Matt Caswell [Fri, 25 Apr 2025 14:21:47 +0000 (15:21 +0100)]
Clarify how s_client -ign_eof and -quiet impact command processing
If -ign_eof -or -quiet are passed to s_client this implicitly turns off
command processing (i.e. equivalent to -nocommands). This was stated on
the man page in the "CONNECTED COMMANDS" section, but not in the
documentation for "-ign_eof" or "-quiet" directly. We state it here as
well to make it clearer.
Fixes #27443
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27500)
Anton Tieleman [Mon, 28 Apr 2025 11:49:25 +0000 (13:49 +0200)]
Test+fix handling "wrong" downgrade signals
This accounts for cases that can only occur when een non-compliant server sends
the wrong downgrade signal. (TLS1.1 signal when negotiating TLS1.2 or TLS1.2
signal when negotiating TLS1.0/TLS1.1). According to the TLS1.3 RFC these
cases should be rejected:
RFC8446, section 4.1.3: TLS 1.3 clients receiving a ServerHello indicating
TLS 1.2 or below MUST check that the last 8 bytes are not equal to either of
these values. TLS 1.2 clients SHOULD also check that the last 8 bytes are
not equal to the second value if the ServerHello indicates TLS 1.1 or below.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27518)
Anton Tieleman [Mon, 28 Apr 2025 11:30:01 +0000 (13:30 +0200)]
Repair downgrade tests
A number of these tests were failing for the wrong reasons. The intention is to verify
that the client sends an illegal parameter alert when an unexpected downgrade signal
is received. Instead, a number of tests failed because TLS1.1 was not available. The
tests are adapted to explicitly check for an illegal parameter alert from the client.
Client and server flags are updated to enable TLS1.1 where required and a few tests
requiring TLS1.1 were moved to be disabled when TLS1.1 is not available.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27518)
A. Wilcox [Thu, 17 Apr 2025 13:51:53 +0000 (08:51 -0500)]
Fix P-384 curve on lower-than-P9 PPC64 targets
The change adding an asm implementation of p384_felem_reduce incorrectly
uses the accelerated version on both targets that support the intrinsics
*and* targets that don't, instead of falling back to the generics on older
targets. This results in crashes when trying to use P-384 on < Power9.
Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com> Closes: #27350 Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC") Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27429)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27157)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27455)
If the function is not called the settings default to 0.
Fixes #10584
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27410)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
provider-signature.pod: fix doc of OSSL_SIGNATURE_PARAM_ALGORITHM_ID, describing its relevance
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
Pauli [Wed, 9 Apr 2025 02:42:40 +0000 (12:42 +1000)]
test: test for setting hkdf salt to null
Fixes #27302
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Wed, 9 Apr 2025 02:42:10 +0000 (12:42 +1000)]
hkdf: allow salt to be set to null
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Mironenko [Fri, 28 Mar 2025 10:41:26 +0000 (13:41 +0300)]
Fix OSSL_FUNC_keymgmt_load declaration in man7/provider-keymgmt
OSSL_FUNC_keymgmt_load prototype declared in man7 does not match
the actual OSSL_FUNC_keymgmt_load prototype declared in
include/openssl/core_dispatch.h. This commit fixes the prototype
in man7.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27189)
David Benjamin [Mon, 7 Apr 2025 20:40:05 +0000 (16:40 -0400)]
Fix PKCS7_sign and CMS_sign default hash documentation
Fixes #27291. See issue for details.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)
Updated the change log to include SSLv3 being disabled by default.
This change was implemented into version 1.1.0 and onward. The last version that had SSLv3 enabled was version 1.0.2h, which is why the addition was made where it is.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27289)
Malcolm Hogan [Fri, 7 Mar 2025 23:30:43 +0000 (18:30 -0500)]
Remove DAYS argument
This commit removes DAYS from certificate requests to avoid the warning
'Ignoring -days without -x509; not generating a certificate'
This argument is not needed with the -new argument. Additionally makes sure
$1 is handled when -nodes is not given. Preventing an uninitialized value
error when the DAYS argument is removed.
Fixes #26595
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27277)
Fix potential NULL pointer dereference in final_maxfragmentlen()
In the final_maxfragmentlen() function, s->session is checked
for NULL after it was dereferenced earlier.
So move this NULL check to the top of the function.
CLA: trivial
Fixes: fa49560451 (Fix handling of max_fragment_length extension for PSK) Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27272)
This fixes a couple of big-endian issues in the
assembler code of chacha, SM3 and SM4.
Fixes #27197 Tested-by: @zeldin Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27252)
Graham Leggett [Wed, 2 Apr 2025 11:08:11 +0000 (12:08 +0100)]
ssl/ssl_lib.c: Avoid crash when SSL_CONNECTION is NULL
Detection for sc == NULL is performed after sc is used. Add the
check to the correct place.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27241)
crypto/ui/ui_lib.c: Add OPENSSL_free to avoid memory leaks
Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks.
Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27218)
Bernd Edlinger [Fri, 21 Mar 2025 19:58:57 +0000 (20:58 +0100)]
Fix a visual glitch in test_cmp_http.t
Kill the shell process after the Mock server is running,
to prevent the shell from printing an error message when
the Mock server is finally killed.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27144)
Neil Horman [Tue, 1 Apr 2025 17:16:04 +0000 (13:16 -0400)]
Temporarily disable gost-engine tests in ci
We need to temporarily disable this as we have a build break in CI:
https://github.com/openssl/openssl/actions/runs/14192630435
Its occuring because gost-engine depends on libprov, which requires a
minimum version cmake-3.0. The update of github runners to cmake-4.0
causes a bail out as cmake 4.0 no longers supports cmake 3.0 syntax.
Libprov is fixed now, but gost-engine needs to update its libprov
submodule, and then we need to update the gost-engine submodule. Until
thats done (which may take days), we should disable the gost-engine
external tests
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27234)
Matt Caswell [Mon, 31 Mar 2025 14:51:14 +0000 (15:51 +0100)]
Link SSL_get_negotiated_group() and SSL_get0_group_name() in the docs
If you are intereseted in one you might be interested in the other.
Fixes #27137
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27210)
Benjamin Kaduk [Fri, 14 Jun 2024 21:10:39 +0000 (14:10 -0700)]
statem: always save sigalgs during PHA
We use the same extension-parsing function on server and client
for convenience, but while the server might worry about tracking
what was previously received and not overwriting it, on the client
receiving a request for post-handshake authentication, we always
want to use the values from the current extension (and should
always have a new session object that we are free to mutate).
It is somewhat unclear whether the server also needs the check
for a resumed connection; it appears to have been added back in
2015 in commit 062178678f5374b09f00d70796f6e692e8775aca as part
of a broad pass to handle extensions on resumption, but without
specific documentation of each extension's handling.
Fixes: #10370 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24651)
slontis [Sun, 30 Mar 2025 22:42:59 +0000 (09:42 +1100)]
Fix Strict c issue in aes_gcm for armv8
Reported by David Makepeace
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27203)
JiashengJiang [Wed, 26 Mar 2025 21:40:16 +0000 (17:40 -0400)]
apps/lib/apps.c: Add a check for OPENSSL_strdup()
Add a check for the return value of OPENSSL_strdup() to guarantee the success of allocation, similar to the other call sites.
Fixes: c7d5ea2670 ("Prepare to detect index changes in OCSP responder.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27172)
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27098)
Andrey Tsygunka [Thu, 20 Mar 2025 14:45:23 +0000 (17:45 +0300)]
Fix return value of the i2d_ASN1_bio_stream() call
If the flags argument does not contain the SMIME_STREAM bit,
the i2d_ASN1_bio_stream() function always returns 1,
ignoring the result of the ASN1_item_i2d_bio() call.
Fix the return value to the result of the ASN1_item_i2d_bio()
call for this case.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27106)
Tomas Mraz [Tue, 25 Mar 2025 09:16:30 +0000 (10:16 +0100)]
Update provider compatibility CI to run on 3.5 branch
Also drop 3.1 development branch as it is out of public support now.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27149)
Richard Levitte [Mon, 24 Mar 2025 05:25:01 +0000 (06:25 +0100)]
In doc/man7/provider-{en,de}coder.pod, clarify where properties are defined
Fixes #27126
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27132)
jay9827342 [Fri, 21 Mar 2025 09:39:49 +0000 (09:39 +0000)]
Memory leak fix ktls_meth.c
The OSSL_RECORD_LAYER needs to be properly freed when return code isnt success.
Memory leak fix
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27111)
Andrey Tsygunka [Wed, 19 Mar 2025 11:53:02 +0000 (14:53 +0300)]
Fix NULL pointer dereference in `asn1_ex_i2c()`, crypto/asn1/tasn_enc.c
Adds handling of V_ASN1_UNDEF to avoid NULL dereference
in case ASN1 structure contains an element of type ASN1_TYPE
without initializing its value (i.e. default constructed)
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27100)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27059)
Martin Oliveira [Wed, 12 Mar 2025 17:09:04 +0000 (11:09 -0600)]
Fix gettable_params() for ECX
The OSSL_PKEY_PARAM_MANDATORY_DIGEST parameter is only handled by the
ed25519_get_params() and ed448_get_params(). The x25519 and x448
versions of get_params() always ignore that parameter, so it should not
be in the list of gettable params.
Fixes: 1a7328c88256 ("PROV: Ensure that ED25519 & ED448 keys have a mandatory digest")
cla: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27043)
Danny Tsen [Tue, 11 Feb 2025 18:48:01 +0000 (13:48 -0500)]
Fix Minerva timing side-channel signal for P-384 curve on PPC
1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
for Montgomery multiplication.
2. ecp_nistp384-ppc64.pl:
- Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
minumum perl wrapper.
- Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
- Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
3. ecp_nistp384.c:
- Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.
Signed-off-by: Danny Tsen <dtsen@us.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26709)
Tomas Mraz [Tue, 4 Mar 2025 17:43:18 +0000 (18:43 +0100)]
Keep the provided peer EVP_PKEY in the EVP_PKEY_CTX too
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26976)
14MM4CH1N3 [Fri, 14 Feb 2025 17:11:01 +0000 (12:11 -0500)]
Update doc README URLs
This updates the openssl documentation link to the one currently in use,
and removes the standards.txt section as that URL leads to the normal
documentation page and there is no "standards" page in the openssl
documentation site.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26759)
Tomas Mraz [Fri, 28 Feb 2025 10:13:27 +0000 (11:13 +0100)]
apps: Escape control characters in DNs by default
When displaying distinguished names the control characters
are escaped by default.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26932)
slontis [Tue, 25 Feb 2025 06:03:38 +0000 (17:03 +1100)]
Encoder : Fix floating pointer when OSSL_ENCODER_to_data() is called
twice.
Fixes #26862
This only happens when using the FIPS provider, since it needs to export
the key.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26891)
Viktor Dukhovni [Wed, 26 Feb 2025 09:59:38 +0000 (20:59 +1100)]
Tolerate 3.5+ FIPS providers in kem_rsa_params test
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26909)
Neil Horman [Sun, 16 Feb 2025 13:35:38 +0000 (08:35 -0500)]
Change cipher suite alert for 0 length cipher_suites
From RFC 8446:
Note: TLS defines two generic alerts (see Section 6) to use upon
failure to parse a message. Peers which receive a message which
cannot be parsed according to the syntax (e.g., have a length
extending beyond the message boundary or contain an out-of-range
length) MUST terminate the connection with a "decode_error" alert.
Peers which receive a message which is syntactically correct but
semantically invalid (e.g., a DHE share of p - 1, or an invalid enum)
MUST terminate the connection with an "illegal_parameter" alert.
A zero length cipher suite list I think is considered out of range, and
so we should return "decode_error" rather than "illegal_parameter"
Fixes #25309
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26781)
Fix read out of buffer bounds when dealing with BIO_ADDR
This issue was discoevered while I was testing SSL_new_from_listener()
using a newly created unit test. It has turned out the QUIC stack
at few places contain pattern as follows:
foo(QUIC_WHATEVER *q, BIO_ADDR *a)
{
q->a = *a;
}
The problem is that derefencning a that way is risky. If the address `a`
comes from BIO_lookup_ex() it may actually be shorter than sizeof(BIO_ADDR).
Using BIO_ADDR_copy() is the right thing to do here.
Fixes #26241
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26252)
Niels Dossche [Tue, 21 Jan 2025 11:04:44 +0000 (12:04 +0100)]
Fix potential memory leak in policy_section()
If sk_POLICYQUALINFO_push() fails, qual is not freed.
Fix it by adding POLICYQUALINFO_free() to the error path.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26499)
Tomas Mraz [Wed, 22 Jan 2025 08:57:36 +0000 (09:57 +0100)]
add_uris_recursive(): Avoid OSSL_STORE_INFO leak on error
Fixes #26480
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26511)
Niels Dossche [Wed, 22 Jan 2025 13:35:25 +0000 (14:35 +0100)]
Fix potential leak in error path in cert_response()
get1_cert_status() returns an object that must be freed,
but the error path does not do that.
Fix it by adding a call to X509_free() in the error path.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26513)
Burkov Egor [Wed, 19 Feb 2025 13:42:07 +0000 (16:42 +0300)]
fix: add OOM handler for x509 fuzz test
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26830)
Shakti Shah [Wed, 19 Feb 2025 16:08:36 +0000 (21:38 +0530)]
Make org.openssl.winstore: work in openssl-ts
Fixes #26739
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26833)
SPARC assembly: Don't file aes-cbc on T4 with small sizes.
The "openssl speed -testmode -seconds 1 -bytes 1 aes-128-cbc" test
revealed that the assembly code is crashing if length is less than 16.
The code shifts the provided length by 4 and than subtracts one until
the length hits zero. If it was already zero then it underflows the
counter and continues until it segfaults on reading or writing.
Replace the check against 0 with less than 15.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25637)
Xi Ruoyao [Wed, 12 Feb 2025 08:42:00 +0000 (16:42 +0800)]
LoongArch: Fix output file name detection for Perl scripts
We were using the first (or second) argument containing a '.' as the
output name file, but it may be incorrect as -march=la64v1.0 may be in
the command line. If the builder specifies -march=la64v1.0 in the
CFLAGS, the script will write to a file named "-march=la64v1.0" and
cause a build error with cryptic message:
ld: crypto/pem/loader_attic-dso-pvkfmt.o: in function `i2b_PVK':
.../openssl-3.4.1/crypto/pem/pvkfmt.c:1070:(.text+0x11a8): undefined reference to `OPENSSL_cleanse'
Adapt the approach of ARM and RISC-V (they have similar flags like
-march=v8.1-a or -misa-spec=2.2) to fix the issue.
Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26717)
Ingo Franzki [Mon, 10 Feb 2025 14:45:26 +0000 (15:45 +0100)]
test/quicapitest.c: Increase timeout of test_fin_only_blocking to 40ms
Running this test on heavily loaded systems may cause the SSL_read_ex() to
take more than 20ms, due to concurrent workload.
Increase the timeout to 40ms to allow a little bit more time.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26693)
Matt Caswell [Fri, 7 Feb 2025 11:53:59 +0000 (11:53 +0000)]
Add a test for configuring provider certs via config
A bug existed where provider added cert algorithms caused a crash when
they were configured via a config file. We add a test for this scenario.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Matt Caswell [Fri, 7 Feb 2025 12:11:41 +0000 (12:11 +0000)]
Fix configuring provider certificate algs via config file
A crash could occur when attempting to configure a certificate via a
config file, where the algorithm for the certificate key was added
dynamically via a provider.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26663)
Viktor Dukhovni [Thu, 19 Dec 2024 17:26:20 +0000 (04:26 +1100)]
Use ERR marks also when verifying server X.509 certs
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(cherry picked from commit 3908f0dda6fed7c16279bed86089c85644ce6fb8)
Viktor Dukhovni [Thu, 19 Dec 2024 17:25:15 +0000 (04:25 +1100)]
With SSL_VERIFY_PEER client RPK should abort on X509 error
While RPK performs X.509 checks correctly, at the SSL layer the
SSL_VERIFY_PEER flag was not honoured and connections were allowed to
complete even when the server was not verified. The client can of
course determine this by calling SSL_get_verify_result(), but some
may not know to do this.
Added tests to make sure this does not regress.
Fixes CVE-2024-12797
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(cherry picked from commit 87ebd203feffcf92ad5889df92f90bb0ee10a699)
Dmitry Misharov [Thu, 23 Jan 2025 15:40:31 +0000 (16:40 +0100)]
backport make-release.yml workflow to openssl-3.x branches
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26541)
Richard Levitte [Mon, 11 Nov 2024 10:45:49 +0000 (11:45 +0100)]
Upgrade action/{upload,download}-artifact to v4
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/25923)
Mae [Wed, 22 Jan 2025 16:54:43 +0000 (16:54 +0000)]
Fix passing struct by value rather than by reference to syscall
Fixes #26521
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26523)
Stas Cymbalov [Tue, 21 Jan 2025 13:42:19 +0000 (16:42 +0300)]
Fix data race in asn1_str2tag() on tntmp which was accidentally made static
Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
parameter. This can happen if other thread modifies tntmp to point to
a different tnst element right after a successful name check in the
if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
This can happen when multiple threads all first execute tntmp = tnst;
line and then start executing the loop. If that case those threads
can end up incrementing tntmp past the end of tnst array.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)
Nadav Tasher [Fri, 20 Dec 2024 15:59:01 +0000 (17:59 +0200)]
s_socket: naccept: close listening socket after accepting clients
When `-naccept` is passed (i.e with `s_server`), the listening socket remains open while handling
client, even after `naccept` is supposed to reach `0`.
This is caused to to the decrementation of `naccept` and closing of the socket
happening a little too late in the `do_server` function.
Signed-off-by: Nadav Tasher <tashernadav@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26228)
Tomas Mraz [Wed, 15 Jan 2025 17:29:52 +0000 (18:29 +0100)]
Add CHANGES.md and NEWS.md updates for CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
Tomas Mraz [Wed, 15 Jan 2025 17:27:02 +0000 (18:27 +0100)]
Fix timing side-channel in ECDSA signature computation
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
Attacks on ECDSA nonce are also known as Minerva attack.
Fixes CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
projects / thirdparty / openssl.git / log
