Ensure z and d are actually zeroized by cleansing the full size of s,
rather than just vector_bytes.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27437)
Matt Caswell [Fri, 11 Apr 2025 13:19:46 +0000 (14:19 +0100)]
Fix errors on SSL_accept() and SSL_get_error()
Calling SSL_accept() was raising two errors on the stack if you passed
the wrong object type. Similarly SSL_get_error() was adding an error to
the stack if the wrong object type was passed and returning the wrong
result.
We also ensure SSL_set_accept_state() and SSL_set_connect_state() don't
raise spurious errors since these are void functions.
Fixes #27347
Fixes #27348
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27351)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27157)
olszomal [Fri, 3 Jan 2025 07:42:55 +0000 (08:42 +0100)]
Fix URL parsing to handle missing ports and ISO 8601 timestamps in paths
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26303)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27455)
If the function is not called the settings default to 0.
Fixes #10584
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27410)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
provider-signature.pod: fix doc of OSSL_SIGNATURE_PARAM_ALGORITHM_ID, describing its relevance
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
Pauli [Wed, 9 Apr 2025 02:42:40 +0000 (12:42 +1000)]
test: test for setting hkdf salt to null
Fixes #27302
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Wed, 9 Apr 2025 02:42:10 +0000 (12:42 +1000)]
hkdf: allow salt to be set to null
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Mironenko [Fri, 28 Mar 2025 10:41:26 +0000 (13:41 +0300)]
Fix OSSL_FUNC_keymgmt_load declaration in man7/provider-keymgmt
OSSL_FUNC_keymgmt_load prototype declared in man7 does not match
the actual OSSL_FUNC_keymgmt_load prototype declared in
include/openssl/core_dispatch.h. This commit fixes the prototype
in man7.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27189)
Neil Horman [Mon, 14 Apr 2025 15:03:02 +0000 (11:03 -0400)]
Fix winstore provider to work with recent decoder changes
Changes made recently in commit 31b5f3f made changes to how a default
decoder was created, in which ossl_decoder_instance_new() started
returning null. Other storemgmt providers were updated to start using
ossl_decoder_instance_new_forprov, but the winstore manager seems to
have got missed. Fix it up properly
Fixes #27355
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27384)
David Benjamin [Mon, 7 Apr 2025 20:40:05 +0000 (16:40 -0400)]
Fix PKCS7_sign and CMS_sign default hash documentation
Fixes #27291. See issue for details.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)
Updated the change log to include SSLv3 being disabled by default.
This change was implemented into version 1.1.0 and onward. The last version that had SSLv3 enabled was version 1.0.2h, which is why the addition was made where it is.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27289)
Malcolm Hogan [Fri, 7 Mar 2025 23:30:43 +0000 (18:30 -0500)]
Remove DAYS argument
This commit removes DAYS from certificate requests to avoid the warning
'Ignoring -days without -x509; not generating a certificate'
This argument is not needed with the -new argument. Additionally makes sure
$1 is handled when -nodes is not given. Preventing an uninitialized value
error when the DAYS argument is removed.
Fixes #26595
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27277)
Fix potential NULL pointer dereference in final_maxfragmentlen()
In the final_maxfragmentlen() function, s->session is checked
for NULL after it was dereferenced earlier.
So move this NULL check to the top of the function.
CLA: trivial
Fixes: fa49560451 (Fix handling of max_fragment_length extension for PSK) Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27272)
This fixes a couple of big-endian issues in the
assembler code of chacha, SM3 and SM4.
Fixes #27197 Tested-by: @zeldin Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27252)
Graham Leggett [Wed, 2 Apr 2025 11:08:11 +0000 (12:08 +0100)]
ssl/ssl_lib.c: Avoid crash when SSL_CONNECTION is NULL
Detection for sc == NULL is performed after sc is used. Add the
check to the correct place.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27241)
crypto/ui/ui_lib.c: Add OPENSSL_free to avoid memory leaks
Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks.
Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27218)
Matt Caswell [Wed, 9 Apr 2025 12:08:09 +0000 (13:08 +0100)]
Test that SSL_poll does not report a stream as writable if it isn't
We consume all the credit and check the stream is no longer writeable
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27319)
Matt Caswell [Wed, 9 Apr 2025 12:06:24 +0000 (13:06 +0100)]
Prevent SSL_poll from reporting a stream as writeable if it isn't
The CWM might prevent a stream from being writeable. We should not report
a stream as writeable if there is no credit.
Fixes #27312
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27319)
cmp_client_test.c: relax tight timeout value in test_exec_IR_ses_poll_no_timeout()
Fixes #27165
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27249)
Neil Horman [Mon, 7 Apr 2025 13:09:09 +0000 (09:09 -0400)]
Add known issues to NEWS.md for 3.5.0
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27287)
The QUIC protocol is also supported on server side.
Update the README file accordingly.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27258)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27264)
Fix SSL_new() with QUIC_server_method and improve formatting (Fixes #27255)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27264)
Matt Caswell [Fri, 4 Apr 2025 09:12:46 +0000 (10:12 +0100)]
Fix a reference in the OpenSSL guide to QUIC for servers
One part of the OpenSSL guide suggests we only support clients for QUIC
which is no longer true.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27265)
Update README-QUIC.md with server-side QUIC support information
- Add information about OpenSSL 3.5 server-side QUIC support
- Include specific command instructions for running the QUIC server example
- Explicitly note that s_server does NOT support QUIC
- Fix documentation formatting (trailing spaces and blank lines around code blocks)
Signed-off-by: Samson S. Kolge <eglok1980@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27230)
Bernd Edlinger [Fri, 21 Mar 2025 19:58:57 +0000 (20:58 +0100)]
Fix a visual glitch in test_cmp_http.t
Kill the shell process after the Mock server is running,
to prevent the shell from printing an error message when
the Mock server is finally killed.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27144)
Matt Caswell [Tue, 1 Apr 2025 09:32:00 +0000 (10:32 +0100)]
Detect segfault in the pkeyutl test
Some tests are expected to fail in the pkeyutl test. However, if a segfault
occurs then that counts as a failure and the test passes. A segfault should
never be a "pass".
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27228)
Matt Caswell [Tue, 1 Apr 2025 09:31:33 +0000 (10:31 +0100)]
Fix a segfault in the pkeyutl command line app
Don't attempt to deref a pkey that is NULL
Fixes #27156
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27228)
Neil Horman [Tue, 1 Apr 2025 17:16:04 +0000 (13:16 -0400)]
Temporarily disable gost-engine tests in ci
We need to temporarily disable this as we have a build break in CI:
https://github.com/openssl/openssl/actions/runs/14192630435
Its occuring because gost-engine depends on libprov, which requires a
minimum version cmake-3.0. The update of github runners to cmake-4.0
causes a bail out as cmake 4.0 no longers supports cmake 3.0 syntax.
Libprov is fixed now, but gost-engine needs to update its libprov
submodule, and then we need to update the gost-engine submodule. Until
thats done (which may take days), we should disable the gost-engine
external tests
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27234)
Matt Caswell [Mon, 31 Mar 2025 14:51:14 +0000 (15:51 +0100)]
Link SSL_get_negotiated_group() and SSL_get0_group_name() in the docs
If you are intereseted in one you might be interested in the other.
Fixes #27137
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27210)
Benjamin Kaduk [Fri, 14 Jun 2024 21:10:39 +0000 (14:10 -0700)]
statem: always save sigalgs during PHA
We use the same extension-parsing function on server and client
for convenience, but while the server might worry about tracking
what was previously received and not overwriting it, on the client
receiving a request for post-handshake authentication, we always
want to use the values from the current extension (and should
always have a new session object that we are free to mutate).
It is somewhat unclear whether the server also needs the check
for a resumed connection; it appears to have been added back in
2015 in commit 062178678f5374b09f00d70796f6e692e8775aca as part
of a broad pass to handle extensions on resumption, but without
specific documentation of each extension's handling.
Fixes: #10370 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24651)
Neil Horman [Sat, 29 Mar 2025 21:52:20 +0000 (17:52 -0400)]
Fix more quic_multistream test formatting
We encountered another failure in the quic_multistream_test:
https://github.com/openssl/openssl/actions/runs/14127125173/job/39578660601#step:9:1005
It appears we still occasionally get empty frames in our qlog, with the
validate-qlog.py scripts properly bails out on. In the above case, the
offending frame entry looked like this:
{
"name": "transport:packet_received",
"data": {
"header": {
"packet_type": "initial",
"packet_number": 4,
"dcid": "",
"scid": "6217813c336a012a"
},
"datagram_id": 6,
"frames": [
{
"frame_type": "new_token",
"token": {
"raw": {
"data": "44801add5794"
}
},
"length": 8
},
{
"frame_type": "stream",
"stream_id": 15897,
"offset": 625652585,
"payload_length": 11,
"explicit_length": true,
"fin": true,
"length": 8
},
{} <= NOTE EMPTY FRAME HERE
]
},
"time": 0
}
I think we're still missing some frame formatting cases in
script_21_inject_plain(), which can format potentially any of the frames
listed in the forbidden_frame_types array when running the
test_dyn_frame_types test.
I think we need to enumerate all of those frame types in the case
statement we have there. Fortunately we generally don't have to provide
sane values, and most of the cases fall into 4 categories (those that
need a 64 bit data value, and those that require 1, 2 or 3 variable
integers). There are two special cases, NEW_TOKEN, and NEW_CONNECTION,
but those just need a mix of fixed and variable width data.
So lets fully enumerate those and hopefully put this to bed.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/27200)
slontis [Sun, 30 Mar 2025 22:42:59 +0000 (09:42 +1100)]
Fix Strict c issue in aes_gcm for armv8
Reported by David Makepeace
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27203)
Vavroch [Sun, 30 Mar 2025 07:49:59 +0000 (09:49 +0200)]
Added 3.5 to coveralls.yml
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Misharov <dmitry@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27202)
Viktor Dukhovni [Wed, 26 Mar 2025 10:36:08 +0000 (21:36 +1100)]
Fix sigalg corner cases
- Tolerate RSA PKCS#1 *certificate* signatures when
the peer sigals include RSA PSS with the same digest.
Now that we're more strict about not sending sigalgs that are out of
protocol range, when the client supports TLS 1.3 only, we might refuse
to return an RSA PKCS#1-signed cert.
- Don't send TLS 1.3 sigalgs when requesting client certs from
a TLS 1.2 client.
Fixes: #1144 Fixes: #25277 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27166)
Branden Clark [Tue, 28 Jan 2025 15:50:10 +0000 (16:50 +0100)]
Fix probing the registry for configuration
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26566)
crypto: windows: use LPCTSTR for the temp registry buffer
mingw-w64 only defines LPCTCH when UNICODE isn't defined
crypto/defaults.c: In function 'get_windows_regdirs':
crypto/defaults.c:72:5: error: unknown type name 'LPCTCH'; did you mean 'LPTCH'?
72 | LPCTCH tempstr = NULL;
| ^~~~~~
| LPTCH
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26566)
String litteral don't need the '##' operator, which causes build
failures:
crypto/defaults.c:kepi:23: error: pasting ""SOFTWARE\\WOW6432Node\\OpenSSL"" and ""-"" does not give a valid preprocessing token
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26566)
Viktor Dukhovni [Thu, 27 Mar 2025 01:34:50 +0000 (12:34 +1100)]
Avoid potential double-free with duplicated hybrid ML-KEM keys
Issue reported by Apple Inc on 2025-03-26.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27173)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27176)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27176)
JiashengJiang [Wed, 26 Mar 2025 21:40:16 +0000 (17:40 -0400)]
apps/lib/apps.c: Add a check for OPENSSL_strdup()
Add a check for the return value of OPENSSL_strdup() to guarantee the success of allocation, similar to the other call sites.
Fixes: c7d5ea2670 ("Prepare to detect index changes in OCSP responder.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27172)
Viktor Dukhovni [Thu, 27 Mar 2025 07:58:37 +0000 (18:58 +1100)]
Fix goto label indents to match style
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27175)
Bernd Edlinger [Tue, 25 Mar 2025 15:57:32 +0000 (16:57 +0100)]
Fix quic_multistream_test: correct more frame types
There are a few more critical frame injections that
previously created an out-of-diskspace problem
and now only a CI test failure. The pattern
in the qlog files is always similar to this:
sashan [Wed, 26 Mar 2025 08:37:01 +0000 (09:37 +0100)]
Use OPENSSL_strdup() for strings freed by OPENSSL_free()
Things can get messy when application decides to use it's own memory
allocation functions using CRYPTO_set_mem_functions(3ossl)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27163)
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27098)
Neil Horman [Wed, 26 Mar 2025 15:17:31 +0000 (11:17 -0400)]
Extend backoff period in noisydgram BIO users
Initially tests that were written which make use of the noisy dgram BIO,
were done under the assumption that, despite any packet mangling done by
the noisy dgram bio, the connection would still be established. This
was initiall guaranteed by configuring the BIO to avoid
corrupting/dropping/duplicating/re-injecting the first packet received,
thus ensuring that the client and server hello frames would make it to
the peer successfully.
This implicitly made the assumption that the client and server hellos
were contained within a single datagram, which until recently was true.
However, with the introduction of ML-KEM keyshares, the above assumption
no longer holds. Large ML-KEM keyshares generally expand these TLS
messages accross multiple datagrams, and so it is now possible that
those initial records can become corrupted/lost etc, leading to
unexpected connection failures.
Lets fix it by restoring the guarantee that these tests were written
under by making the backoff time configurable to a number of frames, and
configuring the quic connection objects used in the test to not drop the
first two initial frames, once again guaranteeing that the client and
server hello arrive at the peer uncorrupted, so that we get a good
connection established.
Fixes #27103
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27169)
Chase Killorin [Wed, 5 Mar 2025 19:44:58 +0000 (14:44 -0500)]
Removed duplicates in some man pages
Fixes openssl/openssl#11748
find-doc-nits: Check for duplicate options
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27088)
Andrey Tsygunka [Thu, 20 Mar 2025 14:45:23 +0000 (17:45 +0300)]
Fix return value of the i2d_ASN1_bio_stream() call
If the flags argument does not contain the SMIME_STREAM bit,
the i2d_ASN1_bio_stream() function always returns 1,
ignoring the result of the ASN1_item_i2d_bio() call.
Fix the return value to the result of the ASN1_item_i2d_bio()
call for this case.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27106)
Viktor Dukhovni [Sun, 23 Mar 2025 13:29:38 +0000 (00:29 +1100)]
In s_client report 'long' certificate sigalg name
This matches the sigalg output format of X509_signature_print(3).
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27130)
Tomas Mraz [Tue, 25 Mar 2025 09:16:30 +0000 (10:16 +0100)]
Update provider compatibility CI to run on 3.5 branch
Also drop 3.1 development branch as it is out of public support now.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27149)
Richard Levitte [Mon, 24 Mar 2025 05:25:01 +0000 (06:25 +0100)]
In doc/man7/provider-{en,de}coder.pod, clarify where properties are defined
Fixes #27126
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27132)
Bernd Edlinger [Mon, 24 Mar 2025 22:03:16 +0000 (23:03 +0100)]
Fix a visual glitch in test_cms.t
the newline in the newly added subtest names somehow
creates another small visual glitch in the test output,
that looks like:
80-test_cms.t .. 30/?
80-test_cms.t .. ok
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27145)
jay9827342 [Fri, 21 Mar 2025 09:39:49 +0000 (09:39 +0000)]
Memory leak fix ktls_meth.c
The OSSL_RECORD_LAYER needs to be properly freed when return code isnt success.
Memory leak fix
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27111)
Viktor Dukhovni [Sun, 23 Mar 2025 07:50:39 +0000 (18:50 +1100)]
Report IANA sigalg name in s_client
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27128)
Andrey Tsygunka [Wed, 19 Mar 2025 11:53:02 +0000 (14:53 +0300)]
Fix NULL pointer dereference in `asn1_ex_i2c()`, crypto/asn1/tasn_enc.c
Adds handling of V_ASN1_UNDEF to avoid NULL dereference
in case ASN1 structure contains an element of type ASN1_TYPE
without initializing its value (i.e. default constructed)
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27100)
Tomas Mraz [Tue, 25 Mar 2025 09:17:36 +0000 (10:17 +0100)]
80-test_cms.t: Fix Provider compatibility CI failures
Old FIPS providers do not support PQC algorithms.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27147)
Bernd Edlinger [Thu, 20 Mar 2025 18:45:17 +0000 (19:45 +0100)]
Do not wrap the python3 in ../../util/wrap.pl
That is bad, because this script does seem to have issues,
because it is itself linked against libcrypto, which causes
crashes in enable-asan builds:
ASan runtime does not come first in initial library list;
you should either link runtime to your application or manually
preload it with LD_PRELOAD.
../../util/wrap.pl python3 ../../test/recipes/70-test_quic_multistream_data/verify-qlog.py => 1
not ok 1 - running qlog verification script
not ok 2 - check qlog output
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27089)
Tomas Mraz [Mon, 24 Mar 2025 09:53:02 +0000 (10:53 +0100)]
qlog_event_helpers.c: Fix inverted condition
We want to skip up to PACKET_remaining() and not "at least"
PACKET_remaining() bytes.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27138)
slontis [Fri, 21 Mar 2025 04:46:52 +0000 (15:46 +1100)]
ML_DSA - Fix bug in OSSL_PKEY_PARAM_SECURITY_BITS getter.
Reported by @romen
It was off by a factor of 8.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27110)
Matt Caswell [Wed, 19 Mar 2025 15:18:06 +0000 (15:18 +0000)]
Move the Handshake read secret change earlier in the process for QUIC 0-RTT
On the server side we were changing the handshake rx secret a little late.
This meant the application was forced to call SSL_do_handshake() again
even if there was nothing to read in order to get the secret. We move it
a little earlier int the process to avoid this.
Fixes the issue described in:
https://github.com/ngtcp2/ngtcp2/pull/1582#issuecomment-2735950083
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27101)
Daniel Van Geest [Tue, 18 Mar 2025 12:56:53 +0000 (12:56 +0000)]
Fix use of SHAKE as a digest in CMS
draft-ietf-lamps-cms-sphincs-plus-19 specifies SHAKE as
the message digest algorithm for SLH-DSA-SHAKE-* in CMS.
SHAKE doesn't have a default digest length, so this adds
a SHAKE-specific kludge in CMS.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27087)
projects / thirdparty / openssl.git / log
