-27 17:22:54 +01:00
Matt Caswell
a18c9f8091 Implement a public BIO_ADDR_copy() function
We already have BIO_ADDR_dup() but in some contexts that is not sufficent.
We implement BIO_ADDR_copy() and make BIO_ADDR_dup() use it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
2023-09-25 07:46:45 +10:00
Sumitra Sharma
955c133ccc Add documentation for the function SSL_CONF_CTX_finish.
Add documentation for the function SSL_CONF_CTX_finish() in man3.

Fixes #22084

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22128)
2023-09-20 10:25:51 +10:00
Dmitry Belyavskiy
1aac593600 Store: API for deletion - make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21901)
2023-09-15 10:18:36 +02:00
Matt Caswell
11b7d46fa7 Return NULL if we fail to create a BIO in the demos/quicserver
Strictly speaking the previous code was still correct since BIO_set_fd
is tolerant of a NULL BIO. But this way is more clear.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
2023-09-08 15:44:37 +01:00
Matt Caswell
da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
Tomas Mraz
b12c07cfba quicserver.c: Fix build with no-ssl-trace
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21958)
2023-09-05 09:42:08 +10:00
Hugo Landau
7d9e447ab8 QUIC API: Revise SSL_get_conn_close_info to use a flags field
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
2023-09-01 14:02:50 +01:00
Hugo Landau
cc50b44e55 Document OSSL_get_thread_support_flags()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
2023-09-01 14:02:50 +01:00
Hugo Landau
d2e9e12b23 QUIC APL: Allow stream origin to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
2023-09-01 14:02:50 +01:00
Hugo Landau
abeb41b42f Minor updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
2023-09-01 10:45:36 +01:00
Hugo Landau
4426c47d66 Add manpages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
2023-09-01 10:45:36 +01:00
Dmitry Belyavskiy
9d2f7e1f61 OSSL_PROVIDER_load_ex
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21604)
2023-08-30 21:55:47 +02:00
Matthias St. Pierre
84364b9dc6 man: update missingcrypto.txt file
Remove some entries which have been documented meanwhile.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21873)
2023-08-30 15:51:47 +01:00
Hugo Landau
bd3b026faa Minor fix during rebase
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
2023-08-30 08:28:22 +01:00
Hugo Landau
3bc38ba071 QUIC MULTISTREAM TEST: Test WAIT_PEER
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
2023-08-30 08:28:22 +01:00
Frederik Wedel-Heinen
2de153dc5a Removed unused struct ssl3_comp_st
Fixes #21731

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21803)
2023-08-29 16:59:54 +02:00
Hugo Landau
9d6bd3d30f QUIC APL: Implement backpressure on stream creation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
2023-08-25 15:10:43 +02:00
Matt Caswell
f6225f4f69 Update quicserver to be able to handle multiple streams
We extend quicserver so that it can handle multiple requests with an
HTTP request on each one. If a uni-directional stream comes in we create
a uni-directional stream for the response

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
2023-08-25 11:42:51 +01:00
Hugo Landau
ce7a9e23fb QUIC: Rename SSL_set_initial_peer_addr to SSL_set1_initial_peer_addr
Fixes #21701

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21814)
2023-08-24 11:47:57 +01:00
Matt Caswell
f430713c8c Add a -trace option to quicserver to enable tracing of the communication
Trace output of the communication with the client is dumped to stderr if
the -trace options is supplied

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)
2023-08-24 10:33:58 +01:00
vl-loz
4a469cba27 Add X509_STORE_CTX_set_get_crl and X509_STORE_CTX_set_current_reasons
This change is for feature request #21679.

Adds a couple of setters to aid with custom CRL validation.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21737)
2023-08-17 21:34:12 +02:00
Tomas Mraz
4dec9285d3 quicserver.c: Use BIO_printf to stderr instead of plain printf
Fixes #21623

Also do not build quicserver with no-stdio as it is a test
utility and tests are disabled with no-stdio anyway.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21677)
2023-08-14 15:53:44 +02:00
Hugo Landau
7a2bb2101b QUIC TLS: Rethink error handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
2023-08-08 14:33:42 +01:00
Samuel Thibault
7c729851d1 Add hurd-x86_64 support
This also upgrades flags similarly to the Linux configuration.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20896)
2023-08-04 13:34:21 -04:00
Matt Caswell
829eec9f86 Add the ability for tserver to use a pre-existing SSL_CTX
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)
2023-08-02 20:27:07 +01:00
Matt Caswell
747b51f483 Correctly keep track of where we are in the quicserver request buffer
If the request comes in in multiple chunks properly keep tract of where
we are.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21578)
2023-08-02 15:07:07 +01:00
Xi Ruoyao
160f48941d Add system guessing for linux64-loongarch64 target
Now the default is linux-generic32, it's not good for loongarch64.

We can also test if the assembler supports vector instructions here and
disable asm if not.

Closes #21340.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21510)
2023-08-01 19:41:46 +02:00