Pauli [Tue, 30 May 2023 02:22:53 +0000 (12:22 +1000)]
tags: fix `make tags` target for out of tree builds
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21079)
Tomas Mraz [Mon, 22 May 2023 13:08:38 +0000 (15:08 +0200)]
Compute RSA-PSS algorithm params in libcrypto for legacy
Fixes regression of RSA signatures for legacy keys caused
by quering the provider for the algorithm id with parameters.
Legacy keys do not have a method that would create the
algorithm id. So we revert to what was done in 3.0.7 and
earlier versions for these keys.
Fixes #21008
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21019)
CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function
Also remove needless constant_time_* and ERR_clear_error() calls
from OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert().
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
ssl/statem_srvr.c: clean up handling of EVP_PKEY_decrypt() outlen
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
OSSL_sleep(): Calling sleep() function if sleepTime > 1sec
On some systems usleep() func does not support time >1sec.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21010)
Matt Caswell [Fri, 12 May 2023 16:06:10 +0000 (17:06 +0100)]
Optimise locking in rsa_get_blinding()
We optimise locking in rsa_get_blinding() so that we normally take a
read lock, and only fallback to a write lock if we need to. This will
be very slightly slower in the case of single use RSA objects, but should
be significantly better when an RSA object is reused in a multi-threaded
environment. It's probably worth the trade off.
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20953)
Matt Caswell [Thu, 11 May 2023 10:25:07 +0000 (11:25 +0100)]
When we're just reading EX_CALLBACK data just get a read lock
The crypto_ex_data code was always obtaining a write lock in all functions
regardless of whether we were only reading EX_CALLBACK data or actually
changing it. Changes to the EX_CALLBACK data are rare, with many reads so
we should change to a read lock where we can.
We hit this every time we create or free any object that can have ex_data
associated with it (e.g. BIOs, SSL, etc)
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20943)
Matt Caswell [Wed, 10 May 2023 13:44:17 +0000 (14:44 +0100)]
Avoid taking a write lock in RAND_get_rand_method()
The function RAND_get_rand_method() is called every time RAND_bytes() or
RAND_priv_bytes() is called. We were obtaining a write lock in order to
find the default random method - even though we rarely write. We change
this to a read lock and only fallback to a write lock if we need to.
Partial fix for #20286
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20929)
Matt Caswell [Wed, 10 May 2023 15:27:03 +0000 (16:27 +0100)]
Don't take a write lock when freeing an EVP_PKEY
When freeing the last reference to an EVP_PKEY there is no point in
taking the lock for the key. It is the last reference and is being freed
so must only be being used by a single thread.
This should not have been the source of any contention so its unclear to
what extent this will improve performance. But we should not be locking
when we don't need to.
Partially fixes #20286
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20932)
Clemens Lang [Wed, 24 May 2023 11:12:54 +0000 (13:12 +0200)]
x509: Handle ossl_policy_level_add_node errors
The invocation of ossl_policy_level_add_node in tree_calculate_user_set
did not have any error handling. Add it to prevent a memory leak for the
allocated extra policy data.
Also add error handling to sk_X509_POLICY_NODE_push to ensure that if
a new node was allocated, but could not be added to the stack, it is
freed correctly.
Fix error handling if tree->user_policies cannot be allocated by
returning 0, indicating failure, rather than 1.
Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21040)
Clemens Lang [Wed, 24 May 2023 10:22:25 +0000 (12:22 +0200)]
x509: Fix possible use-after-free when OOM
ossl_policy_level_add_node() first adds the new node to the level->nodes
stack, and then attempts to add extra data if extra_data is true. If
memory allocation or adding the extra data to tree->extra_data fails,
the allocated node (that has already been added to the level->nodes
stack) is freed using ossl_policy_node_free(), which leads to
a potential use after free.
Additionally, the tree's node count and the parent's child count would
not be updated, despite the new node being added.
Fix this by either performing the function's purpose completely, or not
at all by reverting the changes on error.
Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21040)
Hugo Landau [Wed, 24 May 2023 15:06:22 +0000 (16:06 +0100)]
SSL_handle_events(): Minor fixes to documentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Thu, 18 May 2023 12:10:36 +0000 (13:10 +0100)]
QUIC: Rename SSL_tick etc. in s_client
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Thu, 18 May 2023 12:07:00 +0000 (13:07 +0100)]
QUIC: Rename SSL_tick etc. in man(7) docs
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:27:58 +0000 (19:27 +0100)]
QUIC: Update documentation to reflect compatibility of DTLS APIs
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:22:15 +0000 (19:22 +0100)]
QUIC APL: Allow DTLSv1 APIs to be used for compatibility
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:16:13 +0000 (19:16 +0100)]
QUIC: Update documentation for SSL_get_event_timeout
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:09:05 +0000 (19:09 +0100)]
QUIC APL: Change SSL_get_event_timeout API design
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:01:12 +0000 (19:01 +0100)]
QUIC: Rename SSL_tick, SSL_get_tick_timeout
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Anis-cpu-13 [Tue, 2 May 2023 12:59:11 +0000 (14:59 +0200)]
Replace __attribute__((malloc)) with __attribute__((__malloc__)) in macros.h
Fix macro attribute conflict with cmocka
Fixes #20776
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20869)
minyong.ha [Mon, 22 May 2023 05:44:13 +0000 (14:44 +0900)]
Fix a bug where the result of rehash is unstable
The root cause is that the file entries targeted for rehash are not actually sorted.
Sort was skipped because the compare function was null.
So a compare function has been implemented to allow file entries to be sorted.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21013)
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number()
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
APPS/ca: remove spurious errors when certain config file entries are not provided
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
Matt Caswell [Mon, 22 May 2023 14:23:21 +0000 (15:23 +0100)]
Create internal/ssl.h
We create the internal/ssl.h header file and move the typedef for
ossl_msg_cb. This is needed by both the QUIC code (which generally doesn't
include ssl_local.h) and the rest of libssl.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Thu, 18 May 2023 14:46:58 +0000 (15:46 +0100)]
Create setter functions for the msg_callback and msg_callback_arg
We create setter functions for the msg_callback and msg_callback_arg so
that these values can be properly propagated to the QRX/QTX/TXP even
after the channel has been created.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Tue, 9 May 2023 11:00:18 +0000 (12:00 +0100)]
Update the msg_callback documentation
We provide information about the new QUIC support related to the
msg_callback. We also document SSL_trace() which was previously missing
from the man pages.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Mon, 8 May 2023 13:26:30 +0000 (14:26 +0100)]
Add more trace details for the remaining frame types
Prior to this commit we were just printing the fact that we had received
or sent a frame of a particular type. We now provide more details about
those frames.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC APL: Make SSL_get_error per-stream, error raising refactor
This refactors the error raising code in the APL to automatically raise
errors in the correct SSL object, either a QCSO or QSSO depending on the
circumstances. The QCTX structure's responsibilities are expanded to
facilitate this. This further drives towards a unified mechanism for
generic dispatch precondition checking and error raising.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Richard Levitte [Sat, 20 May 2023 06:39:20 +0000 (08:39 +0200)]
Drop the last reference of SHLIB_EXT
SHLIB_EXT is a variable that exists on OpenSSL build file templates before
version 3.0, for which much of the logic for figuring out file names and
such was moved to the 'platform' set of routines.
But, it seems that one (now useless) reference remained on the VMS specific
descrip.mms.tmpl. We replace it with an explicit '.EXE', which is the
default extension for shared libraries on VMS.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21007)
lan1120 [Mon, 22 May 2023 12:37:59 +0000 (20:37 +0800)]
Fix incorrect parameter verification in EVP_MD_CTX_get_params
Signed-off-by: lan1120 <lanming@huawei.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21022)
Richard Levitte [Mon, 22 May 2023 11:11:30 +0000 (13:11 +0200)]
doc/fingerprints.txt: Add the OpenSSL OMC PGP key fingerprint
We want to move to using this key for tarball and announcement signatures.
It won't happen immediately, though, as we must have it specified in the
latest update of each release branch, so people can verify properly.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21015)
If oaep_md is not initialized, correctly initialize it
Fixes #20993
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20994)
Tomas Mraz [Fri, 12 May 2023 12:56:58 +0000 (14:56 +0200)]
Update the FIPS checksums
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
Tomas Mraz [Fri, 12 May 2023 10:55:24 +0000 (12:55 +0200)]
fips.module.sources: Add missing cpuid and related .c sources for other architectures
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
Yi Li [Tue, 16 May 2023 03:09:47 +0000 (11:09 +0800)]
crypto/params: drop float for UEFI
Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.
Avoid those problems by not compiling the related code for floating
point numbers.
Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20992)
Dragan Zuvic [Wed, 17 May 2023 06:10:46 +0000 (07:10 +0100)]
Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311
and changed hopefully all occurences for that OID
Signed-off-by: Dragan Zuvic <dragan.zuvic@mercedes-benz.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20986)
Nicky Mouha [Wed, 17 May 2023 20:46:41 +0000 (16:46 -0400)]
Update hkdf.c to avoid potentially vulnerable code pattern
The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.
This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.
It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)
Richard Levitte [Wed, 17 May 2023 08:33:27 +0000 (10:33 +0200)]
Add information on the 'ias' port for OpenVMS
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
Richard Levitte [Mon, 15 May 2023 08:09:42 +0000 (10:09 +0200)]
Update VMS configurations
A native x86_64 C compiler has appeared.
We preserve the previous config target with a new name to indicate that it's
for cross compilation, at least for the time being.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
Masatake YAMATO [Tue, 17 Jan 2023 04:59:51 +0000 (13:59 +0900)]
util/ctags.sh: a script for generating tags file with expanding macros
This script requires Universal Ctags 6.0.0 or newer.
Usage:
./util/ctags.sh [...options passed to ctags...]
Fixing #10251
Running the script in "tags" make target is suggested by
Dmitry Belyavskiy <beldmit@gmail.com>.
The falling back action for running older ctags if u-ctags 6 is not
available is suggested
by Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>.
Signed-off-by: Masatake YAMATO <yamato@redhat.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20960)
Marc Brooks [Wed, 10 May 2023 22:48:00 +0000 (17:48 -0500)]
Add support for --version and synonyms
Just like --help is explicitly supported, we should support --version.
This will greatly ease people adopting openssl.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20936)
Bernd Edlinger [Sat, 13 May 2023 07:04:18 +0000 (09:04 +0200)]
Fix stack corruption in ui_read
This is an alternative to #20893
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)