Hugo Landau [Fri, 10 Nov 2023 13:36:29 +0000 (13:36 +0000)]
QUIC APL, TSERVER: Start using a QUIC_ENGINE object
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Fri, 10 Nov 2023 12:53:39 +0000 (12:53 +0000)]
QUIC ENGINE: Add unused QUIC_ENGINE object
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Fri, 10 Nov 2023 12:40:12 +0000 (12:40 +0000)]
QUIC CHANNEL: Remove obsolete SRT definitions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Fri, 10 Nov 2023 12:34:56 +0000 (12:34 +0000)]
QUIC PORT: Add missing copyright header
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Fri, 10 Nov 2023 10:33:13 +0000 (10:33 +0000)]
Update fuzz corpora
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 15:30:15 +0000 (15:30 +0000)]
QUIC PORT: Fix BIO_dgram usage under Winsock due to bind requirement
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 11:04:50 +0000 (11:04 +0000)]
QUIC Refactor: Fix ANSI - struct definition duplications
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
MARKER: End of Phase 4: Finalization & SRT Handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC PORT: Allow errors to be tracked at port level
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC MULTISTREAM TEST: Make error tests non-mutating and restore error code test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC MULTISTREAM TEST: add OP_POP_ERR
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
ERR: Add ERR_pop()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC PORT: Formalise states of a port
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC PORT: Resolve TODOs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC DEMUX: Remove obsolete SRT handling code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC CHANNEL, LCIDM: Factor duplicate CID generation function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC CHANNEL: Finish cleanup of LCIDM integration
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC CHANNEL: Finish moving SRT handling to SRTM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
MARKER: End of Phase 3: Legacy Cleanup
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC DEMUX: Remove legacy routing code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC QRX: Remove legacy DEMUX-QRX routing code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC QRL TEST: Remove dependency on legacy DEMUX-QRX routing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC TXP TEST: Remove dependency on legacy DEMUX-QRX routing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC DEMUX, QRX: Add deprecation notices for future handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC CHANNEL: Phase out use of QRX-DEMUX routing in favour of PORT-LCIDM routing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC CHANNEL: Keep a reference to our LCIDM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:14 +0000 (10:27 +0000)]
QUIC PORT: Enable injection of incoming URXEs into a channel via default handler rather than DEMUX routing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC DEMUX: Allow parsed DCID to be learnt in default packet handler
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT: Create a LCIDM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT: Partially move stateless reset handling to port
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT: Add SRTM wiring
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC CHANNEL: Remove legacy calls for functionality moved to QUIC_PORT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
MARKER: End of Phase 2: Transfer of Responsibilities Done, Legacy Compat Retained
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT, CHANNEL: Move ticking code into QUIC_PORT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT, CHANNEL: Move DEMUX and default packet handling out of CHANNEL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT: Make QUIC_PORT responsible for creation of all channels
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT: Record a SSL_CTX for use when creating handshake layer objects
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT: Keep a list of all child channels
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC CHANNEL, PORT: Abstract time retrieval
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC CHANNEL, TSERVER: Move to using libctx/propq/mutex/now_cb via QUIC_PORT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
MARKER: End of Phase 1: Unused QUIC_PORT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC CHANNEL: Make a QUIC_PORT mandatory
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC TSERVER: Provide a TSERVER's QUIC_CHANNEL with a currently unused QUIC_PORT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC APL: Provide the QUIC_CHANNEL with a currently unused QUIC_PORT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC CHANNEL: Keep a reference to a QUIC_PORT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC PORT: Add basic unwired QUIC_PORT object
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC CHANNEL: Consolidate forward object declarations in a single header
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
QUIC REACTOR: Add utility function for merging tick results
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
list.h: Add iterator macros
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
Hugo Landau [Thu, 9 Nov 2023 10:27:13 +0000 (10:27 +0000)]
list.h: Allow separation of declarations and function definitions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
lan1120 [Tue, 19 Dec 2023 09:15:58 +0000 (17:15 +0800)]
Make SSL_clear_options pass new options to record layer
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23045)
dependabot[bot] [Tue, 19 Dec 2023 18:00:12 +0000 (18:00 +0000)]
Bump actions/setup-python from 4.7.1 to 5.0.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.7.1...v5.0.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22963)
Xi Ruoyao [Sun, 26 Nov 2023 11:49:48 +0000 (19:49 +0800)]
LoongArch64 assembly pack: Really implement OPENSSL_rdtsc
LoongArch [rdtimel.w][1] instruction reads the low 32 bits of the
64-bit stable counter, implement OPENSSL_rdtsc with it instead of always
returning 0.
[1]:https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#_rdtimelh_w_rdtime_d
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22823)
Vikas Verma [Mon, 18 Dec 2023 13:28:25 +0000 (18:58 +0530)]
Update IPAddressOrRange_cmp function to handle switch case
As there is no default case for a->type or b->type in the switch()
statements, if the type does not fall into any defined cases
then memcmp() will be done on garbage data.
Adding default cases in both switches.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23082)
Xi Ruoyao [Sat, 25 Nov 2023 09:53:57 +0000 (17:53 +0800)]
LoongArch64 assembly pack: Fix ChaCha20 ABI breakage
The [LP64D ABI][1] requires the floating-point registers f24-f31
(aka fs0-fs7) callee-saved. The low 64 bits of a LSX/LASX vector
register aliases with the corresponding FPR, so we must save and restore
the callee-saved FPR when we writes into the corresponding vector
register.
This ABI breakage can be easily demonstrated by injecting the use of a
saved FPR into the test in bio_enc_test.c:
static int test_bio_enc_chacha20(int idx)
{
register double fs7 asm("f31") = 114.514;
asm("#optimize barrier":"+f"(fs7));
return do_test_bio_cipher(EVP_chacha20(), idx) && fs7 == 114.514;
}
So fix it. To make the logic simpler, jump into the scalar
implementation earlier when LSX and LASX are not enumerated in AT_HWCAP,
or the input is too short.
[1]: https://github.com/loongson/la-abi-specs/blob/v2.20/lapcs.adoc#floating-point-registers
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22817)
Kai Pastor [Sun, 17 Dec 2023 10:27:19 +0000 (11:27 +0100)]
Fix declspec align syntax
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23072)
Kai Pastor [Sun, 17 Dec 2023 10:26:50 +0000 (11:26 +0100)]
Fix comment syntax
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23072)
Bernd Edlinger [Mon, 18 Dec 2023 20:38:22 +0000 (21:38 +0100)]
Fix no-des failure in test_cms
The newly introduced test case do not work
when configured with no-des, fix that by
choosing -aes128 as cipher.
Fixes
ffed597882ba ("cms: avoid intermittent test failure")
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23086)
Tomas Mraz [Mon, 11 Dec 2023 14:40:19 +0000 (15:40 +0100)]
test_export_key_mat(): Long context support works with new fips provider only
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23007)
Dr. David von Oheimb [Fri, 15 Sep 2023 11:42:19 +0000 (13:42 +0200)]
openssl-cmp.pod.in: fix grammar glitch
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
Dr. David von Oheimb [Wed, 21 Jun 2023 11:01:09 +0000 (13:01 +0200)]
CMP app: make -geninfo option accept multiple ITAVs and support string values besides integers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
Dr. David von Oheimb [Tue, 13 Jun 2023 19:56:57 +0000 (21:56 +0200)]
CMP lib and app: add optional certProfile request message header and respective -profile option
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
Tomas Mraz [Thu, 14 Dec 2023 17:33:57 +0000 (18:33 +0100)]
Consolidate raising errors in SSL_CONF_cmd()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
Tomas Mraz [Thu, 14 Dec 2023 15:37:58 +0000 (16:37 +0100)]
Test that incorrect entry in the ssl section is not fatal
The following entries should be still applied.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
Tomas Mraz [Thu, 14 Dec 2023 15:26:21 +0000 (16:26 +0100)]
Always apply all configuration settings from the ssl section
Even if some configuration entry is incorrect, do not
skip the remaining ones.
Fixes #20789
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
Matt Caswell [Tue, 12 Dec 2023 13:47:11 +0000 (13:47 +0000)]
Add a daily test for an alternative value for SSL3_ALIGN_PAYLOAD
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23021)
Matt Caswell [Tue, 12 Dec 2023 13:17:51 +0000 (13:17 +0000)]
Ensure the default length calculation includes the content type byte
TLSv1.3 includes an extra byte after the payload for the content type.
We should incorporate that in the calculation of the default buffer length.
Fixes #23015
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23021)
Dmitry Misharov [Thu, 14 Dec 2023 12:36:04 +0000 (13:36 +0100)]
run Windows GitHub CI workflow on self-hosted runners
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23042)
Dmitry Misharov [Thu, 14 Dec 2023 11:29:23 +0000 (12:29 +0100)]
run GitHub CI workflow on self-hosted runners
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23042)
Dmitry Misharov [Thu, 14 Dec 2023 10:09:15 +0000 (11:09 +0100)]
run Cross Compiles workflow on self-hosted runner
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23042)
James Muir [Thu, 14 Dec 2023 19:14:37 +0000 (14:14 -0500)]
cms: avoid intermittent test failure
If you decrypt a random input using RSAES-PKCS-v1_5, then there is a
non-negligible chance that the result will look like a valid plaintext
(that is why RSAES-PKCS-v1_5 shouldn't be used anymore). This was the
cause of an intermittent failure in a test that did a cms-encrypt
operation targetting multiple recipients.
The failure happened during key-only decrypt. The recipient decrypts
every RSA ciphertext -- only one is supposed to decrypt successfully,
which would reveal the right content-key. Occassionally, more than
one decrypted successfully.
Update the test by specifying the recipient cert in the decrypt op
(this avoids looping over all RSA ciphertexts).
Add a new test to get coverage for key-only decrypt, but use RSA-OAEP
during the encrypt op.
Fixes https://github.com/openssl/project/issues/380
Testing:
$ make TESTS='test_cms' test
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23055)
Xi Ruoyao [Tue, 12 Dec 2023 19:36:48 +0000 (03:36 +0800)]
Define L_ENDIAN for linux64-loongarch64
In commit
d7c0fc5b1a7b5cb2219f8d89a861f3879582fc16 we removed L_ENDIAN
definition for guessed linux64-loongarch64 as it had caused an
inconsistency between configurations with and without explicit
specifying linux64-loongarch64. Now add it back to the proper location.
Unlike MIPS or RISC-V, LoongArch is always little-endian [1].
By the way, change "LOONGARCH" to "LoongArch" in a comment as LOONGARCH
should only appear in the identifiers of macros, constants, etc.
[1]:https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#endian
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23064)
dependabot[bot] [Mon, 18 Dec 2023 10:05:05 +0000 (10:05 +0000)]
Bump actions/download-artifact from 3 to 4
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23052)
dependabot[bot] [Mon, 18 Dec 2023 09:58:53 +0000 (09:58 +0000)]
Bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23053)
Frederik Wedel-Heinen [Tue, 12 Dec 2023 11:58:01 +0000 (12:58 +0100)]
Remove redundant logic for DTLS server version selection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22989)
Frederik Wedel-Heinen [Fri, 8 Dec 2023 20:00:43 +0000 (21:00 +0100)]
Handle tls and dtls server version selection similarly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22989)
Dmitry Kobets [Fri, 15 Dec 2023 04:12:43 +0000 (20:12 -0800)]
Fix instructions for running tests on Windows
In the command `nmake TEST='foo' test`, on Windows the runner
will look for test `'foo'` and complain about the test not being found
(due to the extraneous single quotes), whereas with `nmake TEST="foo" test`,
the test `foo` will be correctly found.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23059)
Tomas Mraz [Mon, 11 Dec 2023 14:19:47 +0000 (15:19 +0100)]
Fix provider compatibility check crash in evp_test
EVP_MAC_CTX_get_mac_size() cannot be called on older
unfixed versions before EVP_MAC_init().
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/23006)
Neil Horman [Fri, 8 Dec 2023 20:41:51 +0000 (15:41 -0500)]
Avoid setting gen_type to -1 in dsa_gen_set_params
gh_gen_type_common_set_params looks up a dsa contexts gen_type using
name2id, but if it returns error, we inadvertently set gctx->gen_type to
-1, which is an invalid value, which may lead to improper behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
do_stuff
else {
do_other_stuff
}
Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.
Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value
In leiu of testing this specific case, also add an ossl_assert in dsa_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
Neil Horman [Fri, 8 Dec 2023 19:59:23 +0000 (14:59 -0500)]
Avoid setting gen_type to -1 in dh_gen_common_set_params
gh_gen_type_common_set_params looks up a dh contexts gen_type using
name2id, but if it returns error, we set gctx->gen_type to -1, which
is an invalid value, which may lead to undefined behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
do_stuff
else {
do_other_stuff
}
Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.
Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value
In leiu of testing this specific case, also add an ossl_assert in dh_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
Dr. David von Oheimb [Sat, 2 Dec 2023 14:54:27 +0000 (15:54 +0100)]
CONTRIBUTING.md: add reference to util/check-format.pl and fix several nits
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22911)
Neil Horman [Tue, 5 Dec 2023 20:24:20 +0000 (15:24 -0500)]
Harden asn1 oid loader to invalid inputs
In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init
config_diagnostics = 1
[openssl_init]
oid_section = oids
[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======
The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space
correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)
Neil Horman [Tue, 5 Dec 2023 19:50:01 +0000 (14:50 -0500)]
Fix genstr/genconf option in asn1parse
At some point the asn1parse applet was changed to default the inform to
PEM, and defalt input file to stdin. Doing so broke the -genstr|conf options,
in that, before we attempt to generate an ASN1 block from the provided
genstr string, we attempt to read a PEM input from stdin. As a result,
this command:
openssl asn1parse -genstr OID:1.2.3.4
hangs because we are attempting a blocking read on stdin, waiting for
data that never arrives
Fix it by giving priority to genstr|genconf, such that, if set, will just run
do_generate on that string and exit
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)
Hugo Landau [Mon, 11 Dec 2023 07:57:54 +0000 (07:57 +0000)]
LHASH: Document down_load functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22981)
Hugo Landau [Fri, 8 Dec 2023 10:14:27 +0000 (10:14 +0000)]
LHASH: Fix documentation for doall-delete hazards
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22981)
Hugo Landau [Fri, 8 Dec 2023 09:58:21 +0000 (09:58 +0000)]
QUIC LCIDM: Fix usage of LHASH
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22981)
Tomas Mraz [Mon, 11 Dec 2023 14:03:08 +0000 (15:03 +0100)]
pkcs12: Do not forcibly load the config file
This was added as part of commit
e869c86 but later it
was made unnecessary by commit
21f7a09.
Fixes #22994
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23005)
James Muir [Thu, 7 Dec 2023 15:23:49 +0000 (10:23 -0500)]
doc: fix list display in man page
"=over 1" is too small. Use "=over 2" so that list items are
displayed correctly in the generated man-page.
You can check the man-page using the following command:
cd doc && pod2man man3/OSSL_PARAM_int.pod | man /dev/stdin
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22974)
fangming.fang [Thu, 7 Dec 2023 06:17:51 +0000 (06:17 +0000)]
Enable BTI feature for md5 on aarch64
Fixes: #22959
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22971)
Max Bachmann [Thu, 7 Dec 2023 02:48:58 +0000 (03:48 +0100)]
remove duplicated typedef for u64
This typedef is already created in aes_local.h as `typedef uint64_t u64;`.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22969)
slontis [Thu, 7 Dec 2023 00:54:34 +0000 (10:54 +1000)]
Removed extra spaces in documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22968)
James Muir [Wed, 6 Dec 2023 21:49:11 +0000 (16:49 -0500)]
ossl-params: check length returned by strlen()
In param_build.c, the functions OSSL_PARAM_BLD_push_utf8_string() and
OSSL_PARAM_BLD_push_utf8_ptr() use strlen() to compute the length of
the string when bsize is zero. However, the size_t returned by
strlen() might be too large (it is stored in an intermediate "int"),
so check for that.
There are analogous functions in params.c, but they do not use an
intermediate "int" to store the size_t returned by strlen(). So there
is some inconsistency between the implementations.
Credit to Viktor D and Tomas M for spotting these missing checks.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22967)
Dr. David von Oheimb [Fri, 27 Oct 2023 06:58:48 +0000 (08:58 +0200)]
provider-storemgmt.pod: fix nits (unclosed '<' around name)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22942)
Bernd Edlinger [Sun, 3 Dec 2023 10:41:51 +0000 (11:41 +0100)]
Fix a possible memleak in opt_verify
The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22922)
Bernd Edlinger [Sun, 3 Dec 2023 10:29:52 +0000 (11:29 +0100)]
Fix a possible memleak in apps/rehash.c
The OPENSSL_DIR_end was missing in case of error.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22920)
Bernd Edlinger [Sun, 3 Dec 2023 10:34:37 +0000 (11:34 +0100)]
Fix a possible memleak in smime_main
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22919)
Bernd Edlinger [Sun, 3 Dec 2023 10:24:18 +0000 (11:24 +0100)]
Fix a possible memleak in cms_main
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22918)
Matt Caswell [Wed, 6 Dec 2023 12:51:34 +0000 (12:51 +0000)]
Add a test case for OSSL_HTTP_parse_url
Ensure we test the case where the port value is empty in the URL.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
Matt Caswell [Wed, 6 Dec 2023 11:51:01 +0000 (11:51 +0000)]
Fix some invalid use of sscanf
sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.
The instance in OSSL_HTTP_parse_url could cause an uninitialised read of
sizeof(unsigned int) bytes (typically 4). In many cases this uninit read
will immediately fail on the following check (i.e. if the read value
>65535).
If the top 2 bytes of a 4 byte unsigned int are zero then the value will
be <=65535 and the uninitialised value will be returned to the caller and
could represent arbitrary data on the application stack.
The OpenSSL security team has assessed this issue and consider it to be
a bug only (i.e. not a CVE).
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
Matt Caswell [Wed, 6 Dec 2023 11:19:24 +0000 (11:19 +0000)]
Extend the test of BN_GF2m_mod_inv
Test that input value of 1 for p is treated as an error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)