summaryrefslogtreecommitdiff
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* RFC7250 (RPK) supportTodd Short2023-03-283-0/+19
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb2023-03-251-0/+1
| | | | | | | | | OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
* QUIC: Add support for datagram injectionHugo Landau2023-03-221-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20451)
* Fix how util/wrap.pl is used in OpenSSL::Util::fixup_cmd()Richard Levitte2023-03-081-19/+38
| | | | | | | | | The mechanism was pretty tentative and wasn't well tested for diverse situations. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20415)
* Fix util/wrap.pl.in for VMS usageRichard Levitte2023-03-084-71/+27
| | | | | | | | | | | In the name of consistency, make sure that this same script is used across more platforms, in this case VMS. This removes the need for util/local_shlib.com.in and util/unlocal_shlib.com.in, which were under-used anyway. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20415)
* Add "make help" optionTodd Short2023-03-061-0/+25
| | | | | | | | Based on kubernetes controller Makefile help. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20407)
* util/find-doc-nits: improve error diagnostics on missing man section numbers ↵Dr. David von Oheimb2023-02-241-6/+10
| | | | | | | | | in links Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20369)
* New function EC_GROUP_to_params to convert an EC_GROUP to an array of ↵Oliver Mihatsch2023-02-081-0/+1
| | | | | | | | | OSSL_PARAM. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20205)
* check-format.pl: fix statistics on whitespace and nesting issuesDr. David von Oheimb2023-02-081-3/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19796)
* check-format.pl: fix detection of '#ifdef __cplusplus'Dr. David von Oheimb2023-02-081-1/+1
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19796)
* check-format.pl: fix detection of function body startDr. David von Oheimb2023-02-081-3/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19796)
* Fix typo in Ordinals.pm from PR #14074Viktor Dukhovni2023-02-021-1/+1
| | | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20201)
* Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() codeTomas Mraz2023-01-271-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20012)
* QUIC Front End I/O API: Add support for signalling and detecting end-of-streamHugo Landau2023-01-271-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_exHugo Landau2023-01-271-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()Dr. David von Oheimb2023-01-261-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)
* Adding a separated build settings for BSD flavorsDavid Carlier2023-01-201-0/+3
| | | | | | | | | to avoid inheriting Linux's linker flags (ie -Wl,-z,defs) now targetting OpenBSD. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13393)
* PKCS12 - Add additional libctx and propq support.slontis2023-01-162-2/+3
| | | | | | | | | | | | | | | | | Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)
* QUIC API: Rename want_net_read and want_net_writeHugo Landau2023-01-131-2/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC CSM: Tweak docs for tick functions, add DTLSv1 docsHugo Landau2023-01-131-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC: make updateHugo Landau2023-01-132-0/+11
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey().Nikhil Bisht2023-01-101-2/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19962)
* Write SSL_R alerts to error state to keep updated stringsTomas Mraz2023-01-051-1/+1
| | | | | | Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19950)
* BIO_s_dgram: add documentation and hazard warningsHugo Landau2022-12-153-9/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19795)
* Move the description of the core types into their own pagesRichard Levitte2022-12-081-0/+5
| | | | | | | | | | This expands on some of the core type descriptions, and also makes it easier to find the documentation for each type, at least on Unix, with a simple call like "man OSSL_ALGORITHM". Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19842)
* Better sorting of util/other.symsRichard Levitte2022-12-081-5/+5
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19842)
* Fix treatment of BUILD_METADATARichard Levitte2022-12-081-0/+1
| | | | | | | | | | | | According to documentation [^1], the BUILD_METADATA from VERSION.dat should be prefixed with a plus sign when used. It is given this treatment in Configure, but not in all other scripts that use VERSION.dat directly. This change fixes that. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19815)
* Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests.Patrick Mills2022-12-061-0/+1
| | | | | | Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19752)
* QUIC Connection State Machine Design DocumentHugo Landau2022-12-031-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19452)
* Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.Stephen Farrell2022-11-251-0/+20
| | | | | | | | | | | | | | | | | | | | | | | This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172)
* add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() functionDr. David von Oheimb2022-11-251-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
* CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq()Dr. David von Oheimb2022-11-231-0/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19715)
* Improve FIPS RSA keygen performance.slontis2022-11-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | FIPS 186-4 has 5 different algorithms for key generation, and all of them rely on testing GCD(a,n) == 1 many times. Cachegrind was showing that during a RSA keygen operation, the function BN_gcd() was taking a considerable percentage of the total cycles. The default provider uses multiprime keygen, which seemed to be much faster. This is because it uses BN_mod_inverse() instead. For a 4096 bit key, the entropy of a key that was taking a long time to generate was recorded and fed back into subsequent runs. Roughly 40% of the cycle time was BN_gcd() with most of the remainder in the prime testing. Changing to use the inverse resulted in the cycle count being 96% in the prime testing. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19578)
* Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.slontis2022-11-181-37/+0
| | | | | | | | | Removed fields from missingcrypto.txt that are no longer missing. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19692)
* ParseC.pm: gracefully handle DOS-style end-of-line in source filesDr. David von Oheimb2022-11-181-1/+1
| | | | | | | | | | | | | | | When header files happen to have \r\n at line end, prevent hick-ups like: Unmatched parentheses at include/openssl/asn1.h line 520 make[1]: *** [Makefile:4757: util/libcrypto.num] Error 255 make[1]: *** Waiting for unfinished jobs.... make: *** [Makefile:3387: build_sw] Error 2 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19686)
* Rename SSL3_RECORD to TLS_RL_RECORDMatt Caswell2022-11-141-1/+1
| | | | | | | | | The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead of TLS_RECORD because that type already exists elsewhere. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Rename SSL3_BUFFER to TLS_BUFFERMatt Caswell2022-11-141-1/+1
| | | | | | | | The SSL3 prefix no longer seems appropriate. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Add zlib oneshot compressionTodd Short2022-11-071-0/+1
| | | | | | | | Fixes #19520 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19603)
* Add d2i_PUBKEY_ex_fp and d2i_PUBKEY_ex_bio.slontis2022-11-021-0/+2
| | | | | | | | | These functions pass a library content and prop query. The i2d documentation related to these functions has been corrected since the bio and fp functions always return 0 or 1. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18427)
* rand: add set0 calls for the private and public DRBGsPauli2022-11-021-0/+3
| | | | | | | | | | The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means the entropy needs to be cooked. This permits this. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
* Add support for compressed certificates (RFC8879)Todd Short2022-10-183-2/+18
| | | | | | | | | | * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Convert ZLIB defines to OPENSSL_NO_ZLIBTodd Short2022-10-181-1/+1
| | | | | | | | | Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB Make `BIO_f_zlib()` always available. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add ZSTD compression support (RFC8478bis)Todd Short2022-10-182-0/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add brotli compression support (RFC7924)Todd Short2022-10-183-10/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* crypto: add preemptive threading supportČestmír Kalina2022-10-171-0/+3
| | | | | | | | | | | | | | | | | | | | | Some primitives are designed to be used in a multi-threaded environment, if supported, e.g., Argon2. This patch adds support for preemptive threading and basic synchronization primitives for platforms compliant with POSIX threads or Windows CRT. Native functions are wrapped to provide a common (internal) API. Threading support can be disabled at compile time. If enabled, threading is disabled by default and needs to be explicitly enabled by the user. Thread enablement requires an explicit limit on the number of threads that OpenSSL may spawn (non-negative integer/infinity). The limit may be changed. Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12255)
* Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-122-2/+2
| | | | | | | | | | | | Partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* Align util/libcrypto.num with the openssl-3.0 branchRichard Levitte2022-10-101-2/+2
| | | | | | | | | | | OPENSSL_strcasecmp() and OPENSSL_strncasecmp() appeared in OpenSSL 3.0.3, and were assigned numbers in util/libcrypto.num. These numbers must be transported up to the master branch as long as development of OpenSSL 3.x is going on there (as indicated by the version info found in VERSION.dat). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19357)
* Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branchRichard Levitte2022-10-072-49/+49
| | | | | | | | | | 3.1 has been decided to be a FIPS 140-3 release, springing from the branch openssl-3.0, and the master branch to continue with the development of OpenSSL 3.2. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19350)
* Rename ossl_sleep() to OSSL_sleep() and make it publicRichard Levitte2022-10-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | ossl_sleep() was implemented as a static inline function in internal/e_os.h, using usleep() on Unix and Sleep() on Windows. So far well and good. However, it also has a fallback implementation for systems that do not have usleep() or Sleep(), and that implementation happens to use ossl_time_now(), which is a normal function, private to libcrypto, and is judged to be too complex to sanely make into a static inline function. This fallback creates a problem, because we do use ossl_sleep() in apps/ and a few test programs in test/, and when they are linked with libcrypto in shared library form, ossl_time_now() can't be found, since it's not publicly exposed. Something needs to give, and the easiest, and hopefully sanest answer is to make ossl_sleep() a publicly exposed function, which requires a slight name change. Documentation and 'make update' result included. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19330)
* Add {lib}_R_{lib}_LIB, for our engines and other "external" modulesRichard Levitte2022-10-051-1/+9
| | | | | | | | | | | | Engines lacked the possibility to refer to themselves in this form: WHATEVERerr(WHATEVER_F_SOMETHING, WHATEVER_R_WHATEVER_LIB); This little change makes that possible, and gets used in e_capi. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
View Lorry Controller Status