Matt Caswell [Fri, 30 Jun 2023 14:56:13 +0000 (15:56 +0100)]
Enable QUIC by default
Ensure builds enable QUIC without explicitly having to ask for it. To
disable QUIC pass "no-quic" to Configure.
As a result we can remove all use of "enable-quic" from the various CI
runs.
We also add a CHANGES and NEWS entry for QUIC support.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
riscv: Clarify dual-licensing wording for GCM and AES
The original text for the Apache + BSD dual licensing for riscv GCM and AES
perlasm was taken from other openSSL users like crypto/crypto/LPdir_unix.c .
Though Eric pointed out that the dual-licensing text could be read in a
way negating the second license [0] and suggested to clarify the text
even more.
So do this here for all of the GCM, AES and shared riscv.pm .
We already had the agreement of all involved developers for the actual
dual licensing in [0] and [1], so this is only a better clarification
for this.
Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21357)
Hugo Landau [Mon, 3 Jul 2023 15:24:54 +0000 (16:24 +0100)]
Rework options handling
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 3 Jul 2023 14:54:07 +0000 (15:54 +0100)]
Simplify QUIC API masking
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 3 Jul 2023 07:17:48 +0000 (08:17 +0100)]
Update SSL options handling
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Thu, 29 Jun 2023 12:48:57 +0000 (13:48 +0100)]
Minor updates
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Wed, 28 Jun 2023 20:03:47 +0000 (21:03 +0100)]
QUIC: Fix multistream test 19
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Wed, 28 Jun 2023 18:55:19 +0000 (19:55 +0100)]
make update
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Wed, 28 Jun 2023 18:51:09 +0000 (19:51 +0100)]
Remove unused server code
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 26 Jun 2023 12:47:03 +0000 (13:47 +0100)]
Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:36:42 +0000 (15:36 +0000)]
QUIC SSL: Block SSL_clear
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:36:07 +0000 (15:36 +0000)]
QUIC SSL: Block SSL_dup
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:35:05 +0000 (15:35 +0000)]
QUIC SSL: SSL_set_quiet_shutdown
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:32:52 +0000 (15:32 +0000)]
QUIC SSL: Version setting restrictions
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:32:18 +0000 (15:32 +0000)]
QUIC SSL: Forbid pipeline-related operations
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:29:16 +0000 (15:29 +0000)]
QUIC SSL: SSL_set_fd for BIO_s_datagram
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:28:40 +0000 (15:28 +0000)]
QUIC SSL: HelloRetryRequest
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:27:50 +0000 (15:27 +0000)]
QUIC SSL: Buffer Management
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:27:01 +0000 (15:27 +0000)]
QUIC SSL: Prohibit early data functionailty
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:25:25 +0000 (15:25 +0000)]
QUIC SSL: Prohibit readahead-related functions
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:24:17 +0000 (15:24 +0000)]
QUIC: Implement SSL_has_pending
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:22:41 +0000 (15:22 +0000)]
QUIC: Implement SSL_rstate_string(_long)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:21:57 +0000 (15:21 +0000)]
QUIC: Prohibit post-handshake auth
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:21:29 +0000 (15:21 +0000)]
QUIC: Control SSL option setting
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:20:20 +0000 (15:20 +0000)]
QUIC: Forbid NPN
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:20:05 +0000 (15:20 +0000)]
QUIC: Forbid non-QUIC ciphers
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:18:55 +0000 (15:18 +0000)]
QUIC TLS: Prohibit SRTP-related calls for QUIC TLS
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Hugo Landau [Mon, 16 Jan 2023 15:18:12 +0000 (15:18 +0000)]
QUIC SSL Behaviours: Allow detection of an SSL connection used for QUIC handshake
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
Tomas Mraz [Fri, 30 Jun 2023 19:53:30 +0000 (21:53 +0200)]
80-test_ssl_new.t: Test 14-curves.cnf depends on enabled DH now
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21336)
Tomas Mraz [Fri, 30 Jun 2023 19:48:29 +0000 (21:48 +0200)]
Reorganize runchecker jobs
Put jobs that are more likely to fail to on pull request CI.
To compensate move some less likely to fail jobs to on push and
daily CI jobs.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21336)
Tomas Mraz [Fri, 30 Jun 2023 16:12:00 +0000 (18:12 +0200)]
70-test_tls13hrr.t: Use P-521 instead of X25519 for invalid group test
Otherwise this testcase won't work with no-ecx.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21333)
Todd Short [Fri, 30 Jun 2023 21:28:16 +0000 (17:28 -0400)]
Update .gitignore with LSP files
This does not provide files for LSP support, but ignores them so they
aren't accidentally checked in by developers.
LSP (Language Server Protocol) is a tools that can be used with various
editors to make navigating source code easier. It is more advanced than
`cscope` and supports completion, for example.
A common LSP for C/C++ is `clangd`, and it creates a `.cache` directory
within the project to store data.
The tool `bear` can be used with `make` to assist `clangd` in
determining where the source code is (specifically headers). This is
critical as OpenSSL uses the `<>` form of `#include` rather than the
`""` form. The `<>` form will cause `clangd` to look in e.g.
`/usr/include` for header files, rather than `include/openssl`. The
`bear` tool will create `compile_commands.json` that `clangd` can use
to find include files.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21338)
ret in ossl_config_int() only used to check return value of
CONF_modules_load_file(), should set it to 1 if in UEFI system.
Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21300)
Duncan Thomson [Wed, 28 Jun 2023 21:02:26 +0000 (22:02 +0100)]
Fix OSSL_PROVIDER_try_load() retain_fallbacks doc
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21319)
Jakub Wilk [Wed, 28 Jun 2023 20:17:00 +0000 (22:17 +0200)]
openssl-rsautl.pod: Add missing comma
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21318)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
Sam James [Wed, 26 Apr 2023 00:04:09 +0000 (01:04 +0100)]
CI: add GCC 13
Signed-off-by: Sam James <sam@gentoo.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20961)
Matt Caswell [Tue, 27 Jun 2023 09:23:47 +0000 (10:23 +0100)]
Fix typos in s_client
There was some typos of OPENSS_NO_QUIC (should be OPENSSL_NO_QUIC) in
s_client
Fixes #21291
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21293)
Tomas Mraz [Wed, 28 Jun 2023 14:55:57 +0000 (16:55 +0200)]
Do not use stitched AES-GCM implementation on PPC32
The implementation is not usable there at all.
Fixes #21301
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21312)
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21232)
Jörg Sommer [Thu, 15 Jun 2023 16:16:49 +0000 (18:16 +0200)]
openssl speed -multi -evp prints wrong algorithm name
When running `openssl speed -evp md5` the result shows `md5` as algorithm
name. But when adding the option `-multi 2` it gives `evp` as algorithm
name.
Signed-off-by: Jörg Sommer <joerg@jo-so.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21216)
Matt Caswell [Wed, 14 Jun 2023 09:22:57 +0000 (10:22 +0100)]
Add a tutorial on writing a simple blocking QUIC client
This tutorial only covers a single stream client at this stage. A future
PR will cover adding multi-stream support.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Tue, 13 Jun 2023 12:12:08 +0000 (13:12 +0100)]
Before we do anything the ping deadline is infinite
Needed for tserver so that it the deadline isn't immediate before we've
accepted a connection.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Tue, 13 Jun 2023 12:11:18 +0000 (13:11 +0100)]
Ensure SSL_connect() actually blocks if we are in blocking mode
Fix supplied by Hugo Landau.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Tue, 13 Jun 2023 12:08:00 +0000 (13:08 +0100)]
The CC wake up deadline is now if we have TX allowance
If we have TX allowance then there is no need to wait if we have something
to send - the wake up deadline is immediate.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Thu, 8 Jun 2023 15:36:17 +0000 (16:36 +0100)]
Add a non-blocking QUIC client demo
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Matt Caswell [Thu, 8 Jun 2023 11:18:38 +0000 (12:18 +0100)]
Add a test quicserver utility
This QUIC server utility is intended for test purposes only and is expected
to be replaced in a future version of OpenSSL by s_server. At that point
it will be removed.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
Tomas Mraz [Mon, 26 Jun 2023 15:13:30 +0000 (17:13 +0200)]
s390xcap.c: Avoid copying structure on initialization
This is problematic on old compilers. It also avoids duplicating
the read-only data.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21284)
Fergus Dall [Mon, 12 Jun 2023 10:02:14 +0000 (20:02 +1000)]
Add support for SHA256/192
This is defined in NIST SP 800-208 as the truncation to 192 bits of
SHA256. Unlike other truncated hashes in the SHA2 suite, this variant
doesn't have a different initial state, it is just a pure truncation
of the output.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21180)
Tomas Mraz [Mon, 26 Jun 2023 09:11:57 +0000 (11:11 +0200)]
CONF_modules_load_file_ex(): Do not try to load an empty file name
Fixes #21258
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/21282)
Matt Caswell [Fri, 23 Jun 2023 15:01:41 +0000 (16:01 +0100)]
Add some test_ssl_new tests for the ffdhe groups
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
Matt Caswell [Fri, 23 Jun 2023 14:45:14 +0000 (15:45 +0100)]
Fix supported_groups handing in TLSv1.2
In TLSv1.2 we should not attempt to use a supported_group value that is
intended for use with TLSv1.3 - even if both the server and the client
support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but
not for TLSv1.2.
Fixes #21081
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
Matt Caswell [Fri, 23 Jun 2023 11:05:07 +0000 (12:05 +0100)]
Add a test for pkeyutl encrypt/decrypt using SM2
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
Matt Caswell [Fri, 23 Jun 2023 10:50:17 +0000 (11:50 +0100)]
Don't truncate the input when decrypting in pkeyutl
The pkeyutl app was truncating the input file for decryption leading to
incorrect results. This was probably ok historically when RSA was being
used for decryption which has short maximum sizes. This is not ok with SM2.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
fullwaywang [Wed, 21 Jun 2023 07:00:06 +0000 (15:00 +0800)]
Check for 0 modulus in BN_RECP_CTX_set.
The function BN_RECP_CTX_set did not check whether arg d is zero,
in which case an early failure should be returned to the invoker.
This is a similar fix to the cognate defect of CVE-2015-1794.
Fixes #21111
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21255)
Richard Levitte [Fri, 16 Jun 2023 11:56:36 +0000 (13:56 +0200)]
Add a test case for the password prompt on garbage PKCS#12 file
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)
Richard Levitte [Tue, 13 Jun 2023 18:06:04 +0000 (20:06 +0200)]
OSSL_STORE and PKCS#12: Check if there is a MAC to verify before prompting
When a DER object with unknown contents comes all the way to
ossl_store_handle_load_result(), and it attempts to decode them as different
objects, the PKCS#12 decoding attempt would (almost) always prompt for a
passphrase, even if there isn't a MAC to verify it against in the PKCS#12
object.
This change checks if there is a MAC to verify against before attempting to
prompt for a passphrase, leading to less surprising behavior.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)