2
0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Commit Graph

4909 Commits

Author SHA1 Message Date
Dr. David von Oheimb
bcd3707dba crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
2024-03-06 08:49:28 +01:00
Dr. David von Oheimb
904ee65290 apps/cmp: extend documentation and diagnostics for using -reqin in special situations
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
2024-03-06 08:49:28 +01:00
Dr. David von Oheimb
2fbe23bbbe apps/cmp: add -reqout_only option for dumping/saving just the initial CMP request message
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
2024-03-06 08:49:28 +01:00
pohsingwu
fbce6ebf70 Implement PCT for EDDSA
According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be
performed consistent with the intended use of the keys.

This commit implements PCT for EDDSA via performing sign and verify
operations after key generated.

Also use the same pairwise test logic in EVP_PKEY_keygen and
EVP_PKEY_pairwise_check for EDDSA in FIPS_MODULE.

Add OSSL_SELF_TEST_DESC_PCT_EDDSA to OSSL_PROVIDER-FIPS page.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23408)
2024-03-01 11:06:03 +01:00
Michael
2d70cc9cec Improve documentation of standard IANA cipher suite names.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23539)
2024-02-25 11:13:07 +01:00
Ijtaba Hussain
ffc853bcb5 Extended SSL_SESSION functions using time_t
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21206)
2024-02-21 10:28:17 +01:00
Bernd Ritter
5e5c256bba Correct the defined name of the parameter "micalg" in the documentation
The EVP_DigestInit(3) manual page contains wrong name for the define
macro for the OSSL_DIGEST_PARAM_MICALG param.

Fixes 

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23615)
2024-02-20 09:08:56 +01:00
Hugo Landau
a768a796f2 Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
2024-02-19 10:15:46 +01:00
Hugo Landau
40c457029e QUIC: Add docs for SSL_VALUE_EVENT_HANDLING_MODE
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
2024-02-19 10:15:46 +01:00
Shakti Shah
4f6133f9db KDF_CTX_new API has incorrect signature (const should not be there)
https://www.openssl.org/docs/man3.1/man3/EVP_KDF_CTX.html

The pages for 3.0/3.1/master seem to have the following
EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);

which does not match with the actual header which is
EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);

Fixes 

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23541)
2024-02-14 09:48:09 +01:00
Dimitri Papadopoulos
f7241edda4 Fix new typos found by codespell
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23545)
2024-02-14 09:36:11 +01:00
Hugo Landau
925118e8c3 Fix nit
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
2024-02-10 11:37:14 +00:00
Hugo Landau
16e65cb95a Fix typo
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
2024-02-10 11:37:14 +00:00
Hugo Landau
f945986a18 make update
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
2024-02-10 11:37:14 +00:00
Hugo Landau
c9b0df2250 QUIC: Add manpage for SSL_poll
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
2024-02-10 11:37:14 +00:00
Hugo Landau
125c7c11a3 QUIC: Add glossary entry for RIO
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
2024-02-10 11:37:14 +00:00
Hugo Landau
01690a7ff3 Minor updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
2024-02-08 16:50:01 +00:00
Hugo Landau
827475fc8b QUIC CHANNEL: Optimise struct packing
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
2024-02-08 16:50:01 +00:00
Hugo Landau
a01746ba3d Minor fix
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
2024-02-08 16:50:01 +00:00
Hugo Landau
d51398b998 QUIC: Add documentation for tuning API
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
2024-02-08 16:49:43 +00:00
Shakti Shah
a8e32a6b2c Wrong release version for EVP_DigestSqueeze() in documentation
The mentioned function is targeted for 3.3.0 and EVP_MD_CTX_dup()
was added in 3.1.

Fixes 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23467)
2024-02-08 12:08:36 +01:00
Shakti Shah
22f82d457c Clarify X509_STORE_CTX_init() documentation in the man page
Fixes 
CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23435)
2024-02-05 10:15:22 +01:00
Hugo Landau
5f603a12cd QUIC QLOG: Minor manpage updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:50:30 +00:00
Hugo Landau
1aeab15f46 QUIC QLOG: Minor doc updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:50:30 +00:00
Hugo Landau
ae300c0d5e Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:50:29 +00:00
Hugo Landau
de60b122b2 QLOG: Editorial fixes (QLOG is spelled 'qlog')
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:50:29 +00:00
Hugo Landau
82973bcf87 QLOG: Add manpage openssl-qlog(7)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:50:03 +00:00
Hugo Landau
613917ea0c QUIC QLOG: Clarify filter docs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:50:03 +00:00
Hugo Landau
9dcad79795 QUIC QLOG: Rename QFILTER to OSSL_QFILTER
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:50:03 +00:00
Hugo Landau
29bd1e2d24 QLOG: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:49:34 +00:00
Hugo Landau
0f4f9902cc QLOG: Add debugging guide
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:49:34 +00:00
Hugo Landau
76989370bc QLOG: Frontend: Design
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:49:34 +00:00
Hugo Landau
8a123d4342 QLOG: JSON Encoder: Design
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
2024-02-02 11:49:34 +00:00
Neil Horman
d0e1a0ae70 RCU lock implementation
Introduce an RCU lock implementation as an alternative locking mechanism
to openssl.  The api is documented in the ossl_rcu.pod
file

Read side implementaiton is comparable to that of RWLOCKS:
ossl_rcu_read_lock(lock);
<
critical section in which data can be accessed via
ossl_derefrence
>
ossl_rcu_read_unlock(lock);

Write side implementation is:
ossl_rcu_write_lock(lock);
<
critical section in which data can be updated via
ossl_assign_pointer
and stale data can optionally be scheduled for removal
via ossl_rcu_call
>
ossl_rcu_write_unlock(lock);
...
ossl_synchronize_rcu(lock);

ossl_rcu_call fixup

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22729)
2024-02-01 08:33:25 -05:00
Tomas Mraz
dbb478a51d Document the implications of setting engine-based low-level methods
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)
2024-01-31 18:40:30 +01:00
Neil Horman
6f22bcd631 Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]].  If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.

Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
2024-01-25 08:27:53 -05:00
Hugo Landau
2695f7b19b QUIC: Add optimised FIN API
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
2024-01-23 14:20:06 +00:00
Dr. David von Oheimb
66adaf2b31 X509_dup.pod: add caveat that extra data is not copied and hints, e.g., to use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
2024-01-18 14:05:34 +01:00
Matt Caswell
ead44e19fa Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23304)
2024-01-18 11:18:09 +01:00
Kevin Jerebica
3e938453be Add a deprecation warning for a function in docs
The function in question is SSL_get_peer_certificate()

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23315)
2024-01-18 10:44:30 +01:00
Neil Horman
5c42ced0ff Introduce hash thunking functions to do proper casting
ubsan on clang17 has started warning about the following undefined
behavior:

crypto/lhash/lhash.c:299:12: runtime error: call to function err_string_data_hash through pointer to incorrect function type 'unsigned long (*)(const void *)'
[...]/crypto/err/err.c:184: note: err_string_data_hash defined here
     0x7fa569e3a434 in getrn [...]/crypto/lhash/lhash.c:299:12
     0x7fa569e39a46 in OPENSSL_LH_insert [...]/crypto/lhash/lhash.c:119:10
     0x7fa569d866ee in err_load_strings [...]/crypto/err/err.c:280:15
[...]

The issue occurs because, the generic hash functions (OPENSSL_LH_*) will
occasionaly call back to the type specific registered functions for hash
generation/comparison/free/etc, using functions of the (example)
prototype:

[return value] <hash|cmp|free> (void *, [void *], ...)

While the functions implementing hash|cmp|free|etc are defined as
[return value] <fnname> (TYPE *, [TYPE *], ...)

The compiler, not knowing the type signature of the function pointed to
by the implementation, performs no type conversion on the function
arguments

While the C language specification allows for pointers to data of one
type to be converted to pointers of another type, it does not
allow for pointers to functions with one signature to be called
while pointing to functions of another signature.  Compilers often allow
this behavior, but strictly speaking it results in undefined behavior

As such, ubsan warns us about this issue

This is an potential fix for the issue, implemented using, in effect,
thunking macros.  For each hash type, an additional set of wrapper
funtions is created (currently for compare and hash, but more will be
added for free/doall/etc).  The corresponding thunking macros for each
type cases the actuall corresponding callback to a function pointer of
the proper type, and then calls that with the parameters appropriately
cast, avoiding the ubsan warning

This approach is adventageous as it maintains a level of type safety,
but comes at the cost of having to implement several additional
functions per hash table type.

Related to 

Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23192)
2024-01-17 10:47:04 -05:00
Dr. David von Oheimb
1caaf073b0 CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
2024-01-17 15:03:41 +01:00
Dr. David von Oheimb
fd514375e2 CMP app: make -ignore_keyusage apply also for mock server
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
2024-01-17 15:03:40 +01:00
Viktor Dukhovni
7698f80ab1 Add missing genpkey -rand support
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23294)
2024-01-16 11:40:01 +01:00
David Benjamin
08cecb4448 Add X509_STORE_get1_objects
X509_STORE_get0_objects returns a pointer to the X509_STORE's storage,
but this function is a bit deceptive. It is practically unusable in a
multi-threaded program. See, for example, RUSTSEC-2023-0072, a security
vulnerability caused by this OpenSSL API.

One might think that, if no other threads are mutating the X509_STORE,
it is safe to read the resulting list. However, the documention does not
mention that other logically-const operations on the X509_STORE, notably
certifcate verifications when a hash_dir is installed, will, under a
lock, write to the X509_STORE. The X509_STORE also internally re-sorts
the list on the first query.

If the caller knows to call X509_STORE_lock and X509_STORE_unlock, it
can work around this. But this is not obvious, and the documentation
does not discuss how X509_STORE_lock is very rarely safe to use. E.g.
one cannot call any APIs like X509_STORE_add_cert or
X509_STORE_CTX_get1_issuer while holding the lock because those
functions internally expect to take the lock. (X509_STORE_lock is
another such API which is not safe to export as public API.)

Rather than leave all this to the caller to figure out, the API should
have returned a shallow copy of the list, refcounting the values. Then
it could be internally locked and the caller can freely inspect the
result without synchronization with the X509_STORE.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23224)
2024-01-15 16:29:54 +01:00
Akshat Maheshwari
441b3b7ba1 Fix grammar in documentation
CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23266)
2024-01-15 10:46:35 +01:00
Job Snijders
4e5bf93313 Add apps/x509 -set_issuer & -set_subject option to override issuer & subject
This changeset adds the counterpart to the '-subj' option to allow overriding
the Issuer. For consistency, the `-subj` option is aliased to `-set_subject`.

The issuer can be specified as following apps/openssl x509 -new -set_issuer
'/CN=example-nro-ta' -subj '/CN=2a7dd1d787d793e4c8af56e197d4eed92af6ba13' ...

This is useful in constructing specific test-cases or rechaining PKI trees

Joint work with George Michaelson (@geeohgeegeeoh)

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23257)
2024-01-15 10:40:01 +01:00
Hugo Landau
9eabb30ab4 QUIC RCIDM: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:16:27 +01:00
Neil Horman
7c1d533a51 Update Docs for EVP_MAC
For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated).  As such, document the fact that
re-initalization requires passing an IV parameter

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)
2024-01-11 11:12:10 +01:00
James Muir
ff7b32e1d7 doc: "digest" must be explicitly set with deterministic ECDSA/DSA
Fixes 

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23250)
2024-01-11 10:15:03 +01:00
Neil Horman
f3be536686 Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata()
It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values
when not provided in the param list to EVP_PKEY_fromdata.  Augment the
provider in ossl_rsa_fromdata to preform this generation iff:
a) At least p q n e and e are provided
b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1

Fixes 

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21875)
2024-01-09 12:03:32 +01:00
Matt Caswell
3348713ad3 Clarify the PKCS12 docs
Issue  asks a question about the meaning of the PKCS12
documentation. This PR attempts to clarify how friendlyName and localKeyID
are added to the PKCS12 structure.

Fixes 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23188)
2024-01-04 16:42:41 +00:00
Tomas Mraz
98d6016afe Make OPENSSL_sk_push return only 0 or 1
Most of the callers do not actually check for
the special -1 return condition because they do not
pass NULL to it. It is also extremely improbable that
any code depends on this -1 return value in this condition
so it can be safely changed to 0 return.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/22930)
2024-01-04 14:51:48 +01:00
rilysh
cf8fea86f7 provider-keymgmt.pod: fix typo
Fix a typo from asymmmetric to asymmetric

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23164)
2024-01-03 13:14:00 +01:00
slontis
f1f0731ddf Add missing documentation for X509_ATTRIBUTE related functions.
Partial fix for 

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22656)
2024-01-03 12:50:54 +01:00
Neil Horman
94be985cbc gate calling of evp_method_id on having a non-zero name id
If a name is passed to EVP_<OBJ>_fetch of the form:
name1:name2:name3

The names are parsed on the separator ':' and added to the store, but
during the lookup in inner_evp_generic_fetch, the subsequent search of
the store uses the full name1:name2:name3 string, which fails lookup,
and causes subsequent assertion failures in evp_method_id.

instead catch the failure in inner_evp_generic_fetch and return an error
code if the name_id against a colon separated list of names fails.  This
provides a graceful error return path without asserts, and leaves room
for a future feature in which such formatted names can be parsed and
searched for iteratively

Add a simple test to verify that providing a colon separated name
results in an error indicating an invalid lookup.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23110)
2024-01-01 12:57:59 -05:00
James Muir
aa3347ba9d doc: fix "the a" typos (and other things nearby)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/23068)
2023-12-29 11:43:20 +01:00
zengwei2000
1635d7a078 ddd-02-conn-nonblocking-threads.c: Fix the leak of conn
Signed-off-by: zengwei zengwei1@uniontech.com

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23115)
2023-12-29 11:39:16 +01:00
Dimitri Papadopoulos
7deb2b433a Fix typos found by codespell in man pages
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23131)
2023-12-29 10:13:01 +01:00
Dimitri Papadopoulos
164a541b93 Fix new typos found by codespell
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23133)
2023-12-29 10:12:05 +01:00
Neil Horman
9277ed0a4f Fix remaining provider config settings to be decisive in value
There is one remaining config setting for providers, soft_load, which is
enabled when provided in a config, regardless of its value.  Augment it
to require a decisive value 1/0, yes/no, on/off, true/false, as we've
recently done for the activate setting.

Also, since it wasn't previously documented, add docs for it.

Fixes 

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23111)
2023-12-27 09:32:48 +01:00
Neil Horman
62457fd941 Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT
The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and
OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider,
and the former causes a segfault when the provider attempts to call
EVP_MAC_init on an EVP_MAC object that has been instructed not to be
initalized (as the update function will not have been set in the MAC
object, which is unilaterally called from EVP_MAC_init

Remove the tests for the above flags, and document them as being
deprecated and ignored.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23054)
2023-12-26 10:36:00 -05:00
Tomas Mraz
8f0f814d79 AES: Document that the XTS, SIV, WRAP modes do not support streaming
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23028)
2023-12-22 13:42:28 +01:00
Tomas Mraz
e2f9c2dd37 SM4: Document that the XTS mode does not support streaming
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23028)
2023-12-22 13:42:28 +01:00
Matt Caswell
2462e431ff Improve the documentation on TLS record compression
TLS record compression is off by default. Even if you switch it on, it
cannot be used at security level 2 which is the default in OpenSSL 3.2 and
above. Update the docs to point this out.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23104)
2023-12-22 09:00:19 +00:00
Dr. David von Oheimb
bedffe1731 crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-21 23:06:42 +01:00
Rajeev Ranjan
192bfec487 crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-21 22:53:35 +01:00
Neil Horman
506ff20662 Make the activate setting more intuitive
Currently, a provider is activated from our config file using the
activate parameter.  However, the presence of the config parameter is
sufficient to trigger activation, leading to a counterintuitive
situation in which setting "activate = 0" still activates the provider

Make activation more intuitive by requiring that activate be set to one
of yes|true|1 to trigger activation.  Any other value, as well as
omitting the parameter entirely, prevents activation (and also maintains
backward compatibility.

It seems a bit heavyweight to create a test specifically to validate the
plurality of these settings.  Instead, modify the exiting openssl config
files in the test directory to use variants of these settings, and
augment the default.cnf file to include a provider section that is
explicitly disabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22906)
2023-12-21 09:22:40 -05:00
Hugo Landau
f41ab29c78 QUIC: Add more glossary entries
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
2023-12-21 08:12:06 +00:00
Hugo Landau
b71046b4a4 Minor updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
2023-12-21 08:12:06 +00:00
Hugo Landau
5304d56335 ERR: Add ERR_pop()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
2023-12-21 08:12:06 +00:00
Dr. David von Oheimb
cb03eef1a6 openssl-cmp.pod.in: fix grammar glitch
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
2023-12-19 13:07:19 +01:00
Dr. David von Oheimb
0739dd0022 CMP app: make -geninfo option accept multiple ITAVs and support string values besides integers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
2023-12-19 13:07:19 +01:00
Dr. David von Oheimb
7c6577ba9f CMP lib and app: add optional certProfile request message header and respective -profile option
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
2023-12-19 13:07:19 +01:00
Hugo Landau
75caab2718 LHASH: Document down_load functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22981)
2023-12-13 15:26:59 +00:00
Hugo Landau
ec7e89026b LHASH: Fix documentation for doall-delete hazards
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22981)
2023-12-13 15:26:59 +00:00
James Muir
7f4bf18573 doc: fix list display in man page
"=over 1" is too small.  Use "=over 2" so that list items are
displayed correctly in the generated man-page.

You can check the man-page using the following command:

  cd doc && pod2man man3/OSSL_PARAM_int.pod | man /dev/stdin

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22974)
2023-12-13 11:03:55 +01:00
slontis
f02d33118b Removed extra spaces in documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22968)
2023-12-12 20:00:05 +01:00
Dr. David von Oheimb
a149e8e108 provider-storemgmt.pod: fix nits (unclosed '<' around name)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22942)
2023-12-12 19:52:02 +01:00
Matthias St. Pierre
6ebdbba76a doc: improve documentation of EVP in-place encryption
The EVP interface explicitly allows in-place encryption/decryption,
but this fact is just 'partially' documented in `EVP_EncryptUpdate(3)`
(pun intended): the manual page mentions only operation failure in
case of 'partial' overlaps. This is not even correct, because
the check for partially overlapping buffers is only implemented
in legacy code paths.

Currently, in-place encryption/decryption is only documented for
RSA (`RSA_public_encrypt(3)`) and DES (`DES_ecb_encrypt(3)`), as
well as in the provider interface (`provider-cipher(7)`).

This commit amends `EVP_EncryptUpdate(3)` and `provider-cipher(7)`
to make the front-end and back-end documentation consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22875)
2023-12-12 10:40:56 +01:00
Hugo Landau
cd4edeb2f7 QUIC GLOSSARY: Add ODCID
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
11841571ff QUIC: Update glossary to add LCID/RCID concepts
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
James Muir
8da20b30da doc: improve display of KECCAK-KMAC128, KECCAK-KMAC256 defs
Do not allow mid-expression line breaks.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22814)
2023-12-04 09:33:25 +01:00
James Muir
c89b553bdc rsa-doc: fix typo
"d_i in RFC8017" -> "d_i" in RFC8017

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22868)
2023-12-01 10:31:37 +01:00
Sean Bright
db04cf25f3 doc: Minor typo in SSL_CTX_set_tmp_dh_callback docs.
well know -> well known

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22778)
2023-11-30 18:46:48 +01:00
Jamie Cui
58d926213f Fix EVP_RAND-SEED-SRC documentation example
Fixes 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22857)
2023-11-30 12:33:17 +01:00
Markus Minichmayr
dfc836c346 PreferNoDHEKEX changelog and history anticipating inclusion in OpenSSL version 3.3.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
2023-11-24 15:08:04 +00:00
Markus Minichmayr
55d894bbfb Document SSL_OP_PREFER_NO_DHE_KEX option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
2023-11-24 15:08:04 +00:00
Hugo Landau
1468247b7a QUIC SRTM: Amend glossary
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
2023-11-23 14:46:01 +00:00
James Muir
1750689767 doc: fix description of mac "block-size" parameter
The macro for "block-size" is OSSL_MAC_PARAM_BLOCK_SIZE, and this
parameter is not settable.  Refer to the "customization string" rather
than the "custom value" (in the Blake2 spec, this is called the
personalization string).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22763)
2023-11-22 10:51:10 +01:00
James Muir
f1bea887ef doc: better description of KECCAK-KMAC XOF
KECCAK-KMAC-128 and KECCAK-KMAC-256 are extendable output functions
that have been defined because they are convenient for implementing
KMAC.  Give definitions for them so that users aren't left to figure
that out themselves.  KECCAK-KMAC-128 is very similar to SHAKE-128,
and KECCAK-KMAC-256 is very similar to SHAKE-256.

Related to .

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22755)
2023-11-22 10:47:05 +01:00
Matt Caswell
ae14f38cc9 Update the provider documentation
Make the documentation match reality. Add lots of missing algorithms.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22694)
2023-11-22 10:43:37 +01:00
James Muir
339e5cb0be Update OpenSSL logos
Add two new files

  doc/images/openssl-square.svg
  doc/images/openssl-square-nontransparent.png

and update the existing file

  doc/images/openssl.svg

The "square" versions of the logo write "Open" and "SSL" on separate
lines, so that less horizontal space is used.

The png file (nontransparent, white background) can be used to update
the profile picture for the OpenSSL organization on GitHub.

For the existing logo, openssl.svg, the subtitle "Cryptography and
SSL/TLS Toolkit" has been dropped and the text-elements have been
converted to paths (so they are no longer dependent on what fonts the
renderer provides).

The svg files were provided by Anton A.

Part of https://github.com/openssl/project/issues/262

Reviewed-by: Anton Arapov <anton@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22626)
2023-11-22 10:35:58 +01:00
Neil Horman
5091aadc22 augment quic demos to support ipv4/6 connections
Because the quicserver utility supports expressly listening in ipv4/6
mode, its possible/likely that the server will listen on an ipv4
address, while the clients will connect via ipv6, leading to connection
failures.

Augment quic demo clients to afford them the same -6 option that the
server has so that connection family can be co-ordinated

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22577)
2023-11-21 13:01:54 +01:00
Neil Horman
ae9fe65d9f Augment rand argument parsing to allow scaling
Instead of just accepting a number of bytes, allows openssl rand to
accept a k|m|g suffix to scale to kbytes/mbytes/gbytes

Fixes 

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22624)
2023-11-13 12:21:34 +01:00
Tomas Mraz
66c27d06e0 Properly limit the variable output size for BLAKE2
The upper limit of the output size is the default output size of
the respective algorithm variants.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22659)
2023-11-13 12:13:17 +01:00
slontis
5366490822 Add EVP_DigestSqueeze() API.
Fixes 

This allows SHAKE to squeeze multiple times with different output sizes.

The existing EVP_DigestFinalXOF() API has been left as a one shot
operation. A similar interface is used by another toolkit.

The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. This involves changing the
assembler code so that it passes a boolean to indicate whether
the Keccak function should be called on entry.
At the provider level, the squeeze is buffered, so that it only requests
a multiple of the blocksize when SHA3_Squeeze() is called. On the first
call the value is zero, on subsequent calls the value passed is 1.

This PR is derived from the excellent work done by @nmathewson in
https://github.com/openssl/openssl/pull/7921

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21511)
2023-11-10 13:27:00 +01:00
наб
79665922cb Document BLAKE2's variable size
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)
2023-11-08 09:43:10 +01:00
Dmitry Belyavskiy
1c6a379754 Use proper KDF SS parameter name
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22636)
2023-11-06 10:54:22 +01:00
Michael Hinz
56d1ab3b6c Fix documentation regarding KMAC sizes
As per recommendation by jfinkhaeuser, this documents the defaults for
KMAC-128 as 32 and for KMAC-256 as 64. The code already accomodates for
these values, so no changes are needed there.

Fixes 

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22614)
2023-11-06 07:48:11 +00:00