Simo Sorce [Thu, 24 Apr 2025 14:05:53 +0000 (10:05 -0400)]
Add test to check SKEYMGMT interfaces
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27483)
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27483)
Richard Levitte [Wed, 23 Apr 2025 18:14:38 +0000 (20:14 +0200)]
Relax absolut path checking in our 'file' scheme implementation
So far, we strictly obeyed [RFC 8089], which only allows absolute paths
in a 'file:' URI. However, this seems to give a confusing user
experience, where something like 'file:foo.pem' wouldn't open foo.pem,
even though it's there in the current directory, but 'file:$(pwd)/foo.pem'
would.
To be less surprising for such use cases, we relax our implementation
visavi [RFC 8089] to allow relative paths.
Ensure z and d are actually zeroized by cleansing the full size of s,
rather than just vector_bytes.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27437)
Matt Caswell [Fri, 11 Apr 2025 13:19:46 +0000 (14:19 +0100)]
Fix errors on SSL_accept() and SSL_get_error()
Calling SSL_accept() was raising two errors on the stack if you passed
the wrong object type. Similarly SSL_get_error() was adding an error to
the stack if the wrong object type was passed and returning the wrong
result.
We also ensure SSL_set_accept_state() and SSL_set_connect_state() don't
raise spurious errors since these are void functions.
Fixes #27347
Fixes #27348
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27351)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27157)
Luke Kurlandski [Tue, 4 Mar 2025 16:53:36 +0000 (11:53 -0500)]
Improved error message for X509_V_ERR_CERT_NOT_YET_VALID
In addition to an invalid certificate, it is not unlikely that this
exact error (case X509_V_ERR_CERT_NOT_YET_VALID) is caused by an
incorrect system clock. This cannot be trivially fixed, so for now,
we simply improve the quality of the error message.
Fixes #14771
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27141)
Viktor Dukhovni [Wed, 9 Apr 2025 07:33:02 +0000 (17:33 +1000)]
Fix default pkey(1) DER output
This is expected to be PKCS#8, but was defaulting to traditional when
possible. Changed default DER output format to PKCS#8 and extended the
`-traditional` option to apply also to DER output.
Fixes: #21708 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27273)
Simo Sorce [Tue, 15 Apr 2025 19:42:22 +0000 (15:42 -0400)]
Advertize signature setting in settable_ctx fn
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Tue, 15 Apr 2025 18:58:20 +0000 (14:58 -0400)]
Add test for ML-DSA sig/ver message update
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Fri, 11 Apr 2025 21:24:09 +0000 (17:24 -0400)]
Add ml_dsa msg_update functions to provider code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Fri, 11 Apr 2025 17:38:20 +0000 (13:38 -0400)]
Make public ml_dsa_mu_.. helpers
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Wed, 9 Apr 2025 13:35:20 +0000 (09:35 -0400)]
Split the ML-DSA internal sigver functions
Deconstruct the functions into 2 parts:
- mu computation (if needed)
- actual signing/verification
Adds helper to compute mu that is split in 3 parts
(init/update/finalize) where the update part can be used to feed the message
to be signed or verified in chunks of any size.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Tue, 15 Apr 2025 19:21:19 +0000 (15:21 -0400)]
Fix EVP_PKEY_verify man page
Various functions were misnamed in the descriptions.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Simo Sorce [Tue, 15 Apr 2025 19:20:41 +0000 (15:20 -0400)]
Fix mldsa'a msg_inits operation type
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
olszomal [Fri, 3 Jan 2025 07:42:55 +0000 (08:42 +0100)]
Fix URL parsing to handle missing ports and ISO 8601 timestamps in paths
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26303)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27455)
If the function is not called the settings default to 0.
Fixes #10584
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27410)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
provider-signature.pod: fix doc of OSSL_SIGNATURE_PARAM_ALGORITHM_ID, describing its relevance
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
ASN1_item_sign.pod: fix description of the algor1, algor2, and signature in/out-parameters
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
Pauli [Wed, 9 Apr 2025 02:42:40 +0000 (12:42 +1000)]
test: test for setting hkdf salt to null
Fixes #27302
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Wed, 9 Apr 2025 02:42:10 +0000 (12:42 +1000)]
hkdf: allow salt to be set to null
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Mon, 31 Mar 2025 22:57:50 +0000 (09:57 +1100)]
params: refactor some of the param helper code
Unifies some duplicated code.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27221)
Pauli [Mon, 31 Mar 2025 22:15:40 +0000 (09:15 +1100)]
commands: fix parameter value output
The parameter value output library routine was incorrect. It used the
incorrect length when printing fetched parameter sizes. It also printed
a string which was potentially not zero terminated. Both of these are
addressed here.
Additionally, octet strings have their initial bytes printed in hex.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27221)
Older versions place an error code to the error queue when retrieving
updated IV.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27417)
Neil Horman [Mon, 14 Apr 2025 16:23:15 +0000 (12:23 -0400)]
Serialize install process to avoid multiple make depend operations
If make install is run with a large -j value (make install -j N , where
N < 1)
We can run into a situation in which the install fails because multiple
make depend operations are running in parallel, which will fail due to
makefile rewriting.
Serialize the install process to guarantee that those operations don't
step on one another
Fixes # 27074
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27388)
Jan Luebbe [Fri, 4 Apr 2025 10:38:40 +0000 (12:38 +0200)]
80-test_cms.t: Add test case for verification of multiple signatures
openssl cms -verify requires all signatures to pass verification, so adding
a signature with -resign will cause overall verification to fail if the new
signature cannot be verified.
As I intend to optionally allow this case (see #26382), this new test
case ensures that the current behaviour stays the default.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27269)
Mironenko [Fri, 28 Mar 2025 10:41:26 +0000 (13:41 +0300)]
Fix OSSL_FUNC_keymgmt_load declaration in man7/provider-keymgmt
OSSL_FUNC_keymgmt_load prototype declared in man7 does not match
the actual OSSL_FUNC_keymgmt_load prototype declared in
include/openssl/core_dispatch.h. This commit fixes the prototype
in man7.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27189)
Neil Horman [Mon, 14 Apr 2025 15:03:02 +0000 (11:03 -0400)]
Fix winstore provider to work with recent decoder changes
Changes made recently in commit 31b5f3f made changes to how a default
decoder was created, in which ossl_decoder_instance_new() started
returning null. Other storemgmt providers were updated to start using
ossl_decoder_instance_new_forprov, but the winstore manager seems to
have got missed. Fix it up properly
Fixes #27355
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27384)
Fix silent error in EVP_CIPHER_CTX_get_updated_iv.
Added new params API function OSSL_PARAM_set_octet_string_or_ptr to only
call the correct setter for OSSL_CIPHER_PARAM_IV and OSSL_CIPHER_PARAM_UPDATED_IV.
Both OSSL_PARAM_set_octet_string and OSSL_PARAM_set_octet_ptr could be called with
only one expected to succeed. This would put a silent error on the error stack when
calling EVP_CIPHER_CTX_get_updated_iv.
Fixes #27117
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27120)
Updated with new information since des3 and dsa are not recommended
algorithms.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27343)
Jon Ericson [Thu, 10 Apr 2025 05:04:41 +0000 (22:04 -0700)]
Point to new docs location
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27331)
This commit removes the duplicate definition of cipher 0xC102 in
ssl/t1_trce.c, as reported in issue #27303.
The first definition (IANA-GOST2012-GOST8912-GOST8912) is kept as the
canonical one.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27329)
When entering the branch (pbe_nid <= 0), line 66 assigns new values to the variable of line 67 (pbe_nid = NID_id_pbkdf2).
However, it is not used anywhere in the future.
For this reason, lines 66 and 67 were removed.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27296)
David Benjamin [Mon, 7 Apr 2025 20:40:05 +0000 (16:40 -0400)]
Fix PKCS7_sign and CMS_sign default hash documentation
Fixes #27291. See issue for details.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)
Updated the change log to include SSLv3 being disabled by default.
This change was implemented into version 1.1.0 and onward. The last version that had SSLv3 enabled was version 1.0.2h, which is why the addition was made where it is.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27289)
added deprecated note to OPENSSL_instrument_bus docs
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27288)
Malcolm Hogan [Fri, 7 Mar 2025 23:30:43 +0000 (18:30 -0500)]
Remove DAYS argument
This commit removes DAYS from certificate requests to avoid the warning
'Ignoring -days without -x509; not generating a certificate'
This argument is not needed with the -new argument. Additionally makes sure
$1 is handled when -nodes is not given. Preventing an uninitialized value
error when the DAYS argument is removed.
Fixes #26595
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27277)
Fix potential NULL pointer dereference in final_maxfragmentlen()
In the final_maxfragmentlen() function, s->session is checked
for NULL after it was dereferenced earlier.
So move this NULL check to the top of the function.
CLA: trivial
Fixes: fa49560451 (Fix handling of max_fragment_length extension for PSK) Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27272)
This fixes a couple of big-endian issues in the
assembler code of chacha, SM3 and SM4.
Fixes #27197 Tested-by: @zeldin Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27252)
Graham Leggett [Wed, 2 Apr 2025 11:08:11 +0000 (12:08 +0100)]
ssl/ssl_lib.c: Avoid crash when SSL_CONNECTION is NULL
Detection for sc == NULL is performed after sc is used. Add the
check to the correct place.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27241)
crypto/ui/ui_lib.c: Add OPENSSL_free to avoid memory leaks
Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks.
Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27218)
Tim Perry [Thu, 6 Mar 2025 13:33:17 +0000 (14:33 +0100)]
Add SSL_CTX_set_ec_point_formats() and SSL_set_ec_point_formats()
The internal fields and implementation for configuration of this
parameter already existed, but was not exposed. This change adds simple
setters to allow configuration of this field.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26990)
fangming.fang [Fri, 26 Jan 2024 10:48:17 +0000 (10:48 +0000)]
Implement AES-CBC-HMAC-SHA512 on aarch64
This is to implement #19932, it adds enc-then-mac aes-cbc-hmac-sha512 on
aarch64, aes-cbc and hmac-sha512 are interleaved to achieve better
performance.It only supports non-padding mode that means the length of
input data should be multiple of 16 bytes.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22949)
fangming.fang [Wed, 17 Jan 2024 10:48:55 +0000 (10:48 +0000)]
Implement interleaving aes-cbc-hmac-sha on aarch64
This is to implement #19932, it adds enc-then-mac aes-cbc-hmac-sha1/256,
aes-cbc and hmac-sha1/256 are interleaved to achieve better performance.
It only supports non-padding mode that means the length of input data
should be multiple of 16 bytes.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22949)
Matt Caswell [Wed, 9 Apr 2025 12:08:09 +0000 (13:08 +0100)]
Test that SSL_poll does not report a stream as writable if it isn't
We consume all the credit and check the stream is no longer writeable
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27319)
Matt Caswell [Wed, 9 Apr 2025 12:06:24 +0000 (13:06 +0100)]
Prevent SSL_poll from reporting a stream as writeable if it isn't
The CWM might prevent a stream from being writeable. We should not report
a stream as writeable if there is no credit.
Fixes #27312
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27319)
cmp_client_test.c: relax tight timeout value in test_exec_IR_ses_poll_no_timeout()
Fixes #27165
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27249)
Neil Horman [Mon, 7 Apr 2025 13:09:09 +0000 (09:09 -0400)]
Add known issues to NEWS.md for 3.5.0
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27287)
The QUIC protocol is also supported on server side.
Update the README file accordingly.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27258)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27264)
Fix SSL_new() with QUIC_server_method and improve formatting (Fixes #27255)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27264)
Matt Caswell [Fri, 4 Apr 2025 09:12:46 +0000 (10:12 +0100)]
Fix a reference in the OpenSSL guide to QUIC for servers
One part of the OpenSSL guide suggests we only support clients for QUIC
which is no longer true.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27265)
Neil Horman [Thu, 3 Apr 2025 14:47:28 +0000 (10:47 -0400)]
Disable stringop-overflow warnings on s390
Recently ci on master has been failing:
https://github.com/openssl/openssl/actions/runs/14234051502/job/39919663876
Its occuring because the s390 gcc compiler is complaining about various
functions attempting to write past the end of an array.
However, I can find no case in which we actually do so in this case.
The problem resolves when we either:
1) Disable the stringop-overflow warning
or
2) disable all loop unrolling optimizations with fno-loop-nest-optimize
Given that asan doesn't report any out of bounds errors on s390 when
built with case (1), and case (2) can be a significant performance hit,
coupled with the fact that gcc on any other platform avoids the same
issue (s390 is stuck on gcc 12, instead of gcc 16 where the other
platforms are), I think the right thing to do is just disable the
warning here
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27253)
Update README-QUIC.md with server-side QUIC support information
- Add information about OpenSSL 3.5 server-side QUIC support
- Include specific command instructions for running the QUIC server example
- Explicitly note that s_server does NOT support QUIC
- Fix documentation formatting (trailing spaces and blank lines around code blocks)
Signed-off-by: Samson S. Kolge <eglok1980@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27230)
Richard Hughes [Thu, 21 Nov 2024 11:10:11 +0000 (11:10 +0000)]
Add a SBOM template in CycloneDX format
Improve supply chain security by including a SBOM file with substituted values.
This will be used to construct a composite platform SBOM.
Signed-off-by: Richard Hughes <rhughes@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26020)
Stanciu, Adrian [Tue, 11 Feb 2025 21:14:55 +0000 (13:14 -0800)]
Enable x86-64 SHA-512 family optimizations with SHA512 ISA extension
The SHA-256 (SZ=4) and SHA-512 (SZ=8) dispatcher paths have been
separated while keeping the SHA-256 path unmodified.
Due to early constraints in register availability, two 32-bit
`OPENSSL_ia32cap_P` reads have been coalesced into one. As a
consequence, several bit positions used in feature checks have gained a
32 bits offset.
Replaced `test` with `bt` to allow use of 64-bit immediate indices in
CPUID feature checks.
Split the SHA512 BMI2+AVX2+BMI1 dispatcher branch into:
- AVX2+SHA512: high priority, with SHA512 ISA extension
- AVX2+BMI2+BMI1: fallback
The added implementation has its own copy of `K512` without duplicated
elements every 16 bytes. Shuffle indices have been reused from `K512`.
Added binary translators for `vsha512msg1`, `vsha512msg2`,
`vsha512rnds2` for older assemblers.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26147)
Elizarova, Alina [Tue, 11 Feb 2025 14:10:00 +0000 (06:10 -0800)]
Enable x86-64 SM3 optimizations with SM3 ISA extension
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26196)
Enable x86-64 SM4 optimizations with SM4 ISA extension
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26664)
Bernd Edlinger [Fri, 21 Mar 2025 19:58:57 +0000 (20:58 +0100)]
Fix a visual glitch in test_cmp_http.t
Kill the shell process after the Mock server is running,
to prevent the shell from printing an error message when
the Mock server is finally killed.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27144)
Matt Caswell [Tue, 1 Apr 2025 09:32:00 +0000 (10:32 +0100)]
Detect segfault in the pkeyutl test
Some tests are expected to fail in the pkeyutl test. However, if a segfault
occurs then that counts as a failure and the test passes. A segfault should
never be a "pass".
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27228)
Matt Caswell [Tue, 1 Apr 2025 09:31:33 +0000 (10:31 +0100)]
Fix a segfault in the pkeyutl command line app
Don't attempt to deref a pkey that is NULL
Fixes #27156
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27228)
Neil Horman [Tue, 1 Apr 2025 17:16:04 +0000 (13:16 -0400)]
Temporarily disable gost-engine tests in ci
We need to temporarily disable this as we have a build break in CI:
https://github.com/openssl/openssl/actions/runs/14192630435
Its occuring because gost-engine depends on libprov, which requires a
minimum version cmake-3.0. The update of github runners to cmake-4.0
causes a bail out as cmake 4.0 no longers supports cmake 3.0 syntax.
Libprov is fixed now, but gost-engine needs to update its libprov
submodule, and then we need to update the gost-engine submodule. Until
thats done (which may take days), we should disable the gost-engine
external tests
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27234)
Matt Caswell [Mon, 31 Mar 2025 14:51:14 +0000 (15:51 +0100)]
Link SSL_get_negotiated_group() and SSL_get0_group_name() in the docs
If you are intereseted in one you might be interested in the other.
Fixes #27137
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27210)
dare3path [Fri, 28 Mar 2025 06:54:55 +0000 (07:54 +0100)]
move BIO_err_is_non_fatal() to bio_lib.c
done this without running mkerr.pl otherwise
this is what mkerr.pl would do:
* remove BIO_err_is_non_fatal from bio_err.c
* remove duplicate BIO_R_PORT_MISMATCH
* reorder/sort 3 things
* update copyright year from 2022 to 2025
see #27183
CLA: trivial
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27191)
Benjamin Kaduk [Fri, 14 Jun 2024 21:10:39 +0000 (14:10 -0700)]
statem: always save sigalgs during PHA
We use the same extension-parsing function on server and client
for convenience, but while the server might worry about tracking
what was previously received and not overwriting it, on the client
receiving a request for post-handshake authentication, we always
want to use the values from the current extension (and should
always have a new session object that we are free to mutate).
It is somewhat unclear whether the server also needs the check
for a resumed connection; it appears to have been added back in
2015 in commit 062178678f5374b09f00d70796f6e692e8775aca as part
of a broad pass to handle extensions on resumption, but without
specific documentation of each extension's handling.
Fixes: #10370 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24651)
Pauli [Mon, 31 Mar 2025 01:30:45 +0000 (12:30 +1100)]
ci: strict warnings the default
Make building with --strict-warnings the default for most builds.
Move this option to immediately after the ./config command so its presence
is clearer.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27204)
Pauli [Mon, 31 Mar 2025 02:01:22 +0000 (13:01 +1100)]
rand: avoid unused function warning for FreeBSD and NetBSD.
The existing checks were not sufficiently version specific.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27204)
Pauli [Mon, 31 Mar 2025 01:18:01 +0000 (12:18 +1100)]
ci: remove unnecessary -Wall and -Werror options
The oprion --strict-warnings automatically turns on -Wall and -Werror so there
is no requirement to specify the latter two separately.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27204)
Neil Horman [Sat, 29 Mar 2025 21:52:20 +0000 (17:52 -0400)]
Fix more quic_multistream test formatting
We encountered another failure in the quic_multistream_test:
https://github.com/openssl/openssl/actions/runs/14127125173/job/39578660601#step:9:1005
It appears we still occasionally get empty frames in our qlog, with the
validate-qlog.py scripts properly bails out on. In the above case, the
offending frame entry looked like this:
{
"name": "transport:packet_received",
"data": {
"header": {
"packet_type": "initial",
"packet_number": 4,
"dcid": "",
"scid": "6217813c336a012a"
},
"datagram_id": 6,
"frames": [
{
"frame_type": "new_token",
"token": {
"raw": {
"data": "44801add5794"
}
},
"length": 8
},
{
"frame_type": "stream",
"stream_id": 15897,
"offset": 625652585,
"payload_length": 11,
"explicit_length": true,
"fin": true,
"length": 8
},
{} <= NOTE EMPTY FRAME HERE
]
},
"time": 0
}
I think we're still missing some frame formatting cases in
script_21_inject_plain(), which can format potentially any of the frames
listed in the forbidden_frame_types array when running the
test_dyn_frame_types test.
I think we need to enumerate all of those frame types in the case
statement we have there. Fortunately we generally don't have to provide
sane values, and most of the cases fall into 4 categories (those that
need a 64 bit data value, and those that require 1, 2 or 3 variable
integers). There are two special cases, NEW_TOKEN, and NEW_CONNECTION,
but those just need a mix of fixed and variable width data.
So lets fully enumerate those and hopefully put this to bed.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/27200)
slontis [Sun, 30 Mar 2025 22:42:59 +0000 (09:42 +1100)]
Fix Strict c issue in aes_gcm for armv8
Reported by David Makepeace
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27203)
Vavroch [Sun, 30 Mar 2025 07:49:59 +0000 (09:49 +0200)]
Added 3.5 to coveralls.yml
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Misharov <dmitry@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27202)
Viktor Dukhovni [Wed, 26 Mar 2025 10:36:08 +0000 (21:36 +1100)]
Fix sigalg corner cases
- Tolerate RSA PKCS#1 *certificate* signatures when
the peer sigals include RSA PSS with the same digest.
Now that we're more strict about not sending sigalgs that are out of
protocol range, when the client supports TLS 1.3 only, we might refuse
to return an RSA PKCS#1-signed cert.
- Don't send TLS 1.3 sigalgs when requesting client certs from
a TLS 1.2 client.
Fixes: #1144 Fixes: #25277 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27166)
projects / thirdparty / openssl.git / log
