Neil Horman [Thu, 12 Jun 2025 17:18:41 +0000 (13:18 -0400)]
Move thread-event handlers to the new thread-local api
Thread event handlers in the fips provider create a thread-local storage
key per context, meaning we can exhaust our thread-local space quickly
by creating lots of contexts. Avoid that by moving to the new
thread-local storage api.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:14:47 +0000 (13:14 -0400)]
Adjust rand_lib to use new thread-local mgmt api
Rand instances create a thread-local storage key per context, so we need
to move them to the new api to avoid exhausting our thread-local storage
space at the Os level
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:12:14 +0000 (13:12 -0400)]
update RCU to use the new thread-local key mgmt api
RCU stores a per-thread local structure per context-thread, making it
necessecary to move them to the new api to avoid exhausting our OS level
thread-local storage resources when creating lots of contexts
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:09:56 +0000 (13:09 -0400)]
Add new CRYPTO_THREAD_[get|set]_local_ex api
As opposed to CRYPTO_THREAD_[get|set]_local counterparts
These api use an ennumerated set of fixed key ids, that allow for
thread-local storage indexed by key AND libctx value. They also store
this data against a single OS level thread-local key, reducing the
amount of (limited) thread-local key storage space we use
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
noctuelles [Sun, 15 Jun 2025 09:57:00 +0000 (11:57 +0200)]
fix: difference between parameter name between doc and header file.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27828)
Neil Horman [Fri, 20 Jun 2025 14:22:10 +0000 (10:22 -0400)]
Fix buggy stringop-overflow error on s390
Despite some recent changes to our s390 builds, we're still seeing
errors due to some stringop-overflow warnings:
https://github.com/openssl/openssl/actions/runs/15748518222/job/44389197443
It appears to be caused because the static analysis that gcc preforms in
gcc 12 (the version of the compiler on our s390 runner), fails to infer
the proper sizes of the buffer on which we do the reverse memcpy in
swap_copy(), resulting in warnings, which on --strict-warnings builds,
breaks us.
Fix it by using inlen rather than outlen to limit the copy length,
adjusting it if need be to match the size of the output buffer in
le_copy(). This allows the compiler to properly infer the array length
constraints and suppress the warnings.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27864)
Sergey Kandaurov [Wed, 28 May 2025 17:58:26 +0000 (21:58 +0400)]
Preserve connection custom extensions in SSL_set_SSL_CTX()
The SSL_set_SSL_CTX() function is used to switch SSL contexts for
the given SSL object. If contexts differ, this includes updating
a cert structure with custom extensions from the new context. This
however overwrites connection custom extensions previously set on
top of inherited from the old context.
The fix is to preserve connection custom extensions using a newly
introduced flag SSL_EXT_FLAG_CONN in custom_ext_copy_conn().
Similar to custom_ext_copy(), it is a no-op if there are no custom
extensions to copy.
The only such consumer is ossl_quic_tls_configure() used to set the
"quic_transport_parameters" extension. Before this change, context
switch resulted in transport parameters not being sent due to the
missing extension.
Initially reported at https://github.com/nginx/nginx/issues/711
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27706)
Update pkeyutl documentation for PQC algorithms (Fixes #27415)
Add examples and documentation for using ML-DSA, ML-KEM, and SLH-DSA algorithms with pkeyutl. This includes information about the context-string option for ML-DSA and examples of encapsulation/decapsulation with ML-KEM.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27424)
Levi Zim [Wed, 16 Apr 2025 06:21:33 +0000 (14:21 +0800)]
Avoid potential double close of client_skt in sslecho
The server_running variable is declared as volatile and some comments in
the code are mentioning about implementing CTRL+C handler in the future.
In the client handling loop, the client_skt is closed at the end of the
loop if server_running is true. If (future) CTRL+C handler changes
server_running to false at this time. The next accept will not happen
and the exit clean up code will close client_skt for the second time.
This patch fixes this potential double close by setting client_skt back
to -1 after closing it.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27405)
Neil Horman [Mon, 16 Jun 2025 22:46:58 +0000 (18:46 -0400)]
Add a target to generate local coverage reports
Add a target to allow developers to generate coverage reports for a
build like coveralls does. This will let us identify rarely used
branches when doing development, so that we can optimize them.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Neil Horman [Mon, 16 Jun 2025 21:35:07 +0000 (17:35 -0400)]
Add branch coverage to our coveralls run
Coveralls is capable of reporting not only covered lines in a build, but
also the number of times a given branch was taken vs. not taken. This
will help us identify locations where we might make better use of the
openssl_likely and openssl_unlikely macros to optimize branch prediction
when building openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Neil Horman [Mon, 16 Jun 2025 20:33:22 +0000 (16:33 -0400)]
Add pgo build type
One of the ways we can optimize our builds is with profile guided
optimization. This entails doing several things:
1) Building with --coverage
2) Running an application against the openssl library from step (1) to
generate profile data
3) rebuilding openssl using the input profile from step (2) to optimize
the build.
This new build configuration will let developers use the profiled data
to see what type of optimizations might be possible, as well as giving
end users the ability to squeeze a bit more performance out of openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Tomas Mraz [Thu, 19 Jun 2025 08:59:10 +0000 (10:59 +0200)]
Add strlen to symbols allowed on Windows
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27854)
Ingo Franzki [Fri, 6 Jun 2025 09:19:57 +0000 (11:19 +0200)]
CI: Remove -Wno-stringop-overflow for s390x builds
Since https://github.com/openssl/openssl/commit/9a788281d91f698d6a229d588b9cb36987549669
it should now build warning-free on s390x, so remove the '-Wno-stringop-overflow'
build option for s390x builds.
If newly added code causes -Wstringop-overflow warnings again, it should
be noted in the CI runs and the newly added code should be fixed accordingly.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27803)
Viktor Dukhovni [Fri, 11 Apr 2025 14:35:57 +0000 (00:35 +1000)]
Report errors in ML-KEM pkey hash
When on import the public key hash of a private key fails to match the
public part, add an appropriate message to the error stack. Previously,
the just failed to parse, without a reason.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27352)
Jessica Clarke [Sat, 14 Jun 2025 21:53:40 +0000 (22:53 +0100)]
armv*-mont.pl: Correct a carry flag comment
On Arm, C is a true carry flag, unlike x86 where CF is a borrow flag for
subtraction. That is, for subtraction, it is set if Rn + ~Rm + 1 carries
in unsigned arithmetic, and so for subtracting 0, i.e. adding ~0 + 1, it
always sets the carry flag. Correct the comment to document what this is
actually doing.
CLA: trivial
Fixes: d1671f4f1a39 ("bn/asm/armv4-mont.pl: add NEON code path.") Fixes: 10646160125a ("Optimize RSA on armv8") Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27826)
sashan [Wed, 11 Jun 2025 06:23:38 +0000 (08:23 +0200)]
ossl_rio_poll_builder_add_fd(): Fixup pfds after reallocation
Local variable `pfds` used in `ossl_rio_poll_builder_add_fd()` must be consistent
with `rpb->pfd_heap`. The function maintains array of SSL objects for SSL_poll(3ossl).
It works with no issues until we need to reallocate `rbp->pfd_heap` in `rpb_ensure_alloc()`.
After `rpb_ensure_alloc()` returns we must update local variable `pfds` with `rpb->pfd_heap`
not doing so makes function to write to dead buffer.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27804)
JiashengJiang [Mon, 12 May 2025 13:59:02 +0000 (09:59 -0400)]
test/helpers/quictestlib.c: Use goto instead of return to avoid memory leak
When TEST_ptr(*cssl) fails, bdata should be freed to avoid memory leak.
Fixes: a55b689 ("Use reported short conn id len in qtestlib") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27599)
Return an error when update or final is used after the context has
already been finalized. Flag 'iimp' (intermediate-input-message-part)
must be 1 to allow an update or final call. If iimp is 0, then the
context has already been finalized.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27781)
Bartel Artem [Wed, 11 Jun 2025 03:58:31 +0000 (06:58 +0300)]
return NULL if gctx allocation fails.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27795)
Bartel Artem [Tue, 10 Jun 2025 10:11:41 +0000 (13:11 +0300)]
check gctx for NULL before cleanup.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27795)
Matt Caswell [Wed, 11 Jun 2025 08:50:16 +0000 (09:50 +0100)]
Allow our *_gen_cleanup functions to tolerate a NULL ctx
Our *_gen_cleanup functions are essentially "free" functions. Our
free functions tolerate NULL being passed. We are being inconsistent with
our *_gen_cleanup functions. Some of them tolerate NULL and others do not.
We should consistently tolerate NULL.
See also #27795
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27807)
sashan [Tue, 3 Jun 2025 13:12:48 +0000 (15:12 +0200)]
Document transition from ANSI-C towards C-99
The existing NOTES-ANSI.md are renamed to NOTES-C99.md and updated
accordingly. INSTALL.md lists C-99 compiler instead of ANSI-C now.
Also moving from ANSI-C to C-99 warrants updates to NEWS.md and
CHANGES.md.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27751)
Ingo Franzki [Wed, 28 May 2025 06:55:49 +0000 (08:55 +0200)]
Silence -Wstringop-overflow warnings with gcc 14 on s390x
Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several
-Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c
and test/params_api_test.c.
Add explicit length checks to let the compiler know that it won't overrun
the buffer. This also silences the warnings.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27710)
Viktor Dukhovni [Tue, 13 May 2025 15:23:25 +0000 (01:23 +1000)]
Allow keygen after dup of minimal PKEY ctx
It should be possible to repeatedly duplicate a PKEY CTX created via
EVP_PKEY_CTX_new_from_name() that has not yet been assigned an
"operation" (e.g. via EVP_PKEY_CTX_keygen_init()), and then perform
keygen_init() and keygen() on the duplicated copies.
When the operation is not yet set, all that's needed is to not try to
use the key if one isn't set yet.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27662)
Daniel Van Geest [Fri, 28 Mar 2025 10:40:32 +0000 (10:40 +0000)]
Fix SHAKE AlgorithmIdentifier encodings
NIST CSOR specifies that the id-shake128 and id-shake256
algorithm identifiers, like the SHA-3 ones, do not carry
any parameters.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27190)
yexiaochuan [Sat, 31 May 2025 09:47:58 +0000 (17:47 +0800)]
fix: add parsing check in TLS compress_certificate extension handler
The tls_parse_compress_certificate function was missing validation
for trailing bytes after parsing the algorithm list, violating
RFC8446 section 4.2 which requires sending a decode_error alert
for unparseable messages.
This commit adds a check for remaining bytes in the packet after
the while loop and sends SSL_AD_DECODE_ERROR if any trailing
bytes are found.
Fixes #27717
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27733)
crypto/evp/ctrl_params_translate.c: prevent clashes of generic names NONE, GET, SET
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27773)
Pauli [Thu, 5 Jun 2025 03:28:37 +0000 (13:28 +1000)]
rand: add argument error checking to EVP_RAND_nonce()
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Thu, 5 Jun 2025 02:02:52 +0000 (12:02 +1000)]
rand: document the EVP_RAND_nonce() return correctly
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Wed, 4 Jun 2025 23:50:59 +0000 (09:50 +1000)]
rand: produce correct return from EVP_RAND_nonce
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Wed, 4 Jun 2025 23:50:34 +0000 (09:50 +1000)]
rand: fix memory overrun bug
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Pauli [Wed, 4 Jun 2025 23:50:20 +0000 (09:50 +1000)]
rand: add unit test exhibiting memory overrun
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)
Neil Horman [Thu, 5 Jun 2025 12:54:56 +0000 (08:54 -0400)]
Add a test to confirm that we can repeatedly create and destroy keys
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27775)
Neil Horman [Thu, 5 Jun 2025 12:25:52 +0000 (08:25 -0400)]
Allow for reuse of thread_local keys in threads_none
If openssl is configured with no-threads, the implementation has a hard
limit of 256 LIB_CTX values, as each LIB_CTX allocates a thread local
key, and we never reuse them (like libc does when using
pthread_key_create/destroy.
Improve the situation by allowing for marking freed keys as unsued and
searching for an available key when allocating
Fixes #27757
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27775)
Yaroslav Lelkin [Thu, 5 Jun 2025 05:50:43 +0000 (10:50 +0500)]
Fix NIST ACVP server URLs in SLH-DSA test files
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27770)
Neil Horman [Wed, 4 Jun 2025 19:48:45 +0000 (15:48 -0400)]
Remove _strlen31
This function is old and fairly broken. Code archeology in our git tree
hasn't revealed why it was creted (though it may have possibly been to
support older win32 systems that couldn't do 64 bit integers properly,
like windows 95/98).
There seems to be no good reason to keep it around, and given that it
has potentially serious side effects, lets just remove it.
Fixes #27761
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27763)
Neil Horman [Fri, 6 Jun 2025 00:57:35 +0000 (20:57 -0400)]
Fix use of IO::Socket::IP on windows 2025
Apparently IO::Socket::IP has several odd behaviors on windows 2025,
notably indicating that AF_INET6 isn't a supported family when it
clearly is.
Follow the pattern in determinig the haveIPV6 variable in Proxy.pm, and
record if we determine IPv6 availablity with the IP class or the INET6
class and use the same method when testing port binding
Fixes project/#1213
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27780)
Neil Horman [Tue, 3 Jun 2025 20:02:15 +0000 (16:02 -0400)]
Test randomly selected client port for availabilty in sslrecords test
Encountered this error in a pr today:
https://github.com/openssl/openssl/actions/runs/15418713146/job/43387767612
===
Proxy started on port [::1]:56662
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:59189
Server responds on [::1]:59189
Engine "ossltest" set. C0774F02907F0000:error:80000062:system library:BIO_bind:Address already in use:crypto/bio/bio_sock2.c:240:calling bind() C0774F02907F0000:error:10000075:BIO routines:BIO_bind:unable to bind socket:crypto/bio/bio_sock2.c:242:
connect:errno=98
===
Its occuring because we randomly select a port to use for our client
connection in the sslrecords test. Thats usually fine, but sometimes,
we get unlucky and pick a port thats already in use. This presents as
random failures in our CI on this test.
So lets try harden ourselves against it. When creating the client
connection, test the randomly selected port by trying to bind to it via
a call to IO::Socket::IP->new(). If that fails, try a different port
number, until we get one that works. If it works, use that port in the
assignment for the clients local port value.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27752)
Viktor Dukhovni [Sun, 1 Jun 2025 02:47:15 +0000 (12:47 +1000)]
Split arguments taking quotes into account
CA.pl supports interpolating multiple arguments into the executed
commands. Previously these were evaluated by a shell, which supported
quoting of values that contain whitespace, backslashes, ...
With a shell no longer used (avoid command injection), backwards
compatibility requires some similar functionality. The code now handles
double and single-quoted strings (shell-style word splitting), but not
parameter expansion ($foo remains unexpanded) or command substitution
(`cmd` and $(cmd) remain unexpanded).
On Windows system(@LIST) does not correctly preserve argv, do our
own quoting instead and use system(<$quoted_cmd>).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27432)
Viktor Dukhovni [Fri, 18 Apr 2025 04:18:09 +0000 (14:18 +1000)]
Avoid shell commandline processing in CA.pl
The CA.pl script used to build single-string string commandlines to pass
to a shell via `system(command_string)`. That was fragile and not a best
practice.
This PR replaces `system(command_string)` with `system { executable } @argv`,
which avoids the shell whenever possible (at least Unix-like systems and
Windows). The only question mark is whether some sort of quoting is
needed for VMS to preserve the case of commandline arguments even when
processes are spawned directly, rather than via the shell.
Unfortunately, given the way that some environment variables and
command-line options are used to construct the commands to run,
the result is still brittle. The CA.pl utility really should
be replaced with something better.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27432)
Matt Caswell [Mon, 2 Jun 2025 14:45:06 +0000 (15:45 +0100)]
Add a CHANGES.md entry regarding no_renegotiation alert
Highight the bug being fixed for DTLS users
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Clarify what happens in the event that a no_renegotiation alert is
received.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Matt Caswell [Fri, 9 May 2025 09:28:16 +0000 (10:28 +0100)]
Test that a no_renegotiation alert is handled correctly
If we receive a no_renegotiation alert we should abort the connection. We
add a test for this.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Matt Caswell [Fri, 9 May 2025 08:58:15 +0000 (09:58 +0100)]
Fix DTLS handling when receiving a no_renegotiation alert
no_renegotiation is a warning alert sent from the server when it is not
prepared to accept a renegotiation attempt. In TLS we abort the connection
when we receive one of these - which is a reasonable response. However,
in DTLS we incorrectly ignore this and keep trying to renegotiate.
We bring the DTLS handling of a no_renegotiation alert into line with
how TLS handles this. In versions prior to 3.2 handling of a warning
alert in DTLS was mishandled resulting in a failure of the connection,
which ends up being the right thing to do "by accident" in the case of
"no_renegotiation". From 3.2 this mishandling was fixed, but exposed this
latent bug.
Fixes #27419
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
Dmitry Misharov [Tue, 3 Jun 2025 11:04:57 +0000 (13:04 +0200)]
ci: remove windows-2019 runner images
According to https://github.com/actions/runner-images/issues/12045
The Windows 2019 Actions runner image will begin deprecation on
2025-06-01 and will be fully unsupported by 2025-06-30. Jobs using
the windows-2019 YAML workflow label should be updated to
windows-2022, windows-2025 or windows-latest.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27749)
Matt Caswell [Thu, 29 May 2025 11:52:35 +0000 (12:52 +0100)]
Ensure client read app data secret change occurs after write for QUIC
We don't want read secrets to be issue before write for QUIC, because
we want to avoid the situation where we want to ack something we've read
but we don't have the write secret yet.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
Matt Caswell [Thu, 29 May 2025 11:31:33 +0000 (12:31 +0100)]
Implement explicit storing of the server_finished_hash
tls13_change_cipher_state was storing the server_finished_hash as a
side effect of its operation. This decision is better made by the state
machine which actually knows what state we are in.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
Matt Caswell [Thu, 29 May 2025 11:16:14 +0000 (12:16 +0100)]
Ensure client read handshake secret change occurs after write for QUIC
We don't want read secrets to be issue before write for QUIC, because
we want to avoid the situation where we want to ack something we've read
but we don't have the write secret yet.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
Matt Caswell [Thu, 29 May 2025 10:59:25 +0000 (11:59 +0100)]
Implement explicit storing of the handshake_traffic_hash
tls13_change_cipher_state was storing the handshake_traffic_hash as a
side effect of its operation. This decision is better made by the state
machine which actually knows what state we are in.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27732)
sashan [Tue, 20 May 2025 01:22:24 +0000 (03:22 +0200)]
- drop s/-ansi/-std=c99
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27659)
initial implementation of http/1.0 server to benchmark OpenSSL QUIC
stack. The server currently replies with HTTP 200 OK only. It provides
text/plain response body.
It only accepts GET request with any URI. Any other requests will
make server to drop stream/connection.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27508)
projects / thirdparty / openssl.git / log
