Ingo Franzki [Mon, 10 Feb 2025 14:45:26 +0000 (15:45 +0100)]
test/quicapitest.c: Increase timeout of test_fin_only_blocking to 40ms
Running this test on heavily loaded systems may cause the SSL_read_ex() to
take more than 20ms, due to concurrent workload.
Increase the timeout to 40ms to allow a little bit more time.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26693)
Matt Caswell [Fri, 7 Feb 2025 11:53:59 +0000 (11:53 +0000)]
Add a test for configuring provider certs via config
A bug existed where provider added cert algorithms caused a crash when
they were configured via a config file. We add a test for this scenario.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Matt Caswell [Fri, 7 Feb 2025 12:11:41 +0000 (12:11 +0000)]
Fix configuring provider certificate algs via config file
A crash could occur when attempting to configure a certificate via a
config file, where the algorithm for the certificate key was added
dynamically via a provider.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Viktor Dukhovni [Thu, 19 Dec 2024 17:26:20 +0000 (04:26 +1100)]
Use ERR marks also when verifying server X.509 certs
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(cherry picked from commit 739c4b2e92116952e4baf3e14d219b82f871ec6a)
Viktor Dukhovni [Thu, 19 Dec 2024 17:25:15 +0000 (04:25 +1100)]
With SSL_VERIFY_PEER client RPK should abort on X509 error
While RPK performs X.509 checks correctly, at the SSL layer the
SSL_VERIFY_PEER flag was not honoured and connections were allowed to
complete even when the server was not verified. The client can of
course determine this by calling SSL_get_verify_result(), but some
may not know to do this.
Added tests to make sure this does not regress.
Fixes CVE-2024-12797
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(cherry picked from commit 6ae8e947d8e3f3f03eeb7d9ad993e341791900bc)
Dmitry Misharov [Thu, 23 Jan 2025 15:40:31 +0000 (16:40 +0100)]
backport make-release.yml workflow to openssl-3.x branches
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26541)
Mae [Wed, 22 Jan 2025 16:54:43 +0000 (16:54 +0000)]
Fix passing struct by value rather than by reference to syscall
Fixes #26521
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26523)
Stas Cymbalov [Tue, 21 Jan 2025 13:42:19 +0000 (16:42 +0300)]
Fix data race in asn1_str2tag() on tntmp which was accidentally made static
Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
parameter. This can happen if other thread modifies tntmp to point to
a different tnst element right after a successful name check in the
if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
This can happen when multiple threads all first execute tntmp = tnst;
line and then start executing the loop. If that case those threads
can end up incrementing tntmp past the end of tnst array.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)
Signed-off-by: Alexander Heinlein <alexander.heinlein@web.de> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26497)
Bernd Edlinger [Tue, 21 Jan 2025 15:12:18 +0000 (16:12 +0100)]
Give DTLS tests more time to complete
Increase the timeout for DTLS tests to 10 seconds.
But do that only for DTLS as this would waste time
for other tests, most of the TLS tests do not need
this at all.
Fixes #26491
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26502)
When this pattern occurs, the atomic or operation fails to see the published
value of CPU1 and when the or-ed value is written back to ram, the incremented
value in get_hold_current_qp is overwritten, meaning the hold that the reader
placed on the rcu lock is lost, allowing the writer to complete early, freeing
memory before a reader is done reading any held memory.
Why this is only observed on ppc64le I'm not sure, but it seems like a pretty
clear problem.
fix it by implementing ATOMIC_COMPARE_EXCHANGE_N, so that, on the write side in
update_qp, we can ensure that updates are only done if the read side hasn't
changed anything. If it has, retry the operation.
With this fix, I'm able to run the threads test overnight (4000 iterations and
counting) without failure.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26478)
Nadav Tasher [Fri, 20 Dec 2024 15:59:01 +0000 (17:59 +0200)]
s_socket: naccept: close listening socket after accepting clients
When `-naccept` is passed (i.e with `s_server`), the listening socket remains open while handling
client, even after `naccept` is supposed to reach `0`.
This is caused to to the decrementation of `naccept` and closing of the socket
happening a little too late in the `do_server` function.
Signed-off-by: Nadav Tasher <tashernadav@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26228)
Restoring [sp, #64] into d15,d16 instead of d14,d15.
Fixes: #26466
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26469)
Tomas Mraz [Wed, 15 Jan 2025 17:29:52 +0000 (18:29 +0100)]
Add CHANGES.md and NEWS.md updates for CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
Tomas Mraz [Wed, 15 Jan 2025 17:27:02 +0000 (18:27 +0100)]
Fix timing side-channel in ECDSA signature computation
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
Attacks on ECDSA nonce are also known as Minerva attack.
Fixes CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
otherddn1978 [Thu, 26 Dec 2024 10:26:34 +0000 (13:26 +0300)]
If you call X509_add_cert with cert == NULL and the X509_ADD_FLAG_UP_REF
flag, it will сrash to X509_up_ref. Passing NULL here is not valid,
return 0 if cert == NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26267)
Richard Levitte [Wed, 15 Jan 2025 09:14:41 +0000 (10:14 +0100)]
Fix documentation of OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION
This drops OSSL_PKEY_PARAM_IMPLICIT_REJECTION - which is a meaningless
name - everywhere apart from still existing (for API stability, in
case someone uses that macro).
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26421)
Nikolay Nikolaev [Tue, 24 Dec 2024 11:26:09 +0000 (13:26 +0200)]
Workaround for RSA on AArch64 Big Endian
10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.
Fixes: #22687
CLA: trivial
Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)
Peter Bierma [Sun, 12 Jan 2025 16:12:18 +0000 (11:12 -0500)]
Remove non-existing error code.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26389)
Peter Bierma [Sat, 11 Jan 2025 17:02:45 +0000 (12:02 -0500)]
Synchronize openssl.txt with comperr.h
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26389)
Bernd Edlinger [Fri, 10 Jan 2025 07:45:20 +0000 (08:45 +0100)]
Fix dtls tests
The dtls server process exits too early when the input
has an EOF condition.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26374)
Bernd Edlinger [Fri, 10 Jan 2025 18:58:46 +0000 (19:58 +0100)]
Fix test failure in 30-test_evp_pkey_provided.t
In this test there is a random test output corruption.
`make test TESTS=test_evp_pkey_provided V=1` has some random output,
that can with a certain probability start a line with "ok" or so:
# Setting up a OSSL_ENCODER context with passphrase
# Testing with no encryption
jLixONcRPi/m64CGie4KKKDuGeTjtYwfima3BNYCGlgbLGeK3yYxBfZb9JjviOJ4
# nHaNsRsONTAKyg==
This happens because large random data is output to bio_out
but some data remains buffered, and then test_note() is used to print
some comments on the bio_err file. This causes output corruption that
confuses the TAP parser.
Fix that by flushing any pending output with test_flush_stdout() first.
Fixes #23992
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26383)
Neil Horman [Fri, 10 Jan 2025 19:37:28 +0000 (14:37 -0500)]
Fix premature reuse of qp's in rcu locks
An intermittent failure was noted on our new ppc64le CI runner, in which
what appeared to be a corrupted or invalid value getting returned from a
shared pointer under rcu protection
Investigation showed that the problem was with our small number of qp's
in a lock, and slightly incorrect accounting of the number of qp's
available we were prematurely recycling qp's, which led in turn to
premature completion of synchronization states, resulting in readers
reading memory that may have already been freed.
Fix it by:
a) Ensuring that we account for the fact that the first qp in an rcu
lock is allocated at the time the lock is created
and
b) Ensuring that we have a minimum number of 3 qp's:
1 that is free for write side allocation
1 that is in use by the write side currently
1 "next" qp that the read side can update while the prior qp is being
retired
With this change, the rcu threadstest runs indefinately in my testing
Fixes #26356
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26384)
Bernd Edlinger [Thu, 9 Jan 2025 14:14:15 +0000 (15:14 +0100)]
Fix intermittent test failure in 80-test_cmp_http.t
output to stderr is unbuffered bypassing the normal output, which does
not happen at line boundaries and is therefore confusing the TAP parser.
This is known to cause random test failures like this one:
80-test_cmp_http.t (Wstat: 0 Tests: 5 Failed: 0)
Parse errors: Tests out of sequence. Found (6) but expected (5)
Bad plan. You planned 6 tests but ran 5.
Fixes #23992
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26363)
Ingo Franzki [Wed, 8 Jan 2025 15:00:33 +0000 (16:00 +0100)]
speed: Pass IV to EVP_CipherInit_ex for -evp runs with non-AEAD ciphers
Some (non-AEAD) ciphers require an IV to be used. Always pass a (dummy) IV
when setting the key. It is ignored by ciphers that do not use an IV.
Commit 607a46d003f472d4bce646f3df6e85725094d68a corrected the use of AEAD
ciphers, but removed the IV from being passed to EVP_CipherInit_ex() for
non-AEAD ciphers.
Fixes: https://github.com/openssl/openssl/commit/607a46d003f472d4bce646f3df6e85725094d68a Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26346)
Kai Pastor [Sat, 4 Jan 2025 10:48:26 +0000 (11:48 +0100)]
Fix buildinf.h generation for space and backslash
Builds may be configured with CC or CFLAGS containing space and
double quotes. In particular on Windows, this may lead to passing
more than two arguments into mkbuildinf.pl.
In addition, backslashes must be escaped for constructing the C string.
Fixes #26253.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26315)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26330)
Dmitry Misharov [Thu, 2 Jan 2025 14:32:41 +0000 (15:32 +0100)]
Replace self-hosted runners with GitHub hosted
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26304)
Return NULL from ossl_lib_ctx_get_concrete() when it is uninitialized
When default_context_inited is set to false we return NULL instead of
the global default context.
Fixes #25442
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26319)
Niels Dossche [Mon, 28 Oct 2024 16:04:03 +0000 (17:04 +0100)]
Fix potential memory leak in PKCS12_add_key_ex()
p8 is allocated using EVP_PKEY2PKCS8(), but when PKCS8_add_keyusage()
fails this memory is not freed. Fix this by adding a call to
PKCS8_PRIV_KEY_INFO_free().
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25818)
Bernd Edlinger [Thu, 26 Dec 2024 10:56:17 +0000 (11:56 +0100)]
Fix a minor memory sanitizer issue
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26269)
Tomas Mraz [Mon, 6 Jan 2025 12:03:59 +0000 (13:03 +0100)]
80-test_cms.t: Fix incorrect plan from bad merge
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26322)
Jakub Zelenka [Fri, 13 Dec 2024 12:48:23 +0000 (13:48 +0100)]
Fix CMS encryption with key agreement when originator set
OpenSSL currently does not support encryption with originator flag so it
should fail nicely instead of segfaulting.
Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26014)
Jakub Zelenka [Fri, 13 Dec 2024 12:47:25 +0000 (13:47 +0100)]
Fix originator cert leak in cms app
Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26014)
Correct return value documentation for X509V3_set_ctx()
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26295)
GCC 13.1.0 were reporting a compilation warning with -O2/3 and
-Waggressive-loop-optimizations. GCC is raising an undefined behavior in the
while loop. Replace the while loop with a memset call at the top of the
function.
Fixes #21088
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23898)
Reject invalid FFDHE and ECDHE key shares with SSL_AD_ILLEGAL_PARAMETER alert
This changes the alert according to RFC 8446.
Fixes: #25402 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25547)
Niels Dossche [Mon, 28 Oct 2024 15:34:55 +0000 (16:34 +0100)]
Fix potential memory leak in BIO_get_accept_socket()
When BIO_parse_hostserv() fails it may still have allocated memory, yet
this memory is not freed. Fix it by jumping to the err label.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25817)
Зишан Мирза [Tue, 24 Dec 2024 06:05:21 +0000 (11:05 +0500)]
ec_kem.c: Fix ikmlen check
This makes `ikmlen` have a length of at least `Nsk`.
Closes #26213
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26254)
Andrey Tsygunka [Tue, 26 Nov 2024 07:53:31 +0000 (10:53 +0300)]
ossl_i2c_ASN1_BIT_STRING(): Fix a possible heap buffer overflow
When data contains only zero values a buffer overflow happens.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26190)
Edk2\CryptoPkg\Library\OpensslLib\openssl\include\internal/safe_math.h(19):
warning C4668: '__GNUC__' is not defined as a preprocessor macro, replacing
with '0' for '#if/#elif'
CLA: trivial
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Kalavakolanu Hema Anmisha <hema.anmisha.kalavakolanu@intel.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26204)
otherddn1978 [Fri, 13 Dec 2024 15:00:09 +0000 (18:00 +0300)]
Check whether ctx->pctx != NULL
If it is NULL, ctx->pctx->pmeth dereference will cause a crash.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26176)
Richard Levitte [Mon, 11 Nov 2024 10:45:44 +0000 (11:45 +0100)]
Upgrade action/{upload,download}-artifact to v4
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25922)
Tomas Mraz [Tue, 10 Dec 2024 10:04:31 +0000 (11:04 +0100)]
Fix breakage on arm64_32 platforms
We just avoid the special handling needed for Apple M1.
Fixes #26135
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26145)
Michael Baentsch [Tue, 10 Dec 2024 13:35:22 +0000 (14:35 +0100)]
Add HISTORY to BIO_s_mem documentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26146)
Neil Horman [Wed, 16 Oct 2024 18:34:08 +0000 (14:34 -0400)]
Fix potential use-after-free in REF_PRINT_COUNT
We use REF_PRINT_COUNT to dump out the value of various reference
counters in our code
However, we commonly use this macro after an increment or decrement. On
increment its fine, but on decrement its not, because the macro
dereferences the object holding the counter value, which may be freed by
another thread, as we've given up our ref count to it prior to using the
macro.
The rule is that we can't reference memory for an object once we've
released our reference, so lets fix this by altering REF_PRINT_COUNT to
accept the value returned by CRYPTO_[UP|DOWN]_REF instead. The
eliminates the need to dereference the memory the object points to an
allows us to use the call after we release our reference count
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25664)
Tomas Mraz [Thu, 17 Oct 2024 09:25:17 +0000 (11:25 +0200)]
Fix memory ordering guarantees and TSAN errors
If we had refcounted object allowing lockless writes
the relaxed semantics on DOWN_REF would allow scheduling
these writes after simultaneous release of the object by
another thread.
We do not have any such objects yet, but better to make
the refcount correct just in case we will have them
in future.
TSAN doesn't properly understand this so we use
even stronger acq_rel semantics if building with TSAN.
Fixes #25660
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25664)
Tomas Mraz [Thu, 10 Oct 2024 20:10:54 +0000 (22:10 +0200)]
Add test for releasing a shared EVP_PKEY across threads
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25664)
Tom Cosgrove [Thu, 5 Dec 2024 17:27:52 +0000 (17:27 +0000)]
Remove references to git.openssl.org from README.md
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26122)
Minor nit fix to EVP_CipherFinal_ex() return code documentation.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25849)
slontis [Wed, 20 Nov 2024 01:39:35 +0000 (12:39 +1100)]
Fix EVP_PKEY_print_private() so that it works with non default providers.
At some point in time it was decided that the EC keymanagers ec_export()
function would only allow the selection to be both the public + private
parts. If just the private element is selected it returns an error.
Many openssl commandline apps use EVP_PKEY_print_private() which passes
EVP_PKEY_PRIVATE_KEY to the encoder. This selection propagates to
encoder_construct_pkey(). For external providers (such as the fips
provider this will call the keymanagers export() with the selection set
to just the private part.
So we either need to
1) change the selection in EVP_PKEY_print_private() or
2) modify the selection used in the export used in
encoder_construct_pkey
3) Change the ec_export to allow this.
I have chosen 2) but I am not sure if this is the correct thing to do
or whether it should conditionally do this when the output_type ==
'text'.
Issue was reported by Ilia Okomin (Oracle).
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26004)
die() in .tmpl file should not be silently ignored.
call to die() in perl templates is currently ignored.
any error printed by die() commad appears in template
output.
In order to make sure die() terminates processing we
must ensure we emite `undef` value. This is ensured
by adding a `BROKEN` callback to `fill_in()` Template
method. The callback must return undef to stop processing.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26064)
David Benjamin [Mon, 25 Nov 2024 16:01:17 +0000 (11:01 -0500)]
Document expected BIO operations for libssl
If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but
this is not document anywhere.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26060)
Tomas Mraz [Mon, 25 Nov 2024 09:58:56 +0000 (10:58 +0100)]
Skip Asymmetric RSA corruption test for >=3.5 FIPS provider
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26049)
openssl-pkeyutl.pod.in: improve description of -rawin and -digest options
Fixes #25827
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25913)
openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25913)
Niels Dossche [Wed, 20 Nov 2024 18:57:38 +0000 (19:57 +0100)]
Fix potential memory leak on failure of ecx_gen_init()
When ecx_gen_set_params() returns 0, it could have duplicated the memory
for the parameter OSSL_KDF_PARAM_PROPERTIES already in gctx->propq,
leading to a memory leak.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26015)
Niels Dossche [Wed, 20 Nov 2024 19:22:43 +0000 (20:22 +0100)]
Fix potential memory leak on failure of dsa_gen_init()
When dsa_gen_set_params() returns 0, it could have duplicated the memory for the parameter
OSSL_PKEY_PARAM_FFC_DIGEST already in gctx->mdname, leading to a memory leak.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26016)
projects / thirdparty / openssl.git / log
