Viktor Dukhovni [Tue, 11 Feb 2025 10:45:23 +0000 (21:45 +1100)]
Address coverity reports
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26703)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26641)
X509_STORE_CTX_get1_issuer(): make happy path quicker again
Fixes #26588
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26600)
x509_vfy.c: refactor parameter of get0_best_issuer_sk() and adapt its use by build_chain()
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26600)
Simo Sorce [Fri, 7 Feb 2025 19:20:00 +0000 (14:20 -0500)]
Add documentation to explain DRBG changes
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26542)
Simo Sorce [Fri, 7 Feb 2025 16:21:51 +0000 (11:21 -0500)]
Change also other DRBG's algorithm fetching
- DRBG_HASH
- DRBG_HMAC
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26542)
...instead of the default one Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26542)
Simo Sorce [Thu, 23 Jan 2025 16:01:39 +0000 (11:01 -0500)]
Prefer DRBG ciphers from the same provider
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26542)
Ingo Franzki [Mon, 10 Feb 2025 14:45:26 +0000 (15:45 +0100)]
test/quicapitest.c: Increase timeout of test_fin_only_blocking to 40ms
Running this test on heavily loaded systems may cause the SSL_read_ex() to
take more than 20ms, due to concurrent workload.
Increase the timeout to 40ms to allow a little bit more time.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26693)
Matt Caswell [Fri, 7 Feb 2025 11:53:59 +0000 (11:53 +0000)]
Add a test for configuring provider certs via config
A bug existed where provider added cert algorithms caused a crash when
they were configured via a config file. We add a test for this scenario.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Matt Caswell [Fri, 7 Feb 2025 12:11:41 +0000 (12:11 +0000)]
Fix configuring provider certificate algs via config file
A crash could occur when attempting to configure a certificate via a
config file, where the algorithm for the certificate key was added
dynamically via a provider.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Matt Caswell [Fri, 3 Jan 2025 15:57:47 +0000 (15:57 +0000)]
Enable the quic-tls API to work, even in the case of no-quic
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Wed, 21 Aug 2024 13:50:55 +0000 (14:50 +0100)]
Add a test for the quic-tls API
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Wed, 21 Aug 2024 10:16:54 +0000 (11:16 +0100)]
Add a CHANGES.md entry
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Tue, 20 Aug 2024 15:19:10 +0000 (16:19 +0100)]
Add documentation for the new third party QUIC stack API
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Matt Caswell [Tue, 20 Aug 2024 14:09:17 +0000 (15:09 +0100)]
Add an API for other QUIC stacks to use our TLS implementation
We provide some callbacks for third party QUIC stacks to use in order
to be able to reuse the OpenSSL TLS implementation in that stack. This is
essentially a thin wrapper around the same API that OpenSSL's own QUIC
stack uses in order to integrate TLS.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)
Viktor Dukhovni [Thu, 19 Dec 2024 17:25:15 +0000 (04:25 +1100)]
With SSL_VERIFY_PEER client RPK should abort on X509 error
While RPK performs X.509 checks correctly, at the SSL layer the
SSL_VERIFY_PEER flag was not honoured and connections were allowed to
complete even when the server was not verified. The client can of
course determine this by calling SSL_get_verify_result(), but some
may not know to do this.
Added tests to make sure this does not regress.
Fixes CVE-2024-12797
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
Dave Kelsey [Thu, 16 Jan 2025 15:10:41 +0000 (15:10 +0000)]
Add support for multiple key shares
This PR is the implementation of concluded discussion that occurred in a
draft PR #25605. This changes were mainly authored by @martinschmatz
with some contribution from myself.
It addresses issue #21633
This extends the group list definition to support a more complex
definition while still retaining backward compatibility with the simple
form of colon separated groups.
Details of the agreed format and expected behaviour can be found in
#25605 and in the documentation changes.
Signed-off-by: Dave Kelsey <d_kelsey@uk.ibm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26445)
Zhiguo Zhou [Mon, 6 Jan 2025 14:05:55 +0000 (22:05 +0800)]
Dual 1024/1536/2048-bit exponentiation optimization for Intel Sierra Forest CPU
It optimizes the RSA-2k/3k/4k via the AVXIFMA ISA on Sierra Forest.
The performance improvements of 1.8x-2.2x are observed in the speed
tests of sign and decryption operations on this CPU.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25751)
Dmitry Misharov [Wed, 5 Feb 2025 09:11:55 +0000 (10:11 +0100)]
add workflow dispatch inputs into coveralls workflow
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26645)
sashan [Wed, 29 Jan 2025 09:57:14 +0000 (10:57 +0100)]
perlasm: Replace .previous with the actual previous section
Older versions of darwin (10.8 and earlier) don't understand .previous.
this tweak emits the previous section directive which preceeds the
rodata (for example .text) instead of using .previous. We use the
same for mingw.
Fixes #26447
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26585)
Kazuki Yamaguchi [Sat, 25 Jan 2025 08:31:31 +0000 (17:31 +0900)]
Use ASN1_INTEGER_get_int64() in ossl_serial_number_print()
A -1 return from ASN1_INTEGER_get() indicates both success and error.
Our man page calls out this ambiguity. Use ASN1_INTEGER_get_int64()
instead, which has a better error reporting and also a platform
independent behavior with respect to sizeof(long).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26557)
Kazuki Yamaguchi [Sat, 25 Jan 2025 08:31:16 +0000 (17:31 +0900)]
Fix pretty-printing empty serial number in ossl_serial_number_print()
Fix a crash when the ASN1_INTEGER has empty content. While it is
illegal, this is the initial state of the serialNumber field when an
X509 object is allocated by X509_new(). X509_print*() should be able to
process an incomplete X509 object too.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26557)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25716)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25716)
Michael Baentsch [Sat, 18 Jan 2025 08:58:33 +0000 (09:58 +0100)]
Add version field check to PKCS8 decoder
Fixes #26459
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26464)
Rajeev Ranjan [Tue, 5 Nov 2024 13:26:29 +0000 (14:26 +0100)]
Add function X509_VERIFY_PARAM_get_purpose()
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25132)
Rajeev Ranjan [Wed, 29 May 2024 16:19:29 +0000 (18:19 +0200)]
CMP: add support for central key generation
- add testcase for central keygen
- add documentation
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25132)
Sean Kannanaikal [Wed, 22 Jan 2025 12:38:47 +0000 (07:38 -0500)]
Fix magic + 20 in PEM_ASN1_write_bio
Fixes #26476
In the file crypto/pem/pem_lib.c the function had a +20 to account for
padding in the data size, however this was recognized to not be up to
standard quality. Instead it has now been updated to use the static
maximum block size and uses that for the calculation as opposed to a +20.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26526)
Mae [Wed, 22 Jan 2025 16:54:43 +0000 (16:54 +0000)]
Fix passing struct by value rather than by reference to syscall
Fixes #26521
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26523)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26522)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26522)
Viktor Dukhovni [Thu, 23 Jan 2025 04:42:14 +0000 (15:42 +1100)]
Expose the provider `c_get_params` function via PROV_CTX.
This applies to the base, default and FIPS providers, could be added in
principle also to the legacy provider, but there's no compelling reason
to do that at the moment.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26530)
Viktor Dukhovni [Wed, 22 Jan 2025 15:43:53 +0000 (02:43 +1100)]
Don't lose config infopairs of built-in providers
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26520)
Stas Cymbalov [Tue, 21 Jan 2025 13:42:19 +0000 (16:42 +0300)]
Fix data race in asn1_str2tag() on tntmp which was accidentally made static
Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
parameter. This can happen if other thread modifies tntmp to point to
a different tnst element right after a successful name check in the
if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
This can happen when multiple threads all first execute tntmp = tnst;
line and then start executing the loop. If that case those threads
can end up incrementing tntmp past the end of tnst array.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)
Signed-off-by: Alexander Heinlein <alexander.heinlein@web.de> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26497)
Richard Levitte [Thu, 9 Jan 2025 13:36:20 +0000 (14:36 +0100)]
Refactor MAKE_ENCODER in providers/implementations/encode_decode/encode_key2any.c
It took a parameter 'evp_type', which isn't used. The comment describing
it mentions a future refactoring, but it appears that this has already
happened.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26360)
Bernd Edlinger [Tue, 21 Jan 2025 15:12:18 +0000 (16:12 +0100)]
Give DTLS tests more time to complete
Increase the timeout for DTLS tests to 10 seconds.
But do that only for DTLS as this would waste time
for other tests, most of the TLS tests do not need
this at all.
Fixes #26491
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26502)
When this pattern occurs, the atomic or operation fails to see the published
value of CPU1 and when the or-ed value is written back to ram, the incremented
value in get_hold_current_qp is overwritten, meaning the hold that the reader
placed on the rcu lock is lost, allowing the writer to complete early, freeing
memory before a reader is done reading any held memory.
Why this is only observed on ppc64le I'm not sure, but it seems like a pretty
clear problem.
fix it by implementing ATOMIC_COMPARE_EXCHANGE_N, so that, on the write side in
update_qp, we can ensure that updates are only done if the read side hasn't
changed anything. If it has, retry the operation.
With this fix, I'm able to run the threads test overnight (4000 iterations and
counting) without failure.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26478)
Nadav Tasher [Fri, 20 Dec 2024 15:59:01 +0000 (17:59 +0200)]
s_socket: naccept: close listening socket after accepting clients
When `-naccept` is passed (i.e with `s_server`), the listening socket remains open while handling
client, even after `naccept` is supposed to reach `0`.
This is caused to to the decrementation of `naccept` and closing of the socket
happening a little too late in the `do_server` function.
Signed-off-by: Nadav Tasher <tashernadav@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26228)
Viktor Dukhovni [Fri, 17 Jan 2025 11:58:43 +0000 (22:58 +1100)]
Support boolean queries against provider config
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26455)
Restoring [sp, #64] into d15,d16 instead of d14,d15.
Fixes: #26466
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26469)
Viktor Dukhovni [Sat, 18 Jan 2025 07:34:54 +0000 (18:34 +1100)]
Check return of OSSL_PROVIDER_do_all to avoid coverity noise
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26462)
Viktor Dukhovni [Thu, 16 Jan 2025 08:45:50 +0000 (19:45 +1100)]
Don't promise a non-zero return size in error cases.
When a requested parameter has a non-NULL result pointer,
and the error isn't simply that the result buffer is too
small, don't return a non-zero result size.
Returning a non-zero result size that isn't larger than the
user's provided space is an indication that a result of
that size was actually written, inviting trouble if the
error indication was inadvertenly lost.
Also, in such cases (wrong type, data can't be converted to the
requested type when otherwise supported, ...) there is nothing useful to
be done with the return size value, it can't help to address the
problem.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26436)
Viktor Dukhovni [Sun, 19 Jan 2025 15:51:07 +0000 (02:51 +1100)]
Make the provider context available to encoders
At the moment the provider context is only available to
encoders that encrypt, but it is useful more generally.
A similar change has already been merged to "master" on the
decoder side, this is the mirror change for encoders. The
only significant difference is that PEM_ASN1_write_bio needed
to be "extended" (cloned) to allow it to pass the provider context
down to the `k2d` function it uses to encode the data.
I had to "hold my nose" and live with the random "20" added to the data
size in order to accomodate encryption with padding, which may produce
one more cipher block than the input length. This really should ask
the EVP layer about the block length of the cipher, and allocate the
right amount. This should be a separate fix for both the old
PEM_ASN1_write_bio() and the new PEM_ASN1_write_bio_ctx().
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26475)
Tomas Mraz [Wed, 15 Jan 2025 17:29:52 +0000 (18:29 +0100)]
Add CHANGES.md and NEWS.md updates for CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
Tomas Mraz [Wed, 15 Jan 2025 17:27:02 +0000 (18:27 +0100)]
Fix timing side-channel in ECDSA signature computation
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
Attacks on ECDSA nonce are also known as Minerva attack.
Fixes CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
projects / thirdparty / openssl.git / log
