Extend the new_record_layer function

Add the ability to pass the main secret and length, as well as the
digest used for the KDF.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Extend the new_record_layer function

Add the ability to pass the main secret and length, as well as the
digest used for the KDF.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Add support for setting a custom TLS Record Layer

This is just an internal API for now. Something like this will be made
public API at some point - but it is likely to be based on the pr

Add support for setting a custom TLS Record Layer

This is just an internal API for now. Something like this will be made
public API at some point - but it is likely to be based on the provider
interface rather that a direct setting of a METHOD like we do for now.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Remove an unneeded OSSL_RECORD_METHOD function

The reset() function was never called so it can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz

Remove an unneeded OSSL_RECORD_METHOD function

The reset() function was never called so it can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Move recordmethod.h to be an "internal" header

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/open

Move recordmethod.h to be an "internal" header

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Create the SSL object for QUIC-TLS

The "user" SSL object which represents the QUIC connection should have an
"inner" SSL object to represent the TLS connection.

Reviewed-by: Hug

Create the SSL object for QUIC-TLS

The "user" SSL object which represents the QUIC connection should have an
"inner" SSL object to represent the TLS connection.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by:

APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)

show more ...

apps/req.c: properly report parse errors by duplicated(); simplify the function

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by

apps/req.c: properly report parse errors by duplicated(); simplify the function

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)

show more ...

X509{,_CRL,_REVOKED}_{set,sign}*(): fix 'modified' field and return values

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dav

X509{,_CRL,_REVOKED}_{set,sign}*(): fix 'modified' field and return values

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)

show more ...

test: note that a default property query must be included for FIPS validity

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from ht

test: note that a default property query must be included for FIPS validity

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

show more ...

changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/op

changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

show more ...

Put X25519 and X448 back as approved algorithms

CMVP's answer when questioned about this being:

X448 and X25519 uses Curve448 and Curve25519, respectfully, within an
ECD

Put X25519 and X448 back as approved algorithms

CMVP's answer when questioned about this being:

X448 and X25519 uses Curve448 and Curve25519, respectfully, within an
ECDH scheme. Therefore, it is possible for a key agreement scheme
that uses Curve448 and Curve25519 to be used in the approved mode
and be viewed as an allowed algorithm if requirements of Scenario
X2 of IG D.8 and IG A.2 are met (or Scenario 3 of D.F and IG C.A for
FIPS 140-3). The use of EdDSA in the approved mode is not permitted
until FIPS 186-5 is published and part of CMVP guidance.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

show more ...

fips: document that the EdDSA algorithms are not-validated

Ed25519 and Ed448 are included in the FIPS 140-3 provider for
compatibility purposes but are flagged as "fips=no" to prevent th

fips: document that the EdDSA algorithms are not-validated

Ed25519 and Ed448 are included in the FIPS 140-3 provider for
compatibility purposes but are flagged as "fips=no" to prevent their accidental
use. This therefore requires that applications always specify the "fips=yes"
property query to enforce FIPS correctness.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

show more ...

OSSL_trace_set_channel(): add important statement that it takes BIO ownership

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from

OSSL_trace_set_channel(): add important statement that it takes BIO ownership

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)

show more ...

set_trace_data(): prevent double free on OPENSSL_strdup() failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://gith

set_trace_data(): prevent double free on OPENSSL_strdup() failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)

show more ...

Typos fixing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com

Typos fixing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20109)

show more ...

Fix windows builds

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://gith

Fix windows builds

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20109)

show more ...

CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*

RISC-V already has a couple of routines to accelerate cryptographic
calculations using ISA extensions. Let's add a cross-compi

CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*

RISC-V already has a couple of routines to accelerate cryptographic
calculations using ISA extensions. Let's add a cross-compile target
that allows the CI to test this code.

The new defined machine is a rv64gc machine with
* all Bitmanip extensions (Zb*)
* all Scalar Crypto extensions (Zk*)

This selection matches the supported RISC-V extensions in OpenSSL.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20107)

show more ...

CI: cross-compile: Allow to set CPU capabilities

The cross-compile CI tests use cross-compilers for building
and QEMU for testing. This implies that testing of ISA extension
for HW a

CI: cross-compile: Allow to set CPU capabilities

The cross-compile CI tests use cross-compilers for building
and QEMU for testing. This implies that testing of ISA extension
for HW accelerated cryptographic calculations is undefined
(it depends on arch-specific QEMU defaults and arch-specific
detection mechanisms in OpenSSL).

Let's add a mechanism to set two environment variables, that allow
to control the ISA extensions:
* QEMU_CPU: used by QEMU to specify CPU capabilities of the emulation
* OPENSSL_*: used by OpenSSL (on some architectures) to enable ISA
extensions.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20107)

show more ...

Fix corruption when searching for CRLs in hashed directories

The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been load

Fix corruption when searching for CRLs in hashed directories

The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been loaded for a given
X509_NAME hash which is being requested. This avoids loading already
loaded CRL files and repeated stat() calls.

This OPENSSL_STACK is searched using sk_find, however this mutates
the OPENSSL_STACK unless it is known to be sorted. This operation
therefore requires a write lock, which was not taken.

Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This
guarantees no mutation will occur during sk_find. This is chosen over
taking a write lock during sk_find as retrieving a CRL by X509_NAME is
assumed to be a hotter path than the case where a new CRL is installed.

Also optimise the code by avoiding creating the structure to track the
last CRL file sequence number in the circumstance where it would match
the initial value, namely where no CRL with the given hash is installed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20076)

show more ...

Add DTLS support to the large app data test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Add DTLS support to the large app data test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)

show more ...

Ensure our buffer allocation allows for the Explicit IV

Some ciphers/protocol versions have an explicit IV. We need to make sure we
have sufficient room for it in the underlying buffer.

Ensure our buffer allocation allows for the Explicit IV

Some ciphers/protocol versions have an explicit IV. We need to make sure we
have sufficient room for it in the underlying buffer.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)

show more ...

Add a test for large app data

Test that sending large app data records works correctly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Add a test for large app data

Test that sending large app data records works correctly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)

show more ...

MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>

MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20095)

show more ...

X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gma

X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)

show more ...

cmp_client.c: fix handling of total_timeout for RR and GENM transactions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David

cmp_client.c: fix handling of total_timeout for RR and GENM transactions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)

show more ...