Matt Caswell [Thu, 25 Aug 2022 16:34:48 +0000 (17:34 +0100)]
Move numwpipes in the write record layer
We retain a numwpipes for now in the old record layer structure for use
by DTLS. This will eventually be removed when DTLS moves over to the new
way of doing things.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Matt Caswell [Thu, 25 Aug 2022 14:05:13 +0000 (15:05 +0100)]
Move write buffer management into the write record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Matt Caswell [Mon, 22 Aug 2022 15:09:23 +0000 (16:09 +0100)]
Replace references to s->wbio with rl->bio
We use the record layer reference to the BIO rather than the SSL object
reference. This removes an unneeded SSL object usage.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Matt Caswell [Mon, 22 Aug 2022 15:03:41 +0000 (16:03 +0100)]
Use the record layer msg_callback not the SSL object msg_callback
This removes unnecessary usage of the SSL object from the record layer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Matt Caswell [Mon, 22 Aug 2022 14:49:53 +0000 (15:49 +0100)]
Move checking for alerts to dispatch out of the record layer
This isn't a record layer responsibility so should be removed from
write_records.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Matt Caswell [Fri, 19 Aug 2022 15:54:09 +0000 (16:54 +0100)]
Create the write record layer method and object and use it
Make sure we set the write record layer method and create the object
where appropriate. Move the newly restructured writing code into the
record layer object.
For now we are cheating and still accessing the underlying SSL_CONNECTION
object. This will be removed in subsequent commits.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Matt Caswell [Fri, 12 Aug 2022 08:51:51 +0000 (09:51 +0100)]
Move initial TLS write record layer code into new structure
The new write record layer architecture splits record writing into
a "write_records" call and a "retry_write_records" call - where multiple
records can be sent to "write_records" in one go. We restructure the code
into that format in order that future commits can move these functions into
the new record layer more easily.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Tianjia Zhang [Tue, 28 Sep 2021 15:23:44 +0000 (23:23 +0800)]
test: Fix memory leak of asynctest
ASYNC_init_thread() will be called automatically by ASYNC_start_job(),
so ASYNC_cleanup_thread() must be called at last, otherwise it will
cause memory leak.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16703)
Tomas Mraz [Tue, 20 Sep 2022 14:48:59 +0000 (16:48 +0200)]
Maximum return value of BIO_ctrl_(w)pending is SIZE_MAX
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19240)
Tomas Mraz [Mon, 19 Sep 2022 08:36:21 +0000 (10:36 +0200)]
Fix error return values from BIO_ctrl_(w)pending()
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19240)
Pauli [Tue, 19 Jul 2022 02:47:58 +0000 (12:47 +1000)]
Add design document for the QUIC connection ID cache.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18824)
Pauli [Mon, 25 Jul 2022 04:36:44 +0000 (14:36 +1000)]
update overview with a note about many to one connection ID cache
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18824)
Hugo Landau [Fri, 23 Sep 2022 08:41:15 +0000 (09:41 +0100)]
Fix BIO_dgram_pair stochastic test failure
Fixes #19267.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19268)
Daniel Fiala [Wed, 21 Sep 2022 13:29:51 +0000 (15:29 +0200)]
Clear incorrectly reported errors in d2i_CMS_ContentInfo
Fixes openssl#19003
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19255)
slontis [Fri, 26 Aug 2022 01:54:35 +0000 (11:54 +1000)]
Add HPKE DHKEM provider support for EC, X25519 and X448.
The code is derived from @sftcd's work in PR #17172.
This PR puts the DHKEM algorithms into the provider layer as
KEM algorithms for EC and ECX.
This PR only implements the DHKEM component of HPKE as specified in
RFC 9180.
crypto/hpke/hpke_util.c has been added for fuctions that will
be shared between DHKEM and HPKE.
API's for EVP_PKEY_auth_encapsulate_init() and EVP_PKEY_auth_decapsulate_init()
have been added to support authenticated encapsulation. auth_init() functions
were chosen rather that a EVP_PKEY_KEM_set_auth() interface to support
future algorithms that could possibly need different init functions.
Internal code has been refactored, so that it can be shared between the DHKEM
and other systems. Since DHKEM operates on low level keys it needs to be
able to do low level ECDH and ECXDH calls without converting the keys
back into EVP_PKEY/EVP_PKEY_CTX form. See ossl_ecx_compute_key(),
ossl_ec_public_from_private()
DHKEM requires API's to derive a key using a seed (IKM). This did not sit
well inside the DHKEM itself as dispatch functions. This functionality
fits better inside the EC and ECX keymanagers keygen, since
they are just variations of keygen where the private key is generated
in a different manner. This should mainly be used for testing purposes.
See ossl_ec_generate_key_dhkem().
It supports this by allowing a settable param to be passed to keygen
(See OSSL_PKEY_PARAM_DHKEM_IKM).
The keygen calls code within ec and ecx dhkem implementation to handle this.
See ossl_ecx_dhkem_derive_private() and ossl_ec_dhkem_derive_private().
These 2 functions are also used by the EC/ECX DHKEM implementations to generate
the sender ephemeral keys.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19068)
olszomal [Mon, 19 Sep 2022 06:59:02 +0000 (08:59 +0200)]
OSSL_PROVIDER_set_default_search_path() return value
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19239)
Hugo Landau [Tue, 31 May 2022 19:22:40 +0000 (20:22 +0100)]
BIO_s_dgram_pair
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18442)
Matt Caswell [Thu, 23 Jun 2022 12:38:32 +0000 (13:38 +0100)]
Add additional messages to the DTLS dropped records test
Ensure we are testing a handshake that includes a HelloVerifyRequest and
what happens if we drop it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18654)
Matt Caswell [Thu, 23 Jun 2022 10:39:38 +0000 (11:39 +0100)]
Correctly handle a retransmitted ClientHello
If we receive a ClientHello and send back a HelloVerifyRequest, we need
to be able to handle the scenario where the HelloVerifyRequest gets lost
and we receive another ClientHello with the message sequence number set to
0.
Fixes #18635
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18654)
Hugo Landau [Tue, 20 Sep 2022 19:40:36 +0000 (20:40 +0100)]
Add deferred datagram limit to QUIC Record Layer RX
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19251)
Pauli [Sun, 18 Sep 2022 23:57:38 +0000 (09:57 +1000)]
Coverity
1515415: NULL dereference
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19236)
Pauli [Mon, 19 Sep 2022 00:48:07 +0000 (10:48 +1000)]
Remove unnecessary define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)
Pauli [Mon, 19 Sep 2022 00:47:06 +0000 (10:47 +1000)]
Runtime detect FIPS RNG usage in test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)
Pauli [Mon, 19 Sep 2022 00:31:12 +0000 (10:31 +1000)]
Remove FIPS condition on IV gen test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)
Pauli [Mon, 19 Sep 2022 00:28:25 +0000 (10:28 +1000)]
Remove FIPS condition on SM2 test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)
Dr. David von Oheimb [Tue, 6 Jul 2021 10:28:22 +0000 (12:28 +0200)]
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too
Also add related references to FR #15725.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)
Dr. David von Oheimb [Wed, 7 Jul 2021 12:14:01 +0000 (14:14 +0200)]
apps/x509.c: Remove legacy call to OBJ_create()
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)
Daniel Fiala [Sun, 18 Sep 2022 05:36:36 +0000 (07:36 +0200)]
Check that sk_SSL_CIPHER_value returns non-NULL value.
Fixes openssl#19162.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19233)
Patrik Sevallius [Sun, 18 Sep 2022 10:26:02 +0000 (12:26 +0200)]
Always use FORMAT_BINARY for infile
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19234)
Patrik Sevallius [Sun, 18 Sep 2022 10:24:56 +0000 (12:24 +0200)]
Update documentation, standard input is expected to be in binary format too
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19234)
Matt Caswell [Fri, 12 Aug 2022 12:27:21 +0000 (13:27 +0100)]
Use an enum for the return value from a construction function
Construction return values are no longer boolean but can return 3 different
values, so we use an enum to represent them.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)
Matt Caswell [Fri, 12 Aug 2022 12:24:19 +0000 (13:24 +0100)]
If a ticket key callback returns 0 in TLSv1.3 don't send a ticket
If we can't construct the ticket don't send one. This requires a change
to the TLS state machine to be able to a handle a construction function
deciding not to send a message after all.
Fixes #18977
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)
Matt Caswell [Fri, 12 Aug 2022 11:14:18 +0000 (12:14 +0100)]
Test a 0 return from the ticket key callback
A 0 return from a ticket key callback should indicate that crypto parameters
are not currently available and that the handshake should continue without
generating/using the ticket.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)
Tomas Mraz [Wed, 14 Sep 2022 08:41:04 +0000 (10:41 +0200)]
Fix detection of ktls support in cross-compile environment on Linux
Fixes #19212
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19213)
Daniel Fiala [Tue, 6 Sep 2022 05:51:59 +0000 (07:51 +0200)]
Add an EVP demo for AES key wrap
Fixes openssl#14119
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19141)
David von Oheimb [Thu, 11 Aug 2022 15:46:11 +0000 (17:46 +0200)]
80-test_ssl_new.t: make dependencies on CTLOG_FILE and TEST_CERTS_DIR explicit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
Dr. David von Oheimb [Sun, 7 Aug 2022 05:08:28 +0000 (07:08 +0200)]
stack.c: add missing direct error reporting and improve coding style
Doing so, had to fix sloppiness in using the stack API in crypto/conf/conf_def.c,
ssl/ssl_ciph.c, ssl/statem/statem_srvr.c, and mostly in test/helpers/ssltestlib.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
Dr. David von Oheimb [Sun, 7 Aug 2022 04:17:15 +0000 (06:17 +0200)]
x509_vpm.c: add missing direct error reporting and improve coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
David von Oheimb [Sun, 31 Jul 2022 05:15:40 +0000 (07:15 +0200)]
X509_STORE_CTX_set_default(): improve error handling, also in its use
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
Daniel Fiala [Fri, 5 Aug 2022 02:44:51 +0000 (04:44 +0200)]
Add tests for trace_api.
Fixes openssl#17422
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19096)
Daniel Fiala [Mon, 22 Aug 2022 06:41:36 +0000 (08:41 +0200)]
Add documentation and test for EVP_PBE_alg_add
Fixes openssl#18687
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19157)
Pauli [Tue, 13 Sep 2022 22:39:29 +0000 (08:39 +1000)]
Add CI to test old FIPS provider versions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)
Tomas Mraz [Tue, 13 Sep 2022 20:38:30 +0000 (22:38 +0200)]
With fips provider 3.0.0 skip tests related to explicit curves handling
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19201)
Tomáš Mráz [Tue, 13 Sep 2022 04:37:05 +0000 (14:37 +1000)]
EVP_PKEY_eq: regain compatibility with the 3.0.0 FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19201)
Pauli [Tue, 13 Sep 2022 01:23:03 +0000 (11:23 +1000)]
Fix default padding regression against 3.0.0 FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)
Pauli [Tue, 13 Sep 2022 00:52:25 +0000 (10:52 +1000)]
TDES: fix test with old FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)
Pauli [Mon, 12 Sep 2022 22:49:05 +0000 (08:49 +1000)]
evp_test: allow FIPS provider version based escapes in evp_test
Also fix a number of regressions when run against the 3.0.0 FIPS provider
that result from bug fixes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)
Pauli [Mon, 12 Sep 2022 22:46:34 +0000 (08:46 +1000)]
test: make unit tests FIPS provider version aware
Fixes #19171
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)
Akshat Maheshwari [Tue, 13 Sep 2022 07:03:21 +0000 (12:33 +0530)]
Fix a typo in the function name
X509_STORE_load_locations_ex() calls X509_STORE_load_file_ex() and X509_STORE_load_path(), there's no such function name as X509_STORE_load_dir().
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19202)
K1 [Tue, 13 Sep 2022 12:16:43 +0000 (20:16 +0800)]
Add support for PBE using hmacWithSM3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19204)
Richard Levitte [Wed, 14 Sep 2022 05:07:41 +0000 (07:07 +0200)]
util/wrap.pl.in: Use parentheses so `kill` gets all its arguments
In perl, this may be ambiguous:
fn (expr1), expr2
Is the comma (which may be `=>` just as well in this case) a separator
between arguments to `fn`, or is it the comma operator, separating the
expressions `fn(expr1)` and `expr2`? It appears that in this particular
case, perl takes the existing parentheses to mean the latter. When the
former was intended, extra parentheses are required.
Fixes #19209
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19211)
Hugo Landau [Fri, 8 Apr 2022 12:20:44 +0000 (13:20 +0100)]
Add support for loading root CAs from Windows crypto API
Fixes #18020.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)
Hugo Landau [Fri, 8 Apr 2022 12:10:52 +0000 (13:10 +0100)]
Fix URI handling in SSL_CERT_DIR/introduce SSL_CERT_URI env
Fixes #18068.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)
Richard Levitte [Wed, 14 Sep 2022 10:32:26 +0000 (12:32 +0200)]
Fix the OSSL_TIME fallback in include/internal/e_os.h
There's a fallback `ossl_sleep()` that uses `OSSL_TIME`. However,
nothing was done to ensure that `OSSL_TIME` is defined.
Adding an inclusion of "internal/time.h" should be enough.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19214)
Hugo Landau [Thu, 8 Sep 2022 13:10:38 +0000 (14:10 +0100)]
QUIC QRL: Fix bug in Handshake packet processing
We automatically dropped Initial keys when receiving a Handshake packet,
but did this regardless of whether the packet was successfully decrypted
and authenticated. Per the RFC, we should only drop Initial keys when
successfully processing a Handshake packet.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19176)
Tomas Mraz [Fri, 9 Sep 2022 12:46:24 +0000 (14:46 +0200)]
Fix AES-GCM on Power 8 CPUs
Properly fallback to the default implementation on CPUs
missing necessary instructions.
Fixes #19163
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19182)
Pauli [Tue, 14 Jun 2022 01:28:58 +0000 (11:28 +1000)]
design: TX Packetiser
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18570)
Pauli [Wed, 31 Aug 2022 06:15:44 +0000 (16:15 +1000)]
Fix white space
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Pauli [Mon, 29 Aug 2022 04:53:45 +0000 (14:53 +1000)]
libcrypto: remove reliance on struct timeval
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Pauli [Mon, 29 Aug 2022 04:52:44 +0000 (14:52 +1000)]
time: move OSSL_TIME to libcrypto
Keep building it for libssl without exposing any symbols.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Pauli [Wed, 31 Aug 2022 03:11:15 +0000 (13:11 +1000)]
Avoid struct timeval in QUIC code
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Pauli [Mon, 29 Aug 2022 04:17:25 +0000 (14:17 +1000)]
ssl: modify libssl so that it uses OSSL_TIME
This is instead of time_t and struct timeval. Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME internally.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Pauli [Mon, 29 Aug 2022 03:41:26 +0000 (13:41 +1000)]
time: add some additional utilities and document everything
Some of the recently added functions were not documents. This has been addressed.
Also added utility functions for conversions between time_t, seconds and struct timeval
to/from OSSL_TIME.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Dr. David von Oheimb [Tue, 13 Sep 2022 07:32:25 +0000 (09:32 +0200)]
apps/openssl-vms.cnf: reflect latest changes by 'make update'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19179)
Dr. David von Oheimb [Thu, 8 Sep 2022 15:17:06 +0000 (17:17 +0200)]
Revert (most of) "Makefile: Generate crypto objects only as far as needed"
This reverts all adaptations by commit
89c39bd8f6528ad268c1c0d0c9e196ba4396941b
on Configurations/unix-Makefile.tmpl except for additions to .PHONY
Fixes #19087
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19179)
Richard Levitte [Mon, 12 Sep 2022 15:29:53 +0000 (17:29 +0200)]
Checking __STDC_VERSION__ rather than __STRICT_ANSI__
`__STRICT_ANSI__` is a gnuish flag macro that indicates if `-ansi`
was given on the command line. To check the C version, it's better
to check the macro `__STDC_VERSION__`.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19197)
David Carlier [Thu, 8 Sep 2022 21:16:31 +0000 (22:16 +0100)]
OSSL_CRYPTO_ALLOC attribute introduction proposal.
Giving hint to the compiler the returned pointer is not aliased
(so realloc-like api is de facto excluded).
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19180)
Michael Baentsch [Fri, 9 Sep 2022 13:43:15 +0000 (15:43 +0200)]
update oqsprovider/liboqs to v0.7.2
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19184)
Paul Yang [Fri, 9 Sep 2022 07:48:24 +0000 (15:48 +0800)]
Fix PROV_RC5_CTX's original structure name
It looks like a typo when copy & pasting the structure from blowfish.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19186)
Tom Cosgrove [Fri, 9 Sep 2022 06:24:48 +0000 (07:24 +0100)]
Fix tests when configured with -DOPENSSL_USE_IPV6=0
In include/internal/sockets.h it says that you can disable IPv6, and only
defines OPENSSL_USE_IPV6 (to 0 or 1) if it's not already defined.
The codebase generally then checks `#if OPENSSL_USE_IPV6`.
However, test_bio_dgram uses `#if defined(OPENSSL_USE_IPV6)` which means it tries
to test IPv6 even if it's explicitly configured out with -DOPENSSL_USE_IPV6=0
(`#if defined(OPENSSL_USE_IPV6)` is always true).
This fixes that.
Change-Id: Ie1641c9dd654f27f3bdca186517df5599ad1059b
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19181)
Pauli [Thu, 8 Sep 2022 02:54:23 +0000 (12:54 +1000)]
list: add an option to list all available algorithms
Fixes #19145
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19168)
Dr. David von Oheimb [Mon, 29 Aug 2022 11:59:02 +0000 (13:59 +0200)]
crypto/x509/{x509_req,x_all}.c: add some NULL parameter checks, improve coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19090)
Gibeom Gwon [Sat, 27 Aug 2022 13:29:28 +0000 (22:29 +0900)]
X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19090)
Gibeom Gwon [Sat, 27 Aug 2022 13:04:38 +0000 (22:04 +0900)]
X509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updated
We need to reencode X509_req_info_st if member data updated.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19090)
a1346054 [Thu, 8 Sep 2022 08:11:53 +0000 (08:11 +0000)]
openssl.cnf: split option value and comment and remove leading space
CLA: trivial
Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19173)
Todd Short [Thu, 1 Sep 2022 19:31:21 +0000 (15:31 -0400)]
Cleanup EBCDIC string defintions
Use a single definiton for protocol string defintions.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19122)
Matt Caswell [Wed, 31 Aug 2022 11:31:24 +0000 (12:31 +0100)]
Add some API tests for TLSv1.3 record padding
We have some ssl_test_new tests for record padding. But these only use
the block padding approach set via a config file on the SSL_CTX. We add
tests for all the various API calls.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19103)
Gang Chen [Wed, 7 Sep 2022 06:31:31 +0000 (14:31 +0800)]
crypto/conf: gcc build warning fix
Fix the gcc build warning from conf_sap.c:
variable flags set but not used [-Wunused-but-set-variable]
variable appname set but not used [-Wunused-but-set-variable]
variable filename set but not used [-Wunused-but-set-variable]
CLA: trivial
Signed-off-by: Gang Chen <gang.c.chen@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19153)
Juergen Christ [Wed, 7 Sep 2022 13:01:17 +0000 (15:01 +0200)]
s390x: fix ecx derive
Derivation via ecx-methods did not properly set the length. Make the code
more similar to common code and set the length property.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19158)
Todd Short [Tue, 6 Sep 2022 15:18:54 +0000 (11:18 -0400)]
Remove perror() usage in library
The dgram code used perror extensively.
Keep the `perror()` in the allocation code; it's used for debugging only.
Keep the `perror()`s in the demos, tests and apps.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19148)
Tomas Mraz [Wed, 7 Sep 2022 06:41:05 +0000 (08:41 +0200)]
bio_dgram_test.c: Fix warning from older clang compilers
Older clang compilers warn about the initializer:
test/bio_dgram_test.c:107:29: error: suggest braces around initialization
of subobject [-Werror,-Wmissing-braces]
struct in6_addr ina6 = {0};
^
{}
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19152)
Daniel Fiala [Tue, 6 Sep 2022 04:27:46 +0000 (06:27 +0200)]
Add an EVP demo for key encoding using EC
Fixes openssl#14117
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19143)
Hugo Landau [Wed, 7 Sep 2022 16:59:04 +0000 (17:59 +0100)]
Fix BIO_sendmmsg/BIO_recvmmsg issues on FreeBSD
Fixes #19156.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19164)
Tristan Lelong [Mon, 5 Sep 2022 09:14:40 +0000 (11:14 +0200)]
Fix undefined ipi_spec_dst for cygwin build.
The 'struct in_pktinfo' doesn't have a 'ipi_spec_dst' field on windows
OS which break cygwin builds of OpenSSL.
Signed-off-by: Tristan Lelong <tlelong@google.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19134)
Dr. David von Oheimb [Sat, 28 May 2022 18:26:43 +0000 (20:26 +0200)]
apps/lib/http_server.{c,h}: clean up logging and move it to log.{c,h}
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
Dr. David von Oheimb [Sat, 28 May 2022 16:50:18 +0000 (18:50 +0200)]
apps/ocsp.c etc.: rename 'multi' to 'n_responders' for clarity
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
Dr. David von Oheimb [Sat, 28 May 2022 16:44:02 +0000 (18:44 +0200)]
APPS HTTP server: trace requests and responses when enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
Dr. David von Oheimb [Sat, 28 May 2022 16:27:44 +0000 (18:27 +0200)]
OSSL_trace_enabled.pod: add missing synopsis for OSSL_TRACE()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
Pauli [Tue, 6 Sep 2022 01:41:35 +0000 (11:41 +1000)]
Coverity: explicit null dereference
Coverity is being pretty silly here but adding the explicit pointer checks
will stop a crash if something goes badly awry.
Fixes Coverity
1513706 -
1513709
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19136)
Tomas Mraz [Fri, 1 Apr 2022 15:01:15 +0000 (17:01 +0200)]
Initial congestion control API design
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18018)
Tomas Mraz [Mon, 5 Sep 2022 08:17:58 +0000 (10:17 +0200)]
Fix build failure on freebsd due to missing data declaration
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19130)
Pauli [Sun, 4 Sep 2022 21:56:37 +0000 (07:56 +1000)]
Coverity
1513478: negative return
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19126)
xtkoba [Fri, 2 Sep 2022 07:44:17 +0000 (16:44 +0900)]
test/pkcs12_api_test.c: fix failure on MinGW
Use binary mode when opening a file.
Partially fixes #18017.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19117)
Pauli [Fri, 2 Sep 2022 04:44:02 +0000 (14:44 +1000)]
list: add a doubly linked list type.
These list can be embedded into structures and structures can be members of
multiple lists. Moreover, this is done without dynamic memory allocation.
That is, this is legal:
typedef struct item_st ITEM;
struct item_st {
...
OSSL_LIST_MEMBER(new_items, ITEM);
OSSL_LIST_MEMBER(failed_items, ITEM);
...
};
DEFINE_LIST_OF(new_items, TESTL);
DEFINE_LIST_OF(failed_items, TESTL);
struct {
...
OSSL_LIST(new_items) new;
OSSL_LIST(failed_items) failed;
...
} *st;
ITEM *p;
for (p = ossl_list_new_items_head(&st->new); p != NULL;
p = ossl_list_new_items_next(p))
/* do something */
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19115)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 16:01:11 +0000 (00:01 +0800)]
provider: cipher: aes: add riscv32 zkn (zbkb) support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 15:44:31 +0000 (23:44 +0800)]
aes_platform: add riscv32 zkn asm support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 15:29:34 +0000 (23:29 +0800)]
add build support for riscv32 aes zkn
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 16:02:44 +0000 (00:02 +0800)]
Add RISC-V 32 cpuid support
Mainly from #17640
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 15:23:29 +0000 (23:23 +0800)]
Add linux32-riscv32/BSD-riscv32 target
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 14:24:43 +0000 (22:24 +0800)]
Add AES implementation in riscv32 zkn asm
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)