lan1120 [Wed, 22 Nov 2023 01:45:25 +0000 (09:45 +0800)]
Initialize dstctx->mgf1_md to NULL in rsa_dupctx function
Signed-off-by: lan1120 <lanming@huawei.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22795)
Xi Ruoyao [Sat, 25 Nov 2023 08:14:35 +0000 (16:14 +0800)]
bn_nist: Fix strict-aliasing violations in little-endian optimizations
The little-endian optimization is doing some type-punning in a way
violating the C standard aliasing rule by loading or storing through a
lvalue with type "unsigned int" but the memory location has effective
type "unsigned long" or "unsigned long long" (BN_ULONG). Convert these
accesses to use memcpy instead, as memcpy is defined as-is "accessing
through the lvalues with type char" and char is aliasing with all types.
GCC does a good job to optimize away the temporary copies introduced
with the change. Ideally copying to a temporary unsigned int array,
doing the calculation, and then copying back to `r_d` will make the code
look better, but unfortunately GCC would fail to optimize away this
temporary array then.
I've not touched the LE optimization in BN_nist_mod_224 because it's
guarded by BN_BITS2!=64, then BN_BITS2 must be 32 and BN_ULONG must be
unsigned int, thus there is no aliasing issue in BN_nist_mod_224.
Fixes #12247.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22816)
`tls_parse_ctos_key_share()` didn't properly handle the option.
Avoid the need to deal with the option in multiple places by properly
handling it in `tls_parse_ctos_psk_kex_modes()`.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22844)
Dmitry Misharov [Thu, 23 Nov 2023 13:22:35 +0000 (14:22 +0100)]
Add self-hosted runners
Added self-hosted runners for freebsd-x86_64 and ubuntu-aarch64.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Anton Arapov <anton@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22804)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22733)
Viktor Dukhovni [Mon, 27 Nov 2023 16:23:54 +0000 (11:23 -0500)]
Add last missing TLSA usage/selector/mtype test case
There were no PKIX-TA(0) SPKI(1) Full(0) (i.e. "0 1 0") test cases in
"danetest.in".
There is now at least a success case, which will exercise freeing the public
key after it is sanity checked, since with PKIX-TA(0) there's nothing we can do
with just the raw public key, a full chain to a local trust anchor is in any
case required.
The failure (to match) code path is already well oiled, but failure to decode
while adding malfored TLSA records could still use some additional tests...
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
Viktor Dukhovni [Sat, 25 Nov 2023 18:26:20 +0000 (13:26 -0500)]
Fix freshly introduced double-free.
We don't need the decoded X.509 Full(0) certificate for the EE usages 1 and 3,
because the leaf certificate is always part of the presented chain, so the
certificate is only validated as well-formed, and then discarded, but the
TLSA record is of course still used after the validation step.
Added DANE test cases for: 3 0 0, 3 1 0, 1 0 0, and 1 1 0
Reported by Claus Assmann.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
Hugo Landau [Tue, 21 Nov 2023 12:53:12 +0000 (12:53 +0000)]
Remove mention of NEWS.md in CONTRIBUTING.md
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Hugo Landau [Tue, 21 Nov 2023 12:52:56 +0000 (12:52 +0000)]
Add known issues section
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Hugo Landau [Mon, 20 Nov 2023 14:54:10 +0000 (14:54 +0000)]
Add proposed editorial conventions for NEWS.md
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
Bernd Edlinger [Fri, 17 Nov 2023 13:47:36 +0000 (14:47 +0100)]
Fix a possible memory leak in ct_move_scts
Instead of trying to move the doomed sct back
to the src stack, which may fail as well, simply
free the sct object, as the src list will be
deleted anyway.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22762)
Xi Ruoyao [Fri, 24 Nov 2023 08:14:05 +0000 (16:14 +0800)]
Do not define L_ENDIAN (for now) when we guessed linux64-loongarch64
In 160f48941d14 I made L_ENDIAN defined when the system is guessed to be
linux64-loongarch64. Unfortunately now I found it problematic:
1. This should be added into Configurations/10-main.conf, not here.
Having it here causes a different configuration when
linux64-loongarch64 is explicitly specified than guessed.
2. With LTO enabled, this causes many test failures on
linux64-loongarch64 due to #12247.
So I think we should remove it for now (master and 3.2 branch), and
reintroduce it to Configurations/10-main.conf when we finally sort
out #12247.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22812)
Hugo Landau [Mon, 27 Nov 2023 07:57:32 +0000 (07:57 +0000)]
QUIC TSERVER: Fix erroneously static variable
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:55:55 +0000 (07:55 +0000)]
Make scsv read-only
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:52:54 +0000 (07:52 +0000)]
Make nid_to_group read-only
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:52:24 +0000 (07:52 +0000)]
Make bitmask table read only
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Mon, 27 Nov 2023 07:51:33 +0000 (07:51 +0000)]
Make ssl_cert_info read-only
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Hugo Landau [Fri, 24 Nov 2023 10:03:30 +0000 (10:03 +0000)]
Only include winsock2.h for struct timeval if needed
Fixes #22811
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/22813)
Tomas Mraz [Mon, 13 Nov 2023 11:17:43 +0000 (12:17 +0100)]
x86_64-xlate.pl: Fix build with icx and nvc compilers
Fixes #22594
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22714)
Add option `SSL_OP_PREFER_NO_DHE_KEX`, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option `PreferNoDHEKEX`, server option `prefer_no_dhe_kex`).
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
Tomas Mraz [Fri, 10 Nov 2023 15:06:16 +0000 (16:06 +0100)]
When abidiff fails print out the XML diff
This can be useful for fixing the CI if needed
without the necessity to run abidw locally.
Also rename the CI job to make its purpose clearer.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22689)
James Muir [Fri, 17 Nov 2023 23:02:51 +0000 (18:02 -0500)]
openssl-speed: support KMAC128 & KMAC256, refactor mac setup/teardown
Add ability to measure performance of the two kmac algorithms, and
reduce code duplication in mac testing by introducing mac_setup() and
mac_teardown(). Also, start accepting "cmac" as an algorithm string
(similar to how "hmac" is accepted).
We can now compare the performance of KMAC128, KMAC256 (mac algs) to
KECCAK-KMAC128, KECCAK-KMAC256 (digest/xof algs).
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22764)
Tomas Mraz [Mon, 20 Nov 2023 16:46:26 +0000 (17:46 +0100)]
SHA3_squeeze(): The next argument is int
Amend the assembler so it uses only 32bit value.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
Tomas Mraz [Thu, 16 Nov 2023 16:52:39 +0000 (17:52 +0100)]
keccak1600-armv4.pl: Further fix for the DigestSqueeze() support
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
Tomas Mraz [Thu, 16 Nov 2023 12:02:20 +0000 (13:02 +0100)]
Cross Compiles CI: Run evp tests on pull requests
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
James Muir [Mon, 20 Nov 2023 18:14:12 +0000 (13:14 -0500)]
contributing-doc: give example commit message with "CLA: trivial"
The text "CLA: trivial" should go at the bottom of the commit message.
Also, update the force-push command to include the repository and
branch, which can avoid unexpected force-push results.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22775)
Richard Levitte [Tue, 21 Nov 2023 13:36:37 +0000 (14:36 +0100)]
Adapt C compiler detection for VSI C on x86_64
VSI C on OpenVMS for x86_64 has a bit more information than on other
hardware. This is no doubt because it's based on LLVM which leaves an
opening for cross compilation.
VSI C on Itanium:
$ CC/VERSION
VSI C V7.4-001 on OpenVMS IA64 V8.4-2L3
VSI C on x86_64:
$ CC/VERSION
VSI C x86-64 X7.4-843 (GEM 50XB9) on OpenVMS x86_64 V9.2-1
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22792)
James Muir [Tue, 21 Nov 2023 05:09:38 +0000 (00:09 -0500)]
speed: make hmac(sha256) the default hmac
prefer hmac(sha256) rather than hmac(md5). Also, drop the "skip_hmac"
label. If we are supposed to do hmac(hash_func) and hash_func cannot
be found, then error out immediately.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22793)
Huiyue Xu [Wed, 22 Nov 2023 01:55:27 +0000 (09:55 +0800)]
Fix a possible memory leak in SM2 provider
ctx->propq that strdup from input parameter propq in sm2sig_newctx,
is not released. It should be released in sm2sig_freectx and copied
to dstctx in sm2sig_dupctx. And dstctx->id and dstctx->propq should
be set NULL to avoid releasing id/propq of srcctx when err occurs.
Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22796)
Hugo Landau [Mon, 20 Nov 2023 15:07:09 +0000 (15:07 +0000)]
Make CHANGES.md header more appropriate
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22785)
Hugo Landau [Mon, 20 Nov 2023 14:06:42 +0000 (14:06 +0000)]
Amend NEWS.md to be more like release notes
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22785)
James Muir [Fri, 17 Nov 2023 22:58:24 +0000 (17:58 -0500)]
doc: fix description of mac "block-size" parameter
The macro for "block-size" is OSSL_MAC_PARAM_BLOCK_SIZE, and this
parameter is not settable. Refer to the "customization string" rather
than the "custom value" (in the Blake2 spec, this is called the
personalization string).
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22763)
James Muir [Mon, 13 Nov 2023 19:28:23 +0000 (14:28 -0500)]
doc: better description of KECCAK-KMAC XOF
KECCAK-KMAC-128 and KECCAK-KMAC-256 are extendable output functions
that have been defined because they are convenient for implementing
KMAC. Give definitions for them so that users aren't left to figure
that out themselves. KECCAK-KMAC-128 is very similar to SHAKE-128,
and KECCAK-KMAC-256 is very similar to SHAKE-256.
Related to #22619.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22755)
Matt Caswell [Fri, 10 Nov 2023 15:33:21 +0000 (15:33 +0000)]
Update the provider documentation
Make the documentation match reality. Add lots of missing algorithms.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22694)
The "square" versions of the logo write "Open" and "SSL" on separate
lines, so that less horizontal space is used.
The png file (nontransparent, white background) can be used to update
the profile picture for the OpenSSL organization on GitHub.
For the existing logo, openssl.svg, the subtitle "Cryptography and
SSL/TLS Toolkit" has been dropped and the text-elements have been
converted to paths (so they are no longer dependent on what fonts the
renderer provides).
The svg files were provided by Anton A.
Part of https://github.com/openssl/project/issues/262
Reviewed-by: Anton Arapov <anton@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22626)
Bernd Edlinger [Tue, 14 Nov 2023 01:42:42 +0000 (02:42 +0100)]
Fix possible memleak in PKCS7_add0_attrib_signing_time
When PKCS7_add_signed_attribute fails, the ASN1_TIME
object may be leaked when it was not passed in as
input parameter.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
Bernd Edlinger [Mon, 20 Nov 2023 09:05:49 +0000 (10:05 +0100)]
Fix a possible use-after-free in custom_exts_free
This may happen when ssl_cert_dup calls custom_exts_copy, where
a possible memory allocation error causes custom_exts_free
to be called twice: once in the error handling of custom_exts_copy
and a second time in the error handling of ssl_cert_dup.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
Bernd Edlinger [Fri, 17 Nov 2023 06:12:42 +0000 (07:12 +0100)]
Fix a possible memleak in CMS_sign_receipt
When an error happens after cms_encode_Receipt
the ASN1_OCTET_STRING object "os" may be leaked.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22758)
Bernd Edlinger [Wed, 15 Nov 2023 19:32:59 +0000 (20:32 +0100)]
Fix a possible memleak in PKCS7_add_attrib_smimecap
When PKCS7_add_signed_attribute fails, the ASN1_STRING
object may be leaked.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22744)
Bernd Edlinger [Wed, 15 Nov 2023 18:46:17 +0000 (19:46 +0100)]
Fix a possible memory leak in dane_tlsa_add
Several error cases leak either the X509 object
or the pkey or the danetls_record object.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22743)
Anders Jansson [Sat, 18 Nov 2023 22:40:33 +0000 (23:40 +0100)]
Fix typo in variable name
Fix spelling $cppfags2 => $cppflags2 in file Configurations/windows-makefile.tmpl
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22771)
Matt Caswell [Thu, 9 Nov 2023 14:45:33 +0000 (14:45 +0000)]
Move freeing of an old record layer to dtls1_clear_sent_buffer
When we are clearing the sent messages queue we should ensure we free any
old write record layers that are no longer in use. Previously this logic
was in dtls1_hm_fragment_free() - but this can end up freeing the current
record layer under certain error conditions.
Fixes #22664
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22679)
Neil Horman [Thu, 9 Nov 2023 13:13:58 +0000 (08:13 -0500)]
zero data in hm_fragment on alloc
if we allocate a new hm_frament in dtls1_buffer_message with
dtls1_hm_fragment_new, the returned fragment contains uninitalized data in the
msg_header field. If an error then occurs, and we free the fragment,
dtls_hm_fragment_free interrogates the msg_header field (which is garbage), and
potentially references undefined values, or worse, accidentally references
available memory that is not owned, leading to various corruptions.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22679)
Neil Horman [Tue, 31 Oct 2023 15:54:03 +0000 (11:54 -0400)]
augment quic demos to support ipv4/6 connections
Because the quicserver utility supports expressly listening in ipv4/6
mode, its possible/likely that the server will listen on an ipv4
address, while the clients will connect via ipv6, leading to connection
failures.
Augment quic demo clients to afford them the same -6 option that the
server has so that connection family can be co-ordinated
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22577)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22725)
Viktor Szakats [Fri, 27 Aug 2021 12:22:15 +0000 (12:22 +0000)]
Configure: do not check for an absolute prefix in cross-builds
The check is always made according to the host platform's rules, which may
not be true for true when the target platform is different, e.g. when
cross-building for Windows on a Linux machine. So skip this check when
used together with the `--cross-compile-prefix=` option.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22723)
Neil Horman [Mon, 13 Nov 2023 09:19:18 +0000 (04:19 -0500)]
Update ci and ABI xml files to validate function parameters
libabigail is currenly only validating symbol presence and version
information in ci. We should also be validating function parameters,
types, etc. To do this we need to build the library with -g so the
dwarf information is available for libabigail to interrogate
while we're at it, also add a script to re-generate the xml that abidiff
uses for comparison during ci runs, to make updates easier
Fixes #22712
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22713)
Matt Caswell [Mon, 13 Nov 2023 14:16:57 +0000 (14:16 +0000)]
Keep track of connection credit as we add stream data
If a single packet contains data from multiple streams we need to keep track
of the cummulative connection level credit consumed across all of the
streams. Once the connection level credit has been consumed we must stop
adding stream data.
Fixes #22706
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22718)
James Muir [Fri, 10 Nov 2023 19:02:00 +0000 (14:02 -0500)]
demos: tidy up makefiles, fix warnings
Update makefiles so that consistent patterns are used. Object files
are compiled from source using an implicit rule (but using our
CFLAGS); for linking, we give an explicit rule. Ensure that "make
test" works in each subdirectory (even if it does not actually run any
applications). The top-level demo makefile now works.
The makefiles are not make-agnostic. e.g. they use the variable $(RM)
in "clean" recipes, which is defined in gnu-make but may not be
defined in others.
Part of #17806
Testing:
$ cd demo
$ make test
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22698)
наб [Sun, 12 Nov 2023 23:44:06 +0000 (00:44 +0100)]
Fix BLAKE2s reporting the same EVP_MD_get_size() as BLAKE2b (64)
Fixes: commit 6d1e730a1ea2c64bdffa88c6b3bee4c3f5bed602 ("Implement
BLAKE2s with the same macro as BLAKE2b") Closes: #22708 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22710)
Rohan McLure [Tue, 14 Nov 2023 03:14:33 +0000 (14:14 +1100)]
ppc64: Fix SHA3_squeeze
Fix the conditional on the 'next' parameter passed into SHA3_squeeze.
Reported-by: David Benjamin <davidben@davidben.net> Signed-off-by: Rohan McLure <rmclure@linux.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22722)
Richard Levitte [Wed, 3 May 2023 10:36:09 +0000 (12:36 +0200)]
Add exporters for CMake
CMake's older package finder, FindOpenSSL.cmake, does a best guess effort
and doesn't always get it right.
By CMake's own documentation, that's what such modules are (best effort
attempts), and package producers are (strongly) encouraged to help out by
producing and installing <PackageName>Config.cmake files to get a more
deterministic configuration.
The resulting OpenSSLConfig.cmake tries to mimic the result from CMake's
FindOpenSSL.cmake, by using the same variable and imported target names.
It also adds a few extra variables of its own, such as:
OPENSSL_MODULES_DIR Indicates the default installation directory
for OpenSSL loadable modules, such as providers.
OPENSSL_RUNTIME_DIR Indicates the default runtime directory, where
for example the openssl program is located.
OPENSSL_PROGRAM Is the full directory-and-filename of the
openssl program.
The imported targets OpenSSL::Crypto and OpenSSL::SSL are as precisely
specified as possible, so for example, they are specified with the both the
import library and the DLL on Windows, which should make life easier on that
platform.
For the moment, one of the following must be done in your CMake project for
this CMake configuration to take priority over CMake's FindOpenSSL.cmake:
- The variable CMAKE_FIND_PACKAGE_PREFER_CONFIG must be set to true prior
to the 'find_package(OpenSSL)' call.
- The 'find_package' call itself must use the "Full Signature". If you
don't know any better, simply add the 'CONFIG' option, i.e. from this
example:
find_package(OpenSSL 3.0 REQUIRED)
to this:
find_package(OpenSSL 3.0 REQUIRED CONFIG)
Just as with the 'pkg-config' exporters, two variants of the .cmake files
are produced:
- Those in 'exporters/' are installed in the location that 'pkg-config'
itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
directly against an OpenSSL build tree.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)
Richard Levitte [Wed, 3 May 2023 10:29:00 +0000 (12:29 +0200)]
Clean up exporters, specifically those we have for pkg-config
The pkg-config exporters were a special hack, all in
Configurations/unix-Makefile.tmpl, and this was well and good as long
as that was the only main package interface configuration system that we
cared about.
Things have changed, though, so we move the pkg-config production to be
templatable in a more flexible manner. Additional templates for other
interface configuration systems can then be added fairly easily.
Two variants of the .pc files are produced:
- Those in 'exporters/' are installed in the location that 'pkg-config'
itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
directly against an OpenSSL build tree.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)
Correct 50-nonstop.conf to support QUIC tests under SPT threading models.
This fix also separates the FLOSS from SPT configurations which should not
have been conflated in the 3.0 series.
Related-to: #22588 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22697)
Neil Horman [Fri, 10 Nov 2023 20:31:23 +0000 (15:31 -0500)]
Force Nonstop to use fcntl(F_GETFL) in BIO_sock_nbio
In tracking down a hang, we found that nonstop platforms were falling
into the if #ifdef FIONBIO clause in the implementation of
BIO_sock_nbio. While the platform defines this macro, sockets set with
this continued to operate in blocking mode. Given that the platform
also support O_NONBLOCK, adjust the ifdef to have the nonstop platform
use that method to ensure that sockets enter blocking mode
Related-To #22588
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22696)
Neil Horman [Sun, 5 Nov 2023 22:51:38 +0000 (17:51 -0500)]
Augment rand argument parsing to allow scaling
Instead of just accepting a number of bytes, allows openssl rand to
accept a k|m|g suffix to scale to kbytes/mbytes/gbytes
Fixes #22622
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22624)
Tomas Mraz [Fri, 10 Nov 2023 15:00:18 +0000 (16:00 +0100)]
Fix CI breakage due to ABIDIFF failure
Also sync libcrypto.num and libssl.num with 3.2 branch and
fix the EVP_DigestSqueeze symbol version.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22688)
Support EVP_DigestSqueeze() for in the digest provider for s390x.
The new EVP_DigestSqueeze() API requires changes to all keccak-based
digest provider implementations. Update the s390x-part of the SHA3
digest provider.
Squeeze for SHA3 is not supported, so add an empty function pointer
(NULL).
Signed-off-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
The digest life-cycle diagram specifies state transitions to `updated`
(aka XOF_STATE_ABSORB) only from `initialised` and `updated`. Add this
checking to the generic sha3 absorb implementation.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
This allows SHAKE to squeeze multiple times with different output sizes.
The existing EVP_DigestFinalXOF() API has been left as a one shot
operation. A similar interface is used by another toolkit.
The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. This involves changing the
assembler code so that it passes a boolean to indicate whether
the Keccak function should be called on entry.
At the provider level, the squeeze is buffered, so that it only requests
a multiple of the blocksize when SHA3_Squeeze() is called. On the first
call the value is zero, on subsequent calls the value passed is 1.
This PR is derived from the excellent work done by @nmathewson in
https://github.com/openssl/openssl/pull/7921
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21511)
James Muir [Fri, 3 Nov 2023 17:15:04 +0000 (13:15 -0400)]
cms demos: print signingTime attributes
Add a makefile for the cms demos, and add a routine to cms_ver.c to
print any signingTime attributes from the CMS_ContentInfo object.
This provides an example that could be extended if an application
wants to examine the purported signing times.
Part of #8026
Testing:
$ cd demos/cms
$ make test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22618)
Matt Caswell [Wed, 8 Nov 2023 10:15:25 +0000 (10:15 +0000)]
After a stream has implicit length don't add more stream related frames
Once we have decided that a stream has an implicit length then we should
treat the packet as full and not try to add any more stream related frames
to the packet.
Fixes #22658
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22662)
projects / thirdparty / openssl.git / log
