CMP lib and app: add optional certProfile request message header and respective -profile option
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
James Muir [Thu, 14 Dec 2023 19:14:37 +0000 (14:14 -0500)]
cms: avoid intermittent test failure
If you decrypt a random input using RSAES-PKCS-v1_5, then there is a
non-negligible chance that the result will look like a valid plaintext
(that is why RSAES-PKCS-v1_5 shouldn't be used anymore). This was the
cause of an intermittent failure in a test that did a cms-encrypt
operation targetting multiple recipients.
The failure happened during key-only decrypt. The recipient decrypts
every RSA ciphertext -- only one is supposed to decrypt successfully,
which would reveal the right content-key. Occassionally, more than
one decrypted successfully.
Update the test by specifying the recipient cert in the decrypt op
(this avoids looping over all RSA ciphertexts).
Add a new test to get coverage for key-only decrypt, but use RSA-OAEP
during the encrypt op.
Xi Ruoyao [Tue, 12 Dec 2023 19:36:48 +0000 (03:36 +0800)]
Define L_ENDIAN for linux64-loongarch64
In commit d7c0fc5b1a7b5cb2219f8d89a861f3879582fc16 we removed L_ENDIAN
definition for guessed linux64-loongarch64 as it had caused an
inconsistency between configurations with and without explicit
specifying linux64-loongarch64. Now add it back to the proper location.
Unlike MIPS or RISC-V, LoongArch is always little-endian [1].
By the way, change "LOONGARCH" to "LoongArch" in a comment as LOONGARCH
should only appear in the identifiers of macros, constants, etc.
Dmitry Kobets [Fri, 15 Dec 2023 04:12:43 +0000 (20:12 -0800)]
Fix instructions for running tests on Windows
In the command `nmake TEST='foo' test`, on Windows the runner
will look for test `'foo'` and complain about the test not being found
(due to the extraneous single quotes), whereas with `nmake TEST="foo" test`,
the test `foo` will be correctly found.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23059)
Neil Horman [Fri, 8 Dec 2023 20:41:51 +0000 (15:41 -0500)]
Avoid setting gen_type to -1 in dsa_gen_set_params
gh_gen_type_common_set_params looks up a dsa contexts gen_type using
name2id, but if it returns error, we inadvertently set gctx->gen_type to
-1, which is an invalid value, which may lead to improper behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
do_stuff
else {
do_other_stuff
}
Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.
Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value
In leiu of testing this specific case, also add an ossl_assert in dsa_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
Neil Horman [Fri, 8 Dec 2023 19:59:23 +0000 (14:59 -0500)]
Avoid setting gen_type to -1 in dh_gen_common_set_params
gh_gen_type_common_set_params looks up a dh contexts gen_type using
name2id, but if it returns error, we set gctx->gen_type to -1, which
is an invalid value, which may lead to undefined behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
do_stuff
else {
do_other_stuff
}
Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.
Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value
In leiu of testing this specific case, also add an ossl_assert in dh_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
CONTRIBUTING.md: add reference to util/check-format.pl and fix several nits
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22911)
Neil Horman [Tue, 5 Dec 2023 20:24:20 +0000 (15:24 -0500)]
Harden asn1 oid loader to invalid inputs
In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init
config_diagnostics = 1
[openssl_init]
oid_section = oids
[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======
The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space
correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)
Neil Horman [Tue, 5 Dec 2023 19:50:01 +0000 (14:50 -0500)]
Fix genstr/genconf option in asn1parse
At some point the asn1parse applet was changed to default the inform to
PEM, and defalt input file to stdin. Doing so broke the -genstr|conf options,
in that, before we attempt to generate an ASN1 block from the provided
genstr string, we attempt to read a PEM input from stdin. As a result,
this command:
openssl asn1parse -genstr OID:1.2.3.4
hangs because we are attempting a blocking read on stdin, waiting for
data that never arrives
Fix it by giving priority to genstr|genconf, such that, if set, will just run
do_generate on that string and exit
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)
Tomas Mraz [Mon, 11 Dec 2023 14:03:08 +0000 (15:03 +0100)]
pkcs12: Do not forcibly load the config file
This was added as part of commit e869c86 but later it
was made unnecessary by commit 21f7a09.
Fixes #22994
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23005)
fangming.fang [Thu, 7 Dec 2023 06:17:51 +0000 (06:17 +0000)]
Enable BTI feature for md5 on aarch64
Fixes: #22959 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22971)
slontis [Thu, 7 Dec 2023 00:54:34 +0000 (10:54 +1000)]
Removed extra spaces in documentation
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22968)
James Muir [Wed, 6 Dec 2023 21:49:11 +0000 (16:49 -0500)]
ossl-params: check length returned by strlen()
In param_build.c, the functions OSSL_PARAM_BLD_push_utf8_string() and
OSSL_PARAM_BLD_push_utf8_ptr() use strlen() to compute the length of
the string when bsize is zero. However, the size_t returned by
strlen() might be too large (it is stored in an intermediate "int"),
so check for that.
There are analogous functions in params.c, but they do not use an
intermediate "int" to store the size_t returned by strlen(). So there
is some inconsistency between the implementations.
Credit to Viktor D and Tomas M for spotting these missing checks.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22967)
Matt Caswell [Wed, 6 Dec 2023 12:51:34 +0000 (12:51 +0000)]
Add a test case for OSSL_HTTP_parse_url
Ensure we test the case where the port value is empty in the URL.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
Matt Caswell [Wed, 6 Dec 2023 11:51:01 +0000 (11:51 +0000)]
Fix some invalid use of sscanf
sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.
The instance in OSSL_HTTP_parse_url could cause an uninitialised read of
sizeof(unsigned int) bytes (typically 4). In many cases this uninit read
will immediately fail on the following check (i.e. if the read value
>65535).
If the top 2 bytes of a 4 byte unsigned int are zero then the value will
be <=65535 and the uninitialised value will be returned to the caller and
could represent arbitrary data on the application stack.
The OpenSSL security team has assessed this issue and consider it to be
a bug only (i.e. not a CVE).
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
Matt Caswell [Wed, 6 Dec 2023 11:09:53 +0000 (11:09 +0000)]
Avoid an infinite loop in BN_GF2m_mod_inv
If p is set to 1 when calling BN_GF2m_mod_inv then an infinite loop will
result. Calling this function set 1 when applications call this directly
is a non-sensical value - so this would be considered a bug in the caller.
It does not seem possible to cause OpenSSL internal callers of
BN_GF2m_mod_inv to call it with a value of 1.
So, for the above reasons, this is not considered a security issue.
Reported by Bing Shi.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)
Matt Caswell [Wed, 29 Nov 2023 11:45:12 +0000 (11:45 +0000)]
Don't attempt to set provider params on an ENGINE based cipher
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
This fix removes explicit support for the SPT threading model in configurations.
This also reverts commit f63e1b48ac893dd6110452e70ed08f191547cd89 that were
required for SPT but broke other models.
Fixes: #22798 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22807)
Bernd Edlinger [Sun, 10 Dec 2023 09:18:19 +0000 (10:18 +0100)]
Fix a possible memory leak in do_othername
Since the gen->type will not be set in a2i_GENERAL_NAME
the gen->d.otherName will not be automatically
cleaned up by GENERAL_NAME_free.
Also fixed a similar leak in a2i_GENERAL_NAME,
where ASN1_STRING_set may fail but gen->d.ia5
will not be automatically cleaned up.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22996)
doc: improve documentation of EVP in-place encryption
The EVP interface explicitly allows in-place encryption/decryption,
but this fact is just 'partially' documented in `EVP_EncryptUpdate(3)`
(pun intended): the manual page mentions only operation failure in
case of 'partial' overlaps. This is not even correct, because
the check for partially overlapping buffers is only implemented
in legacy code paths.
Currently, in-place encryption/decryption is only documented for
RSA (`RSA_public_encrypt(3)`) and DES (`DES_ecb_encrypt(3)`), as
well as in the provider interface (`provider-cipher(7)`).
This commit amends `EVP_EncryptUpdate(3)` and `provider-cipher(7)`
to make the front-end and back-end documentation consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22875)
Neil Horman [Tue, 28 Nov 2023 18:54:37 +0000 (13:54 -0500)]
Add overflow checks to parse_number/parse_hex/parse_oct
Test the next arithmetic operation to safely determine if adding the
next digit in the passed property string will overflow
Also, noted a bug in the parse_hex code. When parsing non-digit
characters (i.e. a-f and A-F), we do a tolower conversion (which is
fine), and then subtract 'a' to get the hex value from the ascii (which
is definately wrong). We should subtract 'W' to convert tolower
converted hex digits in the range a-f to their hex value counterparts
Add tests to test_property_parse_error to ensure overflow checks work
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22874)
Neil Horman [Thu, 30 Nov 2023 16:20:34 +0000 (11:20 -0500)]
Statically link legacy provider to evp_extra_test
Like in #17345, evp_extra_test links libcrypto statically, but also has
a dynamic/shared load via the legacy provider, which leads to ambiguous
behavior in evp_extra_test on some platforms, usually a crash (SIGSEGV)
on exit via the atexit handlers. Statically link the legacy provider to
avoid this.
Fixes #22819
Helped-by: Neil Horman <nhorman@openssl.org> Helped-by: Tomas Mraz <tomas@openssl.org> Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22905)
Tomas Mraz [Mon, 4 Dec 2023 17:01:28 +0000 (18:01 +0100)]
ossl_decoder_cache_flush(): Do not raise an error if there is no cache
This function can be called during OPENSSL_cleanup() when
the cache was already flushed and deallocated.
Fixes #22939
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22941)
Hugo Landau [Mon, 4 Dec 2023 17:02:39 +0000 (17:02 +0000)]
QUIC LCIDM: Minor updates in response to feedback
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Tue, 28 Nov 2023 07:44:43 +0000 (07:44 +0000)]
QUIC LCIDM: Make robust against LHASH failures
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Tue, 28 Nov 2023 07:39:41 +0000 (07:39 +0000)]
QUIC LCIDM: Always use lcid_obj to refer to QUIC_LCID
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Tue, 28 Nov 2023 07:32:57 +0000 (07:32 +0000)]
QUIC GLOSSARY: Add ODCID
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Thu, 9 Nov 2023 11:11:17 +0000 (11:11 +0000)]
QUIC LCIDM: Minor fixes
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Wed, 8 Nov 2023 16:57:55 +0000 (16:57 +0000)]
QUIC LCIDM: Add debug calls
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Wed, 8 Nov 2023 16:57:41 +0000 (16:57 +0000)]
QUIC LCIDM: Correct documentation
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Mon, 6 Nov 2023 08:43:03 +0000 (08:43 +0000)]
QUIC LCIDM: Enforce and document ODCID peculiarities
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 17:47:49 +0000 (17:47 +0000)]
QUIC: Update glossary to add LCID/RCID concepts
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 17:46:12 +0000 (17:46 +0000)]
QUIC LCIDM: Add test
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 17:16:23 +0000 (17:16 +0000)]
QUIC LCIDM: Add fuzzer
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Hugo Landau [Fri, 3 Nov 2023 16:27:35 +0000 (16:27 +0000)]
QUIC LCIDM: Add LCIDM
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
Tomas Mraz [Thu, 30 Nov 2023 14:55:57 +0000 (15:55 +0100)]
rehash.c: Do not use NAME_MAX limit
On some systems it is too small although the system allows longer
filenames.
Fixes #22886
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22889)
Tomas Mraz [Tue, 5 Dec 2023 14:02:52 +0000 (15:02 +0100)]
fips-label.yml: Cleanup the FIPS artifact before downloading and unzipping ABIDIFF one
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22952)
Tomas Mraz [Fri, 1 Dec 2023 15:02:35 +0000 (16:02 +0100)]
Use severity: ABI changed label instead of CI failure for ABIDIFF
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22901)
Richard Levitte [Thu, 30 Nov 2023 15:38:43 +0000 (16:38 +0100)]
Remove the source directory .num targets
$(SRCDIR)/util/libcrypto.num and $(SRCDIR)/util/libssl.num were made their
own targets to have 'make ordinals' reproduce them (run mknum.pl) only if
needed.
Unfortunately, because the shared library linker scripts depend on these
.num files, we suddenly have mknum.pl run at random times when building.
Furthermore, this created a diamond dependency, which disturbs parallell
building because multiple mknum.pl on the same file could run at the same
time.
Neil Horman [Wed, 22 Nov 2023 17:16:54 +0000 (12:16 -0500)]
Don't free aliased pointers in ctx cmp_ctx tests
Coverity recorded issues 1551739 and 1551737, a potential double free in the
tests. It occurs when the DUP operation fails in such a way val3_read is
returned as the same pointer as val2_read. Ideally it should never
happen, but resetting val3_read to 0 should satisfy coverity that there
is no issue here
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22800)
James Muir [Wed, 29 Nov 2023 03:43:52 +0000 (22:43 -0500)]
evp-cmac: do not seg-fault when getting mac-size before init
Add null check to cmac_size(). This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.
Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).
Fixes #22842
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)
Bernd Edlinger [Wed, 15 Nov 2023 18:31:28 +0000 (19:31 +0100)]
Fix a possible memory leak in make_receipt_request
When the CMS_ReceiptRequest cannot be created,
the rct_to and rct_from may be leaked.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22742)
lan1120 [Wed, 22 Nov 2023 01:45:25 +0000 (09:45 +0800)]
Initialize dstctx->mgf1_md to NULL in rsa_dupctx function
Signed-off-by: lan1120 <lanming@huawei.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22795)
Xi Ruoyao [Sat, 25 Nov 2023 08:14:35 +0000 (16:14 +0800)]
bn_nist: Fix strict-aliasing violations in little-endian optimizations
The little-endian optimization is doing some type-punning in a way
violating the C standard aliasing rule by loading or storing through a
lvalue with type "unsigned int" but the memory location has effective
type "unsigned long" or "unsigned long long" (BN_ULONG). Convert these
accesses to use memcpy instead, as memcpy is defined as-is "accessing
through the lvalues with type char" and char is aliasing with all types.
GCC does a good job to optimize away the temporary copies introduced
with the change. Ideally copying to a temporary unsigned int array,
doing the calculation, and then copying back to `r_d` will make the code
look better, but unfortunately GCC would fail to optimize away this
temporary array then.
I've not touched the LE optimization in BN_nist_mod_224 because it's
guarded by BN_BITS2!=64, then BN_BITS2 must be 32 and BN_ULONG must be
unsigned int, thus there is no aliasing issue in BN_nist_mod_224.
Fixes #12247.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22816)
`tls_parse_ctos_key_share()` didn't properly handle the option.
Avoid the need to deal with the option in multiple places by properly
handling it in `tls_parse_ctos_psk_kex_modes()`.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22844)
Dmitry Misharov [Thu, 23 Nov 2023 13:22:35 +0000 (14:22 +0100)]
Add self-hosted runners
Added self-hosted runners for freebsd-x86_64 and ubuntu-aarch64.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Anton Arapov <anton@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22804)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22733)
Viktor Dukhovni [Mon, 27 Nov 2023 16:23:54 +0000 (11:23 -0500)]
Add last missing TLSA usage/selector/mtype test case
There were no PKIX-TA(0) SPKI(1) Full(0) (i.e. "0 1 0") test cases in
"danetest.in".
There is now at least a success case, which will exercise freeing the public
key after it is sanity checked, since with PKIX-TA(0) there's nothing we can do
with just the raw public key, a full chain to a local trust anchor is in any
case required.
The failure (to match) code path is already well oiled, but failure to decode
while adding malfored TLSA records could still use some additional tests...
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
Viktor Dukhovni [Sat, 25 Nov 2023 18:26:20 +0000 (13:26 -0500)]
Fix freshly introduced double-free.
We don't need the decoded X.509 Full(0) certificate for the EE usages 1 and 3,
because the leaf certificate is always part of the presented chain, so the
certificate is only validated as well-formed, and then discarded, but the
TLSA record is of course still used after the validation step.
Added DANE test cases for: 3 0 0, 3 1 0, 1 0 0, and 1 1 0
Reported by Claus Assmann.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
Hugo Landau [Tue, 21 Nov 2023 12:53:12 +0000 (12:53 +0000)]
Remove mention of NEWS.md in CONTRIBUTING.md
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Hugo Landau [Tue, 21 Nov 2023 12:52:56 +0000 (12:52 +0000)]
Add known issues section
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Hugo Landau [Mon, 20 Nov 2023 14:54:10 +0000 (14:54 +0000)]
Add proposed editorial conventions for NEWS.md
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Bernd Edlinger [Fri, 17 Nov 2023 13:47:36 +0000 (14:47 +0100)]
Fix a possible memory leak in ct_move_scts
Instead of trying to move the doomed sct back
to the src stack, which may fail as well, simply
free the sct object, as the src list will be
deleted anyway.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22762)