Commit Graph

31842 Commits

Author SHA1 Message Date
Akshat Maheshwari
edb271ee5d Fix a typo in the function name
X509_STORE_load_locations_ex() calls X509_STORE_load_file_ex() and X509_STORE_load_path(), there's no such function name as X509_STORE_load_dir().

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19202)
2022-09-15 17:07:05 +02:00
K1
48963ff6d0 Add support for PBE using hmacWithSM3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19204)
2022-09-15 17:03:56 +02:00
Richard Levitte
ef6d6e452d util/wrap.pl.in: Use parentheses so kill gets all its arguments
In perl, this may be ambiguous:

    fn (expr1), expr2

Is the comma (which may be `=>` just as well in this case) a separator
between arguments to `fn`, or is it the comma operator, separating the
expressions `fn(expr1)` and `expr2`?  It appears that in this particular
case, perl takes the existing parentheses to mean the latter.  When the
former was intended, extra parentheses are required.

Fixes #19209

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19211)
2022-09-15 08:42:23 +02:00
Hugo Landau
606e0426a1 Add support for loading root CAs from Windows crypto API
Fixes #18020.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)
2022-09-14 14:10:18 +01:00
Hugo Landau
021859bf81 Fix URI handling in SSL_CERT_DIR/introduce SSL_CERT_URI env
Fixes #18068.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)
2022-09-14 14:10:10 +01:00
Richard Levitte
eb51673e52 Fix the OSSL_TIME fallback in include/internal/e_os.h
There's a fallback `ossl_sleep()` that uses `OSSL_TIME`.  However,
nothing was done to ensure that `OSSL_TIME` is defined.

Adding an inclusion of "internal/time.h" should be enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19214)
2022-09-14 12:32:26 +02:00
Hugo Landau
45e7ef5fe3 QUIC QRL: Fix bug in Handshake packet processing
We automatically dropped Initial keys when receiving a Handshake packet,
but did this regardless of whether the packet was successfully decrypted
and authenticated. Per the RFC, we should only drop Initial keys when
successfully processing a Handshake packet.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19176)
2022-09-13 17:56:42 +01:00
Tomas Mraz
9ab6b64ac8 Fix AES-GCM on Power 8 CPUs
Properly fallback to the default implementation on CPUs
missing necessary instructions.

Fixes #19163

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19182)
2022-09-13 14:41:39 +02:00
Pauli
fabce8090c design: TX Packetiser
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18570)
2022-09-13 21:22:25 +10:00
Pauli
0f4be8a14a Fix white space
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
2022-09-13 21:13:35 +10:00
Pauli
5d1bb4fc47 libcrypto: remove reliance on struct timeval
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
2022-09-13 21:13:35 +10:00
Pauli
02d0f87a8b time: move OSSL_TIME to libcrypto
Keep building it for libssl without exposing any symbols.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
2022-09-13 21:13:22 +10:00
Pauli
4fc04c71ac Avoid struct timeval in QUIC code
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
2022-09-13 21:13:22 +10:00
Pauli
f0131dc04a ssl: modify libssl so that it uses OSSL_TIME
This is instead of time_t and struct timeval.  Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME internally.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
2022-09-13 21:13:22 +10:00
Pauli
364c3b7b1a time: add some additional utilities and document everything
Some of the recently added functions were not documents.  This has been addressed.
Also added utility functions for conversions between time_t, seconds and struct timeval
to/from OSSL_TIME.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
2022-09-13 21:13:22 +10:00
Dr. David von Oheimb
ee68d2b957 apps/openssl-vms.cnf: reflect latest changes by 'make update'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19179)
2022-09-13 09:55:29 +02:00
Dr. David von Oheimb
800869b84e Revert (most of) "Makefile: Generate crypto objects only as far as needed"
This reverts all adaptations by commit 89c39bd8f6
on Configurations/unix-Makefile.tmpl except for additions to .PHONY

Fixes #19087

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19179)
2022-09-13 09:55:29 +02:00
Richard Levitte
b1104a3a2d Checking __STDC_VERSION__ rather than __STRICT_ANSI__
`__STRICT_ANSI__` is a gnuish flag macro that indicates if `-ansi`
was given on the command line.  To check the C version, it's better
to check the macro `__STDC_VERSION__`.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19197)
2022-09-13 09:34:53 +02:00
David Carlier
e1035957eb OSSL_CRYPTO_ALLOC attribute introduction proposal.
Giving hint to the compiler the returned pointer is not aliased
 (so realloc-like api is de facto excluded).

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19180)
2022-09-12 20:53:46 +10:00
Michael Baentsch
0b664228a8 update oqsprovider/liboqs to v0.7.2
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19184)
2022-09-12 08:40:45 +02:00
Paul Yang
53ef02baf8 Fix PROV_RC5_CTX's original structure name
It looks like a typo when copy & pasting the structure from blowfish.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19186)
2022-09-12 08:38:48 +02:00
Tom Cosgrove
ce41a53dc6 Fix tests when configured with -DOPENSSL_USE_IPV6=0
In include/internal/sockets.h it says that you can disable IPv6, and only
defines OPENSSL_USE_IPV6 (to 0 or 1) if it's not already defined.

The codebase generally then checks `#if OPENSSL_USE_IPV6`.

However, test_bio_dgram uses `#if defined(OPENSSL_USE_IPV6)` which means it tries
to test IPv6 even if it's explicitly configured out with -DOPENSSL_USE_IPV6=0
(`#if defined(OPENSSL_USE_IPV6)` is always true).

This fixes that.

Change-Id: Ie1641c9dd654f27f3bdca186517df5599ad1059b

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19181)
2022-09-12 08:28:30 +02:00
Pauli
35b6707024 list: add an option to list all available algorithms
Fixes #19145

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19168)
2022-09-11 20:58:40 +10:00
Dr. David von Oheimb
8e39049d38 crypto/x509/{x509_req,x_all}.c: add some NULL parameter checks, improve coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19090)
2022-09-10 15:42:29 +02:00
Gibeom Gwon
9249a34b07 X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19090)
2022-09-10 15:42:28 +02:00
Gibeom Gwon
39d356e084 X509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updated
We need to reencode X509_req_info_st if member data updated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19090)
2022-09-10 15:42:28 +02:00
a1346054
fd24de9f93 openssl.cnf: split option value and comment and remove leading space
CLA: trivial

Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19173)
2022-09-09 19:34:53 +02:00
Todd Short
44e4732817 Cleanup EBCDIC string defintions
Use a single definiton for protocol string defintions.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19122)
2022-09-09 09:49:22 -04:00
Matt Caswell
f3f8e53c85 Add some API tests for TLSv1.3 record padding
We have some ssl_test_new tests for record padding. But these only use
the block padding approach set via a config file on the SSL_CTX. We add
tests for all the various API calls.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19103)
2022-09-09 13:07:54 +01:00
Gang Chen
8ae080bf85 crypto/conf: gcc build warning fix
Fix the gcc build warning from conf_sap.c:
variable flags set but not used [-Wunused-but-set-variable]
variable appname set but not used [-Wunused-but-set-variable]
variable filename set but not used [-Wunused-but-set-variable]

CLA: trivial

Signed-off-by: Gang Chen <gang.c.chen@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19153)
2022-09-09 13:05:57 +01:00
Juergen Christ
3cca05cc19 s390x: fix ecx derive
Derivation via ecx-methods did not properly set the length.  Make the code
more similar to common code and set the length property.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19158)
2022-09-09 13:04:02 +01:00
Todd Short
5121783b49 Remove perror() usage in library
The dgram code used perror extensively.

Keep the `perror()` in the allocation code; it's used for debugging only.
Keep the `perror()`s in the demos, tests and apps.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19148)
2022-09-09 13:02:21 +01:00
Tomas Mraz
18274e1d6e bio_dgram_test.c: Fix warning from older clang compilers
Older clang compilers warn about the initializer:

test/bio_dgram_test.c:107:29: error: suggest braces around initialization
 of subobject [-Werror,-Wmissing-braces]
    struct in6_addr ina6 = {0};
                            ^
                            {}

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19152)
2022-09-09 08:56:41 +10:00
Daniel Fiala
a4b7136ebf Add an EVP demo for key encoding using EC
Fixes openssl#14117

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19143)
2022-09-09 07:26:42 +10:00
Hugo Landau
07687790a0 Fix BIO_sendmmsg/BIO_recvmmsg issues on FreeBSD
Fixes #19156.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19164)
2022-09-08 17:23:23 +01:00
Tristan Lelong
7f4c65749f Fix undefined ipi_spec_dst for cygwin build.
The 'struct in_pktinfo' doesn't have a 'ipi_spec_dst' field on windows
OS which break cygwin builds of OpenSSL.

Signed-off-by: Tristan Lelong <tlelong@google.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19134)
2022-09-08 07:54:30 +02:00
Dr. David von Oheimb
8a2ec00d7f apps/lib/http_server.{c,h}: clean up logging and move it to log.{c,h}
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
2022-09-07 23:04:25 +02:00
Dr. David von Oheimb
5e87fddc97 apps/ocsp.c etc.: rename 'multi' to 'n_responders' for clarity
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
2022-09-07 23:04:25 +02:00
Dr. David von Oheimb
8aff29f020 APPS HTTP server: trace requests and responses when enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
2022-09-07 23:04:25 +02:00
Dr. David von Oheimb
5d0a327020 OSSL_trace_enabled.pod: add missing synopsis for OSSL_TRACE()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
2022-09-07 23:04:25 +02:00
Pauli
fbeb4866f4 Coverity: explicit null dereference
Coverity is being pretty silly here but adding the explicit pointer checks
will stop a crash if something goes badly awry.

Fixes Coverity 1513706 - 1513709

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19136)
2022-09-07 11:49:32 +02:00
Tomas Mraz
891b639377 Initial congestion control API design
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18018)
2022-09-07 08:32:37 +01:00
Tomas Mraz
ed822619f5 Fix build failure on freebsd due to missing data declaration
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19130)
2022-09-07 08:20:43 +02:00
Pauli
1d15370673 Coverity 1513478: negative return
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19126)
2022-09-06 18:01:54 +10:00
xtkoba
856f2aa7be test/pkcs12_api_test.c: fix failure on MinGW
Use binary mode when opening a file.

Partially fixes #18017.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19117)
2022-09-05 15:49:33 +02:00
Pauli
f5eac259a0 list: add a doubly linked list type.
These list can be embedded into structures and structures can be members of
multiple lists.  Moreover, this is done without dynamic memory allocation.
That is, this is legal:

    typedef struct item_st ITEM;

    struct item_st {
        ...
        OSSL_LIST_MEMBER(new_items, ITEM);
        OSSL_LIST_MEMBER(failed_items, ITEM);
        ...
    };

    DEFINE_LIST_OF(new_items, TESTL);
    DEFINE_LIST_OF(failed_items, TESTL);

    struct {
        ...
        OSSL_LIST(new_items) new;
        OSSL_LIST(failed_items) failed;
        ...
    } *st;

    ITEM *p;

    for (p = ossl_list_new_items_head(&st->new); p != NULL;
         p = ossl_list_new_items_next(p))
        /* do something */

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19115)
2022-09-05 16:24:53 +10:00
Hongren (Zenithal) Zheng
5ccee69b13 provider: cipher: aes: add riscv32 zkn (zbkb) support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
2022-09-05 10:20:30 +10:00
Hongren (Zenithal) Zheng
cbb15b31b9 aes_platform: add riscv32 zkn asm support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
2022-09-05 10:20:30 +10:00
Hongren (Zenithal) Zheng
b733ce73a4 add build support for riscv32 aes zkn
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
2022-09-05 10:20:30 +10:00
Hongren (Zenithal) Zheng
61170642b1 Add RISC-V 32 cpuid support
Mainly from #17640

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
2022-09-05 10:20:30 +10:00