Tomas Mraz [Fri, 12 Jan 2024 17:47:56 +0000 (18:47 +0100)]
Fix testcases to run on duplicated keys
The existing loop pattern did not really run the expected
tests on the duplicated keys.
Fixes #23129
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23292)
James Muir [Tue, 6 Feb 2024 00:01:28 +0000 (19:01 -0500)]
CONTRIBUTING.md: add missing "on"
"Guidelines how to" -> "Guidelines on how to"
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23488)
Xu Yizhou [Sun, 4 Feb 2024 08:30:02 +0000 (16:30 +0800)]
Fix SM2 test failures on Apple Silicon
This patch is to fix #23368.
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23472)
Ingo Franzki [Fri, 2 Feb 2024 09:20:55 +0000 (10:20 +0100)]
s390x: Fix build on s390x with 'disable-asm'
Do not define S390X_MOD_EXP for a NO_ASM build, this would result in
unresolved externals for s390x_mod_exp and s390x_crt.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23458)
John Kohl [Fri, 21 Jul 2023 14:31:34 +0000 (10:31 -0400)]
AIX: Implement shared_target = "aix-solib" support
This builds shared libraries as libxxx.so, libxxx.so.ver and static
libraries as libxxx.a. For shlib_variant builds, it builds libxxx.so,
libxxxvariant.so.ver, and libxxxx.a. libxxx.so is a linker import
library that directs the linker to embed a run-time dependency
reference to libxxxvariant.so.ver. Only libxxxvariant.so.ver is needed
at runtime.
Fixes #21518
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21540)
Android is enabling support for the riscv64 ISA. Add a configuration
option to support building for it, aligned with the existing
linux-riscv64 configuration.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23427)
Richard Levitte [Thu, 1 Feb 2024 09:57:51 +0000 (10:57 +0100)]
Fix a few incorrect paths in some build.info files
The following files referred to ../liblegacy.a when they should have
referred to ../../liblegacy.a. This cause the creation of a mysterious
directory 'crypto/providers', and because of an increased strictness
with regards to where directories are created, configuration failure
on some platforms.
Fixes #23436
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23452)
Hugo Landau [Thu, 1 Feb 2024 11:02:22 +0000 (11:02 +0000)]
QUIC QLOG: Fix indentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 1 Feb 2024 11:01:44 +0000 (11:01 +0000)]
QUIC QLOG: Namespace the RUN_CI_TESTS variable
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 1 Feb 2024 11:00:55 +0000 (11:00 +0000)]
QUIC QLOG: Use set0
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 1 Feb 2024 10:59:10 +0000 (10:59 +0000)]
QUIC QLOG: Minor manpage updates
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 1 Feb 2024 10:31:25 +0000 (10:31 +0000)]
QUIC QLOG: Minor doc updates
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 15:00:33 +0000 (15:00 +0000)]
Minor fixes
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 14:49:09 +0000 (14:49 +0000)]
Minor fixes
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 14:35:16 +0000 (14:35 +0000)]
Minor fixes
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 14:28:06 +0000 (14:28 +0000)]
QUIC QLOG: Don't build QLOG test if QLOG is disabled
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 14:20:01 +0000 (14:20 +0000)]
QUIC QLOG: Record implementation version
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 13:58:40 +0000 (13:58 +0000)]
QUIC QLOG: Add unit test
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 13:58:18 +0000 (13:58 +0000)]
QUIC QLOG: Allow PID to be overridden
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 13:09:49 +0000 (13:09 +0000)]
QUIC QLOG: CI-only test
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 24 Jan 2024 13:11:56 +0000 (13:11 +0000)]
Add CI-only tests to workflow files
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 12:37:35 +0000 (12:37 +0000)]
QLOG: Fix filter lexing
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 12:37:10 +0000 (12:37 +0000)]
JSON_ENC: Fix initial value of error
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 12:36:52 +0000 (12:36 +0000)]
QUIC CHANNEL: Ensure QLOG instance is used correctly on server side
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 12:36:29 +0000 (12:36 +0000)]
QUIC QTX: Refactor to enable qlog logging of injected frames
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 12:36:11 +0000 (12:36 +0000)]
QUIC TXP: Allow QLOG instance to be changed after instantiation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 12:35:49 +0000 (12:35 +0000)]
QUIC QTX: Allow QLOG instance to be changed after instantiation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 29 Jan 2024 12:34:54 +0000 (12:34 +0000)]
QUIC FIFD: Allow QLOG instance to be changed after instantiation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 24 Jan 2024 11:00:53 +0000 (11:00 +0000)]
QLOG: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 23 Jan 2024 16:24:59 +0000 (16:24 +0000)]
Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 23 Jan 2024 14:19:05 +0000 (14:19 +0000)]
QLOG: Treat empty environment variable as default filter
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 23 Jan 2024 14:13:49 +0000 (14:13 +0000)]
QLOG: Editorial fixes (QLOG is spelled 'qlog')
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 23 Jan 2024 14:06:47 +0000 (14:06 +0000)]
QLOG: Add manpage openssl-qlog(7)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 23 Jan 2024 13:03:08 +0000 (13:03 +0000)]
QLOG: Adjust CHANGES.md for editorial consistency
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 23 Jan 2024 13:02:56 +0000 (13:02 +0000)]
Mention QLOG in INSTALL.md
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 23 Jan 2024 12:50:39 +0000 (12:50 +0000)]
Configure: Add warning when enabling QLOG
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 22 Jan 2024 14:45:00 +0000 (14:45 +0000)]
JSON_ENC: Minor tweaks
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 22 Jan 2024 14:41:44 +0000 (14:41 +0000)]
QUIC QLOG: Clarify filter docs
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Mon, 22 Jan 2024 14:41:32 +0000 (14:41 +0000)]
QUIC QLOG: Rename QFILTER to OSSL_QFILTER
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 18 Jan 2024 10:39:12 +0000 (10:39 +0000)]
QLOG: Add CHANGES entry
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 18 Jan 2024 10:39:03 +0000 (10:39 +0000)]
QLOG: Remove vestigial abort code
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 17 Jan 2024 12:06:14 +0000 (12:06 +0000)]
QLOG: Fix bit_set
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 17 Jan 2024 10:01:46 +0000 (10:01 +0000)]
QLOG: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 10 Jan 2024 08:29:28 +0000 (08:29 +0000)]
QLOG: Minor fixes after port refactor
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 12 Sep 2023 11:21:44 +0000 (12:21 +0100)]
QLOG: JSON Encoder: Rename JSON_ENC
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 14:13:51 +0000 (15:13 +0100)]
QLOG: Add debugging guide
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 13:10:06 +0000 (14:10 +0100)]
QLOG: Events: Implement transport:packet_received
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:58:41 +0000 (13:58 +0100)]
QLOG: Events: Implement transport:packet_sent
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:56:32 +0000 (13:56 +0100)]
QLOG: Wiring: QUIC QTX
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:08:56 +0000 (11:08 +0100)]
QLOG: QUIC MULTISTREAM TEST: Pass script name to QLOG
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:42:53 +0000 (13:42 +0100)]
QLOG: Wire title-setting code to QUIC_CHANNEL and SSL_CTX
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:37:18 +0000 (13:37 +0100)]
QLOG: QUIC CHANNEL: Allow a log title to be specified
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:32:17 +0000 (13:32 +0100)]
QLOG: Events: Implement recovery:packet_lost
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:31:36 +0000 (13:31 +0100)]
QLOG: Wiring: QUIC TXPIM: Record the packet type
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:30:56 +0000 (13:30 +0100)]
QLOG: Wiring: QUIC FIFD
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:02:32 +0000 (11:02 +0100)]
QLOG: Wiring: QUIC QRX: Report the datagram ID from the DEMUX
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:01:35 +0000 (11:01 +0100)]
QLOG: Wiring: QUIC DEMUX: Report a monotonically increasing datagram ID
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 11:53:02 +0000 (12:53 +0100)]
QLOG: Events: Implement transport:parameters_set
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 11:17:27 +0000 (12:17 +0100)]
QLOG: Wiring: QUIC CHANNEL
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 23 Aug 2023 17:14:40 +0000 (18:14 +0100)]
QLOG: Frontend: Implementation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 23 Aug 2023 17:14:40 +0000 (18:14 +0100)]
QLOG: Frontend: API Definition
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 6 Sep 2023 11:04:54 +0000 (12:04 +0100)]
QLOG: Frontend: Design
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 6 Sep 2023 11:00:19 +0000 (12:00 +0100)]
QLOG: JSON Encoder: Tests
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:14:09 +0000 (11:14 +0100)]
QLOG: JSON Encoder: Implementation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:40:03 +0000 (11:40 +0100)]
QLOG: Configuration
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:13:39 +0000 (11:13 +0100)]
QLOG: JSON Encoder: Design
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 1 Feb 2024 07:45:15 +0000 (07:45 +0000)]
libssl: Make some global mutable structures constant
x
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23450)
Add atexit configuration option to using atexit() in libcrypto at build-time.
This fixes an issue with a mix of atexit() usage in DLL and statically linked
libcrypto that came out in the test suite on NonStop, which has slightly
different DLL unload processing semantics compared to Linux. The change
allows a build configuration to select whether to register OPENSSL_cleanup()
with atexit() or not, so avoid situations where atexit() registration causes
SIGSEGV.
INSTALL.md and CHANGES.md have been modified to include and describe this
option.
The no-atexit option has been added to .github/workflows/run-checker-daily.yml.
Fixes: #23135 Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23394)
Matt Caswell [Tue, 30 Jan 2024 16:51:52 +0000 (16:51 +0000)]
Remove a CVE reference from CHANGES/NEWS
master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before
it was released.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23432)
Neil Horman [Fri, 12 Jan 2024 15:55:04 +0000 (10:55 -0500)]
Add exemplar use case for rcu locks
To demonstrate the use of RCU locks, convert CONF_MOD api to using rcu
rather than RW locks
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22729)
Neil Horman [Fri, 12 Jan 2024 15:39:56 +0000 (10:39 -0500)]
RCU lock implementation
Introduce an RCU lock implementation as an alternative locking mechanism
to openssl. The api is documented in the ossl_rcu.pod
file
Read side implementaiton is comparable to that of RWLOCKS:
ossl_rcu_read_lock(lock);
<
critical section in which data can be accessed via
ossl_derefrence
>
ossl_rcu_read_unlock(lock);
Write side implementation is:
ossl_rcu_write_lock(lock);
<
critical section in which data can be updated via
ossl_assign_pointer
and stale data can optionally be scheduled for removal
via ossl_rcu_call
>
ossl_rcu_write_unlock(lock);
...
ossl_synchronize_rcu(lock);
ossl_rcu_call fixup
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22729)
Ingo Franzki [Wed, 31 Jan 2024 07:46:52 +0000 (08:46 +0100)]
Fix typo in CHANGES.md
OSSL_PKEY_PARAM_DERIVE_FROM_PQ must be OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ
(note the missing '_RSA').
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23438)
The commit was wrong. With 3.x versions the engines must be themselves
responsible for creating their EVP_PKEYs in a way that they are treated
as legacy - either by using the respective set1 calls or by setting
non-default EVP_PKEY_METHOD.
The workaround has caused more problems than it solved.
Fixes #22945
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)
Neil Horman [Wed, 24 Jan 2024 18:23:28 +0000 (13:23 -0500)]
Check all frames for stateless reset conditions
In writing the quic stateless reset test we found that the quic rx code
wasn't checking for stateless reest conditions, as the SRT frames were
getting discarded due to failed lcdim lookups. Move the SRT check above
the lcdim lookup in the rx path to ensure we handle SRT properly in the
client.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23384)
Neil Horman [Tue, 23 Jan 2024 14:49:27 +0000 (09:49 -0500)]
Add QUIC stateless reset test
QUIC supports the concept of stateless reset, in which a specially
crafted frame is sent to a client informing it that the QUIC state
information is no longer available, and the connection should be closed
immediately. Test for proper client support here
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23384)
Richard Levitte [Mon, 29 Jan 2024 07:51:52 +0000 (08:51 +0100)]
Fix error reporting in EVP_PKEY_{sign,verify,verify_recover}
For some reason, those functions (and the _init functions too) would
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE when the passed
ctx is NULL, and then not check if the provider supplied the function
that would support these libcrypto functions.
This corrects the situation, and has all those libcrypto functions
raise ERR_R_PASS_NULL_PARAMETER if ctx is NULL, and then check for the
corresponding provider supplied, and only when that one is missing,
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE.
Because 0 doesn't mean error for EVP_PKEY_verify(), -1 is returned when
ERR_R_PASSED_NULL_PARAMETER is raised. This is done consistently for all
affected functions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23411)
Bernd Edlinger [Sun, 28 Jan 2024 22:50:16 +0000 (23:50 +0100)]
Fix a possible memleak in bind_afalg
bind_afalg calls afalg_aes_cbc which allocates
cipher_handle->_hidden global object(s)
but if one of them fails due to out of memory,
the function bind_afalg relies on the engine destroy
method to be called. But that does not happen
because the dynamic engine object is not destroyed
in the usual way in dynamic_load in this case:
If the bind_engine function fails, there will be no
further calls into the shared object.
See ./crypto/engine/eng_dyn.c near the comment:
/* Copy the original ENGINE structure back */
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23409)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23415)
Matt Caswell [Tue, 16 Jan 2024 13:53:30 +0000 (13:53 +0000)]
Extend the testing of resetting/clearing an SSL connection
SSL_clear() explicitly clears an SSL object to enable it to be reused.
You can have a similar effect by calling SSL_set_accept_state() or
SSL_set_connect_state(). We extend the testing of SSL_clear() to use these
other methods. We also ensure we test the case where we have unread
bufferred data that needs to be cleared.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Matt Caswell [Thu, 18 Jan 2024 12:08:52 +0000 (12:08 +0000)]
Rationalise RECORD_LAYER_clear() and clear_record_layer()
We had two functions which were very similarly named, that did almost the
same thing, but not quite. We bring the two together. Doing this also fixes
a possible bug where some data may not be correctly freed when the
RECORD_LAYER_clear() version was used.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Neil Horman [Fri, 26 Jan 2024 16:33:18 +0000 (11:33 -0500)]
fix missing null check in kdf_test_ctrl
Coverity issue 1453632 noted a missing null check in kdf_test_ctrl
recently. If a malformed value is passed in from the test file that
does not contain a ':' character, the p variable will be NULL, leading
to a NULL derefence prepare_from_text
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23398)
rilysh [Sun, 21 Jan 2024 06:48:09 +0000 (12:18 +0530)]
replace strstr() with strchr() for single characters
strstr() is used to match multiple characters in the haystack,
whereas strchr() is used to matched only single character.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23347)
Richard Levitte [Tue, 23 Jan 2024 12:17:31 +0000 (13:17 +0100)]
Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits
The failure would be caught later on, so this went unnoticed, until someone
tried with just one hex digit, which was simply ignored.
Fixes #23373
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23374)
Matt Caswell [Fri, 19 Jan 2024 14:32:18 +0000 (14:32 +0000)]
Add some tests for various PKCS12 files with NULL ContentInfo
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.
We add test for various instances of this problem.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
Matt Caswell [Fri, 19 Jan 2024 11:28:58 +0000 (11:28 +0000)]
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
Neil Horman [Sat, 9 Dec 2023 18:40:01 +0000 (13:40 -0500)]
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.
Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)