Commit Graph

259 Commits

Author SHA1 Message Date
slontis
c7424fe68c Use RSA CRT parameters in FIPS self tests.
Fixes #19488

Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)
2022-10-27 11:43:18 +02:00
Tomas Mraz
fba324204f Remove changes entry for RIPEMD160 in 3.2
It is already in 3.0.7.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19438)
2022-10-21 17:53:25 +02:00
Tomas Mraz
b655379619 Add changes entry for RIPEMD160 in 3.0.7
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19438)
2022-10-21 17:53:25 +02:00
Pauli
ce9317a4cf Add changes entry for RIPEMD160 being added to the default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)
2022-10-19 13:21:00 +02:00
Todd Short
b67cb09f8d Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
Matt Caswell
79edcf4da7 Update CHANGES.md and NEWS.md for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19379)
2022-10-12 16:31:17 +01:00
FdaSilvaYY
d7f3a2cc86 Fix various typos, repeated words, align some spelling to LDP.
Partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-12 16:55:28 +11:00
Richard Levitte
45ada6b92b Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch
3.1 has been decided to be a FIPS 140-3 release, springing from the branch
openssl-3.0, and the master branch to continue with the development of
OpenSSL 3.2.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19350)
2022-10-07 10:05:50 +02:00
Graham Woodward
e869c867c1 Allow PKCS12 export to set arbitrary bag attributes
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19025)
2022-09-23 17:40:02 +01:00
Hugo Landau
606e0426a1 Add support for loading root CAs from Windows crypto API
Fixes #18020.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)
2022-09-14 14:10:18 +01:00
Hugo Landau
021859bf81 Fix URI handling in SSL_CERT_DIR/introduce SSL_CERT_URI env
Fixes #18068.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)
2022-09-14 14:10:10 +01:00
Hugo Landau
664e096cf9 BIO_dgram support for BIO_sendmmsg/BIO_recvmmsg
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18270)
2022-09-01 18:03:10 +10:00
Matt Caswell
4a532de98d Add a CHANGES.md entry for the record layer changes
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
ce602bb0a2 Add some documentation for the BIO_s_mem() datagram capability
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18596)
2022-07-28 08:06:53 +01:00
Dr. David von Oheimb
cbb1cda67f CHANGES.md: Add entries for contributions to 3.1 by DDvO
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18833)
2022-07-23 10:38:27 +02:00
Tomas Mraz
ddb13b283b Use as small dh key size as possible to support the security
Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.

We use minimum key sizes as defined in RFC7919.

For arbitrary parameters we cannot know whether they are safe
primes (we could test but that would be too inefficient) we have
to keep generating large keys.

However we now set a small dh->length when we are generating safe prime
parameters because we know it is safe to use small keys with them.

That means users need to regenerate the parameters if they
want to take the performance advantage of small private key.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
2022-07-18 08:06:17 +01:00
Kan
e393064ee7 Update the default macsaltlen and Add the configure for macsaltlen
Fixed #18489

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18550)
2022-06-30 09:01:54 +01:00
Hugo Landau
5317b6ee1f Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17937)
2022-06-22 09:36:14 +02:00
Matt Caswell
de85a9de3f Update CHANGES.md and NEWS.md for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
2022-06-21 13:22:55 +01:00
Pauli
8a66b2f9fc changes: add note saying the locale based strcasecmp has been replaced
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18389)
2022-06-01 11:18:46 +10:00
Kijin Kim
a425c0fec6 Add more SRTP protection profiles
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18030)
2022-05-23 10:07:51 +02:00
Dmitry Belyavskiy
8b97bfcccc Missing changes entry about OPENSSL_str[n]casecmp
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18302)
2022-05-17 15:25:11 +02:00
Tomas Mraz
cac250755e CHANGES.md: Attribute the OPENSSL_LH_flush() fix properly
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
2022-05-03 14:03:24 +01:00
Matt Caswell
73e044bd1a Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:26:00 +01:00
Daiki Ueno
7c78932b9a KTLS: Enable KTLS for receiving as well in TLS 1.3
This removes a guard condition that prevents KTLS being enabled for
receiving in TLS 1.3.  Use the correct sequence number and BIO for
receive vs transmit offload.

Co-authored-by: John Baldwin <jhb@FreeBSD.org>
Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17942)
2022-04-06 13:15:27 +02:00
Hugo Landau
77d7b6eebb Remove statistics tracking from LHASH
Fixes #17928. Supercedes #17931.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17935)
2022-03-28 09:45:39 +02:00
Matt Caswell
a40398a15e Update CHANGES/NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2022-03-15 13:25:14 +00:00
Tomas Mraz
dfb39f7313 Replace handling of negative verification result with SSL_set_retry_verify()
Provide a different mechanism to indicate that the application wants
to retry the verification. The negative result of the callback function
now indicates an error again.

Instead the SSL_set_retry_verify() can be called from the callback
to indicate that the handshake should be suspended.

Fixes #17568

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17825)
2022-03-14 09:39:03 +01:00
Todd Short
a3e53d5683 Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
2022-03-10 10:42:43 -05:00
Nicola Tuveri
b139a95665 [ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3
Fixes #17743

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Oleg Pekar
522a32ef1e Add changes logs caption for the next release 1.1.1n
Co-authored-by: Matthias St. Pierre <matthias.st.pierre@ncp-e.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)
2022-02-20 12:35:22 +01:00
Oleg Pekar
e0d00d79dd Fixed the date of changes of 1.1.1m
Fixed the date in the heading of "Changes between 1.1.1l and 1.1.1m" to 14 Dec 2021

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17714)
2022-02-20 12:35:22 +01:00
Andrey Matyukov
63b996e752 AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
Vectorized 'stitched' encrypt + ghash implementation of AES-GCM enabled
with AVX512 vAES and vPCLMULQDQ instructions (available starting Intel's
IceLake micro-architecture).

The performance details for representative IceLake Server and Client
platforms are shown below

Performance data:
OpenSSL Speed KBs/Sec
Intel(R) Xeon(R) Platinum 8380 CPU @ 2.30GHz (1Core/1Thread)
Payload in Bytes       16          64        256         1024        8192      16384
AES-128-GCM
  Baseline      478708.27   1118296.96  2428092.52  3518199.4   4172355.99  4235762.07
  Patched       534613.95   2009345.55  3775588.15  5059517.64  8476794.88  8941541.79
  Speedup            1.12         1.80        1.55        1.44        2.03        2.11

AES-256-GCM
  Baseline      399237.27   961699.9    2136377.65  2979889.15  3554823.37  3617757.5
  Patched       475948.13   1720128.51  3462407.12  4696832.2   7532013.16  7924953.91
  Speedup            1.19        1.79         1.62        1.58        2.12        2.19
Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz (1Core/1Thread)
Payload in Bytes       16          64        256         1024        8192      16384
AES-128-GCM
  Baseline      259128.54   570756.43   1362554.16  1990654.57  2359128.88  2401671.58
  Patched       292139.47   1079320.95  2001974.63  2829007.46  4510318.59  4705314.41
  Speedup            1.13        1.89         1.47        1.42        1.91        1.96
AES-256-GCM
  Baseline      236000.34   550506.76   1234638.08  1716734.57  2011255.6   2028099.99
  Patched       247256.32   919731.34   1773270.43  2553239.55  3953115.14  4111227.29
  Speedup            1.05        1.67         1.44        1.49        1.97        2.03

Reviewed-by: TJ O'Dwyer, Marcel Cornu, Pablo de Lara
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17239)
2022-02-10 15:10:12 +01:00
Phus Lu
13a53fbf13 add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order()
The function/macro allow user get groups/extensions without memory allcations.
So we could calculate the ssl fignerprint(ja3) in low cost.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16910)
2022-02-03 13:45:41 +01:00
Pauli
e180bf641e aes: make the no-asm constant time code path not the default
After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.

The option to use the constant time code exists as it was in OpenSSL 1.1.1.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)
2022-01-31 11:39:00 +11:00
Darshan Sen
1d28ada1c3 Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()
Signed-off-by: Darshan Sen <raisinten@gmail.com>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
2022-01-26 17:15:52 +01:00
Darshan Sen
59ccb72cd5 Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()
When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.

Fixes: https://github.com/openssl/openssl/issues/17506

Signed-off-by: Darshan Sen <raisinten@gmail.com>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
2022-01-26 17:15:52 +01:00
Orr Toledano
e8b597f331 Documentation for RNDR and RNDRRS
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15361)
2021-12-16 12:38:09 +01:00
Richard Levitte
0e4e4e27df Add some CHANGES entries for 3.0.1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17274)
2021-12-14 17:44:06 +01:00
Tomas Mraz
c868d1f9ca Add some CHANGES.md entries for the 3.0.1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17274)
2021-12-14 17:43:59 +01:00
Matt Caswell
5eef9e1deb Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-12-14 13:42:49 +00:00
Richard Levitte
32a3b9b766 Fix VMS installation - Document in CHANGES.md
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)

(cherry picked from commit 2daa2a0d00)
2021-12-14 11:53:53 +00:00
Andrey Matyukov
f87b4c4ea6 Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU
It uses AVX512_IFMA + AVX512_VL (with 256-bit wide registers) ISA to
keep lower power license.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14908)
2021-11-19 12:50:34 +10:00
Felipe Gasper
af5e63e1e3 Revise s_client and s_server verbiage re secure renegotiation.
Since TLS v1.3 eschews renegotiation entirely it’s misleading to have
these apps say it’s “not supported” when in fact the TLS version is
new enough not to need renegotiation at all.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16937)
2021-11-02 16:30:10 +01:00
Matt Caswell
a4c4090c21 Update document for default security level change
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16760)
2021-10-09 19:57:02 +02:00
Erik Lax
d1b26ddbf6 Allow cipher strings to be given using its standard name
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16179)
2021-09-30 12:20:01 +02:00
Pauli
c8ffd2201b changes: note that PVK KDF has moved to the legacy provider
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15968)
2021-09-28 18:08:42 +10:00
Pauli
63d0f4d2b0 Add changes entry indicating that the OBJ_* calls are now thread safe
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
2021-09-25 10:41:02 +10:00
Pauli
e07102220a tls/ccm8: reduce the cipher strength for CCM8 ciphers to 64 bits
This is the length of the tag they use and should be considered an upper bound
on their strength.

This lowers their security strength to level 0.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
2021-09-24 17:38:39 +10:00
Pauli
1a473d1cc6 tls: reduce the strength of CCM_8 ciphers due to their short IV.
Fixes #16154

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
2021-09-24 17:38:23 +10:00