Hugo Landau [Thu, 18 Jan 2024 10:39:12 +0000 (10:39 +0000)]
QLOG: Add CHANGES entry
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 18 Jan 2024 10:39:03 +0000 (10:39 +0000)]
QLOG: Remove vestigial abort code
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 17 Jan 2024 12:06:14 +0000 (12:06 +0000)]
QLOG: Fix bit_set
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 17 Jan 2024 10:01:46 +0000 (10:01 +0000)]
QLOG: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 10 Jan 2024 08:29:28 +0000 (08:29 +0000)]
QLOG: Minor fixes after port refactor
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Tue, 12 Sep 2023 11:21:44 +0000 (12:21 +0100)]
QLOG: JSON Encoder: Rename JSON_ENC
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 14:13:51 +0000 (15:13 +0100)]
QLOG: Add debugging guide
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 13:10:06 +0000 (14:10 +0100)]
QLOG: Events: Implement transport:packet_received
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:58:41 +0000 (13:58 +0100)]
QLOG: Events: Implement transport:packet_sent
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:56:32 +0000 (13:56 +0100)]
QLOG: Wiring: QUIC QTX
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:08:56 +0000 (11:08 +0100)]
QLOG: QUIC MULTISTREAM TEST: Pass script name to QLOG
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:42:53 +0000 (13:42 +0100)]
QLOG: Wire title-setting code to QUIC_CHANNEL and SSL_CTX
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:37:18 +0000 (13:37 +0100)]
QLOG: QUIC CHANNEL: Allow a log title to be specified
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:32:17 +0000 (13:32 +0100)]
QLOG: Events: Implement recovery:packet_lost
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:31:36 +0000 (13:31 +0100)]
QLOG: Wiring: QUIC TXPIM: Record the packet type
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 12:30:56 +0000 (13:30 +0100)]
QLOG: Wiring: QUIC FIFD
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:02:32 +0000 (11:02 +0100)]
QLOG: Wiring: QUIC QRX: Report the datagram ID from the DEMUX
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:01:35 +0000 (11:01 +0100)]
QLOG: Wiring: QUIC DEMUX: Report a monotonically increasing datagram ID
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 11:53:02 +0000 (12:53 +0100)]
QLOG: Events: Implement transport:parameters_set
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 11:17:27 +0000 (12:17 +0100)]
QLOG: Wiring: QUIC CHANNEL
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 23 Aug 2023 17:14:40 +0000 (18:14 +0100)]
QLOG: Frontend: Implementation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 23 Aug 2023 17:14:40 +0000 (18:14 +0100)]
QLOG: Frontend: API Definition
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 6 Sep 2023 11:04:54 +0000 (12:04 +0100)]
QLOG: Frontend: Design
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Wed, 6 Sep 2023 11:00:19 +0000 (12:00 +0100)]
QLOG: JSON Encoder: Tests
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:14:09 +0000 (11:14 +0100)]
QLOG: JSON Encoder: Implementation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:40:03 +0000 (11:40 +0100)]
QLOG: Configuration
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:13:39 +0000 (11:13 +0100)]
QLOG: JSON Encoder: Design
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 1 Feb 2024 07:45:15 +0000 (07:45 +0000)]
libssl: Make some global mutable structures constant
x
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23450)
Add atexit configuration option to using atexit() in libcrypto at build-time.
This fixes an issue with a mix of atexit() usage in DLL and statically linked
libcrypto that came out in the test suite on NonStop, which has slightly
different DLL unload processing semantics compared to Linux. The change
allows a build configuration to select whether to register OPENSSL_cleanup()
with atexit() or not, so avoid situations where atexit() registration causes
SIGSEGV.
INSTALL.md and CHANGES.md have been modified to include and describe this
option.
The no-atexit option has been added to .github/workflows/run-checker-daily.yml.
Fixes: #23135 Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23394)
Matt Caswell [Tue, 30 Jan 2024 16:51:52 +0000 (16:51 +0000)]
Remove a CVE reference from CHANGES/NEWS
master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before
it was released.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23432)
Neil Horman [Fri, 12 Jan 2024 15:55:04 +0000 (10:55 -0500)]
Add exemplar use case for rcu locks
To demonstrate the use of RCU locks, convert CONF_MOD api to using rcu
rather than RW locks
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22729)
Neil Horman [Fri, 12 Jan 2024 15:39:56 +0000 (10:39 -0500)]
RCU lock implementation
Introduce an RCU lock implementation as an alternative locking mechanism
to openssl. The api is documented in the ossl_rcu.pod
file
Read side implementaiton is comparable to that of RWLOCKS:
ossl_rcu_read_lock(lock);
<
critical section in which data can be accessed via
ossl_derefrence
>
ossl_rcu_read_unlock(lock);
Write side implementation is:
ossl_rcu_write_lock(lock);
<
critical section in which data can be updated via
ossl_assign_pointer
and stale data can optionally be scheduled for removal
via ossl_rcu_call
>
ossl_rcu_write_unlock(lock);
...
ossl_synchronize_rcu(lock);
ossl_rcu_call fixup
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22729)
Ingo Franzki [Wed, 31 Jan 2024 07:46:52 +0000 (08:46 +0100)]
Fix typo in CHANGES.md
OSSL_PKEY_PARAM_DERIVE_FROM_PQ must be OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ
(note the missing '_RSA').
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23438)
The commit was wrong. With 3.x versions the engines must be themselves
responsible for creating their EVP_PKEYs in a way that they are treated
as legacy - either by using the respective set1 calls or by setting
non-default EVP_PKEY_METHOD.
The workaround has caused more problems than it solved.
Fixes #22945
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)
Neil Horman [Wed, 24 Jan 2024 18:23:28 +0000 (13:23 -0500)]
Check all frames for stateless reset conditions
In writing the quic stateless reset test we found that the quic rx code
wasn't checking for stateless reest conditions, as the SRT frames were
getting discarded due to failed lcdim lookups. Move the SRT check above
the lcdim lookup in the rx path to ensure we handle SRT properly in the
client.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23384)
Neil Horman [Tue, 23 Jan 2024 14:49:27 +0000 (09:49 -0500)]
Add QUIC stateless reset test
QUIC supports the concept of stateless reset, in which a specially
crafted frame is sent to a client informing it that the QUIC state
information is no longer available, and the connection should be closed
immediately. Test for proper client support here
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23384)
Richard Levitte [Mon, 29 Jan 2024 07:51:52 +0000 (08:51 +0100)]
Fix error reporting in EVP_PKEY_{sign,verify,verify_recover}
For some reason, those functions (and the _init functions too) would
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE when the passed
ctx is NULL, and then not check if the provider supplied the function
that would support these libcrypto functions.
This corrects the situation, and has all those libcrypto functions
raise ERR_R_PASS_NULL_PARAMETER if ctx is NULL, and then check for the
corresponding provider supplied, and only when that one is missing,
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE.
Because 0 doesn't mean error for EVP_PKEY_verify(), -1 is returned when
ERR_R_PASSED_NULL_PARAMETER is raised. This is done consistently for all
affected functions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23411)
Bernd Edlinger [Sun, 28 Jan 2024 22:50:16 +0000 (23:50 +0100)]
Fix a possible memleak in bind_afalg
bind_afalg calls afalg_aes_cbc which allocates
cipher_handle->_hidden global object(s)
but if one of them fails due to out of memory,
the function bind_afalg relies on the engine destroy
method to be called. But that does not happen
because the dynamic engine object is not destroyed
in the usual way in dynamic_load in this case:
If the bind_engine function fails, there will be no
further calls into the shared object.
See ./crypto/engine/eng_dyn.c near the comment:
/* Copy the original ENGINE structure back */
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23409)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23415)
Matt Caswell [Tue, 16 Jan 2024 13:53:30 +0000 (13:53 +0000)]
Extend the testing of resetting/clearing an SSL connection
SSL_clear() explicitly clears an SSL object to enable it to be reused.
You can have a similar effect by calling SSL_set_accept_state() or
SSL_set_connect_state(). We extend the testing of SSL_clear() to use these
other methods. We also ensure we test the case where we have unread
bufferred data that needs to be cleared.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Matt Caswell [Thu, 18 Jan 2024 12:08:52 +0000 (12:08 +0000)]
Rationalise RECORD_LAYER_clear() and clear_record_layer()
We had two functions which were very similarly named, that did almost the
same thing, but not quite. We bring the two together. Doing this also fixes
a possible bug where some data may not be correctly freed when the
RECORD_LAYER_clear() version was used.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Neil Horman [Fri, 26 Jan 2024 16:33:18 +0000 (11:33 -0500)]
fix missing null check in kdf_test_ctrl
Coverity issue 1453632 noted a missing null check in kdf_test_ctrl
recently. If a malformed value is passed in from the test file that
does not contain a ':' character, the p variable will be NULL, leading
to a NULL derefence prepare_from_text
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23398)
rilysh [Sun, 21 Jan 2024 06:48:09 +0000 (12:18 +0530)]
replace strstr() with strchr() for single characters
strstr() is used to match multiple characters in the haystack,
whereas strchr() is used to matched only single character.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23347)
Richard Levitte [Tue, 23 Jan 2024 12:17:31 +0000 (13:17 +0100)]
Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits
The failure would be caught later on, so this went unnoticed, until someone
tried with just one hex digit, which was simply ignored.
Fixes #23373
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23374)
Matt Caswell [Fri, 19 Jan 2024 14:32:18 +0000 (14:32 +0000)]
Add some tests for various PKCS12 files with NULL ContentInfo
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.
We add test for various instances of this problem.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
Matt Caswell [Fri, 19 Jan 2024 11:28:58 +0000 (11:28 +0000)]
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
Neil Horman [Sat, 9 Dec 2023 18:40:01 +0000 (13:40 -0500)]
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.
Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
Bernd Edlinger [Mon, 22 Jan 2024 15:02:59 +0000 (16:02 +0100)]
Fix a possible memory leak in req_main
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)
Tomas Mraz [Fri, 19 Jan 2024 09:59:03 +0000 (10:59 +0100)]
tlsfuzzer.sh: Use python3
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Tomas Mraz [Thu, 18 Jan 2024 15:32:33 +0000 (16:32 +0100)]
tlsfuzzer.sh: Make it more informative on errors
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Tomas Mraz [Fri, 5 Jan 2024 10:22:28 +0000 (11:22 +0100)]
tlsfuzzer.sh: Run openssl version on the built app and not system one
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Tomas Mraz [Wed, 3 Jan 2024 11:36:10 +0000 (12:36 +0100)]
gost_engine.sh: Set OPENSSL_ENGINES_DIR
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Jakub Wilk [Fri, 19 Jan 2024 19:47:04 +0000 (20:47 +0100)]
Fix typos
CLA: trivial
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23345)
Hugo Landau [Fri, 19 Jan 2024 15:06:39 +0000 (15:06 +0000)]
Add CHANGES entry
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 15:00:07 +0000 (15:00 +0000)]
Fix docs
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 14:56:37 +0000 (14:56 +0000)]
QUIC MULTISTREAM TEST: Test optimised FIN API
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 14:52:44 +0000 (14:52 +0000)]
QUIC APL: Implement optimised FIN API
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 12:52:26 +0000 (12:52 +0000)]
QUIC: Add optimised FIN API
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Lars Schmertmann [Fri, 19 Jan 2024 15:24:52 +0000 (16:24 +0100)]
Remove mios-simulator-version-min from default iOS configuration
* iOS 6 and 7 got its last updates 2014.
* Adding -mios-simulator-version-min=14.0 to the configure command leads to two occurences of this parameter during compilation.
* So lets remove this values to allow a robust configuration from outside and avoid updates here in the future.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23344)
02-test_errstr.t: make robust on `openssl errstr` crashes
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23330)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23307)
shashankmca80 [Sat, 13 Jan 2024 12:46:25 +0000 (18:16 +0530)]
Uninitialized array variable
array"key" is uninitialized and it is being read directly in function SipHash_Init() as per the below statements making a way for the garbage values :
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23298)
Matt Caswell [Tue, 2 Jan 2024 16:48:43 +0000 (16:48 +0000)]
Don't apply max_frag_len checking if no Max Fragment Length extension
Don't check the Max Fragment Length if the it hasn't been negotiated. We
were checking it anyway, and using the default value
(SSL3_RT_MAX_PLAIN_LENGTH). This works in most cases but KTLS can cause the
record length to actually exceed this in some cases.
Fixes #23169
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
X509_dup.pod: add caveat that extra data is not copied and hints, e.g., to use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
Matt Caswell [Mon, 15 Jan 2024 08:55:48 +0000 (08:55 +0000)]
Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23304)
Kevin Jerebica [Tue, 16 Jan 2024 15:30:26 +0000 (16:30 +0100)]
Add a deprecation warning for a function in docs
The function in question is SSL_get_peer_certificate()
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23315)
Tomas Mraz [Wed, 17 Jan 2024 16:25:35 +0000 (17:25 +0100)]
Fix reason value collision for CMP_R_UNEXPECTED_SENDER
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23323)
Neil Horman [Sun, 3 Dec 2023 03:22:32 +0000 (22:22 -0500)]
Introduce hash thunking functions to do proper casting
ubsan on clang17 has started warning about the following undefined
behavior:
crypto/lhash/lhash.c:299:12: runtime error: call to function err_string_data_hash through pointer to incorrect function type 'unsigned long (*)(const void *)'
[...]/crypto/err/err.c:184: note: err_string_data_hash defined here
#0 0x7fa569e3a434 in getrn [...]/crypto/lhash/lhash.c:299:12
#1 0x7fa569e39a46 in OPENSSL_LH_insert [...]/crypto/lhash/lhash.c:119:10
#2 0x7fa569d866ee in err_load_strings [...]/crypto/err/err.c:280:15
[...]
The issue occurs because, the generic hash functions (OPENSSL_LH_*) will
occasionaly call back to the type specific registered functions for hash
generation/comparison/free/etc, using functions of the (example)
prototype:
While the functions implementing hash|cmp|free|etc are defined as
[return value] <fnname> (TYPE *, [TYPE *], ...)
The compiler, not knowing the type signature of the function pointed to
by the implementation, performs no type conversion on the function
arguments
While the C language specification allows for pointers to data of one
type to be converted to pointers of another type, it does not
allow for pointers to functions with one signature to be called
while pointing to functions of another signature. Compilers often allow
this behavior, but strictly speaking it results in undefined behavior
As such, ubsan warns us about this issue
This is an potential fix for the issue, implemented using, in effect,
thunking macros. For each hash type, an additional set of wrapper
funtions is created (currently for compare and hash, but more will be
added for free/doall/etc). The corresponding thunking macros for each
type cases the actuall corresponding callback to a function pointer of
the proper type, and then calls that with the parameters appropriately
cast, avoiding the ubsan warning
This approach is adventageous as it maintains a level of type safety,
but comes at the cost of having to implement several additional
functions per hash table type.
Related to #22896
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23192)
cmp_vfy.c/check_msg_all_certs(): remove needless trace output in case 3GPP mode is not enabled
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
80-test_cmp_http_data/: add tests for -no_cache_extracerts, fix and extend further test cases
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
CMP app: make -ignore_keyusage apply also for mock server
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
Lin Runze [Sun, 14 Jan 2024 12:21:49 +0000 (20:21 +0800)]
Fix performance regression of ChaCha20 on LoongArch64
The regression was introduced in PR #22817.
In that pull request, the input length check was moved forward,
but the related ori instruction was missing, and it will cause
input of any length down to the much slower scalar implementation.
Fixes #23300
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23301)
Samuel Thibault [Sat, 13 Jan 2024 00:03:56 +0000 (01:03 +0100)]
hurd: Fix dgram_sendmmsg
GNU/Hurd does not have IP_PKTINFO yet, thus SUPPORT_LOCAL_ADDR is undef,
data->local_addr_enabled never set to 1, and thus the M_METHOD_RECVMSG
method would end up raising BIO_R_LOCAL_ADDR_NOT_AVAILABLE immediately.
Fixes #22872
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23293)
Viktor Dukhovni [Sat, 13 Jan 2024 00:22:17 +0000 (19:22 -0500)]
Add missing genpkey -rand support
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23294)
Matt Caswell [Thu, 11 Jan 2024 15:52:35 +0000 (15:52 +0000)]
Move discovery of the legacy alg type into the keymgmt
During creation of the EVP_PKEY_CTX we were trying to discover what legacy
alg it corresponds to every time which was slow. Instead we move this into
the construction of the EVP_KEYMGMT.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23265)
David Benjamin [Mon, 11 Dec 2023 06:47:25 +0000 (01:47 -0500)]
Add X509_STORE_get1_objects
X509_STORE_get0_objects returns a pointer to the X509_STORE's storage,
but this function is a bit deceptive. It is practically unusable in a
multi-threaded program. See, for example, RUSTSEC-2023-0072, a security
vulnerability caused by this OpenSSL API.
One might think that, if no other threads are mutating the X509_STORE,
it is safe to read the resulting list. However, the documention does not
mention that other logically-const operations on the X509_STORE, notably
certifcate verifications when a hash_dir is installed, will, under a
lock, write to the X509_STORE. The X509_STORE also internally re-sorts
the list on the first query.
If the caller knows to call X509_STORE_lock and X509_STORE_unlock, it
can work around this. But this is not obvious, and the documentation
does not discuss how X509_STORE_lock is very rarely safe to use. E.g.
one cannot call any APIs like X509_STORE_add_cert or
X509_STORE_CTX_get1_issuer while holding the lock because those
functions internally expect to take the lock. (X509_STORE_lock is
another such API which is not safe to export as public API.)
Rather than leave all this to the caller to figure out, the API should
have returned a shallow copy of the list, refcounting the values. Then
it could be internally locked and the caller can freely inspect the
result without synchronization with the X509_STORE.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23224)
Gopal Sharma [Fri, 12 Jan 2024 10:48:41 +0000 (16:18 +0530)]
Removed logically dead code from function i2r_issuer_sign_tool
Since new_line is assigned with 0 in the very begging of the function check added at line no. 106 will never become true. Hence removing.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23284)