git.ipfire.org Git - thirdparty/openssl.git/log

crypto/threads_lock_contention: factor out obtaining the stack traces data pointer

It also drops the premature initalisation of it in
ossl_init_rwlock_contention_data(), deferring it to on-demand one
in ossl_rwlock_{rd,wr}lock(), which seems to shave some of the incurred
overhead:

    [Before]
    ~/dev/perftools/source$ ./evp_fetch 100
    Average time per fetch call: 16.944004us
    ~/dev/perftools/source$ ./evp_fetch 200
    Average time per fetch call: 26.325767us

    [After]
    ~/dev/perftools/source$ ./evp_fetch 100
    Average time per fetch call: 13.079795us
    ~/dev/perftools/source$ ./evp_fetch 200
    Average time per fetch call: 23.420235us

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27983)

crypto/threads_lock_contention: condition file suffix on FIPS_MODULE and not fopen() call

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27983)

crypto/threads_lock_contention: typo: s/stack_info/stack_traces/ in ossl_init_rwlock_contention_data

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27983)

crypto/threads_lock_contention: Remove duplicating code

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27983)

Factor out the lock contention reporting facility implementation

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27983)

.github/workflows/run_quic_interop.yml: remove superfluous docker-compose.yml patching

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28179)

bn: save space in bn_mont_ctx_st by reordering elements

# pahole -C bn_mont_ctx_st ./crypto/bn/libcrypto-shlib-bn_mont.o

struct bn_mont_ctx_st {
         int                        ri;                   /*     0     4 */

         /* XXX 4 bytes hole, try to pack */

         BIGNUM                     RR;                   /*     8    24 */
         BIGNUM                     N;                    /*    32    24 */
         BIGNUM                     Ni;                   /*    56    24 */
         /* --- cacheline 1 boundary (64 bytes) was 16 bytes ago --- */
         long unsigned int          n0[2];                /*    80    16 */
         int                        flags;                /*    96     4 */

         /* size: 104, cachelines: 2, members: 6 */
         /* sum members: 96, holes: 1, sum holes: 4 */
         /* padding: 4 */
         /* last cacheline: 40 bytes */
};

# pahole -C bn_mont_ctx_st ./crypto/bn/libcrypto-shlib-bn_mont.o

struct bn_mont_ctx_st {
         BIGNUM                     RR;                   /*     0    24 */
         BIGNUM                     N;                    /*    24    24 */
         BIGNUM                     Ni;                   /*    48    24 */
         /* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */
         long unsigned int          n0[2];                /*    72    16 */
         int                        ri;                   /*    88     4 */
         int                        flags;                /*    92     4 */

         /* size: 96, cachelines: 2, members: 6 */
         /* last cacheline: 32 bytes */
};

8 bytes were saved.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28185)

Add mdebug config for coveralls on master branch

enable mdebug on coveralls for the master branch so that, when testing
we run our memory failure tests and pick up the extra test coverage

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28078)

Add a daily memory allocation failure test

nightly, run the memory allocation failure test.

We build with asan enabled to log memory leaks and other issues

Note the test is designed to pass even if the test fails, as currently
(perhaps not suprisingly), several error paths result in asan errors.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28078)

add a handshake memory failure test

We would like to be able to test our memory failure paths, but forcing
malloc to return NULL at certain points in time.

This test does that, by running a sepcific workload n+1 time. In this
case the workload is a simple ssl handshake.

We run 1 test which sets our malloc wrapper into record mode, in which
it just acts as a pass through to the system malloc call and records the
number of times it was called.

Then we run a second test, which does the same handshake N times, where
N is the number of times malloc was called in the previous test. For
each iteration in i=0..N we fail the ith malloc operation.

We don't check for functional failures in the second test (as we expect
failures), we just want to make sure that (a) we don't crash and (b)
asan doesn't report any errors.

Currently, we get _lots_ of asan failures, but we can use this test to
log issues for that and fix those up.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28078)

ssl/quic/quic_channel.c: Fix endianness of supported versions from received version negotiation packets

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28169)

ssl/quic/quic_port.c: Fix endianness of supported versions in sent version negotiation packets

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28169)

Improve english in endian comment

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28167)

Eliminate indentation tabs from *.c and *.h files

While the majority of the sites assumed 8-wide tabs, at least engines/e_capi.c
assumed 4-wide; in any case it is better to just follow the code style guide
and eliminate them altogether. Some addition changes (namely, curly
brackets in apps/crl.c and apps/req.c, and additional whitespace changes
in apps/s_client.c and test/provider_pkey_test.c) are made to placate
check-format-commit.sh.

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28162)

util/perl/OpenSSL/Test.pm: consistently use 4 spaces for indentation

While the majority of the file uses 4 spaces for indentation, some parts
contain 8-wide tabs. Use the spaces for indentation consistently
throughout the file.

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28162)

shake: update to use generated param decoders

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28151)

blake2: update to use generated param decoders

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28151)

blake2: rename files for generated param decoding

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28151)

sha3: rename files for generated param decoding

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28151)

argon2: avoid searching for "size" parameter

Remember where the size was in the parameter array instead.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28146)

skey: update build infrastructure for generate param name parsing

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28144)

skey: convert generic SKEY to use generated param parser

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28144)

Revert "Pairwise check for DH keys import as part of FIPS"

Not needed anymore. It's handled in the 'ec (fips): add PCT for key import'

This reverts commit e08b83cbb3b853ae9dc364c32d927405172918ac.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

dh: add extra argument to ossl_dh_check_pairwise

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

dh: add FIPS 140-3 PCT on key import.

This is mandated by FIPS 140-3 IG 10.3.A additional comment 1

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

fips: add DH PCT name

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

changes: add note about PCT on key import to the FIPS provider

This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

rsa (fips): add PCT for key import

FIPS 140-3 IG 10.3.A additional comment 1 mandates a PCT on key import.

Fixes #26572

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

ec (fips): add PCT for key import

FIPS 140-3 IG 10.3.A additional comment 1 mandates a PCT on key import.

Fixes #26572

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

ecx (fips): add PCT for key import

FIPS 140-3 IG 10.3.A additional comment 1 mandates a PCT on key import.

Fixes #26572

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

rsa: expose pairwise consistency test API

This is only used by the FIPS provider as part of importing keys. At least
at the moment.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

apps/asn1parse.c: correct help text order for -genstr option

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28123)

pbkdf2: remove second compiled file

The main source file now depends on FIPS_MODULE so there is no need to have
a second file with a fips flag defined.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

macsig: call updated ossl_prov_set_macctx function

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: emit an error if a parameter array overflows

This is in addition to returning an error code.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: revert error checking when params are duplicated

This is to avoid a change of behaviour even though it is a result of user
error. When params are duplicated, all but the first are ignored and no
error is returned.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

hkdf: changes to incorporate the fixed digest HkDF flavours

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

kdf: use generated param name alias handling

secret or key is the common one but ukm and partyu-info are also aliases for
the X9.42 KDF.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: allow param name aliases

We allowed multiple names for the same parameter in a number of places.
This is best dealt with in the generated code.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

tls1-prf: process multiple seed parameters with a single realloc call

The old code did a realloc for each such parameter which is inefficient
because they are most often passed in in pentuples.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

paramnames: factor out common code after successful match

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

kdfs: make the 'engine' parameter hidden

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: add support for 'hidden' parameters

These are in the name decoder and structure but do not appear in the parameter
listing.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

hmacdrbg_kdf: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

hmacdrbg_kdf: update build infrastructure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

hmacdrbg_kdf: rename C file for conversion to generated param name decoding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

evp_kdf_test: skip "engine" parameters when checking for updatability.

The code already skips "properties" and "engines" behaves the same.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

argon2: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

argon2: update build infrastructure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

argon2: rename C file for conversion to generated param name decoding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

krb5kdf: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

krb5kdf: update build infrastructure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

krb5kdf: rename C file for conversion to generated param name decoding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pbkdf1: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pbkdf1: update build infrastructure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pbkdf1: rename C file for conversion to generated param name decoding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pkcs12kdf: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pkcs12kdf: update build infrastructure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pkcs12kdf: rename C file for conversion to generated param name decoding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

scrypt: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

scrypt: update build infrastructure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

scrypt: rename C file for conversion to generated param name decodering

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pbkdf2: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pbkdf2: build infrastructure changes

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pbkdf2: rename for autogeneration of param name parsing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

x9.42kdf: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

build infrastructure changes for X9.42 KDF

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

rename X9.42 KDF for autogeneration of param name parsing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

pvkkdf: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

sshkdf: convert to generated OSSL_PARAM parser

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

build infrastructure for PVK KDF

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

build infrastructure changes for SSH KDF

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

rename sshkdf for autogeneration of param name parsing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

tls1prf: update to use generated param decoders

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

kdf: remove max argument to the param concatenation helper

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

tls1_prf: update build infrastructure for generated param parsers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

rename tls1 PRF C file

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

kbkdf: conversion to use generated param parsers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

sskdf: conversion to use generated param parsers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

util: add helper functions that don't locate the parameters

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: add helper functions that don't locate the parameters

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

fips: update FIPS indicator functions so non-locating flavours are available

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

hkdf: conversion to use generated param parsers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

kdf: rename SSKDF and KBKDF for param parser generation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

hkdf: rename file for Perl processing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: update param parser generator script to support duplicated parameters

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

build infrastructure changes for KBKDF and SSKDF to use generated param parsers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

Update build infrastructure for generated hkdf.c file

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

test: seperate the integer and string fetches of the 'mode' parameter

The generated parameter parsers don't accept duplication of parameters so this
causes an error at runtime if not seperated.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: add additional error checking to generated param name parsers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: update generated decoder based implementations to handle return code

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

params: generated decoder functions return an error state on failure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)

CMS KEMRecipientInfo support requires HKDF with fixed digests

These are not present in FIPS providers <3.6.0.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28133)

Remove unnecessary OPENSSL_NO_RSA remnants

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28113)

fuzz/dtlsserver.c: Remove incorrect ifdef guard

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28102)

test_tlsext_status_type(): Avoid leaking of previously allocated data

Fixes Coverity 1659226, 1659224, 1659223

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28105)

Only report generic error if provider did not put an error on the error queue

Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.

However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.

To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.

Closes: https://github.com/openssl/openssl/issues/27992
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)

Make ERR_count_to_mark() available to providers via 'in' dispatch array

Functions like ERR_set_mark(), ERR_clear_last_mark(), and ERR_pop_to_mark()
are already passed to the a provider via the 'in' dispatch array of the
provider initialization function (although the documentation did not
mention them).

Also pass ERR_count_to_mark() to the provider the same way, and update
the documentation to mention all four functions.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)

Fix hanging of test_external_cf_quiche

The commit "Remove HARNESS_OSSL_PREFIX manipulation in the test harness"
forced all the output to be processed by the test harness, which means
that any process that keeps the stdout FD open prevents the run() call
from finishing, as was the case in the test_external_cf_quiche test that
ran quiche server in the background, but retaining the std{in,out,err}
descriptors. Avoid that by explicitly redirecting them to a log file.

Reported-by: Tomas Mraz <tomas@openssl.org>
Fixes: 70c05fcde53cf "Remove HARNESS_OSSL_PREFIX manipulation in the test harness"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28125)

Implement KEMRecipientInfo (RFC9629) in CMS

Also add support for ML-KEM in CMS (draft-ietf-lamps-cms-kyber).

Add the -recip_kdf and -recip_ukm parameters to `openssl cms -encrypt`
to allow the user to specify the KDF algorithm and optional user
keying material for each recipient.

A provider may indicate which RecipientInfo type is supported
for a key, otherwise CMS will try to figure it out itself. A
provider may also indicate which KDF to use in KEMRecipientInfo
if the user hasn't specified one.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27681)