git.openssl.org Git - openssl.git/log

SSL_alert_desc_string_long(): Delete unnecessary underline

It is not present in other alert description strings.

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23675)

Remove receiving of unused return value

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23276)

Workaround the relocation truncated to fit problem on m68k builds

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24028)

rsa/rsa_pmeth.c: Add the checks for the EVP_MD_CTX_get_size()

Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly
cast them to size_t to avoid the integer overflow.

Fixes: 75d44c0452 ("Store digests as EVP_MD instead of a NID.")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23953)

Fix GCC compilation -Waggressive-loop-optimizations

GCC 13.1.0 were reporting a compilation warning with -O2/3 and
-Waggressive-loop-optimizations. GCC is raising an undefined behavior in the
while loop. Replace the while loop with a memset call at the top of the
function.

Fixes #21088

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23898)

BIO_s_connect: Do not set keepalive on dgram sockets

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24015)

Document change of -verify behavior in crl and req apps

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23983)

Use RFC 5869 test case for HKDF self-test

According to NIST SP 800-131Ar2 section 8, the length of the
key-derivation key shall be at least 112 bits.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23833)

Remove handling of NULL sig param in ossl_ecdsa_deterministic_sign

The handling of sig=NULL was broken in this function, but since it
is only used internally and was never called with sig=NULL, it is
better to return an error in that case.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23529)

Fix handling of NULL sig parameter in ECDSA_sign and similar

The problem is, that it almost works to pass sig=NULL to the
ECDSA_sign, ECDSA_sign_ex and DSA_sign, to compute the necessary
space for the resulting signature.
But since the ECDSA signature is non-deterministic
(except when ECDSA_sign_setup/ECDSA_sign_ex are used)
the resulting length may be different when the API is called again.
This can easily cause random memory corruption.
Several internal APIs had the same issue, but since they are
never called with sig=NULL, it is better to make them return an
error in that case, instead of making the code more complex.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23529)

Fix openssl req with -addext subjectAltName=dirName

The syntax check of the -addext fails because the
X509V3_CTX is used to lookup the referenced section,
but the wrong configuration file is used, where only
a default section with all passed in -addext lines is available.
Thus it was not possible to use the subjectAltName=dirName:section
as an -addext parameter. Probably other extensions as well.

This change affects only the syntax check, the real extension
was already created with correct parameters.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23669)

ASYNC_start_job: more readable documentation for handling ASYNC* APIs

Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23941)

Alter the check

Alter the check since 0 md size is an error.

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23940)

ssl/ssl_lib.c: Add the check before cast from int to unsigned

Add the check before cast from int to unsigned to avoid integer overflow since EVP_MD_get_size() may return negative numbers.

Fixes: 919ba00942 ("DANE support structures, constructructors and accessors")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23940)

Bump actions/setup-python from 5.0.0 to 5.1.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.0.0...v5.1.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23977)

Explicitly state what -keys does

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23919)

Alter the variable name

Alter the variable name to make it more meaningful.

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23942)

ssl/tls13_enc.c: Replace size_t with int and add the checks

Replace the type of variables with int to avoid implicit cast when they are assigned by EVP_MD_get_size().
Moreover, add the checks to avoid integer overflow.

Fixes: 6612d87b89 ("Use the correct size for TLSv1.3 finished keys")
Fixes: 34574f193b ("Add support for TLS1.3 secret generation")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23942)

ssl/t1_lib.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid unexpected negative numbers.

Fixes: b362ccab5c ("Security framework.")
Fixes: 0fe3db251a ("Use size of server key when selecting signature algorithm.")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23943)

rands/drbg_hash.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 8bf3665196 ("Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23944)

Add locking to atomic operations in rw/rcu tests

I neglected to add locks to the calls to CRYPTO_atomic_add in these
test, which on newer compilers is fine, as atomic operations are
defined. However on older compilers the __ATOMIC_ACQ_REL definition is
missing causing these function to be implemented using an rwlock, which
when NULL causes the locks to fail.

Fix this my creating the lock and using them appropriately

Fixes #24000

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24001)

rands/drbg_hmac.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 8bf3665196 ("Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23945)

macs/kmac_prov.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 6e624a6453 ("KMAC implementation using EVP_MAC")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23946)

signature/rsa_sig.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 6f4b766315 ("PROV: add RSA signature implementation")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23949)

kdfs/hmacdrbg_kdf.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: f3090fc710 ("Implement deterministic ECDSA sign (RFC6979)")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23950)

test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size()

Add the check for the EVP_MD_CTX_get_size() to avoid integer overflow when it is implicitly casted from int to size_t in evp_pkey_ctx_store_cached_data().
The call path is do_PRF() -> EVP_PKEY_CTX_add1_tls1_prf_seed() -> evp_pkey_ctx_set1_octet_string() -> EVP_PKEY_CTX_ctrl() -> evp_pkey_ctx_store_cached_data().

Fixes: 16938284cf ("Add basic test for Cisco DTLS1_BAD_VER and record replay handling")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23952)

Add OPENSSL_free to avoid mem leak

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23955)

store/store_lib.c: Add the checks for the EVP_MD_CTX_get_size()

Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow.

Fixes: fac8673b8a ("STORE: Add the possibility to search for specific information")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23955)

dsa/dsa_pmeth.c: Add the checks for the EVP_MD_CTX_get_size()

Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow.

Fixes: 9d04f83410 ("Add DSA digest length checks.")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23954)

x509/x509_set.c: Add the check for the EVP_MD_CTX_get_size()

Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers.

Fixes: 786dd2c22c ("Add support for custom signature parameters")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23956)

Break the if statement up into 2 if statements

Break the if statement up into 2 if statements to avoid call
EVP_MD_get_size() twice.

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23959)

signature/sm2_sig.c: Add the check for the EVP_MD_CTX_get_size()

Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers.

Fixes: d0b79f8631 ("Add SM2 signature algorithm to default provider")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23959)

Allow provider sigalgs in SignatureAlgorithms conf

Though support for provider-based signature algorithms was added in
ee58915 this functionality did not work with the SignatureAlgorithms
configuration command. If SignatureAlgorithms is set then the provider
sigalgs are not used and instead it used the default value.

This PR adds a check against the provider-base sigalg list when parsing
the SignatureAlgorithms value.

Based-on-patch-by: Martin Schmatz <mrt@zurich.ibm.com>
Fixes #22761

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22779)

Reject setting invalid CSR versions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23965)

rsa/rsa_ameth.c: Add the check for the EVP_MD_get_size()

Add the check for the EVP_MD_get_size() to avoid invalid negative numbers.

Fixes: 17c63d1cca ("RSA PSS ASN1 signing method")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23973)

Fix threadstest wrapping again

Stochastic failures in the RCU test on MACOSX are occuring. Due to beta
release, disabling this test on MACOSX until post 3.3 release

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23967)

Update gost-engine submodule to fix the CI

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23773)

apps/req,crl: exit with 1 on verification failure

Fixes #23771

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23773)

Add NULL check before accessing PKCS7 encrypted algorithm

Printing content of an invalid test certificate causes application crash, because of NULL dereference:

user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: Segmentation fault (core dumped)

Added test cases for pkcs12 bad certificates

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23632)

Replace size_t with int and add the check for the EVP_MD_get_size()

Replace the type of "digest_size" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Moreover, add the check for the "digest_size".

Fixes: 29ce1066bc ("Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23924)

Replace unsigned with int

Replace the type of "digest_length" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Otherwise, it may pass the following check and cause the integer overflow error when EVP_MD_get_size() returns negative numbers.
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23922)

fix demos/sslecho/main.c so it builds on OpenBSD too

trying to build `demos/sslecho/main.c` shipped by current openssl
fails with error as follows:
```
cc -I../../include -g -Wall   -c -o main.o main.c
main.c:35:24: error: variable has incomplete type 'struct sockaddr_in'
    struct sockaddr_in addr;
                       ^
main.c:35:12: note: forward declaration of 'struct sockaddr_in'
    struct sockaddr_in addr;
           ^
main.c:46:32: error: use of undeclared identifier 'INADDR_ANY'
        addr.sin_addr.s_addr = INADDR_ANY;
                               ^
main.c:152:24: error: variable has incomplete type 'struct sockaddr_in'
    struct sockaddr_in addr;
                       ^
main.c:152:12: note: forward declaration of 'struct sockaddr_in'
    struct sockaddr_in addr;
           ^
3 errors generated.
gmake: *** [<builtin>: main.o] Error 1
```

including `netinet/in.h` fixes the build

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23936)

Add 3.3 and 3.2 branches to Coveralls builds

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23938)

Correct OSSL_sleep for NonStop PUT model by introducing sleep().

This fix also removes SPT model support as it was previously deprecated.
Upcoming threading models on the platform should be supportable without change
to this method.

Fixes: #23923
Fixes: #23927
Fixes: #23928
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23926)

Don’t use the recvmmsg dgram method on Android <5

recvmmsg and sendmmsg were only added to Android’s C library in version 5, starting with API Level 21.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23754)

Fixed a typo and grammar in openssl-ts.pod

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23913)

fix uploading artifacts for paramertrized jobs

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23933)

Make counters in rcu/rw threads torture test 64 bit

Its possible in some conditions for the rw/rcu torture tests to wrap the
counter, leading to false positive failures, make them 64 bits to avoid
this

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23724)

Add M1 macOS runner to some workflows

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23724)

riscv: Fix remaining asm checks

There are additional asm checks which don't check for OPENSSL_CPUID_OBJ
causing the build to still fail on riscv [1], so fix them in the same
manner as ff279597692f9f19dca5b147944d3d96f2e109f8

[1] https://bugs.gentoo.org/923956
Fixes: https://github.com/openssl/openssl/issues/22871
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23752)

(cherry picked from commit daf1f8d64fff4a395ee7cf032484dc022a27e748)

Update FIPS hmac key documentation

The documentation is slightly incorrect about the FIPS hmac key.

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23846)

Move artifact upload code into the shell script

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23551)

Experimental support for uploading qlog artifacts

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23551)

Fix unbounded memory growth when using no-cached-fetch

When OpenSSL has been compiled with no-cached-fetch we do not cache
algorithms fetched from a provider. When we export an EVP_PKEY to a
provider we cache the details of that export in the operation cache for
that EVP_PKEY. Amoung the details we cache is the EVP_KEYMGMT that we used
for the export. When we come to reuse the key in the same provider that
we have previously exported the key to, we check the operation cache for
the cached key data. However because the EVP_KEYMGMT instance was not
cached then instance will be different every time and we were not
recognising that we had already exported the key to the provider.

This causes us to re-export the key to the same provider everytime the key
is used. Since this consumes memory we end up with unbounded memory growth.

The fix is to be more intelligent about recognising that we have already
exported key data to a given provider even if the EVP_KEYMGMT instance is
different.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23841)

Try to fix intermittent CI failures in quic_multistream test

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23807)

plug potential memory leak in error code path

Function `module_add()` may leak stack of modules when
it fails to initialize newly added module.

Fixes #23835

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23836)

Raise the AFL_MAP_SIZE to accommodate future growth

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23851)

82-test_ocsp_cert_chain.t: Just ignore unrecognized lines in server output

There might be warnings from AFL fuzz checker
or other warnings that we do not care about.

For success it is just required that cert_status: ocsp response sent:
is present.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23851)

Minor docfix for OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(3)

Also removal of duplicate assignment and addition of comment
in test/http_test.c

Follow up change to PR #23781

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23837)

Set AFL_MAP_SIZE to avoid crash in the AFL CI job

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23843)

Add a test using the bandwidth limit filter

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23588)

Add support for bandwidth limitation in noisydgram BIO filter

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23588)

bio_f_noisy_dgram_filter(): Fix typo

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23588)

SSL_add_dir_cert_subjects_to_stack(): Documented return values

In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions
returning int have undocumented return values.

Fixes #23171

Signed-off-by: Shakti Shah <shaktishah33@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23433)

Add Content Type OID for id-ct-rpkiSignedPrefixList

References: draft-ietf-sidrops-rpki-prefixlist
Title: "A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)"

OID assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23426)

apps/x509.c: No warning reading from stdin if redirected

Fixes #22893

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23526)

Fix ASLR to be smaller during asan/tsan/ubsan runs

Recently asan/tsan/ubsan runs have been failing randomly.  It appears
that a recent runner update may have led to the Address Space Layout
Randomization setting in the linux kernel of ubuntu-latest runner
getting set to too high a value (it defaults to 30).  Such a setting
leads to the possibility that a given application will have memory
mapped to an address space that the sanitizer code typically uses to do
its job.  Lowering this value allows a/t/ubsan to work consistently
again

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23842)

Avoid a memcpy in dtls_get_reassembled_message()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23828)

Fix dasync_rsa_decrypt to call EVP_PKEY_meth_get_decrypt

Signed-off-by: Vladimirs Ambrosovs <rodriguez.twister@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23825)

Implement KAT for KBKDF with KMAC128

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23745)

Update tls13ccstest.c, removal of deadcode

tst has been already checked for invalid value in the start of the function with switch statement.

Checked again here, so removed deadcode

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23813)

Add fuzzing for DTLS

Update the fuzz corpora submodule with the DTLS fuzz corpus.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23585)

s_server: test ocsp with "-cert_chain"

Add a test to exercise the use of s_server with "-cert_chain" to
construct an ocsp request.

This new functionality was added in PR #22192.

Testing:

make V=1 TESTS='test_ocsp_cert_chain' test

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23101)

Limit the number of http headers when receiving the http response

Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http client library indicates
HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use
OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default.
Setting limit to 0 implies no limit (current behavior).

Fixes #22264

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23781)

Add check for xor_get_aid()

Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference.

For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL.

Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23764)

Improve the documentation on -cert_chain and -status_verbose options

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22192)

Use the untrusted certificate chain to create a valid certificate ID for OCSP_request

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22192)

Doc: fix style

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23805)

PKCS7: Remove one of the duplicate checks

There are two consecutive identical checks "if (i <= 0)".
We can remove one of them to make the code clear.

CLA: trivial

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23741)

Add reformatting commit to .git-blame-ignore-revs

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23748)

Make the generated params_idx.c file deterministic if run multiple
times.

Fixes #23672

There are many name/value pairs currently that have duplicate names e.g.

'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls",
'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls",

Stripping the .pm file down to just the above entries and running
multiple times gives different results for the produce_decoder.

On multiple runs any iterations over the unordered hash table keys using
foreach my $name (keys %params) results in a different order on multiple
runs. Because of this the mapping from the hash 'value' back to the
'key' will be different.

Note that the code also uses another mechanism in places that uses
"name1" => "value"
"name2" => "*name1"
Rather than fix all the strings the change done was to sort the keys. If
we were to chose to fix the strings then the perl code should be changed
to detect duplicates.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23688)

FAQ.md should be removed

the page the link refers to does not exist.
Anyone objects to delete file?

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23719)

Fix BIO_get_new_index() to return an error when it is exhausted.

Fixes #23655

BIO_get_new_index() returns a range of 129..255.

It is set to BIO_TYPE_START (128) initially and is incremented on each
call.
>= 256 is reserved for the class type flags (BIO_TYPE_DESCRIPTOR) so it
should error if it reaches the upper bound.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23732)

Bring SSL_group_to_name docs in line with API definition

docs say the SSL object in this function is const, but the api doesn't
qualify it as such. Adjust the docs to match the definition

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23785)

Add CHANGES

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23584)

QUIC MULTISTREAM TEST: Test write buffer statistics queries

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23584)

QUIC: Add stream write buffer queries

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23584)

Try to fix intermittent CI failures in sslapitest

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23705)

QLOG: Fix indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23598)

QUIC: Define error code for stateless reset

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23598)

QUIC: Add documentation for QUIC error codes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23598)

QUIC: Uniform changes for QUIC error code definitions rename

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23598)

QUIC: Make QUIC transport error codes public

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23598)

Dont run the self-hosted workflows when not available

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23678)

Gate setting of ipi_spec_dst on not building for freebsd

some variants of FreeBSD (notably Dells OneFS) implement IP_PKTINFO
partially, and as such the build breaks for those variants.
specifically, it supports IP_PKTINFO, but the in_pktinfo struct has no
defined ipi_spec_dst field. Work around this by gating the setting of
that variable on not building for FreeBSD

Fixes #23739

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23753)

interop tests: Fedora 39 config, simplify updates

Imitating Fedora 39 configuration in openssl.cnf with
SECLEVEL lowered to 0 in order to be able to run
TLS 1.3 tests with TLS_AES_128_CCM_8_SHA256.

In order to make updating smoother, check out specific tag rather
than the branch. This way, "old" tests can be fetched until PR
pointing to "new" tests is merged, so backwards-incompatible
changes can be done when needed.

Files specific for openssl upstream moved to separate
directory.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23747)