X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)
Richard Levitte [Mon, 22 Aug 2022 16:40:54 +0000 (18:40 +0200)]
util/wrap.pl.in: If the subprocess died with a signal, let's re-signal it
A simple 'kill' of the same signal on our own process should do it.
This will allow the shell that this is running under to catch it
properly, and output something if it usually does that.
Fixes #19041
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19042)
Matt Caswell [Tue, 23 Aug 2022 13:45:32 +0000 (14:45 +0100)]
Fix the return type for the rlayer_skip_early_data callback
There was a copy & paste error in the definition of the
rlayer_skip_early_data callback. The return type is supposed to
be "int" but it was defined as a pointer type. This was causing
test failures on some platforms.
Fixes #19037
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19048)
OSSL_HTTP_REQ_CTX_nbio: add support for partial content-type string matching
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18675)
app_http_tls_cb() and tls_error_hint(): code cleanup
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18675)
Makefile: Generate crypto objects only as far as needed
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15224)
Makefile: Call mknum.pl on 'make ordinals' only if needed
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15224)
...because it uses md5 for HMAC tests. Skip md5 in case of its
unavailability.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17331)
Todd Short [Mon, 22 Aug 2022 18:12:50 +0000 (14:12 -0400)]
Fix doc-nits
PR #19031 updated options that that were listed as commands, these
options were already in openssl-list.pod.in, so they are redundant
in openssl.pod.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19044)
Tianjia Zhang [Mon, 30 Aug 2021 07:34:06 +0000 (15:34 +0800)]
evp: Use functions instead of direct structure field references
AES and chacha20poly1305 also have some codes that directly reference
the fields in the EVP_CIPHER_CTX structure, such as 'ctx->buf' and
'ctx->encrypt', in order to make the code style uniform, use the
corresponding interface API instead of direct field references.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16465)
Tianjia Zhang [Mon, 30 Aug 2021 06:28:07 +0000 (14:28 +0800)]
evp: Simplify ARIA aead cipher definition
Remove fixed macro variables, only keep the cipher mode name and
key length.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16465)
Piotr Kubaj [Fri, 29 Jul 2022 10:47:29 +0000 (12:47 +0200)]
Add BSD-armv4 target based on linux-armv4
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18910)
Todd Short [Thu, 18 Aug 2022 15:05:43 +0000 (11:05 -0400)]
Update gitignore
Add test/timing_load_creds
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19021)
Pauli [Mon, 15 Aug 2022 04:49:17 +0000 (14:49 +1000)]
Limit the size of various MAXCHUNK definitions
The current code has issues when sizeof(long) <> sizeof(size_t). The two
types are assumed to be interchangeable and them being different will
cause crashes and endless loops.
This fix limits the maximum chunk size for many of the symmetric ciphers
to 2^30 bytes. This chunk size limits the amount of data that will
be encrypted/decrypted in one lump. The code internally handles block
of data later than the chunk limit, so this will present no difference
to the caller. Any loss of efficiency due to limiting the chunking to
1Gbyte rather than more should be insignificant.
Matt Caswell [Wed, 27 Jul 2022 13:44:28 +0000 (14:44 +0100)]
Rename DTLS1_BITMAP to DTLS_BITMAP
The 1 in DTLS1 is confusing and is removed. We also tweak the structure
to always be able to track 64 packets regardless of whether we are on a
32 bit or 64 bit system.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Tue, 26 Jul 2022 11:44:28 +0000 (12:44 +0100)]
Update the tls13encryptiontest for new read record layer
The tls13encryption is an internal test that reaches inside libssl
to test encryption/decryption of records. It needs to be amended for the
new code structure so that it is testing the equivalent things as before.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Fri, 22 Jul 2022 14:38:26 +0000 (15:38 +0100)]
Implement a human readable state function for the record layer
This allows querying of the record layer to get a human readable state
string out. This resolves two outstanding TODO comments and enables us
to remove the rstate variable from s->rlayer.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Fri, 22 Jul 2022 13:23:25 +0000 (14:23 +0100)]
Remove a redundant TODO
If read_ahead data is left over when a record layer closes down, there is
already code present to push into the "next" BIO. So the TODO removed here
is no longer relevant.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Wed, 20 Jul 2022 14:15:32 +0000 (15:15 +0100)]
Resolve a TODO(RECLAYER) in the SSLv3 code
We remove some code outside of the record layer which is no longer
relevant since its functions are now performed by the new record layer
code. This removes a TODO(RECLAYER) as a result.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Tue, 19 Jul 2022 14:49:51 +0000 (15:49 +0100)]
Remove some unnecessary function pointers from OSSL_RECORD_METHOD
We had some temporary function pointers in OSSL_RECORD_METHOD which were
only necessary during the process of refactoring the read record layer.
These are no longer required so can be removed.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Fri, 24 Jun 2022 15:32:06 +0000 (16:32 +0100)]
Push unprocessed DTLS records from one record layer object to next
We add unprocessed DTLS records to the unprocessed record queue. When
the record layer closes down we write the unprocessed records to the
next record layer object.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Wed, 25 May 2022 16:19:33 +0000 (17:19 +0100)]
Remove the separation betweeen enc_read_ctx and enc_write_ctx
Similarly with read_hash and write_hash. In the new model we have a
separate record layer object for reading and writing. Therefore we don't
need to distinguish between reading and writing inside the record layer
object in the encryption and md ctxs.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Wed, 25 May 2022 15:41:30 +0000 (16:41 +0100)]
Use a record layer specific message callback
Don't use the message callback from the SSL object. Instead we use a
wrapper callback so that the record layer does not need to be aware of the
SSL object.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Wed, 18 May 2022 14:26:04 +0000 (15:26 +0100)]
Disallow SSL2_VERSION record version in an SSLv3 record header
When validate_record_header() gets called it should be able to rely on
the fact that an SSLv2 record version means that the record was received in
SSLv2 format.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Tue, 17 May 2022 15:16:40 +0000 (16:16 +0100)]
Add support for moving data from one epoch to the next
Sometimes data read by a record layer in one epoch is actually intended for
the next epoch. For example in a TLS with read_ahead, the read_ahead data
could contain a KeyUpdate message followed by application data encrypted
with new keys. Therefore we implement a mechanism for passing this data
across the epochs.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Mon, 11 Apr 2022 13:37:16 +0000 (14:37 +0100)]
Add a DTLSv1_listen() test
Add a test to ensure that a connection started via DTLSv1_listen() can
be completed through to handshake success. Previous DTLSv1_listen()
testing only tested the function itself and did not confirm that a
connection can actually be achieved using it.
This is important to test some codepaths being affected by the record layer
refactor.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Matt Caswell [Thu, 7 Apr 2022 16:35:36 +0000 (17:35 +0100)]
Transfer the functionality from ssl3_read_n to the new record layer
This transfers the low level function ssl3_read_n to the new record layer.
We temporarily make the read_n function a top level record layer function.
Eventually, in later commits in this refactor, we will remove it as a top
level function and it will just be called from read_record.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Lutz Jaenicke [Wed, 15 Jun 2022 17:01:43 +0000 (19:01 +0200)]
cms: Create test for for purpose verification in cms application
The tests only cover the correct handling of the codesigning purpose in the certificates
in the context of the cms command line tool.
The interpretation of the certificate purpose is tested in the context of the "verify"
app. The correct handling of the cms objects is tested by other tests in 80-test_cms.t.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)
Lutz Jaenicke [Thu, 14 Oct 2021 13:24:18 +0000 (15:24 +0200)]
X509: Add "code sign" as purpose for verification of certificates
Code signing certificates have other properties as for example described in
CA Browser Forum documents. This leads to "unsupported certificate purpose" errors when
verifying signed objects.
This patch adds the purpose "codesign" to the table in X.509 certificate verification and
the verification parameter "code_sign" to X509_VERIFY_PARAM.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)