Containers are objects that are containers for a bunch of other
objects with types we recognise but aren't readable in a stream. Such
containers are read and parsed, and their content is cached, to be
served one object at a time.
This extends the FILE_HANDLER type to include a function to destroy
the cache and a function to simulate the EOF check.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
This STORE module adds the following functionality:
- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
that accesses a URI and helps loading the supported objects (PKEYs,
CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
reference.
- Functions to register and unregister loaders for different URI
schemes. This enables dynamic addition of loaders from applications
or from engines.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
The BSD cryptodev.h doesn't have things like COP_FLAG_WRITE_IV and
COP_FLAG_UPDATE. In that case, we need to implement that
functionality ourselves.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
due to this clash, this wasn't the case. The BIO ended up going into peek
mode and was continually reading the same data over and over - throwing it
away as a replay.
Fixes#3723
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3724)
It is an API to be used from the early callback that indicates what
extensions were present in the ClientHello, and in what order.
This can be used to eliminate unneeded calls to SSL_early_get0_ext()
(which itself scales linearly in the number of extensions supported
by the library).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2976)
Make funcs to deal with non-null-term'd string
in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm().
Fixes issue #3444.
This one is used to enforce strict format (RFC 5280) check and to
convert GeneralizedTime to UTCTime.
apps/ca has been changed to use the new API.
Test cases and documentation are updated/added
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3566)
This incorrectly spelled item exists for compatibility purposes
CLA: Trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3460)
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3622)
This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3378)
Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)
This can be used by engines that need to retain the data for a longer time
than just the call where this user data is passed.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3575)
Unfortunately it affects error code macros in public cms.h header, for
which reason misspelled names are preserved for backward compatibility.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3463)
Not exactly everywhere, but in those source files where stdint.h is
included conditionally, or where it will be eventually
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3447)
Add "single part" digest sign and verify functions. These sign and verify
a message in one function. This simplifies some operations and it will later
be used as the API for algorithms which do not support the update/final
mechanism (e.g. PureEdDSA).
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3409)
It is invalid if we receive an HRR but no change will result in
ClientHello2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3414)
Split the PEM_bytes_read_bio() implementation out into a
pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE
as needed. Adjust the cleanup to properly use OPENSSL_secure_free()
when needed, and reimplement PEM_bytes_read() as a wrapper around
the _flags helper.
Add documentation for PEM_bytes_read_bio() and the new secmem variant.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
The extended function includes a 'flags' argument to allow callers
to specify different requested behaviors. In particular, callers can
request that temporary storage buffers are allocated from the secure heap,
which could be relevant when loading private key material.
Refactor PEM_read_bio to use BIO_mems instead of BUFs directly,
use some helper routines to reduce the overall function length, and make
some of the checks more reasonable.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
When using the -trace option with TLSv1.3 all records appear as "application
data". This adds the ability to see the inner content type too.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3408)
The TLSv1.3 spec says that a server SHOULD send supported_groups in the
EE message if there is a group that it prefers to the one used in the
key_share. Clients MAY act on that. At the moment we don't do anything
with it on the client side, but that may change in the future.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3395)
This enables us to know what messages the extensions are relevant for in
TLSv1.3. The new file format is not compatible with the previous one so
we call it SERVERINFOV2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
Add padding callback for application control
Standard block_size callback
Documentation and tests included
Configuration file/s_client/s_srver option
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3130)
Bug found and fix suggested by Julian Rüth.
Push error if fflush fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3266)
Provide a way to test whether the SSL_SESSION object can be used to resume a
sesion or not.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
Many signature types define the digest and public key type by a single OID
such as ecdsa_with_sha256.
Some types (RSA-PSS for example) use a single OID to indicate the signature
scheme and additional parameters are encoded in the AlgorithmIdentifier.
Add an X509_SIG_INFO structure to contain details about the signature type:
specifically the digest algorithm, public key algorithm, security bits and
various flags. This supports both existing algorithms and more complex
types.
Add accessors for the structure and a special case that retrieves signature
information from a certificate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
We were allocating the write buffer based on the size of max_send_fragment,
but ignoring it when writing data. We should fragment handshake messages
if they exceed max_send_fragment and reject application data writes that
are too large.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in
the kernel.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
The existing BIO_lookup() wraps a call to getaddrinfo and provides an
abstracted capability to lookup addresses based on socket type and family.
However it provides no ability to lookup based on protocol. Normally,
when dealing with TCP/UDP this is not required. However getaddrinfo (at
least on linux) never returns SCTP addresses unless you specifically ask
for them in the protocol field. Therefore BIO_lookup_ex() is added which
provides the protocol field.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.
Raise errors if empty or malformed files are read when loading certificates
and CRLs.
Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}
Refactor these two routines into one.
Bring the unit test for duplicate certificates up to date using the test
framework.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
Because many of our test programs use internal headers, we need to make
sure they know how, exactly, to mangle the symbols. So far, we've done
so by specifying it in the affected test programs, but as things change,
that will develop into a goose chase. Better then to declare once and
for all how symbols belonging in our libraries are meant to be treated,
internally as well as publically.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3259)
Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free(). Call prim_clear() instead.
Fixes#3191
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
RT3877: Add X509 OCSP error codes and messages
Add additional OCSP error codes for X509 verify usage
RT3867: Support Multiple CA certs in ocsp app
Add the ability to read multiple CA certs from a single file in the
ocsp app.
Update some missing X509 errors in documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/941)
The old custom extensions API was not TLSv1.3 aware. Extensions are used
extensively in TLSv1.3 and they can appear in many different types of
messages. Therefore we need a new API to be able to cope with that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
This move prepares for the later addition of the new custom extensions
API. The context codes have an additional "SSL_" added to their name to
ensure we don't have name clashes with other applications.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
Under UEFI build environment, we may encounter the OSSL_SSIZE macro
re-definition error in e_os2.h if any module call OpenSSL API directly
by including "openssl/xxxx.h" (caused by the predefined _WIN32/_WIN64
macro, which should have been un-defined under OPENSSL_SYS_UEFI).
Though it's not one recommended usage, this patch could still eliminate
the possible build issue by refining the OSSL_SSIZE definition under
OPENSSL_SYS_UEFI.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3121)
Add functions to add/retrieve the certificate_authorities. The older
client_CA functions mainly just call the new versions now.
Rename fields sice new extension can be generated by client and server.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
DHparams has d2i_DHparams_fp, d2i_DHxparams_bio etc, but the equivalent
macros for DHxparams were omitted.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3111)
SSL_get_max_early_data() recently added by 3fc8d85610 ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed to take an
SSL, but it doesn't.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3113)
Fix some comments too
[skip ci]
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
a47bc283 accidentally adds another define for X509_STORE_set_flags
It is already defined 5lines prior
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3047)
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2988)
Draft-19 changes the HRR transcript hash so that the initial ClientHello
is replaced in the transcript with a special synthetic message_hash message
that just contains a hash of ClientHello1 as its message body.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
The end of early data is now indicated by a new handshake message rather
than an alert.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
This change will mean we will lose interoperability with draft-18
implementations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
Just as for DH, DSA and RSA, this gives the engine associated with the
key.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.
Credit to OSS-Fuzz for finding this problem.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
In TLSv1.3 the above messages signal a key change. The spec requires that
the end of these messages must align with a record boundary. We can detect
this by checking for decrypted but as yet unread record data sitting in
OpenSSL buffers at the point where we process the messages.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2875)
We do not allow the generation of TLSv1.3 cookies. But if we receive one
in an HRR we will echo it back in the ClientHello.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839)
This is for consistency with the rest of the API where all the functions
are called *early_data*.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
This is for consistency with the rest of the API where all the functions
are called *early_data*.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
We provide SSL_write_early() which *must* be called first on a connection
(prior to any other IO function including SSL_connect()/SSL_do_handshake()).
Also SSL_write_early_finish() which signals the end of early data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
- FLAT_INC
- PKCS1_CHECK (the SSL_OP_PKCS1_CHECK options have been
no-oped)
- PKCS_TESTVECT (debugging leftovers)
- SSL_AD_MISSING_SRP_USERNAME (unfinished feature)
- DTLS_AD_MISSING_HANDSHAKE_MESSAGE (unfinished feature)
- USE_OBJ_MAC (note this removes a define from the public header but
very unlikely someone would be depending on it)
- SSL_FORBID_ENULL
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
This removes the fips configure option. This option is broken as the
required FIPS code is not available.
FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: Stephen Henson <steve@openssl.org>
This adds partial support for TLS 1.3 certificate request message.
The request context and extensions are currently ignored on receive
and set to zero length on send.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2728)
There are cases when, if you pass a NULL UI_METHOD, the called
function will use an internal default. This is well and good, but
there may be cases when this is undesirable and one would rather send
in a UI that does absolutely nothing (sort of a /dev/null). UI_null()
is the UI_METHOD for this purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2744)
Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2712)
