fisher.yu [Wed, 14 Jun 2023 07:17:49 +0000 (07:17 +0000)]
Fix function signatures in aes-gcm-armv8 comments.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21208)
Pauli [Wed, 14 Jun 2023 06:53:51 +0000 (16:53 +1000)]
fips: use tsan counter instead of tsan_add to increment
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21199)
Hugo Landau [Mon, 12 Jun 2023 13:13:33 +0000 (14:13 +0100)]
QUIC: Allow application to trigger TXKU
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Mon, 12 Jun 2023 13:13:26 +0000 (14:13 +0100)]
QUIC: Minor fixups
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 14:37:34 +0000 (15:37 +0100)]
QUIC CHANNEL: Inform the ACKM when the handshake is confirmed
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC: Test key update works correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Optimise key update using ACKs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC: Add internal APIs for white-box testing of key update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Enforce the RX packet forgery limit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RXDP: Strictly enforce ACK PNs with regard to TX key epochs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Ensure new packets aren't enforced with old keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC CHANNEL: Handle key updates correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Make TXP use time callback correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC APL: Correct implementation of time callback override
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RX: Support reporting the key epoch a packet was received with
This is needed to support key update validation on the receive side.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Allow callbacks on ACK transmission
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC TXP: Allow next PN to be used to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:06 +0000 (12:23 +0100)]
QUIC RX: Refactor key update callback to provide PN
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC TXP: Remove TX key update handling from TXP
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC TXP: Refactor status output to use an extensible structure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC ACKM: Allow largest acked PN to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC WIRE: Utility function to determine if PN is in an ACK frame
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Hugo Landau [Tue, 23 May 2023 11:23:05 +0000 (12:23 +0100)]
QUIC Glossary: TXKU, RXKU, KU
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Richard Levitte [Wed, 8 Mar 2023 10:53:34 +0000 (11:53 +0100)]
apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't been documented, and the meaning has been
left undefined, until now.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20460)
Hugo Landau [Tue, 13 Jun 2023 09:40:22 +0000 (10:40 +0100)]
Partially revert #18070 (Add support for Windows CA certificate store)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21190)
Richard Levitte [Mon, 12 Jun 2023 04:31:25 +0000 (06:31 +0200)]
OpenSSL::paramnames: Use less magic perl
Constructions like $$cursor{whatever} and %$cursor{whatever} were ambiguous
in some perl versions, and it's still better to use the arrow syntax for the
way we use them, i.e. they can both be replaced with $cursor->{whatever}.
Fixes #21152
Fixes #21172
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21178)
Dimitri Papadopoulos [Tue, 9 May 2023 07:06:40 +0000 (09:06 +0200)]
Fix typos found by codespell
Typos in doc/man* will be fixed in a different commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20910)
Pauli [Mon, 12 Jun 2023 23:37:57 +0000 (09:37 +1000)]
fips: update DSA security check to fix legacy verify strengths
Refer SP 800-131Ar2 table 2:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
Fixes #21185
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21186)
Michael Baentsch [Tue, 13 Jun 2023 15:30:30 +0000 (17:30 +0200)]
updated (lib+)oqsprovider to latest releases
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21194)
Matt Caswell [Mon, 12 Jun 2023 15:21:16 +0000 (16:21 +0100)]
Only take note of the ack deadline if we can actually issue an ack
When determining the next tick deadline we cannot actually issue an
ack if the CC will not let us, or the enc_level is not yet provisioned.
This avoids a bug where we can end up in a busy loop because the next
event deadline is reported as "now" because we want to send an ack, but
we can't actually send anything yet.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21181)
Tomas Mraz [Mon, 12 Jun 2023 17:49:03 +0000 (19:49 +0200)]
cmactest.c: Fix no-des and no-sm4 build failures
Also use OSSL_NELEM instead of hardcoding array size.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21183)
Pauli [Tue, 13 Jun 2023 01:39:23 +0000 (11:39 +1000)]
fips: use memory ordering rather than locks
The FIPS provider accesses it's current state under lock.
This is overkill, little or no synchronisation is actually required in
practice (because it's essentially a read only setting). Switch to using
TSAN operations in preference.
Fixes #21179
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21187)
Matt Caswell [Wed, 7 Jun 2023 15:26:58 +0000 (16:26 +0100)]
Fix minor issues in the demo/man pages for TLS client/blocking
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Wed, 7 Jun 2023 14:58:42 +0000 (15:58 +0100)]
Split the blocking TLS client guide page into two
We split the page into two: one covering basic TLS introductory material
that applies to both clients and servers, and one with the specific
material on writing a blocking TLS client.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Wed, 7 Jun 2023 11:10:41 +0000 (12:10 +0100)]
Allow man7 pages to not have a DESCRIPTION section
For tutorial type pages it doesn't make any sense to have a DESCRIPTION
section.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Fri, 2 Jun 2023 11:26:12 +0000 (12:26 +0100)]
Add a tutorial on writing a simple blocking TLS client
Provide guidance on the steps needed to write a very simple blocking TLS
client.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Matt Caswell [Fri, 2 Jun 2023 15:31:30 +0000 (16:31 +0100)]
Add a very simple blocking TLS client demo
This blocking client is intended to be used to explain how to implement
a simple client in the documentation.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21133)
Yi Li [Mon, 17 Apr 2023 08:20:31 +0000 (16:20 +0800)]
configure: introduce no-ecx to remove ECX related feature
This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)
Mike Kasick [Fri, 9 Jun 2023 17:40:16 +0000 (13:40 -0400)]
rand_lib: RAND_poll: Reseed in non-"no-deprecated" builds.
In a non-"no-deprecated" libcrypto build with a default configuration,
RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to
the RAND_seed call (used in "no-deprecated" builds) to perform a reseed.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21167)
Jiasheng Jiang [Fri, 23 Sep 2022 02:35:39 +0000 (10:35 +0800)]
crypto/sm2/sm2_sign.c: Add BN_CTX_end
To match the BN_CTX_start, it should be better to add
BN_CTX_end in the end of the function.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19266)
Wim Decroix [Thu, 8 Jun 2023 10:40:36 +0000 (12:40 +0200)]
X509_NAME_cmp fix for empty name
CLA: trivial
Fixes #21156
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21155)
fisher.yu [Mon, 12 Jun 2023 00:59:42 +0000 (00:59 +0000)]
Update CMAC test cases.
1. Update cmac test cases, fullfilling test data by short string
instead of using long string directly.
2. Modify the wording of comments in cmac.c
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21177)
Matthias St. Pierre [Wed, 17 May 2023 09:54:07 +0000 (11:54 +0200)]
INSTALL: document shared library pinning for static builds
The libcrypto library uses shared library pinning to prevent its
cleanup handlers from crashing at program termination because of a
premature unloading of the shared library.
However, shared library pinning is enabled also for static builds,
which may lead to surpising behaviour if libcrypto is linked
statically to a shared third-party library, because in this case
the third-party library gets pinned.
This surprising behaviour is caused by the fact that the `no-shared`
configure option does not imply `no-pinshared`. Since this quirk
can't be changed without potentially breaking existing code, we just
document it here and provide a workaround.
Fixes #20977
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20985)
Theo Buehler [Sat, 10 Jun 2023 09:01:32 +0000 (11:01 +0200)]
Fix incorrect ERR_raise() calls
A few ERR_raise() calls in v3_purp.c use the wrong library. For example,
in OpenSSL 3.1.1 we get
00000000:error:
0580009E:x509 certificate routines:ossl_x509v3_cache_extensions:reason(158):crypto/x509/v3_purp.c:635:
instead of
00000000:error:
1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate:crypto/x509/v3_purp.c:635:
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21168)
Michael Baentsch [Sun, 4 Jun 2023 12:43:35 +0000 (14:43 +0200)]
add cygwin CI
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21006)
Michael Baentsch [Sat, 20 May 2023 04:47:39 +0000 (06:47 +0200)]
Fix build on cygwin
Fixes #19531
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21006)
James Knight [Sat, 6 May 2023 00:20:02 +0000 (20:20 -0400)]
Introduce [HAVE_/NO_]MADVISE defines
Toolchains that target a non-MMU architecture may not have the `madvise`
function available, even if the `sys/mman.h` header provides a define
for `MADV_DONTDUMP` (e.g. when targeting ARMv7-M with uClibc). The
following tweaks the implementation to use `HAVE_MADVISE`/`NO_MADVISE`
defines to help indicate when to attempt to use `madvise`. This change
operates in the same manner as the original implementation (i.e. relies
on `MADV_DONTDUMP` to indicate if `madvise` can be used); however, this
change now allows a builder to override the internal detection by
explicitly providing the `HAVE_MADVISE` define at compile time. This
should give flexibility for environments which do not have `madvise`
when there is no easy logic to set `NO_MADVISE`.
Signed-off-by: James Knight <james.d.knight@live.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20851)
Heiko Stuebner [Mon, 22 May 2023 12:23:35 +0000 (14:23 +0200)]
riscv: aes: dual-license under Apache + 2-clause BSD
To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the 32+64bit aes implementations using the Zkn extension.
Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21018)
Heiko Stuebner [Thu, 30 Mar 2023 08:29:21 +0000 (10:29 +0200)]
riscv: GCM: dual-license under Apache + 2-clause BSD
To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the recently added GCM ghash functions.
Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20649)
Tomas Mraz [Wed, 7 Jun 2023 12:33:22 +0000 (14:33 +0200)]
Coverity
1528485: Remove unused assignment of wvalue
wvalue is always initialized at the beginning of each cycle
and used only within the cycle
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21145)
Tomas Mraz [Wed, 7 Jun 2023 12:28:58 +0000 (14:28 +0200)]
Coverity
1528486: Avoid assignment of unused value of bags
It is used only within the loop and always initialized
Tomas Mraz [Wed, 7 Jun 2023 12:25:58 +0000 (14:25 +0200)]
Coverity
1528487: Avoid assignment of unused value of i
Tomas Mraz [Wed, 7 Jun 2023 12:23:48 +0000 (14:23 +0200)]
Coverity
1528488: Avoid assignment of unused value rctx
Also some move redirection_url inside loop
where it is only used.
Tomas Mraz [Wed, 7 Jun 2023 12:05:38 +0000 (14:05 +0200)]
Coverity
1528490: Avoid assignment of unused value of i
It is used only within the loop and initialized at the beginning
Tomas Mraz [Wed, 7 Jun 2023 11:56:54 +0000 (13:56 +0200)]
Coverity
1528492: Fix possible memory leak if t == NULL
Tomas Mraz [Wed, 7 Jun 2023 11:47:59 +0000 (13:47 +0200)]
Coverity
1528494 and
1528493: Remove unused assignment of wvalue
wvalue is always initialized at the beginning of each cycle
and used only within the cycle
Tomas Mraz [Wed, 7 Jun 2023 11:33:40 +0000 (13:33 +0200)]
Coverity
1528496: remove assignment of unused value
ctx is used only within the loop and always assigned at start
Tomas Mraz [Wed, 7 Jun 2023 11:29:01 +0000 (13:29 +0200)]
Coverity
1529992: Check return value of sscanf()
Also moving the call to setup_tests() where it
fits better.
Tomas Mraz [Wed, 7 Jun 2023 11:22:19 +0000 (13:22 +0200)]
Coverity
1531836: Check return value of CRYPTO_atomic_add()
Tomas Mraz [Wed, 7 Jun 2023 11:18:26 +0000 (13:18 +0200)]
Coverity
1531872: j is not used anywhere later, remove the assignment
Tomas Mraz [Tue, 6 Jun 2023 10:19:10 +0000 (12:19 +0200)]
Include poll.h instead of incorrect sys/poll.h
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
Tomas Mraz [Tue, 6 Jun 2023 09:48:36 +0000 (11:48 +0200)]
Fix failures of OS Zoo CI
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
Tomas Mraz [Thu, 8 Jun 2023 08:50:52 +0000 (10:50 +0200)]
Set RC4 defines on libcrypto/liblegacy
Also add missing prototype for rc4_md5_enc.
Fixes #21150
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21153)
Michael Baentsch [Thu, 8 Jun 2023 06:05:42 +0000 (08:05 +0200)]
Cast the argument to unsigned char when calling isspace()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21151)
Matthias St. Pierre [Wed, 17 May 2023 16:37:40 +0000 (18:37 +0200)]
util/find-doc-nits: extend regex to match new OPT_INFORM A
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
Dr. Matthias St. Pierre [Wed, 26 Sep 2018 06:37:01 +0000 (08:37 +0200)]
apps/asn1parse: improve RFC7462 compliance
The asn1parse command now supports three different input formats:
openssl asn1parse -inform PEM|DER|B64
PEM: base64 encoded data enclosed by PEM markers (RFC7462)
DER: der encoded binary data
B64: raw base64 encoded data
The PEM input format is the default format. It is equivalent
to the former `-strictpem` option which is now marked obsolete
and kept for backward compatibility only.
The B64 is equivalent to the former default input format of the
asn1parse command (without `-strictpem`)
Fixes #7317
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
Dr. Matthias St. Pierre [Wed, 26 Sep 2018 06:30:54 +0000 (08:30 +0200)]
apps/opt: refactor input format parsing
- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
fisher.yu [Thu, 11 May 2023 06:43:57 +0000 (06:43 +0000)]
Optimize CMAC_Update for better performance.
Reduce the number of EVP_Cipher function calls in CMAC_Update,
to improve performance of CMAC.
Below are command and result of performance improvement.
COMMAND: openssl speed -cmac ALGORITHM
IMPROVEMENT(%):
A72 stands for Cortex A72
N1 stands for Neoverse N1
N2 stands for Neoverse N2
A72 N1 N2 x86
aes-128-cbc@256 65.4 54.6 37.9 86.6
aes-128-cbc@1024 156.0 105.6 65.8 197.1
aes-128-cbc@8192 237.7 139.2 80.5 285.8
aes-128-cbc@16384 249.1 143.5 82.2 294.1
aes-192-cbc@256 65.6 46.5 30.9 77.8
aes-192-cbc@1024 154.2 87.5 50.8 167.4
aes-192-cbc@8192 226.5 117.0 60.5 231.7
aes-192-cbc@16384 236.3 120.1 61.7 238.4
aes-256-cbc@256 66.0 40.3 22.2 69.5
aes-256-cbc@1024 136.8 74.6 35.7 142.2
aes-256-cbc@8192 189.7 93.5 41.5 191.7
aes-256-cbc@16384 196.6 95.8 42.2 195.9
des-ede3-cbc@64 6.9 4.4 2.9 7.2
des-ede3-cbc@256 9.3 6.1 4.3 13.1
des-ede3-cbc@1024 10.0 6.4 4.8 14.9
des-ede3-cbc@8192 10.3 6.5 5.1 15.5
des-ede3-cbc@16384 10.3 6.4 5.1 15.5
sm4-cbc@256 9.5 3.0 - 18.0
sm4-cbc@1024 12.3 3.6 - 24.6
sm4-cbc@8192 13.2 3.8 - 27.0
sm4-cbc@16384 13.5 3.8 - 27.2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)
fisher.yu [Mon, 22 May 2023 13:29:12 +0000 (13:29 +0000)]
Update CMAC cipher algorithm list and test cases.
1. Update manual, add SM4-CBC to CMAC cipher algorithm list.
2. Add test case for SM4-CBC CMAC, add "data length is greater
than 4 block-length" cases for aes-128-cbc, aes-192-cbc,
aes-256-cbc and des-ede3-cbc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)
Pauli [Wed, 7 Jun 2023 02:49:07 +0000 (12:49 +1000)]
Add 3.0.9 to list of FIPS releases
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
Pauli [Wed, 7 Jun 2023 00:44:01 +0000 (10:44 +1000)]
Update versions tested to include 3.1.1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
Pauli [Tue, 6 Jun 2023 23:45:15 +0000 (09:45 +1000)]
kdf test: restrict the version of the FIPS provider
Concatenation tests are provider version specific, limit them to supporting
versions.
Fixes #21134
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
Antony Polukhin [Tue, 6 Jun 2023 15:09:27 +0000 (18:09 +0300)]
Workaround false positive warning of MSAN in eng_rdrand.c
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21136)
dependabot[bot] [Thu, 8 Jun 2023 06:44:10 +0000 (06:44 +0000)]
Bump coverallsapp/github-action from 2.1.2 to 2.2.0
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.1.2...v2.2.0)
---
updated-dependencies:
- dependency-name: coverallsapp/github-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21147)
Richard Levitte [Fri, 2 Jun 2023 12:32:07 +0000 (14:32 +0200)]
build.info: Introduce special syntax for dependencies on script modules
The DEPEND statement, when applied on files generated with GENERATE, may
be used to specify script modules that the template to be generated from
depends on. In short, this sort of depend:
DEPEND[generated]=util/perl/OpenSSL/something.pm
... would generate a perl run that has the inclusion directory
'util/perl/OpenSSL' and 'something' as the module to be loaded. However,
the package name for this module is 'OpenSSL::something', so to load it the
way it's expected, the inclusion directory should be 'util/perl', and the
module to be loaded should be specified as 'OpenSSL/something' (to be
massaged into a proper module name by the build file template).
To allow this, we introduce a file syntax, where a single '|' is used as a
directory separator, to delineate what part should be used as the inclustion
directory, and which part the module name to be loaded should be derived
from:
DEPEND[generated]=util/perl|OpenSSL/something.pm
Fixes #21112
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21117)
Matt Caswell [Fri, 12 May 2023 10:57:26 +0000 (11:57 +0100)]
Modify ENGINE_pkey_asn1_find_str() to use a read lock instead of a write
ENGINE_pkey_asn1_find_str() does not make any modifications to fields
controlled by the global_engine_lock. The only change made is the struct_ref
field which is controlled separately. Therefore we can afford to only take
a read lock. This also impacts EVP_PKEY_asn1_find_str().
This lock ends up being obtained indirectly from numerous public API
functions including EVP_PKEY_key_gen(), EVP_PKEY_new_raw_public_key_ex(),
EVP_PKEY_copy_parameters() etc. This occurs even if no engines are actually
in use.
Some tests showed this lock being obtained 6 times after a "warmed up"
s_server instance with default configuration processed a handshake from a
default s_client. When processing a resumption handshake from s_client it
was obtained 8 times.
Partially fixes #20286
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
Matt Caswell [Thu, 11 May 2023 13:14:31 +0000 (14:14 +0100)]
Convert the ENGINE struct_ref field to be an atomic
We use atomic primitives to up ref and down the struct_ref field rather
than relying on the global lock for this.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
Alex Bozarth [Fri, 19 May 2023 19:08:41 +0000 (14:08 -0500)]
Add SSL_get0_group_name() to get name of the group used for KEX
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20866)
Michael Baentsch [Mon, 5 Jun 2023 11:09:29 +0000 (13:09 +0200)]
Cast the argument to unsigned char when calling isdigit()
Fixes #21123
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21127)
Tomas Mraz [Tue, 6 Jun 2023 09:32:15 +0000 (11:32 +0200)]
Make link to RFC 1578 in CHANGES.md be a proper link
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21130)
Richard Levitte [Fri, 12 May 2023 08:00:13 +0000 (10:00 +0200)]
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.
To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:
> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (
4294967295 decimal).
Fixes otc/security#96
Fixes CVE-2023-2650
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Vladimír Kotal [Thu, 1 Jun 2023 17:55:54 +0000 (19:55 +0200)]
allow to disable http
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21108)
Pauli [Wed, 31 May 2023 23:51:46 +0000 (09:51 +1000)]
doc: note that out ChaCha20 isn't standard compliant.
Fixes #21095
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21098)
Matt Caswell [Fri, 12 May 2023 15:15:21 +0000 (16:15 +0100)]
Don't take a write lock to retrieve a value from a stack
ossl_x509_store_ctx_get_by_subject() was taking a write lock for the
store, but was only (usually) retrieving a value from the stack of
objects. We take a read lock instead.
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)
Matt Caswell [Fri, 12 May 2023 14:52:07 +0000 (15:52 +0100)]
Avoid an unneccessary lock if we didn't add anything to the store
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)
Dmitry Belyavskiy [Thu, 1 Jun 2023 15:49:30 +0000 (17:49 +0200)]
Remove pointless warning on pkcs12 import
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21107)
Tomas Mraz [Fri, 2 Jun 2023 14:08:28 +0000 (16:08 +0200)]
Update fuzz/corpora submodule to latest data
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21118)
Darana [Thu, 25 May 2023 18:58:16 +0000 (23:58 +0500)]
Fix documentation where openssl-genrsa is listed as
deprecated since OpenSSL 3.0
openssl-genrsa is not deprecated however the OpenSSL documentation
states that it is the case from OpenSSL 3.0. This has been fixed in the
documentation, specifically in manpage 1.
Fixes #21055
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21059)
Pauli [Mon, 29 May 2023 00:43:48 +0000 (10:43 +1000)]
possible workaround
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
Pauli [Sun, 21 May 2023 22:09:48 +0000 (08:09 +1000)]
Update .gitignore
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
Pauli [Mon, 8 May 2023 22:08:15 +0000 (08:08 +1000)]
gcm: use the new faster param location mechanism.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
Pauli [Fri, 5 May 2023 01:52:58 +0000 (11:52 +1000)]
params: provide a faster TRIE based param lookup.
The separate file is a Perl script that generates the appropriate define
directives for inclusion in core_names.h. By having this separation it
will be possible to prebuild data structures to give faster access when
looking up parameters by name.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
Jairus Christensen [Mon, 27 Feb 2023 16:36:15 +0000 (09:36 -0700)]
[feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20248)
Matt Caswell [Wed, 10 May 2023 11:26:56 +0000 (12:26 +0100)]
Avoid taking a write lock in ossl_provider_doall_activated()
We refactor ossl_provider_doall_activated() so that we only need to take
a read lock instead of a write lock for the flag_lock. This should improve
performance by avoiding the lock contention. We achieve this by protecting
the activatecnt via atomics rather than via a lock and by avoiding the full
provider activation/deactivation procedure where it is not needed.
Partial fix for #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20927)
Matt Caswell [Mon, 15 May 2023 14:30:10 +0000 (15:30 +0100)]
Enable obtaining certain DRBG params without a lock
Even if a DRBG has locking enabled on it, there are certain parameters
which are still safe to obtain even without a lock. The max_request
value is constant for all our DRBGs. The reseed_counter does not matter
if we get it wrong - so it is safe to avoid the lock. So if all we are
reading are those parameters then we take no lock at all.
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20970)
Matt Caswell [Mon, 15 May 2023 10:33:01 +0000 (11:33 +0100)]
Refactor the DRBG implementations to manage locking themselves
Previously the EVP layer would call lock and unlock functions on the
underlying DRBG implementation to say when a lock should be acquired and
released. This gives the DRBG implementation no say as to what kind of
lock should obtained (e.g. read/write) or even whether a lock is actually
needed or not.
In reality we know whether a DRBG is supposed to be in locking mode or
not because the "enable_locking()" function will have been called if
locks should be used. Therefore we re-interpret the lock and unlock
functions as "hints" from the EVP layer which we ignore. Instead we
acquire locks only when we need them. By knowing the context we can obtain
either a read or a write lock as appropriate.
This may mean that in some rare cases we acquire the locks more than once
for a single EVP call, if the EVP call makes several calls to the underlying
DRBG. But in practice almost all EVP calls only make one such call.
EVP_RAND_generate() is an example of a call where multiple DRBG calls may
be made. One of these gets the "max_request" parameter (which is constant
for all of our own DRBGs) and it may make several calls to the DRBG generate
call - but only if the requested size is very large which will rarely be
the case.
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20970)
Dr. David von Oheimb [Tue, 30 May 2023 19:09:57 +0000 (21:09 +0200)]
openssl-cmp.pod.in: tweak doc of -subject, -issuer, -keep_alive, and -untrusted
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
Dr. David von Oheimb [Tue, 30 May 2023 19:15:09 +0000 (21:15 +0200)]
cmp_mock_srv.c: improve comment on cert to be produced from request template
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
Dr. David von Oheimb [Tue, 30 May 2023 19:10:18 +0000 (21:10 +0200)]
cmp_client.c: add comment on certConf and add 'ossl_unused' to two functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
Dr. David von Oheimb [Tue, 30 May 2023 19:09:26 +0000 (21:09 +0200)]
apps.c: add comment to do_X509_sign() referring to question #19805
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)