Simo Sorce [Fri, 11 Nov 2022 17:18:26 +0000 (12:18 -0500)]
Add test for EVP_PKEY_eq
This tests that the comparison work even if a provider can only return
a public key.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
Simo Sorce [Thu, 10 Nov 2022 21:58:28 +0000 (16:58 -0500)]
Update documentation for keymgmt export utils
Change function prototypes and explain how to use the selection
argument.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
Simo Sorce [Thu, 10 Nov 2022 15:46:32 +0000 (10:46 -0500)]
Propagate selection all the way on key export
EVP_PKEY_eq() is used to check, among other things, if a certificate
public key corresponds to a private key. When the private key belongs to
a provider that does not allow to export private keys this currently
fails as the internal functions used to import/export keys ignored the
selection given (which specifies that only the public key needs to be
considered) and instead tries to export everything.
This patch allows to propagate the selection all the way down including
adding it in the cache so that a following operation actually looking
for other selection parameters does not mistakenly pick up an export
containing only partial information.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
Tomas Mraz [Thu, 10 Nov 2022 16:13:36 +0000 (17:13 +0100)]
Update Stream Receive Buffers design document with implementation details
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
Tomas Mraz [Wed, 26 Oct 2022 16:35:04 +0000 (18:35 +0200)]
Plug the QUIC_RSTREAM to the RX depacketizer
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
Tomas Mraz [Tue, 11 Oct 2022 06:44:46 +0000 (08:44 +0200)]
QUIC Receive Stream Management: Call QUIC flow control
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
Tomas Mraz [Tue, 27 Sep 2022 12:08:43 +0000 (14:08 +0200)]
QUIC Receive Stream Management
Added SFRAME_LIST structure and QUIC_RSTREAM object to
manage received stream data.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19509)
Matt Caswell [Mon, 7 Nov 2022 15:13:35 +0000 (15:13 +0000)]
Fix memory leak when freeing the DTLS record layer
We need to check whether the sent_messages has actually buffered any
messages in it. If not we won't free the old record layer later when we
clear out the old buffered messages and a memory leak will result.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
Matt Caswell [Wed, 2 Nov 2022 14:56:16 +0000 (14:56 +0000)]
Move declarations out of record.h and record_local.h
We move many of the declarations in record.h and record_local.h into
locations inside ssl/record/methods instead. Also many declarations were
no longer required and could be removed completely.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
J.W. Jagersma [Sat, 1 Oct 2022 16:41:44 +0000 (18:41 +0200)]
Cast values to match printf format strings.
For some reason djgpp uses '(unsigned) long int' for (u)int32_t. This
causes errors with -Werror=format, even though these types are in
practice identical.
Obvious solution: cast to the types indicated by the format string.
For asn1_time_test.c I changed the format string to %lli since time_t
may be 'long long' some platforms.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
Tomas Mraz [Wed, 12 Oct 2022 09:26:43 +0000 (11:26 +0200)]
demos/mac/cmac-aes256: Clarify the cipher algorithm used
The currently used cipher is aes256 which is an alias to AES-256-CBC,
so the demo is correct.
However it might be misleading so make it clear the CBC mode
cipher is used.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
Pauli [Thu, 3 Nov 2022 00:55:13 +0000 (11:55 +1100)]
punycode: update to use WPACKET instead of using custom range checking
Add test for `.' overflows, remove the output size argument from
ossl_a2ulabel() since it was never used and greatly complicated the code.
Convert ossl_a2ulabel() to use WPACKET for building the output string.
Update the documentation to match the new definition of ossl_a2ulabel().
x509: let punycode handle the '\0' string termination. Saves a memset(3)
and some size fiddling. Also update to deal with the modified parameters.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
Milan Broz [Sat, 29 Oct 2022 09:48:51 +0000 (11:48 +0200)]
pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey
Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
Milan Broz [Sat, 29 Oct 2022 09:46:34 +0000 (11:46 +0200)]
pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional
The copy of PKEY should be released on the error path.
Easily reproduced with "ED448" context.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
Cameron Cawley [Fri, 4 Nov 2022 13:49:00 +0000 (13:49 +0000)]
pkcs7: Remove unused includes
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19608)
Sam James [Wed, 2 Nov 2022 01:49:37 +0000 (01:49 +0000)]
CI: Add Alpine (musl)
I'm not intending to add every single possible combination of distros
to compiler-zoo, but I think this one is worthwhile.
musl tends to be Different Enough (TM) to allow problems to be found,
in particular (but not limited to) its malloc implementation ("mallocng").
It's also quite a common environment, especially in containers, so
I think it's worth testing on.
Signed-off-by: Sam James <sam@gentoo.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19577)
Matt Caswell [Mon, 7 Nov 2022 12:02:08 +0000 (12:02 +0000)]
Use the same encryption growth macro consistently
We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.
Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19622)
Matt Caswell [Wed, 26 Oct 2022 15:55:46 +0000 (16:55 +0100)]
Fix dtls_get_max_record_overhead()
We fix dtls_get_max_record_overhead() to give a better value for the max
record overhead. We can't realistically handle the compression case so we
just ignore that.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)
Richard Levitte [Fri, 4 Nov 2022 09:37:13 +0000 (10:37 +0100)]
crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case
The use case is that uppercase .ASM extension may be used on some platforms,
and we were only testing for the lowercase extension.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19604)
So far assembly modules were intended to be built as .pl->.S->.{asmext}
followed by .{asmext}->.o. This posed a problem in build_all_generated
rule if it was executed on another computer, and also turned out to be
buggy, as .S was also translated to .{asmext} on Windows and VMS.
Both issues are fixed by changing the rule sequence to .pl->.S and then
.S->.s->.o, with the added benefit that the Windows and VMS build file
templates are more in sync with unix-Makefile.tmpl and slightly simpler.
Fixes #19594
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19598)
slontis [Mon, 30 May 2022 04:32:36 +0000 (14:32 +1000)]
Add d2i_PUBKEY_ex_fp and d2i_PUBKEY_ex_bio.
These functions pass a library content and prop query.
The i2d documentation related to these functions has been corrected since the bio and fp functions always return 0 or 1.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18427)
slontis [Thu, 13 Oct 2022 07:02:54 +0000 (17:02 +1000)]
Add test for X509 sign TBS cache regression.
See Issue #19388.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19406)
Matt Caswell [Tue, 25 Oct 2022 14:55:38 +0000 (15:55 +0100)]
Update the pipelining docs
Document the effect on the internal read buffer when using pipelining.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
Matt Caswell [Tue, 25 Oct 2022 14:47:36 +0000 (15:47 +0100)]
Fix read pipelining
During read pipelining we must ensure that the buffer is sufficiently large
to read enough data to fill our pipelines. We also remove some code that
moved data to the start of the packet if we can. This was unnecessary
because of later code which would end up moving it anyway. The earlier move
was also incorrect in the case that |clearold| was 0. This would cause the
read pipelining code to fail with sufficiently large records.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
Matt Caswell [Fri, 21 Oct 2022 13:08:29 +0000 (14:08 +0100)]
Pipeline output/input buf arrays must live until the EVP_Cipher is called
The pipeline input/output buf arrays must remain accessible to the
EVP_CIPHER_CTX until EVP_Cipher is subsequently called. This fixes an
asan error discovered by the newly added pipeline test.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
Matt Caswell [Thu, 20 Oct 2022 15:36:37 +0000 (16:36 +0100)]
Add a test for TLS pipelining
TLS pipelining provides the ability for libssl to read or write multiple
records in parallel. It requires special ciphers to do this, and there are
currently no built-in ciphers that provide this capability. However, the
dasync engine does have such a cipher, so we add a test for this capability
using that engine.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
slontis [Thu, 27 Oct 2022 07:56:12 +0000 (17:56 +1000)]
Attempt to fix CI Daily build error
For some reason the newly introduced CI test
for sctp causes issues. It is unknown why this
seems to work when testing, but doesnt work
once it was merged.
The test has been put into its own file, with
skips on error if the setup fails..
This will need to be merged to test if this
works.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19511)
Hugo Landau [Fri, 28 Oct 2022 06:32:54 +0000 (07:32 +0100)]
Fix unused variable in QUIC send stream test
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19526)
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19547)
Pauli [Wed, 26 Oct 2022 09:09:24 +0000 (20:09 +1100)]
fips: verify that the RNG was restored after the self tests
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 02:51:02 +0000 (13:51 +1100)]
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 00:48:58 +0000 (11:48 +1100)]
Update FIPS KATs for 140-3
Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 00:48:07 +0000 (11:48 +1100)]
dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1
This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision
against a newly calculated public key.
Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 00:47:48 +0000 (11:47 +1100)]
Remove DES cipher from the FIPS provider
Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 05:21:58 +0000 (15:21 +1000)]
Update fipsinstall tests
Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 03:44:35 +0000 (13:44 +1000)]
Remove conditional FIPS dependence for 3DES
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 00:59:01 +0000 (10:59 +1000)]
Move DES based test cases out of FIPS territory
Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 00:53:11 +0000 (10:53 +1000)]
Skip DES based tests in FIPS mode
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Mon, 26 Sep 2022 05:20:14 +0000 (15:20 +1000)]
rand: add set0 calls for the private and public DRBGs
The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means
the entropy needs to be cooked. This permits this.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Tomas Mraz [Thu, 27 Oct 2022 11:49:29 +0000 (13:49 +0200)]
Dependabot configuration is not a workflow
Moving it one level up so it does not confuse CI.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19515)
Pauli [Wed, 26 Oct 2022 23:22:47 +0000 (10:22 +1100)]
Fix CVE-2022-3786 in punycode decoder.
Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).
The function also did not NUL-terminate the output in some cases.
The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.
Pauli [Wed, 26 Oct 2022 23:21:41 +0000 (10:21 +1100)]
Fix CVE-2022-3602 in punycode decoder.
An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.