Ingo Franzki [Mon, 16 Oct 2023 12:07:05 +0000 (14:07 +0200)]
speed: Correct handling of async_jobs for KEM and signature algos
Setup the loopargs array for all jobs, not only for the very first one.
It may fail with "Could not allocate 0 bytes for sig sign loop" and/or will
cause the loop functions to fail silently, because they operate on a NULL
PKEY context when "-async_jobs <n>" is specified.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22399)
Ingo Franzki [Mon, 16 Oct 2023 12:06:04 +0000 (14:06 +0200)]
speed: Fix memory leaks
Free the PKEYs created for KEM and signature algorithms.
Free the encrypt/decrypt PKEY contexts for RSA.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22399)
slontis [Mon, 20 Mar 2023 05:08:38 +0000 (15:08 +1000)]
Create hierarchical demo Makefile.
Adds a Makefile with all, clean, and test targets.
This has only been added for demos that already contain Makefiles.
For problematic tests that require inputs, the test target does nothing.
(Note: Demos should be self contained and not require unknown external
inputs. This PR does not attempt to fix this.)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20546)
Matt Caswell [Fri, 20 Oct 2023 11:33:25 +0000 (12:33 +0100)]
When requeueing deferred URXEs retain the order
If a URXE cannot be processed yet then we add it to the urx_deferred list.
Later, when they can be processed, we requeue them in the urx_pending list.
We must not reverse the order when doing so. We want to process the URXEs
in the order that they were received.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22452)
Hugo Landau [Mon, 16 Oct 2023 14:50:30 +0000 (15:50 +0100)]
Adjust mdl configuration
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22405)
Nate Karstens [Fri, 20 Oct 2023 16:24:33 +0000 (11:24 -0500)]
Add notes on use of strdup
Added notes to OPENSSL_INIT_set_config_filename and
OPENSSL_INIT_set_config_appname explaining why strdup
is used instead of OPENSSL_strdup.
CLA: trivial
Co-authored-by: Jean Apolo <jean.apolo@garmin.com> Signed-off-by: Jean Apolo <jean.apolo@garmin.com> Signed-off-by: Nate Karstens <nate.karstens@garmin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21742)
Pauli [Thu, 5 Oct 2023 23:26:23 +0000 (10:26 +1100)]
evp: process key length and iv length early if present
evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers (AEAD ones).
This means that changing the IV length as a parameter will either truncate the
IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised
bytes.
Truncation is very bad if SP 800-38d section 8.2.1 is being used to
contruct a deterministic IV. This leads to an instant loss of confidentiality.
Grabbing extra bytes isn't so serious, it will most likely result in a bad
decryption.
Problem reported by Tony Battersby of Cybernetics.com but earlier discovered
and raised as issue #19822.
Fixes CVE-2023-5363
Fixes #19822
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Tomas Mraz [Thu, 19 Oct 2023 06:37:47 +0000 (08:37 +0200)]
Fix Coverity 1547856: memset() uses only the lowest byte of c
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22430)
The 'rand_generate' method is not well suited for being used with
weak entropy sources in the 'get_entropy' callback, because the
caller needs to provide a preallocated buffer without knowing
how much bytes are actually needed to collect the required entropy.
Instead we use the 'rand_get_seed' and 'rand_clear_seed' methods
which were exactly designed for this purpose: it's the callee who
allocates and fills the buffer, and finally cleans it up again.
The 'rand_get_seed' and 'rand_clear_seed' methods are currently
optional for a provided random generator. We could fall back to
using 'rand_generate' if those methods are not implemented.
However, imo it would be better to simply make them an officially
documented requirement for seed sources.
Fixes #22332
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22394)
Richard Levitte [Wed, 11 Oct 2023 01:19:23 +0000 (12:19 +1100)]
rand: improve error message for rand pool overflows
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22394)
Tomas Mraz [Mon, 23 Oct 2023 12:26:32 +0000 (14:26 +0200)]
quic_record, quicapi, and quicfaults tests do not support fuzzing builds
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22472)
Tomas Mraz [Thu, 19 Oct 2023 15:19:44 +0000 (17:19 +0200)]
run-checker-daily.yml: If the openssl app is not built do not run it
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22443)
Matt Caswell [Thu, 12 Oct 2023 14:42:22 +0000 (15:42 +0100)]
Fix a use-after-free in qrx_proces_pkt
When calling qrx_relocate_buffer, both the rxe and the pointer to the token
may be changing locations. We have to use a temporary copy of the token
pointer to avoid referencing the old location of the rxe.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Kurt Roeckx [Wed, 23 Nov 2022 13:24:13 +0000 (14:24 +0100)]
Add quic client fuzzer.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
наб [Wed, 18 Oct 2023 13:35:55 +0000 (15:35 +0200)]
Reference the non-"legacy" provider names directly from EVP_md5(3) &c.
Earlier today, it took me five manuals! to find what on earth the
"Performance"/"EVP_MD_fetch(3)" crosslinks actually mean:
EVP_sha1(3)
crypto(7)
EVP_MD_fetch(3) (but not there! don't read that!)
OSSL_PROVIDER-default(7)
EVP_MD-SHA1(7)
If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/,
which it should do, since it's supposed to be what you're replacing it
with, but it doesn't actually say that, maybe people would use it.
I know I didn't because it's basically just deadass buried
As found by git grep -l 'and should consider using'
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22420)
Matt Caswell [Thu, 19 Oct 2023 10:00:39 +0000 (11:00 +0100)]
Round up nano secs when converting OSSL_TIME to struct timeval
struct timeval doesn't support nanosecs but OSSL_TIME does. We round up
any nanosecs to ensure that a non-zero input always results in a non-zero
output.
This fixes a quic-client fuzzer hang.
Fixes #22437
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)
Neil Horman [Wed, 18 Oct 2023 14:01:21 +0000 (10:01 -0400)]
Convert jdkTrustedKeyUsage to be a pkcs12 cmd line option
Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 file.
Additionally the JDK currently requires that pkcs12 files setting this
oid _not_ contain any additional keys, and in response will produce
unpredictable results.
This could be solved by implying --nokeys when the pkcs12 utility is run
and the config option is set, but thatcould confuse users who didn't
specify nokeys on the command line. As such, remove the config file
setting for this feature, and replace it with a -jdktrust command line
option, that is documented to assert nokeys when a users specifies the
new command line option.
Fixes #22215
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22422)
Tomas Mraz [Tue, 17 Oct 2023 08:00:58 +0000 (10:00 +0200)]
QUIC: Add handling of SSL_get_shutdown()
Return SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN with semantics
similar to TLS connections.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)
Tomas Mraz [Tue, 17 Oct 2023 06:58:22 +0000 (08:58 +0200)]
Postpone two TODO(QUIC) items appropriately
The one in ch_rx_handle_packet() is a tuning thing -> QUIC FUTURE
The one in ossl_quic_tserver_shutdown() is a server thing -> QUIC SERVER
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)
rand: add callbacks to cleanup the user entropy resp. nonce
The `get_user_{entropy,nonce}` callbacks were add recently to the
dispatch table in commit 4cde7585ce8e. Instead of adding corresponding
`cleanup_user_{entropy,nonce}` callbacks, the `cleanup_{entropy,nonce}`
callbacks were reused. This can cause a problem in the case where the
seed source is replaced by a provider: the buffer gets allocated by
the provider but cleared by the core.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22423)
Matt Caswell [Tue, 17 Oct 2023 13:55:48 +0000 (14:55 +0100)]
Ignore ping deadline when calculating tick deadline if we can't send
If the CC TX allowance is zero then we cannot send a PING frame at the
moment, so do not take into account the ping deadline when calculating the
tick deadline in that case.
This avoids the hang found by the fuzzer mentioned in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765131727
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22410)
Matt Caswell [Tue, 17 Oct 2023 15:26:13 +0000 (16:26 +0100)]
Ignore retry packets that arrive too late
RFC 9000 s 17.2.5.2 says
> After the client has received and processed an Initial or Retry packet
> from the server, it MUST discard any subsequent Retry packets that it
> receives.
We were checking for multiple Retry packets, but not if we had already
processed an Initial packet.
Fixes the assertion failure noted in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765618884
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22411)
Tomas Mraz [Thu, 19 Oct 2023 07:23:43 +0000 (09:23 +0200)]
cms_enc.c: Include crypto/asn1.h for struct asn1_object_st
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)
Tomas Mraz [Thu, 19 Oct 2023 07:18:37 +0000 (09:18 +0200)]
Do not include crypto/asn1.h from internal/cryptlib.h
This is unnecessary and conceptualy wrong as
headers from internal should not include headers from crypto
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)
Tomas Mraz [Mon, 9 Oct 2023 09:39:12 +0000 (11:39 +0200)]
apps.c: Remove a redundant error print-out
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22318)
Tomas Mraz [Mon, 9 Oct 2023 09:36:50 +0000 (11:36 +0200)]
apps: Print out a proper message when a store cannot be opened
Fixes #22306
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22318)
Neil Horman [Wed, 11 Oct 2023 16:45:44 +0000 (12:45 -0400)]
Add a test to confirm that legacy rsa keys work
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
Neil Horman [Tue, 10 Oct 2023 15:06:44 +0000 (11:06 -0400)]
Dont require CRT params on ossl_rsa_set0_all_params
Its not required that crt params be available in an RSA key, so don't
perform an error check on them
Fixes #29135
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
Neil Horman [Tue, 5 Sep 2023 16:08:19 +0000 (12:08 -0400)]
remove sanity check from ossl_rsa_todata
Theres no reason we should gate ossl_rsa_todata on there being a minimum
set of parameters. EVP_PKEY_todata makes no guarantees about the
validity of a key, it only returns the parameters that are set in the
requested key, whatever they may be. Remove the check.
Fixes #21935
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
Tomas Mraz [Mon, 4 Sep 2023 09:10:42 +0000 (11:10 +0200)]
ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs
This makes them zeroes otherwise
where NULLs actually mean the values aren't present.
Fixes #21935
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22334)
Neil Horman [Wed, 11 Oct 2023 13:34:02 +0000 (09:34 -0400)]
ensure that ossl_obj_nid_lock is allocated before use
external calls to OBJ_new_nid will fail on an attempt to lock the
ossl_obj_nid_lock as it won't have been initalized yet.
Bifurcate OBJ_new_nid into an external and internal variant, in which
the former calls ossl_obj_write_lock (ensuring that the nid_lock is
initalized), while OBJ_create (the sole internal caller) uses the latter
to avoid having to drop and re-acquire the lock
Fixes #22337
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22350)
James Muir [Sat, 14 Oct 2023 23:36:57 +0000 (19:36 -0400)]
cms encrypt, better OBJ_nid2obj() return check
Fixes #22225
In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to
the special "undefined" ASN1_OBJECT is returned. Check for the
undefined-ASN1_OBJECT and return an error. Also, add a test for this
in 80-test_cms.t.
Testing:
#!/bin/bash -x
shopt -s expand_aliases
alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl"
echo "This is a confidential message. It should be encrypted." > msg.txt
## this should fail b/c there is no OID for aes-256-ctr
openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem
echo $?
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22392)
Pavel Stetsuk [Thu, 14 Sep 2023 20:05:49 +0000 (23:05 +0300)]
fix: LINEAR search doesn't work properly (if CHARSET_EBCDIC is defined)
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22108)
Daiki Ueno [Mon, 16 Oct 2023 05:42:12 +0000 (14:42 +0900)]
rsa: Accept NULL OAEP label for backward compatibility
According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label()
should accept NULL as the label argument, though the function
currently rejects it while setting the corresponding octet string
parameter with OSSL_PARAM_construct_octet_string, which expects
non-NULL input. This adds a workaround to the caller for backward
compatibility.
Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22397)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
CMS_add1_signer.pod: add missing info on CMS_SignerInfo_sign() return values
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
PKCS7_SIGNER_INFO: point out confusing names of digest_enc_alg and enc_digest fields
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
Pauli [Wed, 11 Oct 2023 21:46:19 +0000 (08:46 +1100)]
cmp: add null pointer check in tear_down test function
problem reported by: 2ourc3
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22355)
James Muir [Wed, 11 Oct 2023 22:11:42 +0000 (18:11 -0400)]
Fix parenthesis, use a colon
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22356)
James Muir [Tue, 10 Oct 2023 16:41:59 +0000 (12:41 -0400)]
Update unix Makefile template to handle paths with spaces
Fixes #4668 (on unix-like platforms)
Testing:
rm -rf "$HOME/tmp/beforespace afterspace"
./Configure -Werror --strict-warnings --prefix="$HOME/tmp/beforespace afterspace"
make -j6 update
make -j6
make install
make test
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21821)
Tomas Mraz [Wed, 11 Oct 2023 10:55:41 +0000 (12:55 +0200)]
trace_api_test.c: Separate tracing statements
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
Tomas Mraz [Wed, 11 Oct 2023 09:20:02 +0000 (11:20 +0200)]
Windows: use srand() instead of srandom()
This is used for memory allocation failure debugging only
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
Tomas Mraz [Wed, 11 Oct 2023 09:05:37 +0000 (11:05 +0200)]
Windows CI: Add some non-default options to check they are working
Some of the non-default options that enable more
code to be built need to be enabled in one of the
Windows builds to avoid regressions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
Tomas Mraz [Thu, 5 Oct 2023 09:11:16 +0000 (11:11 +0200)]
DH_check_pub_key() should not fail when setting result code
The semantics of ossl_ffc_validate_public_key() and
ossl_ffc_validate_public_key_partial() needs to be changed
to not return error on non-fatal problems.
Fixes #22287
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22291)
Richard Levitte [Tue, 10 Oct 2023 10:32:40 +0000 (12:32 +0200)]
test/recipes/05-test_rand.t: replace 'and' with '&&'
The lower priority 'and' seems to have some "interesting" interactions with
function argument parsing in some perl versions (presumably because 'and' is
lower priority than the comma).
For the lines that are changed here, perl v5.20.1 says this:
Useless use of string eq in void context at [.test.recipes]05-test_rand.t line 33.
Useless use of numeric eq (==) in void context at [.test.recipes]05-test_rand.t line 39.
Replacing 'and' with '&&' in these two cases fixes the problem.
Replacing
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22331)
Hugo Landau [Mon, 9 Oct 2023 18:11:39 +0000 (19:11 +0100)]
Ensure struct timeval is defined when including ssl.h
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22323)
Klavishnik [Thu, 10 Aug 2023 10:56:24 +0000 (13:56 +0300)]
Added check for the return value of the RAND_bytes() function
Call app_bail_out if RAND_bytes() fails.
Also changed the output parameter of RAND_bytes() to inp as
writing to encrypted output buffer does not make sense.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21706)
Evgeny Karpov [Mon, 7 Aug 2023 12:28:20 +0000 (14:28 +0200)]
* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21673)
Matt Caswell [Fri, 6 Oct 2023 14:56:15 +0000 (15:56 +0100)]
When calling ossl_crypto_condvar_wait_timeout() we must use real time
Although many of the QUIC tests use fake time, the time we pass to the
ossl_crypto_condvar_wait_timeout() must be a real time.
Passing fake time was causing the QUIC tserver test to hang because
ossl_crypto_convar_wait_timeout() always timed out immediately and never
relinquished the CPU.
If using fake time we adjust the time to real time just before using it.
Fixes #22020
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22301)
Klavishnik [Wed, 9 Aug 2023 14:05:03 +0000 (17:05 +0300)]
Avoid divide-by-zero in kmac_prov.c's bytepad()
This would happen if EVP_MD_get_block_size() returned 0
so we return an error instead.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21698)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21913)
Matt Caswell [Wed, 4 Oct 2023 16:55:33 +0000 (17:55 +0100)]
Timeout in the tserver test using real time
When running the tserver test we bail out if a timeout expires. We
shouldn't use fake time for that timeout, because fake time might never
actually get incremented.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22284)
Matt Caswell [Wed, 4 Oct 2023 16:50:53 +0000 (17:50 +0100)]
Don't wait in the tesrver idle testing every time around the loop
If we wait for 100ms 600 times - then the test takes a minute to complete
which is far too long. The purpose of the wait is to give the assistance
thread a chance to catch up. We only do that if the event timeout has
actually expired - otherwise we are waiting for no reason.
Fixes #22156
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22284)
Tomas Mraz [Thu, 5 Oct 2023 13:24:38 +0000 (15:24 +0200)]
Windows CI: Continue on error during cpuinfo
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22293)
Vladimir Kotal [Wed, 4 Oct 2023 14:11:42 +0000 (16:11 +0200)]
avoid sun as variable name
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22281)
Tomas Mraz [Tue, 3 Oct 2023 13:45:13 +0000 (15:45 +0200)]
d2i_X509.pod: Better document using the reuse capability for libctx setup
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22265)
Neil Horman [Wed, 4 Oct 2023 13:48:37 +0000 (09:48 -0400)]
embed bio_dgram_data inside bio_dgram_sctp_data
the sctp BIO implementation uses the generic BIO dgram implementation
under the covers for some operations. However, the private data for
each bio is incongruous, leading to segfaults when doing things like
passing a dgram_sctp_ctrl operation to the underlying dgram_ctrl method.
Fix this by removing the common fields between the two strcutres and
embedding a bio_dgram_data as the first member of the
bio_dgram_sctp_data struct. This allows implicit casting when that call
path is taken, avoiding any memory mis-use
Fixes #20643
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22278)