Commit Graph

392 Commits

Author SHA1 Message Date
Yi Li
4032cd9a14 configure: introduce no-ecx to remove ECX related feature
This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)
2023-06-14 13:06:22 +10:00
Vladimír Kotal
3ca28c9e81 allow to disable http
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21108)
2023-06-06 11:05:02 +10:00
Jairus Christensen
cee0628e0d [feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20248)
2023-06-02 05:46:46 +02:00
Tomas Mraz
80b9eca279 Add test for handling NEW_CONNECTION_ID frame
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Hugo Landau
ed835673ae QUIC MSST: Tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:13 +01:00
slontis
bcd94b6335 Add libctx to x931 keygen.
Added coverage test that failed without the change.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19677)
2023-05-05 17:11:16 +01:00
Hugo Landau
b633cf8764 QUIC CC: Move dummy method to test code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Hugo Landau
ab11c165f6 QUIC Congestion Control: Tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Todd Short
3c95ef22df RFC7250 (RPK) support
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit tests
Add documentation
Add s_client/s_server support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
2023-03-28 13:49:54 -04:00
Tomas Mraz
fc11028089 Add simple interoperability test with Cloudflare quiche
This is an external test which requires recursive checkout
of the cloudflare-quiche submodule.

We simply run a client against the example quiche-server
serving HTTP/0.9 requests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20527)
2023-03-22 10:13:30 +11:00
Matt Caswell
0c593328fe Add a simple QUIC test for blocking mode
We create "real" sockets for blocking mode so that we can block on them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:55 +11:00
Tomas Mraz
6821acbffd Add sanity test for OSSL_sleep()
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20533)
2023-03-18 20:00:57 +01:00
Simo Sorce
f3c0dd4f0c Add test for context duplication failure
This checks that the first operation successfully completes even if
context duplication fails. But follwing operations get errors as
if the context was finlised.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
2023-03-15 08:42:56 +11:00
Matt Caswell
adef87a2c6 Add a skeleton quicfaultstest
Also includes helper support to create a QUIC connection inside a test.

We wil use quicfaultstest to deliberately inject faulty datagrams/packets
to test how we handle them.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:33:24 +00:00
Matt Caswell
0aa7d7f42b Add a test for no initialisation of the default config file
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20341)
2023-02-22 10:03:14 +11:00
slontis
dcd20cc139 Add tests for FIPS keygen self test failures.
During key generation RSA, EC and DSA have extra tests that run in FIPS mode
All 3 algorithms have a pairwise test, EC & DSA also run a KAT test.

This test uses the self test callback to force an error
during each of the extra pairwise and KAT tests.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20183)
2023-02-08 17:00:55 +01:00
Hugo Landau
091f532e0e QUIC Test Server: Minor fixups
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
2023-01-19 13:17:49 +00:00
Hugo Landau
f42781ad16 QUIC Test Server: Basic echo server test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
2023-01-19 13:17:40 +00:00
Patrick Mills
d3db25f568 Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19752)
2022-12-06 18:24:06 +01:00
Stephen Farrell
ad062480f7 Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.
This supports all the modes, suites and export mechanisms defined
in RFC9180 and should be relatively easily extensible if/as new
suites are added.  The APIs are based on the pseudo-code from the
RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS().  External
APIs are defined in include/openssl/hpke.h and documented in
doc/man3/OSSL_HPKE_CTX_new.pod.  Tests (test/hpke_test.c) include
verifying a number of the test vectors from the RFC as well as
round-tripping for all the modes and suites.  We have demonstrated
interoperability with other HPKE implementations via a fork [1]
that implements TLS Encrypted ClientHello (ECH) which uses HPKE.

@slontis provided huge help in getting this done and this makes
extensive use of the KEM handling code from his PR#19068.

[1] https://github.com/sftcd/openssl/tree/ECH-draft-13c

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17172)
2022-11-25 16:26:55 +00:00
Hugo Landau
a73078b79f QUIC TX Packetiser and Streams Mapper
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19346)
2022-11-24 08:15:20 +00:00
Tomas Mraz
c48c32807f Split out thread pool tests into threadpool_test
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19695)
2022-11-22 17:08:23 +01:00
Hugo Landau
0ede517cfa QUIC FIFD
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:05 +00:00
Hugo Landau
d77aea5916 QUIC TXPIM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:04 +00:00
Hugo Landau
c282da8bc7 QUIC CFQ
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:04 +00:00
slontis
820723dde0 Add d2i_PUBKEY_ex_fp and d2i_PUBKEY_ex_bio.
These functions pass a library content and prop query.
The i2d documentation related to these functions has been corrected since the bio and fp functions always return 0 or 1.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18427)
2022-11-02 11:25:48 +01:00
slontis
29d4d8e80e Add test for X509 sign TBS cache regression.
See Issue #19388.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19406)
2022-11-02 11:14:32 +01:00
Pauli
a0af4a3c8b punycode: add unit tests
These tests verify basic functionality and specifically test for
CVE-2022-3602.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit f0f530216b)
2022-11-01 17:44:51 +01:00
Todd Short
b67cb09f8d Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
Todd Short
caf9317d7d Add ZSTD compression support (RFC8478bis)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:21 -04:00
Todd Short
12e96a2360 Add brotli compression support (RFC7924)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:18 -04:00
Čestmír Kalina
4574a7fd8d crypto: add preemptive threading support
Some primitives are designed to be used in a multi-threaded environment,
if supported, e.g., Argon2.

This patch adds support for preemptive threading and basic synchronization
primitives for platforms compliant with POSIX threads or Windows CRT.
Native functions are wrapped to provide a common (internal) API.

Threading support can be disabled at compile time. If enabled, threading
is disabled by default and needs to be explicitly enabled by the user.

Thread enablement requires an explicit limit on the number of threads that
OpenSSL may spawn (non-negative integer/infinity). The limit may be changed.

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12255)
2022-10-17 09:45:39 +01:00
Hugo Landau
8302259013 QUIC Send Stream Management
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19159)
2022-10-05 16:15:06 +02:00
Todd Short
ac44deaf00 Test TLS extension ordering
Adding extensions is fragile, with the TLSEXT_TYPE entry needing to be
located at TLSEXT_IDX in the array.

This adds a test to ensure extensions are in the correct order.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19269)
2022-09-28 09:54:25 -04:00
Hugo Landau
508e087c4c QUIC Flow Control
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19040)
2022-09-26 08:01:55 +01:00
slontis
78c44b0594 Add HPKE DHKEM provider support for EC, X25519 and X448.
The code is derived from @sftcd's work in PR #17172.
This PR puts the DHKEM algorithms into the provider layer as
KEM algorithms for EC and ECX.

This PR only implements the DHKEM component of HPKE as specified in
RFC 9180.

crypto/hpke/hpke_util.c has been added for fuctions that will
be shared between DHKEM and HPKE.

API's for EVP_PKEY_auth_encapsulate_init() and EVP_PKEY_auth_decapsulate_init()
have been added to support authenticated encapsulation. auth_init() functions
were chosen rather that a EVP_PKEY_KEM_set_auth() interface to support
future algorithms that could possibly need different init functions.

Internal code has been refactored, so that it can be shared between the DHKEM
and other systems. Since DHKEM operates on low level keys it needs to be
able to do low level ECDH and ECXDH calls without converting the keys
back into EVP_PKEY/EVP_PKEY_CTX form. See ossl_ecx_compute_key(),
ossl_ec_public_from_private()

DHKEM requires API's to derive a key using a seed (IKM). This did not sit
well inside the DHKEM itself as dispatch functions. This functionality
fits better inside the EC and ECX keymanagers keygen, since
they are just variations of keygen where the private key is generated
in a different manner. This should mainly be used for testing purposes.
See ossl_ec_generate_key_dhkem().
It supports this by allowing a settable param to be passed to keygen
(See OSSL_PKEY_PARAM_DHKEM_IKM).
The keygen calls code within ec and ecx dhkem implementation to handle this.
See ossl_ecx_dhkem_derive_private() and ossl_ec_dhkem_derive_private().
These 2 functions are also used by the EC/ECX DHKEM implementations to generate
the sender ephemeral keys.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19068)
2022-09-23 09:24:47 +01:00
Hugo Landau
b88ce46ee8 BIO_s_dgram_pair
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18442)
2022-09-23 11:59:13 +10:00
Pauli
1cef04091a Remove unnecessary define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19237)
2022-09-21 17:02:59 +10:00
Daniel Fiala
fcff5bd43c Add tests for trace_api.
Fixes openssl#17422

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19096)
2022-09-16 08:31:56 +02:00
Tomas Mraz
e1289d90d0 With fips provider 3.0.0 skip tests related to explicit curves handling
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19201)
2022-09-16 08:34:53 +10:00
Pauli
f5eac259a0 list: add a doubly linked list type.
These list can be embedded into structures and structures can be members of
multiple lists.  Moreover, this is done without dynamic memory allocation.
That is, this is legal:

    typedef struct item_st ITEM;

    struct item_st {
        ...
        OSSL_LIST_MEMBER(new_items, ITEM);
        OSSL_LIST_MEMBER(failed_items, ITEM);
        ...
    };

    DEFINE_LIST_OF(new_items, TESTL);
    DEFINE_LIST_OF(failed_items, TESTL);

    struct {
        ...
        OSSL_LIST(new_items) new;
        OSSL_LIST(failed_items) failed;
        ...
    } *st;

    ITEM *p;

    for (p = ossl_list_new_items_head(&st->new); p != NULL;
         p = ossl_list_new_items_next(p))
        /* do something */

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19115)
2022-09-05 16:24:53 +10:00
Hugo Landau
ec279ac211 QUIC Demuxer and Record Layer (RX Side)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18949)
2022-09-02 10:03:55 +02:00
Hugo Landau
664e096cf9 BIO_dgram support for BIO_sendmmsg/BIO_recvmmsg
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18270)
2022-09-01 18:03:10 +10:00
Hugo Landau
fa4e92a70a QUIC ACK Manager, Statistics Manager and Congestion Control API
This is the initial implementation of the ACK Manager for OpenSSL's QUIC
support, with supporting design documentation and tests.

Because the ACK Manager also depends on the Statistics Manager, it is
also implemented here. The Statistics Manager is quite simple, so this
does not amount to a large amount of extra code.

Because the ACK Manager depends on a congestion controller, it adds a
no-op congestion controller, which uses the previously workshopped
congestion control API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18676)
2022-08-24 14:05:46 +01:00
Dr. David von Oheimb
c02036e1ad Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18821)
2022-08-16 12:50:41 +02:00
Hugo Landau
dffafaf481 QUIC Frame Encoding and Decoding Functions
This adds functions for encoding and decoding QUIC frames.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18795)
2022-07-29 16:28:37 +10:00
Matt Caswell
3bfc58ad6f Add a test for BIO_s_mem() when using datagrams
The previous commit added support to BIO_s_mem() for using datagrams. We
now add tests for that functionality.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18596)
2022-07-28 08:06:52 +01:00
Pauli
0eb2765943 Add unit test for event queue
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)
2022-07-06 10:33:56 +10:00
Pauli
f0a4935827 test: add priority queue unit test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)
2022-06-22 13:05:40 +10:00
Tomas Mraz
e44795bd5d First working empty protocol test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
2022-06-03 12:07:18 +10:00