Add failed entropy continuous test error

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/opens

Add failed entropy continuous test error

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)

show more ...

Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2()

In this mode, only the ph instances are supported, and must be set
explicitly through a parameter. The caller is assu

Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2()

In this mode, only the ph instances are supported, and must be set
explicitly through a parameter. The caller is assumed to pass a
prehash to EVP_PKEY_{sign,verify}().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24975)

show more ...

Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions

Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448
implementations, including ph and ctx var

Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions

Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448
implementations, including ph and ctx variants.

Tests are added with test_evp stanzas.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24975)

show more ...

feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor()

EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can
be used instead of EVP_

feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor()

EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can
be used instead of EVP_CIPHER_asn1_to_param() and EVP_CIPHER_param_to_asn1().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)

show more ...

Use the new hashtable for core_namemap

This replaces LHASH in core_namemap with the new hashtable and adds
a reverse mapping in form of stack of stacks instead of iterating
the exist

Use the new hashtable for core_namemap

This replaces LHASH in core_namemap with the new hashtable and adds
a reverse mapping in form of stack of stacks instead of iterating
the existing hash table members.

The new hashtable is used in lockless-read mode.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24504)

show more ...

Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites

(in the code, "sigalg" is used to refer to these composite algorithms,
which is a nod to libcrypto and libssl, wh

Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites

(in the code, "sigalg" is used to refer to these composite algorithms,
which is a nod to libcrypto and libssl, where that term is commonly used
for composite algorithms)

To make this implementation possible, wrappers were added around the hash
function itself, allowing the use of existing hash implementations through
their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch
of hash implementations when the digest_sign / digest_verify functionality
is used. This wrapper allows implementing the RSA+hash composites through
simple initializer function and a custom OSSL_DISPATCH table for each.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23416)

show more ...

Implement functionality for direct use of composite signature algorithms

The following API groups are extended with a new init function, as well
as an update and final function, to allow

Implement functionality for direct use of composite signature algorithms

The following API groups are extended with a new init function, as well
as an update and final function, to allow the use of explicitly fetched
signature implementations for any composite signature algorithm, like
"sha1WithRSAEncryption":

- EVP_PKEY_sign
- EVP_PKEY_verify
- EVP_PKEY_verify_recover

To support this, providers are required to add a few new functions, not
the least one that declares what key types an signature implementation
supports.

While at this, the validity check in evp_signature_from_algorithm() is
also refactored; the SIGNATURE provider functionality is too complex for
counters. It's better, or at least more readable, to check function
combinations.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23416)

show more ...

Add FIPS Indicator for ECDH cofactor.

FIPS KAS requires use of ECC CDH.

The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key w

Add FIPS Indicator for ECDH cofactor.

FIPS KAS requires use of ECC CDH.

The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key when deriving the shared secret.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25139)

show more ...

Check that a supported_versions extension is present in an HRR

If an HRR is sent then it MUST contain supported_versions according to the
RFC. We were sanity checking any supported_versi

Check that a supported_versions extension is present in an HRR

If an HRR is sent then it MUST contain supported_versions according to the
RFC. We were sanity checking any supported_versions extension that was sent
but failed to verify that it was actually present.

Fixes #25041

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25068)

show more ...

Add Version Check for CSR Verification

Fixes #5738: This change introduces a check for the version number of a CSR document before its signature is verified. If the version number is not 1 (

Add Version Check for CSR Verification

Fixes #5738: This change introduces a check for the version number of a CSR document before its signature is verified. If the version number is not 1 (encoded as zero), the verification function fails with an `X509_R_UNSUPPORTED_VERSION` error.

To minimize impact, this check is only applied when verifying a certificate signing request using the `-verify` argument, resulting in a `X509_REQ_verify` call. This ensures that malformed certificate requests are rejected by a certification authority, enhancing security and preventing potential issues.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24677)

show more ...

CMP: add support for requesting cert template using genm/genp

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from ht

CMP: add support for requesting cert template using genm/genp

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24409)

show more ...

Add reason codes with the correct offset for two alerts

Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and
SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct looku

Add reason codes with the correct offset for two alerts

Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and
SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the
corresponding reason strings.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24351)

show more ...

Make conf_diagnostics apply also to the SSL conf errors

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/opens

Make conf_diagnostics apply also to the SSL conf errors

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)

show more ...

CMP: add support for genm with crlStatusList and genp with crls

Introduce the capability to retrieve and update Certificate Revocation Lists
(CRLs) in the CMP client, as specified in sec

CMP: add support for genm with crlStatusList and genp with crls

Introduce the capability to retrieve and update Certificate Revocation Lists
(CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483.

To request a CRL update, the CMP client can send a genm message with the
option -infotype crlStatusList. The server will respond with a genp message
containing the updated CRL, using the -infoType id-it-crls. The client can
then save the CRL in a specified file using the -crlout parameter.

Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23768)

show more ...

Limit the number of http headers when receiving the http response

Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http cli

Limit the number of http headers when receiving the http response

Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http client library indicates
HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use
OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default.
Setting limit to 0 implies no limit (current behavior).

Fixes #22264

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23781)

show more ...

cmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged

cmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21660)

show more ...

Add appropriate lower bound checks for GeneralizedTime and UTCTime

ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTi

Add appropriate lower bound checks for GeneralizedTime and UTCTime

ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.

Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)

show more ...

make update

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)

QUIC: Add polling API

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)

Fix error code collision

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from http

Fix error code collision

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)

show more ...

QUIC: Add new error codes for tuning API

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(

QUIC: Add new error codes for tuning API

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)

show more ...

QUIC APL: Implement optimised FIN API

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

QUIC APL: Implement optimised FIN API

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)

show more ...

Fix reason value collision for CMP_R_UNEXPECTED_SENDER

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/o

Fix reason value collision for CMP_R_UNEXPECTED_SENDER

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23323)

show more ...

ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Revi

ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)

show more ...

crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed

crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)

show more ...