Jerry Shih [Mon, 25 Sep 2023 00:45:55 +0000 (08:45 +0800)]
riscv: Provide vector crypto implementation of AES-128/256-XTS mode.
To accelerate the performance of the AES-XTS mode, in this patch, we
have the specialized multi-block implementation for AES-128-XTS and
AES-256-XTS.
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Jerry Shih [Mon, 25 Sep 2023 00:42:23 +0000 (08:42 +0800)]
Fix the aes-xts key-length checking condition and hw declaration.
The argument `key-length` includes 2 sets of keys.
All declarations should under `PROV_CIPHER_HW_declare_xts()` macro.
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Thu, 14 Sep 2023 03:43:25 +0000 (20:43 -0700)]
Provide additional AES-GCM test patterns to enhance test coverage.
To enhance test coverage for AES-GCM mode, we provided longer additional
testing patterns for AES-GCM testing.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Jerry Shih [Mon, 25 Sep 2023 01:14:48 +0000 (09:14 +0800)]
riscv: Provide vector crypto implementation of AES-GCM mode.
To accelerate the performance of the AES-GCM mode, in this patch, we
have the specialized multi-block implementations for AES-128-GCM,
AES-192-GCM and AES-256-GCM.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Jerry Shih [Mon, 25 Sep 2023 01:13:07 +0000 (09:13 +0800)]
Minor changes of the GCM-related code.
Unify the return value for `CRYPTO_gcm128_decrypt` as `CRYPTO_gcm128_encrypt`.
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Tue, 12 Sep 2023 14:02:30 +0000 (07:02 -0700)]
riscv: Provide vector crypto implementation of AES-CTR mode.
Support zvbb-zvkned based rvv AES-128/192/256-CTR encryption.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Thu, 7 Sep 2023 14:08:29 +0000 (07:08 -0700)]
riscv: Support SHA-512 family on platforms with vlen >= 128.
This patch supports SHA-512, SHA-512/224, SHA-512/256 on platforms with
vlen greater than 128,
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Thu, 7 Sep 2023 14:03:56 +0000 (07:03 -0700)]
riscv: Code optimization for SHA-256.
Keep SHA-256 constant values in registers to save the loading time.
Move the constant loading for sha256 into a separate subroutine.
By creating a dedicated sub routine for loading sha256 constants, the
code can be made more modular and easier to modify in the future.
Relaxing the SHA256 constraint, zvknhb also supports SHA256.
Simplify the H and mask initialization flows.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Jerry Shih [Tue, 11 Jul 2023 07:49:28 +0000 (15:49 +0800)]
riscv: Provide a vector implementation of CHACHA20 cipher.
Use rvv and zvbb extensions for CHACHA20 cipher.
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Fri, 2 Jun 2023 02:51:10 +0000 (19:51 -0700)]
Provide additional AES-CBC test patterns to enhance test coverage.
To enhance test coverage for AES-CBC mode, we provided longer additional
test patterns for AES-CBC testing.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Thu, 1 Jun 2023 12:11:37 +0000 (05:11 -0700)]
riscv: Use the optimized rvv AES-128/192/256-CBC.
Replace old CBC implementation with optimized AES-128/192/256-CBC in
this patch.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Tue, 12 Sep 2023 13:44:05 +0000 (06:44 -0700)]
riscv: Provide vector crypto implementation of AES-CBC mode.
To accelerate the performance of the AES-128/192/256-CBC block cipher
encryption, we used the vaesz, vaesem and vaesef instructions, which
implement a single round of AES encryption.
Similarly, to optimize the performance of AES-128/192/256-CBC block
cipher decryption, we have utilized the vaesz, vaesdm, and vaesdf
instructions, which facilitate a single round of AES decryption.
Furthermore, we optimize the key and initialization vector (IV) step by
keeping the rounding key in vector registers.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Jerry Shih [Thu, 28 Sep 2023 05:51:17 +0000 (13:51 +0800)]
Update for Zvkb extension.
https://github.com/riscv/riscv-crypto/blob/
c8ddeb7e64a3444dda0438316af1238aeed72041/doc/vector/riscv-crypto-vector-zvkb.adoc
Create `RISCV_HAS_ZVKB()` macro.
Use zvkb for SM4 instead of zvbb.
Use zvkb for ghash instead of zvbb.
We could just use the zvbb's subset `zvkb` for flexibility.
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Wed, 4 Oct 2023 08:44:46 +0000 (01:44 -0700)]
riscv: Further optimization for single block aes-zvkned decryption.
Interleave key loading and aes decrypt computing for single block aes.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Wed, 4 Oct 2023 08:42:10 +0000 (01:42 -0700)]
riscv: Further optimization for single block aes-zvkned encryption.
Interleave key loading and aes encrypt computing for single block aes.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Tue, 29 Aug 2023 08:49:45 +0000 (01:49 -0700)]
riscv: Add RISC-V Vector opcode in riscv.pm
Added helper functions and opcode encoding functions
in riscv.pm perl module to avoid pointless code duplication.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Thu, 28 Sep 2023 17:01:52 +0000 (10:01 -0700)]
Fix typo in ghash-riscv64*.pl
Changed "mutiple" to "multiple" for improved clarity and correctness.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Ard Biesheuvel [Mon, 24 Jul 2023 14:41:17 +0000 (16:41 +0200)]
riscv: Implement AES-192
Even though the RISC-V vector instructions only support AES-128 and
AES-256 for key generation, the round instructions themselves can
easily be used to implement AES-192 too - we just need to fallback to
the generic key generation routines in this case.
Note that the vector instructions use the encryption key schedule (but
in reverse order) so we need to generate the encryption key schedule
even when doing decryption using the vector instructions.
Signed-off-by: Ard Biesheuvel <ardb@google.com>
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Charalampos Mitrodimas [Fri, 27 Jan 2023 15:47:41 +0000 (16:47 +0100)]
riscv: SM3: Provide a Zvksh-based implementation
The upcoming RISC-V vector crypto extensions feature
a Zvksh extension, that provides SM3-specific istructions.
This patch provides an implementation that utilizes this
extension if available.
Tested on QEMU and no regressions observed.
Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Christoph Müllner [Wed, 18 Jan 2023 19:58:12 +0000 (20:58 +0100)]
riscv: SM4: Provide a Zvksed-based implementation
The upcoming RISC-V vector crypto extensions feature
a Zvksed extension, that provides SM4-specific instructions.
This patch provides an implementation that utilizes this
extension if available.
Tested on QEMU and no regressions observed.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Charalampos Mitrodimas [Thu, 26 Jan 2023 16:26:51 +0000 (17:26 +0100)]
riscv: sha512: Provide a Zvknhb-based implementation
The upcoming RISC-V vector crypto extensions feature
a Zvknhb extension, that provides sha512-specific istructions.
This patch provides an implementation that utilizes this
extension if available.
Tested on QEMU and no regressions observed.
Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Charalampos Mitrodimas [Thu, 26 Jan 2023 15:32:47 +0000 (16:32 +0100)]
crypto: sha512: Add mechanism to keep C code as fallback for SHA512_ASM
Currently, architectures have to decide if they want the C code or an
arch-specific implementation. Let's add a macro, that allows to keep the C
code even if SHA512_ASM is defined (but rename it from sha512_block_data_order
to sha512_block_data_order_c). The macro INCLUDE_C_SHA512 can be used by
architectures, that want the C code as fallback code.
Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Charalampos Mitrodimas [Thu, 26 Jan 2023 13:58:30 +0000 (14:58 +0100)]
riscv: sha256: Provide a Zvknha-based implementation
The upcoming RISC-V vector crypto extensions feature
a Zvknha extension, that provides sha256-specific instructions.
This patch provides an implementation that utilizes this
extension if available.
Tested on QEMU and no regressions observed.
Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Charalampos Mitrodimas [Thu, 26 Jan 2023 13:01:42 +0000 (14:01 +0100)]
crypto: sha256: Add mechanism to keep C code as fallback for SHA256_ASM
Currently, architectures have to decide if they want the C code or an
arch-specific implementation. Let's add a macro, that allows to keep the C
code even if SHA256_ASM is defined (but rename it from sha256_block_data_order
to sha256_block_data_order_c). The macro INCLUDE_C_SHA256 can be used by
architectures, that want the C code as fallback code.
Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Christoph Müllner [Thu, 26 Jan 2023 16:34:05 +0000 (17:34 +0100)]
riscv: AES: Provide a Zvkned-based implementation
The upcoming RISC-V vector crypto extensions provide
the Zvkned extension, that provides a AES-specific instructions.
This patch provides an implementation that utilizes this
extension if available.
Tested on QEMU and no regressions observed.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Christoph Müllner [Wed, 18 Jan 2023 12:16:26 +0000 (13:16 +0100)]
riscv: GCM: Provide a Zvkg-based implementation
The upcoming RISC-V vector crypto extensions feature
a Zvkg extension, that provides a vghmac.vv instruction.
This patch provides an implementation that utilizes this
extension if available.
Tested on QEMU and no regressions observed.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Christoph Müllner [Wed, 18 Jan 2023 12:11:19 +0000 (13:11 +0100)]
riscv: GCM: Provide a Zvbb/Zvbc-based implementation
The RISC-V vector crypto extensions features a Zvbc extension
that provides a carryless multiplication ('vclmul.vv') instruction.
This patch provides an implementation that utilizes this
extension if available.
Tested on QEMU and no regressions observed.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Christoph Müllner [Tue, 14 Feb 2023 05:22:03 +0000 (06:22 +0100)]
riscv: Add basic vector extension support
The RISC-V vector extension comes with an implementation-defined
number of bits per vector register (VLEN), which can be read out at
run-time using the CSR 'vlenb' (which returns VLEN/8) followed by a
multiplication by 8 (to convert bytes to bits).
This patch introduces a RISC-V capability 'V' to specify the
availability of the vector extension. If this extension is found at
run-time, then we read out VLEN as described above and cache it.
Caching ensures that we only read the CSR once at startup.
This is necessary because reading out CSR can be expensive
(e.g. if CSR readout is implemented using trap-and-emulate).
Follow-up patches can make use of VLEN and chose the best strategy
based on the available length of the vector registers.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Damian Hobson-Garcia [Thu, 22 Dec 2022 22:15:55 +0000 (17:15 -0500)]
x509_print_ex: Remove unused setting when XN_FLAG_COMPAT is set
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling
X509_NAME_print(). The obase parameter to X509_NAME_print() is not
used, so setting it to a different value has no effect.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19963)
Damian Hobson-Garcia [Thu, 22 Dec 2022 22:04:39 +0000 (17:04 -0500)]
Fix X509_REQ_print_ex bug
Similar to the bug fixed in
02db7354fe7 (Fix bug in X509_print_ex).
The error return value from X509_NAME_print_ex() is different
depending on whether the flags are XN_FLAG_COMPAT or not.
Apply a similar fix to what was done for X509_print_ex here as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19963)
Damian Hobson-Garcia [Thu, 22 Dec 2022 21:36:05 +0000 (16:36 -0500)]
x509_print_ex:Use correct constant for nmflag comparison
The X509_FLAG_COMPAT constant is defined as a value of the
X509_print_ex() cflags argument, and so it should not be used
to compare against values for use with X509_NAME_print flags.
Use XN_FLAG_COMPAT, which has the same value, instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19963)
Daiki Ueno [Mon, 23 Oct 2023 04:56:53 +0000 (13:56 +0900)]
Accept longer context for TLS 1.2 exporters
While RFC 5705 implies that the maximum length of context for
exporters to be 65535 bytes as the length is embedded in uint16, the
current implementation enforces much smaller limit, which is less than
1024 bytes. This removes the restriction by dynamically allocating
memory.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22465)
Matthias St. Pierre [Fri, 22 Sep 2023 15:43:19 +0000 (17:43 +0200)]
crypto/initthread.c: fix misspelled OSSL_provider_init() in comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22450)
atishkov [Tue, 24 Oct 2023 11:59:00 +0000 (14:59 +0300)]
ssl_lib: added pointer SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22470)
atishkov [Tue, 24 Oct 2023 10:25:13 +0000 (13:25 +0300)]
ssl_lib: added pointer SSL and SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22470)
atishkov [Tue, 24 Oct 2023 09:30:22 +0000 (12:30 +0300)]
ssl_lib: added pointer SSL and SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22470)
atishkov [Mon, 23 Oct 2023 10:50:44 +0000 (13:50 +0300)]
ssl_lib: added pointer SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22470)
Todd Short [Fri, 13 Oct 2023 14:18:52 +0000 (10:18 -0400)]
Fix potential NULL deref in ssl_old_test.c
Fix #22367
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22383)
trigpolynom [Wed, 18 Oct 2023 02:44:45 +0000 (22:44 -0400)]
aes-gcm-avx512.pl: fix non-reproducibility issue
Replace the random suffix with a counter, to make the
build reproducible.
Fixes #20954
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22415)
Tomas Mraz [Wed, 18 Oct 2023 13:50:30 +0000 (15:50 +0200)]
bn: Properly error out if aliasing return value with modulus
Test case amended from code initially written by Bernd Edlinger.
Fixes #21110
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22421)
James Muir [Fri, 20 Oct 2023 04:40:29 +0000 (00:40 -0400)]
doc: change "certifictes" to "certificates"
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22446)
Khem Raj [Sat, 21 Oct 2023 20:03:52 +0000 (13:03 -0700)]
Link libatomic on riscv32
GCC toolchains on linux are not able to build libcrypto without linking
to libatomic as it does not have all needed atomics implemented as
intrinsics
Fixes errors like
| ld: ./libcrypto.so: undefined reference to `__atomic_is_lock_free'
CLA: trivial
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22460)
Alexey Fofanov [Wed, 25 Oct 2023 11:29:06 +0000 (14:29 +0300)]
return 0 if an error occurred
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22504)
(cherry picked from commit
f0d88b4d070426493749cfd6b657e42dc3c2f5dd)
Hugo Landau [Tue, 24 Oct 2023 07:49:49 +0000 (08:49 +0100)]
Preemptively reflect the changes in #22480
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22487)
Hugo Landau [Tue, 24 Oct 2023 07:43:49 +0000 (08:43 +0100)]
BIO: Document BIO_sendmmsg and BIO_recvmmsg callbacks
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22487)
Tomas Mraz [Tue, 24 Oct 2023 11:44:26 +0000 (13:44 +0200)]
Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN
BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initialization.
Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.
We also need to adjust EVP_DigestFinal_ex() to query the
OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.
Fixes #22488
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22491)
Hugo Landau [Tue, 24 Oct 2023 06:59:36 +0000 (07:59 +0100)]
QUIC CHANNEL: Handle ping deadlines differently
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)
Hugo Landau [Mon, 23 Oct 2023 14:44:26 +0000 (15:44 +0100)]
QUIC CHANNEL: Tweak crypto buffer sizes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)
Hugo Landau [Mon, 23 Oct 2023 14:38:16 +0000 (15:38 +0100)]
QUIC CHANNEL: Correct timeout calculation for ACKs
ACKs are not restricted by CC so do not consider CC when determining
when we will emit an ACK.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)
Hugo Landau [Fri, 20 Oct 2023 15:52:40 +0000 (16:52 +0100)]
QUIC TLS: Ensure QUIC_TLS is ticked between each processed RX packet
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)
Tomas Mraz [Thu, 5 Oct 2023 17:48:15 +0000 (19:48 +0200)]
QUIC: Test connection with large client and server cert chains
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)
Tomas Mraz [Wed, 25 Oct 2023 09:01:58 +0000 (11:01 +0200)]
fuzz-checker.yml: Revert inadvertent change from
fac61ea
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22501)
Tomas Mraz [Mon, 9 Oct 2023 08:32:44 +0000 (10:32 +0200)]
Avoid using gets as an argument name in a prototype
This otherwise breaks compilation of applications using ssl.h on MingW.
Fixes #22296
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22316)
James Muir [Tue, 24 Oct 2023 01:00:41 +0000 (21:00 -0400)]
quic: documentation and demo nits
The code for the quic demos (from the openssl guide) is presented as
modifications of tls-client-block.c. Make it so that the quic code
better matches the tls code (drop unneeded assignments to "ret", use
the same comment on SSL_connect(), add the same printf() statement).
Also fix some minor typos.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22483)
Hugo Landau [Tue, 24 Oct 2023 07:23:39 +0000 (08:23 +0100)]
QUIC MULTISTREAM TEST: Output connection closure reason info on failure
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22485)
Hugo Landau [Tue, 24 Oct 2023 07:15:18 +0000 (08:15 +0100)]
QUIC APL: Add support for querying frame type causing closure
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22485)
Matt Caswell [Mon, 23 Oct 2023 17:11:06 +0000 (18:11 +0100)]
Don't wait in select if we have data to write
In s_client, when using quic, if we have data from the user to write then we shouldn't
hang in "select" waiting for something to happen.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22480)
Matt Caswell [Fri, 13 Oct 2023 11:19:40 +0000 (12:19 +0100)]
Make s_client -quic -debug work
The callback that makes -debug print the data sent/received needed extending
for the new QUIC callback codes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22480)
Tomas Mraz [Mon, 23 Oct 2023 14:05:27 +0000 (16:05 +0200)]
quic_multistream_test: Output info about connection close reason
In case the connection close error code is unexpected
print out the reason to help with diagnostics.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22474)
Pauli [Wed, 25 Oct 2023 07:30:39 +0000 (18:30 +1100)]
sslapitest: add cast to avoid compiler error
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22500)
Tomas Mraz [Mon, 23 Oct 2023 14:16:50 +0000 (16:16 +0200)]
quic_tserver_test: Raise the initial timeout limit
There were intermitten failures on the test occasionally and
1s initial limit might be too short.
Fixes #22424
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22475)
Clemens Lang [Mon, 16 Oct 2023 13:30:26 +0000 (15:30 +0200)]
rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check
The code did not yet check that the length of the RSA key is positive
and even.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22403)
Ingo Franzki [Mon, 16 Oct 2023 12:07:05 +0000 (14:07 +0200)]
speed: Correct handling of async_jobs for KEM and signature algos
Setup the loopargs array for all jobs, not only for the very first one.
It may fail with "Could not allocate 0 bytes for sig sign loop" and/or will
cause the loop functions to fail silently, because they operate on a NULL
PKEY context when "-async_jobs <n>" is specified.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22399)
Ingo Franzki [Mon, 16 Oct 2023 12:06:04 +0000 (14:06 +0200)]
speed: Fix memory leaks
Free the PKEYs created for KEM and signature algorithms.
Free the encrypt/decrypt PKEY contexts for RSA.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22399)
slontis [Mon, 20 Mar 2023 05:08:38 +0000 (15:08 +1000)]
Create hierarchical demo Makefile.
Adds a Makefile with all, clean, and test targets.
This has only been added for demos that already contain Makefiles.
For problematic tests that require inputs, the test target does nothing.
(Note: Demos should be self contained and not require unknown external
inputs. This PR does not attempt to fix this.)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20546)
Matt Caswell [Mon, 23 Oct 2023 11:16:44 +0000 (12:16 +0100)]
Add a test for retries when sending app data
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22473)
Matt Caswell [Mon, 23 Oct 2023 08:54:16 +0000 (09:54 +0100)]
Make sure we remember how much data we sent in the event of a retry
If a retry occurs we need to reset s->rlayer.wnum so that next time around
we remember how much data we already sent.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22473)
Matt Caswell [Fri, 20 Oct 2023 11:33:25 +0000 (12:33 +0100)]
When requeueing deferred URXEs retain the order
If a URXE cannot be processed yet then we add it to the urx_deferred list.
Later, when they can be processed, we requeue them in the urx_pending list.
We must not reverse the order when doing so. We want to process the URXEs
in the order that they were received.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22452)
Hugo Landau [Mon, 16 Oct 2023 14:50:30 +0000 (15:50 +0100)]
Adjust mdl configuration
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22405)
Hugo Landau [Mon, 16 Oct 2023 14:50:25 +0000 (15:50 +0100)]
Add QUIC README file
Nate Karstens [Fri, 20 Oct 2023 16:24:33 +0000 (11:24 -0500)]
Add notes on use of strdup
Added notes to OPENSSL_INIT_set_config_filename and
OPENSSL_INIT_set_config_appname explaining why strdup
is used instead of OPENSSL_strdup.
CLA: trivial
Co-authored-by: Jean Apolo <jean.apolo@garmin.com>
Signed-off-by: Jean Apolo <jean.apolo@garmin.com>
Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21742)
Pauli [Thu, 5 Oct 2023 23:32:20 +0000 (10:32 +1100)]
test: add unit test for CVE-2023-5363
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Pauli [Thu, 5 Oct 2023 23:43:46 +0000 (10:43 +1100)]
changes and news entries for CVE-2023-5363
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Pauli [Thu, 5 Oct 2023 23:26:23 +0000 (10:26 +1100)]
evp: process key length and iv length early if present
evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers (AEAD ones).
This means that changing the IV length as a parameter will either truncate the
IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised
bytes.
Truncation is very bad if SP 800-38d section 8.2.1 is being used to
contruct a deterministic IV. This leads to an instant loss of confidentiality.
Grabbing extra bytes isn't so serious, it will most likely result in a bad
decryption.
Problem reported by Tony Battersby of Cybernetics.com but earlier discovered
and raised as issue #19822.
Fixes CVE-2023-5363
Fixes #19822
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Tomas Mraz [Thu, 19 Oct 2023 06:37:47 +0000 (08:37 +0200)]
Fix Coverity
1547856: memset() uses only the lowest byte of c
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22430)
Matthias St. Pierre [Sun, 15 Oct 2023 23:35:48 +0000 (01:35 +0200)]
rand: fix seeding from a weak entropy source
The 'rand_generate' method is not well suited for being used with
weak entropy sources in the 'get_entropy' callback, because the
caller needs to provide a preallocated buffer without knowing
how much bytes are actually needed to collect the required entropy.
Instead we use the 'rand_get_seed' and 'rand_clear_seed' methods
which were exactly designed for this purpose: it's the callee who
allocates and fills the buffer, and finally cleans it up again.
The 'rand_get_seed' and 'rand_clear_seed' methods are currently
optional for a provided random generator. We could fall back to
using 'rand_generate' if those methods are not implemented.
However, imo it would be better to simply make them an officially
documented requirement for seed sources.
Fixes #22332
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22394)
Richard Levitte [Wed, 11 Oct 2023 01:19:23 +0000 (12:19 +1100)]
rand: improve error message for rand pool overflows
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22394)
Tomas Mraz [Mon, 23 Oct 2023 12:26:32 +0000 (14:26 +0200)]
quic_record, quicapi, and quicfaults tests do not support fuzzing builds
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22472)
Tomas Mraz [Thu, 19 Oct 2023 15:19:44 +0000 (17:19 +0200)]
run-checker-daily.yml: If the openssl app is not built do not run it
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22443)
Matt Caswell [Thu, 19 Oct 2023 13:54:58 +0000 (14:54 +0100)]
Don't run the QUIC client fuzzer if QUIC is disabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Thu, 19 Oct 2023 09:07:53 +0000 (10:07 +0100)]
Update the corpora files to include the new quic-client subdir
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Mon, 16 Oct 2023 16:24:56 +0000 (17:24 +0100)]
Further tweaks to the CI runs for fuzzing
Have a new job just to run the fuzz tests with fuzzing build mode enabled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Mon, 16 Oct 2023 12:10:33 +0000 (13:10 +0100)]
Teach the quic-client fuzzer about time
We allow the fuzzer to influence the time between different packets using
the fake time capability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Fri, 13 Oct 2023 15:33:31 +0000 (16:33 +0100)]
If an error occurs constructing the quic record layer, free it properly
We need to call quic_free() to free the record layer to ensure than any
BIO that was already set is also freed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Fri, 13 Oct 2023 13:23:40 +0000 (14:23 +0100)]
Drop FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION for some builds
Some builds that weren't doing fuzzing were defining this which makes no
sense and is not appropriate for non-fuzzing builds.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Thu, 12 Oct 2023 15:56:00 +0000 (16:56 +0100)]
Some cleanups in the quic-client fuzzer
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Thu, 12 Oct 2023 15:10:12 +0000 (16:10 +0100)]
Add a test for OSSL_ERR_STATE_save_to_mark()
Add a test for the recently added function OSSL_ERR_STATE_save_to_mark().
We can just modify the existing test_save_restore() to add this in.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Thu, 12 Oct 2023 14:55:48 +0000 (15:55 +0100)]
Add a HISTORY section in the docs about the new ERR_STATE functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Thu, 12 Oct 2023 14:42:22 +0000 (15:42 +0100)]
Fix a use-after-free in qrx_proces_pkt
When calling qrx_relocate_buffer, both the rxe and the pointer to the token
may be changing locations. We have to use a temporary copy of the token
pointer to avoid referencing the old location of the rxe.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Thu, 12 Oct 2023 11:38:22 +0000 (12:38 +0100)]
Ensure that the ERR_STATE is left in a consistent state
We shouldn't ever have the case where the data flags indicate that
err_data has been malloc'd, but the err_data field is NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Wed, 11 Oct 2023 16:35:33 +0000 (17:35 +0100)]
Add fuzz test recipe for the quic client fuzzer
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Wed, 11 Oct 2023 16:35:10 +0000 (17:35 +0100)]
Update the fuzz README to provide info about the stdc++ requirements
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Wed, 11 Oct 2023 09:46:46 +0000 (10:46 +0100)]
Ignore a bad signature in a CertificateVerify message while fuzzing
We ignore such a bad signature when fuzzing - it will never be correct.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Wed, 11 Oct 2023 09:45:14 +0000 (10:45 +0100)]
Don't fail on a bad dcid in the tranport params when fuzzing
We accept a bad original destination connection id in the transport params
while we are fuzzing since this may change every time.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Wed, 11 Oct 2023 09:43:58 +0000 (10:43 +0100)]
Updates to the quic client fuzzer
Handle retryable errors from SSL_read(). Also ensure the underlying BIO
handles the destination address capability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Matt Caswell [Fri, 6 Oct 2023 16:32:14 +0000 (17:32 +0100)]
Don't encrypt/decrypt packet data during fuzzing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
Kurt Roeckx [Wed, 23 Nov 2022 13:24:13 +0000 (14:24 +0100)]
Add quic client fuzzer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
наб [Wed, 18 Oct 2023 13:35:55 +0000 (15:35 +0200)]
Reference the non-"legacy" provider names directly from EVP_md5(3) &c.
Earlier today, it took me five manuals! to find what on earth the
"Performance"/"EVP_MD_fetch(3)" crosslinks actually mean:
EVP_sha1(3)
crypto(7)
EVP_MD_fetch(3) (but not there! don't read that!)
OSSL_PROVIDER-default(7)
EVP_MD-SHA1(7)
If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/,
which it should do, since it's supposed to be what you're replacing it
with, but it doesn't actually say that, maybe people would use it.
I know I didn't because it's basically just deadass buried
As found by git grep -l 'and should consider using'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22420)
Matt Caswell [Thu, 19 Oct 2023 10:37:28 +0000 (11:37 +0100)]
Add a test for converting OSSL_TIME to struct timeval
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)
Matt Caswell [Thu, 19 Oct 2023 10:00:39 +0000 (11:00 +0100)]
Round up nano secs when converting OSSL_TIME to struct timeval
struct timeval doesn't support nanosecs but OSSL_TIME does. We round up
any nanosecs to ensure that a non-zero input always results in a non-zero
output.
This fixes a quic-client fuzzer hang.
Fixes #22437
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)