Hugo Landau [Tue, 11 Jul 2023 14:30:46 +0000 (15:30 +0100)]
QUIC TXP: Test packet size boundary cases
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21458)
sdlyyxy [Sat, 15 Jul 2023 15:26:05 +0000 (23:26 +0800)]
Update with `ARMV8_HAVE_SHA3_AND_WORTH_USING`
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21398)
sdlyyxy [Fri, 14 Jul 2023 09:10:43 +0000 (17:10 +0800)]
Move CPU detection to armcap.c
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21398)
sdlyyxy [Fri, 7 Jul 2023 11:26:10 +0000 (19:26 +0800)]
Enable ARMv8.2 accelerated SHA3 on compatible Apple CPUs
The hardware-assisted ARMv8.2 implementation is already in keccak1600-armv8.pl.
It is not called because the author mentioned that it's not actually obvious
that it will provide performance improvements. The test on Apple M1 Firestorm
shows that the ARMv8.2 implementation could improve about 36% for large blocks.
So let's enable ARMv8.2 accelerated SHA3 on Apple CPU family.
Fixes #21380
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21398)
Ingo Franzki [Wed, 19 Jul 2023 13:24:49 +0000 (15:24 +0200)]
speed: Fix execution of EdDSA measurement
Running 'openssl speed eddsa' fails with
Doing 253 bits sign
Ed25519 ops for 10s: EdDSA sign failure
000003FF9306C7D0:error:
030000BC:digital envelope routines:EVP_DigestSign:
final error:crypto/evp/m_sigver.c:585:
-1 253 bits
Ed25519 sign ops in 0.00s
Doing 253 bits verify
Ed25519 ops for 10s: EdDSA verify failure
000003FF9306C7D0:error:
030000BC:digital envelope routines:EVP_DigestVerify:
final error:crypto/evp/m_sigver.c:694:
-1 253 bits
Ed25519 verify ops in 0.00s
This is because the EVP_DigestSign/Verify() calls in the EdDSA_sign/verify_loop()
fail because the context has already been finalized by the previous
EVP_DigestSign/Verify call during the EdDSA signature test done by speed_main().
This happens since commit
3fc2b7d6b8f961144905330dfd4689f5bd515199 where the
EVP_DigestSign/Verify() functions have been changed to set a flag that the
context has been finalized.
Fix this by re-initializing the context using EVP_DigestSign/Verify() in the
EdDSA_sign/verify_loop().
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21491)
Ingo Franzki [Wed, 19 Jul 2023 12:59:16 +0000 (14:59 +0200)]
speed: Fix memory leak
Free the signature stack after iterating over all found signatures.
Free the kem and signature stacks at the end of speed_main() if not
NULL.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21491)
Samuel Lee [Wed, 19 Jul 2023 18:04:12 +0000 (11:04 -0700)]
Fix documentation around AAD and return values in EVP_Cipher*
Fixes #21485
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21494)
Pauli [Mon, 17 Apr 2023 03:26:39 +0000 (13:26 +1000)]
Connection ID processing
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20749)
atishkov [Mon, 17 Jul 2023 10:10:44 +0000 (13:10 +0300)]
apps/cms.c: Fix unreachable code in cms_main()
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21474)
Matt Caswell [Thu, 13 Jul 2023 15:14:49 +0000 (16:14 +0100)]
Update CHANGES/NEWS for CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
Matt Caswell [Fri, 7 Jul 2023 13:39:48 +0000 (14:39 +0100)]
Add a test for CVE-2023-3446
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be performing time consuming checks using that modulus.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
Matt Caswell [Thu, 6 Jul 2023 15:36:35 +0000 (16:36 +0100)]
Fix DH_check() excessive time with over sized modulus
The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.
There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.
An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.
The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().
CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
Hugo Landau [Mon, 3 Jul 2023 15:41:51 +0000 (16:41 +0100)]
Fixup tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Hugo Landau [Mon, 3 Jul 2023 14:45:25 +0000 (15:45 +0100)]
QUIC TXP: Handle non-inflight-eligible packets correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Hugo Landau [Mon, 3 Jul 2023 14:45:25 +0000 (15:45 +0100)]
QUIC ACKM: Don't record non-inflight packets in CC
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Hugo Landau [Mon, 3 Jul 2023 14:45:25 +0000 (15:45 +0100)]
QUIC TXP: Do not generate full-size packets when sending CC-excess probes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Hugo Landau [Mon, 3 Jul 2023 14:45:25 +0000 (15:45 +0100)]
QUIC ACKM: RFC 9000 s. 13.2.1: max_ack_delay taken as 0 in INITIAL/HANDSHAKE
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Hugo Landau [Mon, 3 Jul 2023 14:45:25 +0000 (15:45 +0100)]
QUIC CHANNEL: Initialise max_ack_delay values properly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Hugo Landau [Mon, 3 Jul 2023 14:45:25 +0000 (15:45 +0100)]
QUIC ACKM: Clean up max_ack_delay tracking and separate TX and RX values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Hugo Landau [Mon, 3 Jul 2023 14:45:25 +0000 (15:45 +0100)]
QUIC STATM: Move max_ack_delay tracking out of STATM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21349)
Pauli [Mon, 26 Jun 2023 09:30:51 +0000 (19:30 +1000)]
remove duplicate defines, add comment
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21441)
Dr. David von Oheimb [Sun, 16 Jul 2023 13:06:18 +0000 (15:06 +0200)]
openssl-kdf.pod.in: add text on 'salt' and 'info' parameters; small further improvements
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21469)
Dr. David von Oheimb [Sun, 16 Jul 2023 12:55:35 +0000 (14:55 +0200)]
EVP_KDF.pod: extend text on 'salt' and 'info' parameters
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21469)
atishkov [Mon, 17 Jul 2023 09:44:11 +0000 (12:44 +0300)]
Remove redundant check
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21473)
Tomas Mraz [Mon, 17 Jul 2023 15:36:32 +0000 (17:36 +0200)]
Raise SSL_R_QUIC_PROTOCOL_ERROR on any QUIC protocol error
QUIC error code, frame type and reason is in error data
Fixes #21337
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21476)
Dimitri Papadopoulos [Sun, 16 Jul 2023 06:25:55 +0000 (08:25 +0200)]
Fix typos found by codespell
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21467)
lan1120 [Sat, 10 Jun 2023 11:36:17 +0000 (19:36 +0800)]
Fix int_ctx_new() error when use 1.1.1n sm2 key and ec method engine
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21170)
Tomas Mraz [Fri, 14 Jul 2023 08:25:42 +0000 (10:25 +0200)]
no-module should not imply disabling DSO loading support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21459)
Matt Caswell [Wed, 12 Jul 2023 14:50:25 +0000 (15:50 +0100)]
Fix ssl3_do_write() to correctly handle retries
A BIO is documented to return -1 on write retry - but sometimes they return
0. ssl3_do_write() was incorrectly handling a 0 response.
Fixes #21422
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21434)
Matt Caswell [Wed, 12 Jul 2023 13:54:46 +0000 (14:54 +0100)]
Add a test for a retry during the handshake
Test various scenarios for a write retry occuring during a handshake.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21434)
atishkov [Fri, 7 Jul 2023 13:00:38 +0000 (16:00 +0300)]
Remove unreachable code from SSL_use_certificate_file() as in SSL_CTX_use_certificate_file()
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21394)
Dr. David von Oheimb [Sat, 17 Sep 2022 08:56:21 +0000 (10:56 +0200)]
CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
Dr. David von Oheimb [Sat, 3 Jun 2023 15:17:14 +0000 (17:17 +0200)]
CMP app and API doc: add note on critical server auth on receiving trust anchor certs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
Dr. David von Oheimb [Sat, 3 Jun 2023 15:15:06 +0000 (17:15 +0200)]
CMP doc: various small corrections, mostly on PBM vs. MAC-based protection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
Dr. David von Oheimb [Sat, 3 Jun 2023 04:53:58 +0000 (06:53 +0200)]
rename OSSL_CMP_get{,1}_caCerts and improve OSSL_CMP_exec_certreq.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
Dr. David von Oheimb [Mon, 5 Jun 2023 20:53:43 +0000 (22:53 +0200)]
APPS load_key_certs_crls(): improve error string macro FAIL_NAME
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
Hugo Landau [Thu, 13 Jul 2023 13:40:48 +0000 (14:40 +0100)]
Minor fixups
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Thu, 13 Jul 2023 12:48:32 +0000 (05:48 -0700)]
QUIC: Fix multistream test on macOS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Thu, 13 Jul 2023 11:32:48 +0000 (12:32 +0100)]
Minor fixups
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Thu, 6 Jul 2023 14:23:05 +0000 (15:23 +0100)]
QUIC: Fix multistream script 19 stochastic test failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Thu, 6 Jul 2023 19:14:10 +0000 (20:14 +0100)]
Minor updates 2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Mon, 3 Jul 2023 12:15:12 +0000 (13:15 +0100)]
Minor updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Wed, 7 Jun 2023 13:15:50 +0000 (14:15 +0100)]
QUIC: Multistream test fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Wed, 7 Jun 2023 13:11:50 +0000 (14:11 +0100)]
QUIC: Correct minimal frame encoding test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Wed, 7 Jun 2023 12:39:15 +0000 (13:39 +0100)]
QUIC: test fixes for WPACKET use
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:59:11 +0000 (16:59 +0100)]
make update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC QSM: Get rid of recv_fin_retired in favour of recv_state
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC QSM: Update API documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC CONFORMANCE/APL: Handle FIN/reset retirement correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC Send Stream State: Transition to DATA_SENT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Wire the DATA_SENT state
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC APL: Validate receive stream state
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC APL: Validate send stream state
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Stop handling frames after termination
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC Conformance: Frame Handling Tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 9.6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Validate preferred_addr transport parameter
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 19.16: RETIRE_CONNECTION_ID frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:12 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 19.15: NEW_CONNECTION_ID frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC RXDP: Make ACK eliciting definition more resilient and centralised
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 19.14: STREAMS_BLOCKED Frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 19.13: STREAM_DATA_BLOCKED Frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 19.7
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
RFC 9000 s. 19.8: Enforce maximum stream size
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 17.2.5.1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 17.2.2: Enforce no initial token from server
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Enforce packet header reserved bits
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC WIRE: Allow encoding/decoding of reserved header bits
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 13.3: MAX_STREAM_DATA generation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 12.5: Application CONNECTION_CLOSE frame masking
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 12.5: Ensure CFQ can not be used to send disallowed frame types in a given PN space
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 12.3: PN Limit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 12.3: PN duplicate suppression
Make sure PN duplicate suppression is side-channel safe by doing
the duplicate test after AEAD verification.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC ACKM: Clarify the role of is_inflight
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Enforce minimal frame type encoding
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Packet handling fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Handle RESET_STREAM final size correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC CONFORMANCE: Validate RESET_STREAM final sizes correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC: Note that we do not retransmit stream data for retransmitted streams
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC QSM: Free unneeded stream buffers, calculate RESET_STREAM final size correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC QSM: Model final sizes and handle STOP_SENDING correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC CONFORMANCE: RFC 9000 s. 3.3: Stream States — Permitted Frame Types — STREAM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
Hugo Landau [Tue, 6 Jun 2023 15:25:10 +0000 (16:25 +0100)]
QUIC QSM/STREAM: Refactor to use RFC stream states
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
ljuzwiuk [Thu, 13 Jul 2023 09:11:28 +0000 (09:11 +0000)]
Fix RSA OAEP set/get label for legacy engine
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21401)
ljuzwiuk [Tue, 11 Jul 2023 20:43:32 +0000 (20:43 +0000)]
Remove duplicated values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21401)
Matt Caswell [Tue, 11 Jul 2023 16:32:10 +0000 (17:32 +0100)]
Test loading a PEM file from multiple threads
The new decoder optimisation has some locking involved so we confirm that
reading a PEM file from multiple threads works as expected.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
Matt Caswell [Mon, 10 Jul 2023 16:41:06 +0000 (17:41 +0100)]
Optimise PKEY decoders
The most expensive part of using a PKEY decoder is the
OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder
chains, which is a complex and time consuming operation. However, if no
new providers have been loaded/unloaded since the last time it was called
we can expect the same results for the same parameters. Note that this
operation takes place *before* we event parse the data for decoding so it
is not dependent on the parsed data at all.
We introduce a cache for OSSL_DECODER_CTX objects. If we have been called
with the same parameters then we just duplicate an existing
OSSL_DECODER_CTX. This should be significantly faster than creating a new
one every time.
Partially addressed the issue in #15199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
Tomas Mraz [Fri, 7 Jul 2023 07:54:18 +0000 (09:54 +0200)]
Add CHANGES.md and NEWS.md entries for CVE-2023-2975
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
Tomas Mraz [Tue, 4 Jul 2023 15:50:37 +0000 (17:50 +0200)]
Add testcases for empty associated data entries with AES-SIV
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
Tomas Mraz [Tue, 4 Jul 2023 15:30:35 +0000 (17:30 +0200)]
Do not ignore empty associated data with AES-SIV mode
The AES-SIV mode allows for multiple associated data items
authenticated separately with any of these being 0 length.
The provided implementation ignores such empty associated data
which is incorrect in regards to the RFC 5297 and is also
a security issue because such empty associated data then become
unauthenticated if an application expects to authenticate them.
Fixes CVE-2023-2975
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
Randall S. Becker [Thu, 1 Jun 2023 19:29:15 +0000 (13:29 -0600)]
Modified OSSL_parse_url to initialize pport_num to 0.
This change is intended to provide some safety for uninitialized stack failures
that have appeared in 80-test_cmp_http on NonStop x86 when run in a complex
CI/CD Jenkins environment. This change also adds init_pint() to handle the
initialization of a pointer to int value.
Fixes: #21083
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21109)
(cherry picked from commit
45cd2554efc82f8959b4e8ac53bc419b4d5e195a)
Tomas Mraz [Mon, 10 Jul 2023 14:16:24 +0000 (16:16 +0200)]
quicapitest: Fix SSL_trace() test on big endian platforms
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)
Tomas Mraz [Mon, 10 Jul 2023 13:52:06 +0000 (15:52 +0200)]
ossl_quic_wire_encode_pkt_hdr(): Assign ptrs only on static buf wpkt
Pointers can be invalidated when the underlying BUF_MEM grows.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)
dependabot[bot] [Fri, 14 Jul 2023 08:11:39 +0000 (08:11 +0000)]
Bump coverallsapp/github-action from 2.2.0 to 2.2.1
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.2.0...v2.2.1)
---
updated-dependencies:
- dependency-name: coverallsapp/github-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21454)
dependabot[bot] [Fri, 14 Jul 2023 08:07:23 +0000 (08:07 +0000)]
Bump actions/setup-python from 4.6.1 to 4.7.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.1...v4.7.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21455)
slontis [Tue, 9 May 2023 03:07:50 +0000 (13:07 +1000)]
Add FIPS build instructions
If you are building the latest release source code with enable-fips configured
then the FIPS provider you are using is not likely to be FIPS compliant.
This update demonstrates how to build a FIPS provider that is compliant
and use it with the latest source code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20907)
Amir Ayupov [Wed, 12 Jul 2023 22:14:51 +0000 (15:14 -0700)]
Move Keccak rhotates tables to rodata
rhotates tables are placed to .text section which confuses tools such as BOLT.
Move them to rodata to unbreak and avoid polluting icache/iTLB with data.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21440)
Pauli [Fri, 7 Jul 2023 08:37:08 +0000 (18:37 +1000)]
Add a NEWS entry covering the FIPS related changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21386)
(cherry picked from commit
dfc4b6c93b99f6666cd958c5643a24bb6edff7b7)
Pankul94 [Tue, 11 Jul 2023 16:46:48 +0000 (09:46 -0700)]
Changes to resolve symbol conflict due to gf_mul
CLA: trivial
Changed names of internal functions to resolve symbol conflict when Openssl is used with intel/ISA-L.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21421)
Liu-ErMeng [Tue, 11 Jul 2023 08:22:53 +0000 (16:22 +0800)]
use '__builtin_expect' to improve EVP_EncryptUpdate performance for gcc/clang.
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21425)