Viktor Dukhovni [Wed, 21 May 2025 15:33:03 +0000 (01:33 +1000)]
Note finished state in cipher BIO EOF
When the cipher BIO encounters a non-retriable EOF (or error), mark the
state as "finished", else a subsequent BIO_flush() or attempted read may
attempt to finalise the crypto state again, and fail, leading, for
example, to users seeing erroneous apparent decryption failure.
This is not a new problem, the fix should be backported to all supported
releases. It was made more apparent by recent changes to the base64
BIO, which returns a non-retriable EOF when padding is seen at the end
of the base64 data, even if the underlying next BIO is "retriable".
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27680)
Norbert Pocs [Mon, 26 May 2025 08:08:06 +0000 (10:08 +0200)]
Document EVP_CIPHER failure for missing provider function
When writing a new CIPHER implementation the OSSL_FUNC_cipher_get_params
must be present, otherwise the fetch fails. This behaviour is seen in
function evp_cipher_cache_constants@crypto/evp/evp_lib.c.
Resolves: #25801
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27696)
JiashengJiang [Fri, 16 May 2025 22:34:03 +0000 (18:34 -0400)]
apps/cmp.c: Free bio on error to avoid memory leak
Call BIO_free() to release bio if ASN1_i2d_bio_of() fails, preventing a memory leak.
Fixes: 6a3579e190 ("CMP: add support for requesting cert template using genm/genp") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27647)
widneve [Tue, 20 May 2025 14:23:09 +0000 (16:23 +0200)]
Fix memory leaks after failure of PKCS7_add_signed_attribute()
If PKCS7_add_signed_attribute fails,
seq never escapes out of the callee and will
therefore result in a memory leak.
This is similar to ed3d277127.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27670)
Dmitriy Denisov [Tue, 13 May 2025 08:56:33 +0000 (11:56 +0300)]
The condition that is never checked has been removed.
If criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, the criterion !=0 condition will be triggered.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27607)
JiashengJiang [Fri, 16 May 2025 13:37:48 +0000 (09:37 -0400)]
demos/bio/sconnect.c: Free ssl_bio on error to avoid memory leak
Call BIO_free() to release ssl_bio if an error occurs before BIO_push(), preventing a memory leak.
Fixes: 396e720965 ("Fix certificate validation for IPv6 literals in sconnect demo") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27639)
JiashengJiang [Mon, 5 May 2025 17:46:53 +0000 (13:46 -0400)]
crypto/x509/v3_lib.c: Free tmpext if X509V3_EXT_add() fails to avoid memory leak
Add OPENSSL_free to free tmpext if X509V3_EXT_add() fails to avoid memory leak.
Fixes: 878dc8dd95 ("Join the x509 and x509v3 directories") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27566)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27354)
JiashengJiang [Mon, 12 May 2025 14:02:05 +0000 (10:02 -0400)]
test/testutil/testutil_init.c: Add OPENSSL_free() to avoid memory leak
Free trace_data if error occurs to avoid memory leak.
Fixes: d73458d17a ("Add tracing capability in test utilities") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27600)
Matt Caswell [Thu, 8 May 2025 13:54:35 +0000 (14:54 +0100)]
Stop a TLSv1.3 server emitting an unsolicited PSK extension
If we attempt to accept a connection on an SSL object, and the
application has set an SSL_SESSION on that SSL object then we
can mistakenly believe that we are resuming and
emit an unsolicited PSK extension back to the client.
This can especially happen when using SSL_clear() which leaves
any SSL_SESSION associated with the SSL object.
See
https://github.com/openssl/openssl/discussions/27563#discussioncomment-13049352
and
https://github.com/openssl/openssl/discussions/24567
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27584)
APPS/cmp.c: fix char encoding of subject, issuer, sender, and recipient DN
Fixes #27572
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27592)
Jakub Zelenka [Sat, 22 Mar 2025 11:04:23 +0000 (12:04 +0100)]
Check rand_meth_lock existence before trying to lock it
There are situations during exit clean up where dependent libraries
might be using TLS to finalize stuff but that might crash because
the rand_meth_lock can get freed and there is still an attempt to
get rand bytes. This change makes sure that things fail nicely.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27119)
Pauli [Wed, 30 Apr 2025 22:12:00 +0000 (08:12 +1000)]
chacha_poly: fix settable ctx param list
The settable list used the generic AEAD cipher list which included
an extra parameter and omitted the IV length one. The set ctx param call
was custom so the errant list didn't directly impact operation.
The comment about ignoring OSSL_CIPHER_PARAM_AEAD_MAC_KEY is completely bogus.
That parameter isn't accepted either here or by the shared AEAD cipher params.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27534)
Matt Caswell [Fri, 2 May 2025 15:40:50 +0000 (16:40 +0100)]
Add a test for app data received too early
Add a test for app data which was received prior to the Finished is read
correctly, and that if we continue to read we get the expected result.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27543)
Matt Caswell [Fri, 2 May 2025 15:37:32 +0000 (16:37 +0100)]
Ensure we properly release DTLS buffered app data records
If we read an app data record before we have read the Finished we buffer
it. Once we've read it we need to make sure we've properly released it
otherwise we will attempt to read it again (and this time there will be
no data in it).
Fixes #27316
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27543)
JiashengJiang [Mon, 5 May 2025 18:23:38 +0000 (14:23 -0400)]
test/bio_comp_test.c: Initialize pointer to avoid undefined behavior
If the allocation for "original" fails, "result" may be freed without being
properly initialized. Since result could hold a random value due to its
assignment in do_bio_comp_test(), freeing it without initialization is unsafe
and may lead to undefined behavior.
Fixes: 12e96a2360 ("Add brotli compression support (RFC7924)") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27569)
Matt Caswell [Wed, 30 Apr 2025 12:09:58 +0000 (13:09 +0100)]
Add a test for sending an empty app data record in DTLS
DTLS should ignore this
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27541)
Matt Caswell [Tue, 29 Apr 2025 13:21:49 +0000 (14:21 +0100)]
Drop empty app data records in DTLS
App data records with 0 bytes of payload will confuse callers of SSL_read().
This will cause a successful read and return 0 bytes as read. Unfortunately
a 0 return from SSL_read() is considered a failure response. A subsequent
call to SSL_get_error() will then give the wrong result.
Zero length app data records are actually allowed by the spec, but have
never been handled correctly by OpenSSL. We already disallow creating such
empty app data records. Since the SSL_read() API does not have a good way to
handle this type of read, we simply ignore them.
Partial fix for #27316
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27541)
JiashengJiang [Mon, 5 May 2025 01:41:39 +0000 (21:41 -0400)]
crypto/provider_conf.c: Fix possible memory leak
Assign the return value of ossl_provider_info_add_to_store to added instead of
setting it directly to 1, in order to avoid a memory leak caused by entry not
being freed if ossl_provider_info_add_to_store() fails.
Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27472)
Richard Levitte [Wed, 30 Apr 2025 12:37:12 +0000 (14:37 +0200)]
Drop "by store"'s by_store_subject_ex()
It was used to pass libctx and propq, which would override the
corresponding values passed to by_store_ctrl_ex(). This wasn't
really reasonable to do either way, as it could potentially be a
surprise to the user, who can reasonably expect that the URI is
opened with the libctx and propq that was passed with the URI, and
not with those passed later.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27550)
Originally from https://github.com/openssl/openssl/pull/27507, with some
changes.
Co-authored-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27550)
Richard Levitte [Wed, 30 Apr 2025 09:38:04 +0000 (11:38 +0200)]
Rework the "by store" X509_LOOKUP method to open the given URI early
The cached X509_LOOKUP method data is no longer just the URI, but now
includes the OSSL_STORE_CTX pointer, and required parameters to reopen
the URI at any time. cache_objects() is modified to handle this, and
only (re)open the URI when it wasn't previously opened, or when it was
closed by an earlier call.
This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and
get to see possible errors when the URI is loaded.
This assumes that if the URI could be opened once, it can be opened
again.
Fixes #27461
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27550)
Neil Horman [Thu, 24 Apr 2025 13:26:33 +0000 (09:26 -0400)]
Disable unterminated-string-initialization in strict-warnings
Recently updated to fedora 42, which includes an updated gcc, which
triggers a new warning:
test/afalgtest.c:44:9: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (18 chars into 17 available) [-Werror=unterminated-string-initialization]
44 | "\x53\x69\x6e\x67\x6c\x65\x20\x62\x6c\x6f\x63\x6b\x20\x6d\x73\x67"
The warning occurs because in some locations we create char buffers of
length X, and fill it with X bytes of data, truncating the NULL
terminator.
We could fix it by adding the nonstring attribute, but given that:
1) Adding attributes might impact other platforms that don't understand the
attribute.
2) We often create char buffers that don't expect a NULL terminator.
3) Converting the unsigned char arrays to uint8_t, or other types that
could be interpreted as non-strings has no impact, only applying the
nonstring attribute silences the warning.
It seems more sensible to just disable the warning entirely
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27490)
Matt Caswell [Fri, 25 Apr 2025 14:21:47 +0000 (15:21 +0100)]
Clarify how s_client -ign_eof and -quiet impact command processing
If -ign_eof -or -quiet are passed to s_client this implicitly turns off
command processing (i.e. equivalent to -nocommands). This was stated on
the man page in the "CONNECTED COMMANDS" section, but not in the
documentation for "-ign_eof" or "-quiet" directly. We state it here as
well to make it clearer.
Fixes #27443
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27500)
Anton Tieleman [Mon, 28 Apr 2025 11:49:25 +0000 (13:49 +0200)]
Test+fix handling "wrong" downgrade signals
This accounts for cases that can only occur when een non-compliant server sends
the wrong downgrade signal. (TLS1.1 signal when negotiating TLS1.2 or TLS1.2
signal when negotiating TLS1.0/TLS1.1). According to the TLS1.3 RFC these
cases should be rejected:
RFC8446, section 4.1.3: TLS 1.3 clients receiving a ServerHello indicating
TLS 1.2 or below MUST check that the last 8 bytes are not equal to either of
these values. TLS 1.2 clients SHOULD also check that the last 8 bytes are
not equal to the second value if the ServerHello indicates TLS 1.1 or below.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27518)
Anton Tieleman [Mon, 28 Apr 2025 11:30:01 +0000 (13:30 +0200)]
Repair downgrade tests
A number of these tests were failing for the wrong reasons. The intention is to verify
that the client sends an illegal parameter alert when an unexpected downgrade signal
is received. Instead, a number of tests failed because TLS1.1 was not available. The
tests are adapted to explicitly check for an illegal parameter alert from the client.
Client and server flags are updated to enable TLS1.1 where required and a few tests
requiring TLS1.1 were moved to be disabled when TLS1.1 is not available.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27518)
A. Wilcox [Thu, 17 Apr 2025 13:51:53 +0000 (08:51 -0500)]
Fix P-384 curve on lower-than-P9 PPC64 targets
The change adding an asm implementation of p384_felem_reduce incorrectly
uses the accelerated version on both targets that support the intrinsics
*and* targets that don't, instead of falling back to the generics on older
targets. This results in crashes when trying to use P-384 on < Power9.
Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com> Closes: #27350 Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC") Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27429)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27157)
olszomal [Fri, 3 Jan 2025 07:42:55 +0000 (08:42 +0100)]
Fix URL parsing to handle missing ports and ISO 8601 timestamps in paths
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26303)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27455)
If the function is not called the settings default to 0.
Fixes #10584
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27410)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
provider-signature.pod: fix doc of OSSL_SIGNATURE_PARAM_ALGORITHM_ID, describing its relevance
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
Pauli [Wed, 9 Apr 2025 02:42:40 +0000 (12:42 +1000)]
test: test for setting hkdf salt to null
Fixes #27302
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Wed, 9 Apr 2025 02:42:10 +0000 (12:42 +1000)]
hkdf: allow salt to be set to null
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Mironenko [Fri, 28 Mar 2025 10:41:26 +0000 (13:41 +0300)]
Fix OSSL_FUNC_keymgmt_load declaration in man7/provider-keymgmt
OSSL_FUNC_keymgmt_load prototype declared in man7 does not match
the actual OSSL_FUNC_keymgmt_load prototype declared in
include/openssl/core_dispatch.h. This commit fixes the prototype
in man7.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27189)
David Benjamin [Mon, 7 Apr 2025 20:40:05 +0000 (16:40 -0400)]
Fix PKCS7_sign and CMS_sign default hash documentation
Fixes #27291. See issue for details.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)
Updated the change log to include SSLv3 being disabled by default.
This change was implemented into version 1.1.0 and onward. The last version that had SSLv3 enabled was version 1.0.2h, which is why the addition was made where it is.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27289)
Malcolm Hogan [Fri, 7 Mar 2025 23:30:43 +0000 (18:30 -0500)]
Remove DAYS argument
This commit removes DAYS from certificate requests to avoid the warning
'Ignoring -days without -x509; not generating a certificate'
This argument is not needed with the -new argument. Additionally makes sure
$1 is handled when -nodes is not given. Preventing an uninitialized value
error when the DAYS argument is removed.
Fixes #26595
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27277)
Fix potential NULL pointer dereference in final_maxfragmentlen()
In the final_maxfragmentlen() function, s->session is checked
for NULL after it was dereferenced earlier.
So move this NULL check to the top of the function.
CLA: trivial
Fixes: fa49560451 (Fix handling of max_fragment_length extension for PSK) Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27272)
This fixes a couple of big-endian issues in the
assembler code of chacha, SM3 and SM4.
Fixes #27197 Tested-by: @zeldin Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27252)
Graham Leggett [Wed, 2 Apr 2025 11:08:11 +0000 (12:08 +0100)]
ssl/ssl_lib.c: Avoid crash when SSL_CONNECTION is NULL
Detection for sc == NULL is performed after sc is used. Add the
check to the correct place.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27241)
crypto/ui/ui_lib.c: Add OPENSSL_free to avoid memory leaks
Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks.
Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27218)
cmp_client_test.c: relax tight timeout value in test_exec_IR_ses_poll_no_timeout()
Fixes #27165
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27249)
Bernd Edlinger [Fri, 21 Mar 2025 19:58:57 +0000 (20:58 +0100)]
Fix a visual glitch in test_cmp_http.t
Kill the shell process after the Mock server is running,
to prevent the shell from printing an error message when
the Mock server is finally killed.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27144)
Neil Horman [Tue, 1 Apr 2025 17:16:04 +0000 (13:16 -0400)]
Temporarily disable gost-engine tests in ci
We need to temporarily disable this as we have a build break in CI:
https://github.com/openssl/openssl/actions/runs/14192630435
Its occuring because gost-engine depends on libprov, which requires a
minimum version cmake-3.0. The update of github runners to cmake-4.0
causes a bail out as cmake 4.0 no longers supports cmake 3.0 syntax.
Libprov is fixed now, but gost-engine needs to update its libprov
submodule, and then we need to update the gost-engine submodule. Until
thats done (which may take days), we should disable the gost-engine
external tests
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27234)
Matt Caswell [Mon, 31 Mar 2025 14:51:14 +0000 (15:51 +0100)]
Link SSL_get_negotiated_group() and SSL_get0_group_name() in the docs
If you are intereseted in one you might be interested in the other.
Fixes #27137
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27210)
Benjamin Kaduk [Fri, 14 Jun 2024 21:10:39 +0000 (14:10 -0700)]
statem: always save sigalgs during PHA
We use the same extension-parsing function on server and client
for convenience, but while the server might worry about tracking
what was previously received and not overwriting it, on the client
receiving a request for post-handshake authentication, we always
want to use the values from the current extension (and should
always have a new session object that we are free to mutate).
It is somewhat unclear whether the server also needs the check
for a resumed connection; it appears to have been added back in
2015 in commit 062178678f5374b09f00d70796f6e692e8775aca as part
of a broad pass to handle extensions on resumption, but without
specific documentation of each extension's handling.
Fixes: #10370 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24651)
slontis [Sun, 30 Mar 2025 22:42:59 +0000 (09:42 +1100)]
Fix Strict c issue in aes_gcm for armv8
Reported by David Makepeace
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27203)
Branden Clark [Tue, 28 Jan 2025 15:50:10 +0000 (16:50 +0100)]
Fix probing the registry for configuration
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26566)
crypto: windows: use LPCTSTR for the temp registry buffer
mingw-w64 only defines LPCTCH when UNICODE isn't defined
crypto/defaults.c: In function 'get_windows_regdirs':
crypto/defaults.c:72:5: error: unknown type name 'LPCTCH'; did you mean 'LPTCH'?
72 | LPCTCH tempstr = NULL;
| ^~~~~~
| LPTCH
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26566)
String litteral don't need the '##' operator, which causes build
failures:
crypto/defaults.c:kepi:23: error: pasting ""SOFTWARE\\WOW6432Node\\OpenSSL"" and ""-"" does not give a valid preprocessing token
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26566)
JiashengJiang [Wed, 26 Mar 2025 21:40:16 +0000 (17:40 -0400)]
apps/lib/apps.c: Add a check for OPENSSL_strdup()
Add a check for the return value of OPENSSL_strdup() to guarantee the success of allocation, similar to the other call sites.
Fixes: c7d5ea2670 ("Prepare to detect index changes in OCSP responder.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27172)
Bernd Edlinger [Tue, 25 Mar 2025 15:57:32 +0000 (16:57 +0100)]
Fix quic_multistream_test: correct more frame types
There are a few more critical frame injections that
previously created an out-of-diskspace problem
and now only a CI test failure. The pattern
in the qlog files is always similar to this:
sashan [Wed, 26 Mar 2025 08:37:01 +0000 (09:37 +0100)]
Use OPENSSL_strdup() for strings freed by OPENSSL_free()
Things can get messy when application decides to use it's own memory
allocation functions using CRYPTO_set_mem_functions(3ossl)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27163)
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27098)
Andrey Tsygunka [Thu, 20 Mar 2025 14:45:23 +0000 (17:45 +0300)]
Fix return value of the i2d_ASN1_bio_stream() call
If the flags argument does not contain the SMIME_STREAM bit,
the i2d_ASN1_bio_stream() function always returns 1,
ignoring the result of the ASN1_item_i2d_bio() call.
Fix the return value to the result of the ASN1_item_i2d_bio()
call for this case.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27106)
Tomas Mraz [Tue, 25 Mar 2025 09:16:30 +0000 (10:16 +0100)]
Update provider compatibility CI to run on 3.5 branch
Also drop 3.1 development branch as it is out of public support now.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27149)
Richard Levitte [Mon, 24 Mar 2025 05:25:01 +0000 (06:25 +0100)]
In doc/man7/provider-{en,de}coder.pod, clarify where properties are defined
Fixes #27126
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27132)
jay9827342 [Fri, 21 Mar 2025 09:39:49 +0000 (09:39 +0000)]
Memory leak fix ktls_meth.c
The OSSL_RECORD_LAYER needs to be properly freed when return code isnt success.
Memory leak fix
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27111)
Andrey Tsygunka [Wed, 19 Mar 2025 11:53:02 +0000 (14:53 +0300)]
Fix NULL pointer dereference in `asn1_ex_i2c()`, crypto/asn1/tasn_enc.c
Adds handling of V_ASN1_UNDEF to avoid NULL dereference
in case ASN1 structure contains an element of type ASN1_TYPE
without initializing its value (i.e. default constructed)
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27100)
Bernd Edlinger [Thu, 20 Mar 2025 18:45:17 +0000 (19:45 +0100)]
Do not wrap the python3 in ../../util/wrap.pl
That is bad, because this script does seem to have issues,
because it is itself linked against libcrypto, which causes
crashes in enable-asan builds:
ASan runtime does not come first in initial library list;
you should either link runtime to your application or manually
preload it with LD_PRELOAD.
../../util/wrap.pl python3 ../../test/recipes/70-test_quic_multistream_data/verify-qlog.py => 1
not ok 1 - running qlog verification script
not ok 2 - check qlog output
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27089)
Tomas Mraz [Mon, 24 Mar 2025 09:53:02 +0000 (10:53 +0100)]
qlog_event_helpers.c: Fix inverted condition
We want to skip up to PACKET_remaining() and not "at least"
PACKET_remaining() bytes.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27138)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27059)
Martin Oliveira [Wed, 12 Mar 2025 17:09:04 +0000 (11:09 -0600)]
Fix gettable_params() for ECX
The OSSL_PKEY_PARAM_MANDATORY_DIGEST parameter is only handled by the
ed25519_get_params() and ed448_get_params(). The x25519 and x448
versions of get_params() always ignore that parameter, so it should not
be in the list of gettable params.
Fixes: 1a7328c88256 ("PROV: Ensure that ED25519 & ED448 keys have a mandatory digest")
cla: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27043)
Bernd Edlinger [Sun, 9 Mar 2025 10:20:43 +0000 (11:20 +0100)]
Do some more cleanup in the RCU code
Only a minimum of 2 qp's are necessary: one for the readers,
and at least one that writers can wait on for retirement.
There is no need for one additional qp that is always unused.
Also only one ACQUIRE barrier is necessary in get_hold_current_qp,
so the ATOMIC_LOAD of the reader_idx can be changed to RELAXED.
And finally clarify some comments.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27012)
Bernd Edlinger [Mon, 3 Mar 2025 22:46:12 +0000 (23:46 +0100)]
Fix a memory order issue with weakly ordered systems
this adds a dummy atomic release operation to update_qp, which
should make sure that the new value of reader_idx is visible in
get_hold_current_qp, directly after incrementing the users count.
Fixes: #26875 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26964)
Danny Tsen [Tue, 11 Feb 2025 18:48:01 +0000 (13:48 -0500)]
Fix Minerva timing side-channel signal for P-384 curve on PPC
1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
for Montgomery multiplication.
2. ecp_nistp384-ppc64.pl:
- Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
minumum perl wrapper.
- Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
- Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
3. ecp_nistp384.c:
- Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.
Signed-off-by: Danny Tsen <dtsen@us.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26709)
projects / thirdparty / openssl.git / log
