Norbert Pocs [Thu, 22 May 2025 12:39:21 +0000 (14:39 +0200)]
quic-interop-ci: Fix docker install
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27687)
Richard Levitte [Wed, 21 May 2025 06:22:50 +0000 (08:22 +0200)]
Add more instructions in HACKING.md
It's been long since it was updated or refined, and it was a bit too
vague in certain areas.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27674)
widneve [Tue, 20 May 2025 14:23:09 +0000 (16:23 +0200)]
Fix memory leaks after failure of PKCS7_add_signed_attribute()
If PKCS7_add_signed_attribute fails,
seq never escapes out of the callee and will
therefore result in a memory leak.
This is similar to ed3d277127.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27670)
Ondrej Moris [Thu, 17 Apr 2025 02:17:41 +0000 (04:17 +0200)]
Update pkcs11-provider submodule
Signed-off-by: Ondrej Moris <omoris@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27602)
Ondrej Moris [Wed, 16 Apr 2025 16:03:35 +0000 (18:03 +0200)]
test: reduce the scope of pkcs11-provider external test
To ease maintenance and improve reliability of pkcs11-provider
external test we only want it to run with kryoptic token.
Signed-off-by: Ondrej Moris <omoris@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27602)
Ondrej Moris [Tue, 4 Mar 2025 05:36:56 +0000 (06:36 +0100)]
test: skip tlsfuzzer tests pkcs11-provider test
Tlsfuzzer tests in pkcs11-provider external test currently uses hard-coded
lists of TLS 1.3 signature algorithms expected from openssl. However, openssl
neither promises a fixed default set of the signature algorithms nor promises
a fixed default ordering ofthese algorithms and hence test might fail
eventually even though there is nothing wrong anywhere.
Signed-off-by: Ondrej Moris <omoris@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27602)
Ondrej Moris [Sat, 17 May 2025 23:03:09 +0000 (01:03 +0200)]
ci: run all non-external tests on fedora:latest
Before pkcs11-provider external test runs, we run all
non-external tests since we want to make sure they work
fine on fedora:latest container.
Signed-off-by: Ondrej Moris <omoris@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27602)
Ondrej Moris [Wed, 16 Apr 2025 16:03:24 +0000 (18:03 +0200)]
ci: run pkcs11-provider external test on Fedora
We want to be able to run pkcs11-provider external test with
kryoptic token that is currently only available on Fedora.
Therefore we have to separate the test from the external test
for oqs provider.
Signed-off-by: Ondrej Moris <omoris@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27602)
Ondrej Moris [Mon, 7 Apr 2025 14:31:38 +0000 (16:31 +0200)]
ci: re-enable pkcs11-provider external test
Signed-off-by: Ondrej Moris <omoris@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27602)
Dmitriy Denisov [Tue, 13 May 2025 08:56:33 +0000 (11:56 +0300)]
The condition that is never checked has been removed.
If criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, the criterion !=0 condition will be triggered.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27607)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27636)
JiashengJiang [Fri, 16 May 2025 13:37:48 +0000 (09:37 -0400)]
demos/bio/sconnect.c: Free ssl_bio on error to avoid memory leak
Call BIO_free() to release ssl_bio if an error occurs before BIO_push(), preventing a memory leak.
Fixes: 396e720965 ("Fix certificate validation for IPv6 literals in sconnect demo") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27639)
JiashengJiang [Mon, 5 May 2025 17:46:53 +0000 (13:46 -0400)]
crypto/x509/v3_lib.c: Free tmpext if X509V3_EXT_add() fails to avoid memory leak
Add OPENSSL_free to free tmpext if X509V3_EXT_add() fails to avoid memory leak.
Fixes: 878dc8dd95 ("Join the x509 and x509v3 directories") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27566)
ztp6893 [Mon, 10 Mar 2025 04:00:48 +0000 (00:00 -0400)]
Workaround for issue with assembler on OS X 10.4
Local labels cannot be used in some circumstances as they might
be pointing to wrong locations.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/27017)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27354)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27354)
JiashengJiang [Mon, 5 May 2025 18:07:54 +0000 (14:07 -0400)]
ssl/t1_lib.c: Free gix if sk_TLS_GROUP_IX_push() fails to avoid memory leak
Add OPENSSL_free() to free gix if sk_TLS_GROUP_IX_push() fails to avoid memory leak
Fixes: 4b1c73d2dd ("ML-KEM hybrids for TLS") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27568)
Ilie Halip [Wed, 14 May 2025 14:40:21 +0000 (17:40 +0300)]
Fix trace output for provider algorithm names
Use the index variable to print out the provider algorithm details.
CLA: trivial
Signed-off-by: Ilie Halip <ilie.halip@nxp.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27624)
Neil Horman [Tue, 13 May 2025 14:48:05 +0000 (10:48 -0400)]
Add NULL check in ossl_quic_get_peer_token
If a peer address hasn't been set on a quic channel yet, we will not
yield a token from our hashtable of available tokens. Fail the
get_peer_token lookup in that event
Fixes #27608
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27610)
Jeremy Doupe [Thu, 10 Apr 2025 15:19:31 +0000 (10:19 -0500)]
APPS/x509: add -multi option for outputting all certs found in input
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27340)
Simo Sorce [Mon, 12 May 2025 18:40:29 +0000 (14:40 -0400)]
Return SLH-DSA public key when requested
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27605)
Simo Sorce [Mon, 12 May 2025 18:39:58 +0000 (14:39 -0400)]
Return ML-DSA public key when requested
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27605)
JiashengJiang [Mon, 12 May 2025 14:02:05 +0000 (10:02 -0400)]
test/testutil/testutil_init.c: Add OPENSSL_free() to avoid memory leak
Free trace_data if error occurs to avoid memory leak.
Fixes: d73458d17a ("Add tracing capability in test utilities") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27600)
Matt Caswell [Thu, 8 May 2025 13:54:35 +0000 (14:54 +0100)]
Stop a TLSv1.3 server emitting an unsolicited PSK extension
If we attempt to accept a connection on an SSL object, and the
application has set an SSL_SESSION on that SSL object then we
can mistakenly believe that we are resuming and
emit an unsolicited PSK extension back to the client.
This can especially happen when using SSL_clear() which leaves
any SSL_SESSION associated with the SSL object.
See
https://github.com/openssl/openssl/discussions/27563#discussioncomment-13049352
and
https://github.com/openssl/openssl/discussions/24567
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27584)
Norbert Pocs [Fri, 9 May 2025 09:48:17 +0000 (11:48 +0200)]
statem_srvr.c: Add check for empty ecdhe encoded key
The RFC definition about the errors is very vague. The TLSv1.3 RFC is a
bit more specific about decode_error (but if this specific case goes for
decode_error or illegal parameter is still debatable):
```
decode_error: A message could not be decoded because some field was
out of the specified range or the length of the message was
incorrect. This alert is used for errors where the message does
not conform to the formal protocol syntax. This alert should
never be observed in communication between proper implementations,
except when messages were corrupted in the network.
```
Thank you @GeorgePantelakis for reporting this issue!
Resolves: #27530
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27594)
APPS/cmp.c: fix char encoding of subject, issuer, sender, and recipient DN
Fixes #27572
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27592)
Jakub Zelenka [Sat, 22 Mar 2025 11:04:23 +0000 (12:04 +0100)]
Check rand_meth_lock existence before trying to lock it
There are situations during exit clean up where dependent libraries
might be using TLS to finalize stuff but that might crash because
the rand_meth_lock can get freed and there is still an attempt to
get rand bytes. This change makes sure that things fail nicely.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27119)
JiashengJiang [Mon, 5 May 2025 18:52:40 +0000 (14:52 -0400)]
test/timing_load_creds.c: Free contents in error handling to avoid memory leak
Add a call to OPENSSL_free() in the error handling path to ensure contents is properly freed and prevent a memory leak.
Fixes: 45479dcee1 ("test/timing_load_creds.c: fix coding style and other (mostly minor) issues") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27570)
Pauli [Wed, 30 Apr 2025 22:12:00 +0000 (08:12 +1000)]
chacha_poly: fix settable ctx param list
The settable list used the generic AEAD cipher list which included
an extra parameter and omitted the IV length one. The set ctx param call
was custom so the errant list didn't directly impact operation.
The comment about ignoring OSSL_CIPHER_PARAM_AEAD_MAC_KEY is completely bogus.
That parameter isn't accepted either here or by the shared AEAD cipher params.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27534)
Neil Horman [Wed, 7 May 2025 12:58:30 +0000 (08:58 -0400)]
Update IMPL_*_SIGALG to not have to stringify parameter
Noted while playing with some c-style tools that these macros got
mis-handled when doing style changes. Specifically, the last parameter,
as it passed externally as a token, but stringified internal to the
associated macro, got handled as an arithmetic expression rather than a
string.
Given that the only thing this parameter is used for is as a string, cut
out the middle man and just pass it as a string in the first place
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27579)
Matt Caswell [Fri, 2 May 2025 15:40:50 +0000 (16:40 +0100)]
Add a test for app data received too early
Add a test for app data which was received prior to the Finished is read
correctly, and that if we continue to read we get the expected result.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27543)
Matt Caswell [Fri, 2 May 2025 15:37:32 +0000 (16:37 +0100)]
Ensure we properly release DTLS buffered app data records
If we read an app data record before we have read the Finished we buffer
it. Once we've read it we need to make sure we've properly released it
otherwise we will attempt to read it again (and this time there will be
no data in it).
Fixes #27316
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27543)
JiashengJiang [Mon, 5 May 2025 18:23:38 +0000 (14:23 -0400)]
test/bio_comp_test.c: Initialize pointer to avoid undefined behavior
If the allocation for "original" fails, "result" may be freed without being
properly initialized. Since result could hold a random value due to its
assignment in do_bio_comp_test(), freeing it without initialization is unsafe
and may lead to undefined behavior.
Fixes: 12e96a2360 ("Add brotli compression support (RFC7924)") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27569)
Matt Caswell [Wed, 30 Apr 2025 12:09:58 +0000 (13:09 +0100)]
Add a test for sending an empty app data record in DTLS
DTLS should ignore this
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27541)
Matt Caswell [Tue, 29 Apr 2025 13:21:49 +0000 (14:21 +0100)]
Drop empty app data records in DTLS
App data records with 0 bytes of payload will confuse callers of SSL_read().
This will cause a successful read and return 0 bytes as read. Unfortunately
a 0 return from SSL_read() is considered a failure response. A subsequent
call to SSL_get_error() will then give the wrong result.
Zero length app data records are actually allowed by the spec, but have
never been handled correctly by OpenSSL. We already disallow creating such
empty app data records. Since the SSL_read() API does not have a good way to
handle this type of read, we simply ignore them.
Partial fix for #27316
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27541)
JiashengJiang [Mon, 5 May 2025 01:41:39 +0000 (21:41 -0400)]
crypto/provider_conf.c: Fix possible memory leak
Assign the return value of ossl_provider_info_add_to_store to added instead of
setting it directly to 1, in order to avoid a memory leak caused by entry not
being freed if ossl_provider_info_add_to_store() fails.
Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27472)
Pauli [Thu, 17 Apr 2025 02:09:38 +0000 (12:09 +1000)]
ccm: update CCM mode ciphers to use the TRIE param name decoder for AEAD ciphers
This brings the implementation in line with GCM which has had this capability
for a while. It will improveme performance setting and retrieving the
authenticatoin tag.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27392)
Addresses an issue where the EVP_CIPHER_CTX_get_updated_iv() function
does not properly return the updated IV for the ChaCha20 cipher.
chacha20_get_ctx_params was updated to be sensitive to the
OSSL_CIPHER_PARAM_UPDATED_IV parameter.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27484)
Enable AES and SHA3 optimisations on Qualcomm Snapdragon X systems
For larger data blocks, AES gets performance gains of up to 26.5%,
and SHA3 up to 15%. Tested on a Dell 9345 with Snapdragon X1E-80-100.
Below are detailed data.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27503)
projects / thirdparty / openssl.git / log
