Matt Caswell [Tue, 1 Nov 2022 15:54:30 +0000 (15:54 +0000)]
Remove references to read_mac_secret and write_mac_secret
They are no longer used and can be removed.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
Matt Caswell [Mon, 31 Oct 2022 16:31:28 +0000 (16:31 +0000)]
Remove the read_iv/write_iv fields from SSL_CONNECTION
These fields are instead held in the new record layer code and are
therefore no longer needed.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
Matt Caswell [Mon, 31 Oct 2022 16:22:05 +0000 (16:22 +0000)]
Remove compress/expand fields from SSL_CONNECTION
They are no longer needed. The new record layer handles this.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
Matt Caswell [Mon, 31 Oct 2022 16:04:08 +0000 (16:04 +0000)]
Remove remaining refs to enc_(write|read)_ctx/(read|write)_hash
Those fields are no longer used. Their previous function is now in the new
record layer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
J.W. Jagersma [Thu, 10 Nov 2022 16:46:40 +0000 (17:46 +0100)]
use OSSL_PARAM_construct_uint32 for max_early_data
Otherwise, this causes a warning on platforms where 'uint32_t' is
defined as 'unsigned long int' instead of 'unsigned int'.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
J.W. Jagersma [Sat, 1 Oct 2022 18:14:48 +0000 (20:14 +0200)]
djgpp: Fix unused-but-set-variable warning
I chose to just hide this behind '#ifndef __DJGPP__', instead of listing
all the macro combinations where it *is* used. That would make quite a
mess.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
J.W. Jagersma [Sat, 1 Oct 2022 17:03:11 +0000 (19:03 +0200)]
djgpp: Skip check for negative timeval
This causes a warning since tv_sec is unsigned.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
J.W. Jagersma [Sat, 1 Oct 2022 17:01:40 +0000 (19:01 +0200)]
Define threads_lib.c functions only for OPENSSL_SYS_UNIX
This matches the declaration in <openssl/crypto.h>.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
J.W. Jagersma [Sat, 1 Oct 2022 16:44:38 +0000 (18:44 +0200)]
Cast socklen_t to size_t in assert comparison
This causes a warning otherwise when socklen_t is signed (Watt32).
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
J.W. Jagersma [Sat, 1 Oct 2022 16:41:44 +0000 (18:41 +0200)]
Cast values to match printf format strings.
For some reason djgpp uses '(unsigned) long int' for (u)int32_t. This
causes errors with -Werror=format, even though these types are in
practice identical.
Obvious solution: cast to the types indicated by the format string.
For asn1_time_test.c I changed the format string to %lli since time_t
may be 'long long' some platforms.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
Bernd Edlinger [Thu, 10 Nov 2022 17:51:44 +0000 (18:51 +0100)]
Resign test/certs/rootCA.pem to expire in 100 years
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
Bernd Edlinger [Thu, 10 Nov 2022 17:23:25 +0000 (18:23 +0100)]
Update the validity period of
ed25519 cerificates
Note: The private key is test/certs/root-
ed25519.privkey.pem
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
Tomas Mraz [Wed, 12 Oct 2022 10:22:25 +0000 (12:22 +0200)]
test_CMAC_keygen(): Avoid using ECB cipher with CMAC
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
Tomas Mraz [Wed, 12 Oct 2022 09:30:56 +0000 (11:30 +0200)]
cmac_set_ctx_params(): Fail if cipher mode is not CBC
Also add negative test cases for CMAC and GMAC using
a cipher with wrong mode.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
Tomas Mraz [Wed, 12 Oct 2022 09:26:43 +0000 (11:26 +0200)]
demos/mac/cmac-aes256: Clarify the cipher algorithm used
The currently used cipher is aes256 which is an alias to AES-256-CBC,
so the demo is correct.
However it might be misleading so make it clear the CBC mode
cipher is used.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
Tomas Mraz [Wed, 9 Nov 2022 12:36:21 +0000 (13:36 +0100)]
Add test for generating safeprime DH parameters
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)
Tomas Mraz [Wed, 9 Nov 2022 09:55:48 +0000 (10:55 +0100)]
Use libctx when generating DH parameters
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)
Pauli [Thu, 3 Nov 2022 21:43:38 +0000 (08:43 +1100)]
fuzz: add punycode decoder fuzz test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
Pauli [Thu, 3 Nov 2022 00:55:13 +0000 (11:55 +1100)]
punycode: update to use WPACKET instead of using custom range checking
Add test for `.' overflows, remove the output size argument from
ossl_a2ulabel() since it was never used and greatly complicated the code.
Convert ossl_a2ulabel() to use WPACKET for building the output string.
Update the documentation to match the new definition of ossl_a2ulabel().
x509: let punycode handle the '\0' string termination. Saves a memset(3)
and some size fiddling. Also update to deal with the modified parameters.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
Milan Broz [Sat, 29 Oct 2022 09:48:51 +0000 (11:48 +0200)]
pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey
Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
Milan Broz [Sat, 29 Oct 2022 09:46:34 +0000 (11:46 +0200)]
pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional
The copy of PKEY should be released on the error path.
Easily reproduced with "ED448" context.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
Tomas Mraz [Tue, 8 Nov 2022 16:43:22 +0000 (17:43 +0100)]
Limit size of modulus for BN_mod_exp_mont_consttime()
Otherwise the powerbufLen can overflow.
Issue reported by Jiayi Lin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19632)
Pauli [Wed, 9 Nov 2022 00:31:50 +0000 (11:31 +1100)]
Revert "Skip DES based tests in FIPS mode"
This reverts commit
5db2b4a292b4576185287a9e01e4ba4098b4aa66.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
Pauli [Tue, 8 Nov 2022 22:54:02 +0000 (09:54 +1100)]
Revert "Remove conditional FIPS dependence for 3DES"
This reverts commit
464c1011b02936850fc779739013dba52650840a.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
Pauli [Tue, 8 Nov 2022 22:53:21 +0000 (09:53 +1100)]
Revert "Move DES based test cases out of FIPS territory"
This reverts commit
c511953a0828e126b80a9ea8cee12d001d685ba8.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
Pauli [Tue, 8 Nov 2022 22:51:55 +0000 (09:51 +1100)]
Put 3DES back into the FIPS provider as a non-approved algorithm
This reverts commit
fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes
how 3DES is advertised.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
Cameron Cawley [Fri, 4 Nov 2022 13:49:00 +0000 (13:49 +0000)]
pkcs7: Remove unused includes
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19608)
Tomas Mraz [Wed, 9 Nov 2022 12:55:56 +0000 (13:55 +0100)]
fips-label.yml: Fix the script after actions/github-script upgrade
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19636)
Sam James [Wed, 2 Nov 2022 01:49:37 +0000 (01:49 +0000)]
CI: Add Alpine (musl)
I'm not intending to add every single possible combination of distros
to compiler-zoo, but I think this one is worthwhile.
musl tends to be Different Enough (TM) to allow problems to be found,
in particular (but not limited to) its malloc implementation ("mallocng").
It's also quite a common environment, especially in containers, so
I think it's worth testing on.
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19577)
Alexander Sosedkin [Thu, 3 Nov 2022 18:24:15 +0000 (19:24 +0100)]
Fix CertificateCompressionAlgorithm to be read as 2-octet-wide
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19600)
Reinhard Urban [Fri, 28 Oct 2022 07:56:05 +0000 (09:56 +0200)]
Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread
Either suppress the error, or better make smbuf longer.
Detected with -Werror.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19528)
Hugo Landau [Wed, 12 Oct 2022 16:44:40 +0000 (17:44 +0100)]
QUIC CFQ Fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
Hugo Landau [Thu, 15 Sep 2022 11:48:50 +0000 (12:48 +0100)]
QUIC FIFD
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
Hugo Landau [Thu, 15 Sep 2022 11:29:10 +0000 (12:29 +0100)]
QUIC TXPIM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
Hugo Landau [Thu, 15 Sep 2022 10:31:11 +0000 (11:31 +0100)]
QUIC CFQ
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
Hugo Landau [Tue, 13 Sep 2022 15:08:42 +0000 (16:08 +0100)]
QUIC Frame-in-Flight Manager Design
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
Matt Caswell [Mon, 7 Nov 2022 12:02:08 +0000 (12:02 +0000)]
Use the same encryption growth macro consistently
We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.
Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19622)
Tomas Mraz [Fri, 4 Nov 2022 11:31:16 +0000 (12:31 +0100)]
Test that signatures using hash name commands work properly
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)
Tomas Mraz [Fri, 4 Nov 2022 11:20:08 +0000 (12:20 +0100)]
apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name
Fixes #19589
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)
Matt Caswell [Wed, 26 Oct 2022 16:14:21 +0000 (17:14 +0100)]
Assert that we do not exceed the DTLS MTU
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)
Matt Caswell [Wed, 26 Oct 2022 15:55:46 +0000 (16:55 +0100)]
Fix dtls_get_max_record_overhead()
We fix dtls_get_max_record_overhead() to give a better value for the max
record overhead. We can't realistically handle the compression case so we
just ignore that.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)
Matt Caswell [Mon, 24 Oct 2022 16:30:42 +0000 (17:30 +0100)]
Fix the ceiling on how much encryption growth we can have
Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)
Todd Short [Thu, 3 Nov 2022 17:20:07 +0000 (13:20 -0400)]
Add zlib oneshot compression
Fixes #19520
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19603)
Wangchong Zhou [Fri, 28 Oct 2022 03:47:50 +0000 (11:47 +0800)]
Check for private key existence before calling eddsa sign functions
Fixes #19524
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19525)
Richard Levitte [Fri, 4 Nov 2022 09:37:13 +0000 (10:37 +0100)]
crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case
The use case is that uppercase .ASM extension may be used on some platforms,
and we were only testing for the lowercase extension.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19604)
Richard Levitte [Thu, 3 Nov 2022 14:24:52 +0000 (15:24 +0100)]
Configurations/*.tmpl: overhaul assembler make rules.
NOTE: Not Configurations/unix-Makefile.tmpl, as that was done 4 years
ago, in commit
a23f03166e0ec49ac09b3671e7ab4ba4fa57d42a.
So far assembly modules were intended to be built as .pl->.S->.{asmext}
followed by .{asmext}->.o. This posed a problem in build_all_generated
rule if it was executed on another computer, and also turned out to be
buggy, as .S was also translated to .{asmext} on Windows and VMS.
Both issues are fixed by changing the rule sequence to .pl->.S and then
.S->.s->.o, with the added benefit that the Windows and VMS build file
templates are more in sync with unix-Makefile.tmpl and slightly simpler.
Fixes #19594
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19598)
Tomas Mraz [Wed, 2 Nov 2022 07:53:36 +0000 (08:53 +0100)]
Update GitHub actions as suggested by dependabot
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19581)
Pauli [Wed, 2 Nov 2022 01:20:16 +0000 (12:20 +1100)]
Coverity
1516624: Fix overrun memory access.
Not possible to hit but good to address.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19576)
Todd Short [Thu, 27 Oct 2022 14:27:29 +0000 (10:27 -0400)]
Fix coverity
1516093 tainted scalar
|uclen| is created from three byte values, so this seems a bit
redundant, but if it makes coverity happy
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19519)
slontis [Mon, 30 May 2022 04:37:53 +0000 (14:37 +1000)]
Fix documentation for some i2d return values.
i2d_XXX_bio and i2d_XXX_fp return either 0 or 1.
Other i2d_XXX functions return the number of bytes or negative on error.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18427)
slontis [Mon, 30 May 2022 04:32:36 +0000 (14:32 +1000)]
Add d2i_PUBKEY_ex_fp and d2i_PUBKEY_ex_bio.
These functions pass a library content and prop query.
The i2d documentation related to these functions has been corrected since the bio and fp functions always return 0 or 1.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18427)
Richard Levitte [Mon, 31 Oct 2022 07:56:15 +0000 (08:56 +0100)]
providers/common/der/oids_to_c.pm: Remove use of Data::Dumper
This is a development remnant, which should have been remove when finalized.
Fixes #19546
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19548)
slontis [Thu, 13 Oct 2022 07:02:54 +0000 (17:02 +1000)]
Add test for X509 sign TBS cache regression.
See Issue #19388.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19406)
Matt Caswell [Tue, 25 Oct 2022 14:55:38 +0000 (15:55 +0100)]
Update the pipelining docs
Document the effect on the internal read buffer when using pipelining.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
Matt Caswell [Tue, 25 Oct 2022 14:47:36 +0000 (15:47 +0100)]
Fix read pipelining
During read pipelining we must ensure that the buffer is sufficiently large
to read enough data to fill our pipelines. We also remove some code that
moved data to the start of the packet if we can. This was unnecessary
because of later code which would end up moving it anyway. The earlier move
was also incorrect in the case that |clearold| was 0. This would cause the
read pipelining code to fail with sufficiently large records.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
Matt Caswell [Fri, 21 Oct 2022 13:08:29 +0000 (14:08 +0100)]
Pipeline output/input buf arrays must live until the EVP_Cipher is called
The pipeline input/output buf arrays must remain accessible to the
EVP_CIPHER_CTX until EVP_Cipher is subsequently called. This fixes an
asan error discovered by the newly added pipeline test.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
Matt Caswell [Thu, 20 Oct 2022 15:36:37 +0000 (16:36 +0100)]
Add a test for TLS pipelining
TLS pipelining provides the ability for libssl to read or write multiple
records in parallel. It requires special ciphers to do this, and there are
currently no built-in ciphers that provide this capability. However, the
dasync engine does have such a cipher, so we add a test for this capability
using that engine.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19456)
Tomas Mraz [Tue, 11 Oct 2022 15:26:23 +0000 (17:26 +0200)]
Release the drbg in the global default context before engines
Fixes #17995
Fixes #18578
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/19386)
Bernd Edlinger [Sat, 2 Apr 2022 11:41:12 +0000 (13:41 +0200)]
Add a test case for the engine crash with AES-256-CTR
Implement the AES-256-CTR cipher in the dasync engine.
Use that to reproduce the reported problems with the
devcrypto engine in our normal test environment.
See #17995 and #17532 for details.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19386)
yangyangtiantianlonglong [Thu, 27 Oct 2022 09:17:55 +0000 (17:17 +0800)]
Potential null pointer reference
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19429)
slontis [Thu, 27 Oct 2022 07:56:12 +0000 (17:56 +1000)]
Attempt to fix CI Daily build error
For some reason the newly introduced CI test
for sctp causes issues. It is unknown why this
seems to work when testing, but doesnt work
once it was merged.
The test has been put into its own file, with
skips on error if the setup fails..
This will need to be merged to test if this
works.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19511)
Hugo Landau [Fri, 28 Oct 2022 06:32:54 +0000 (07:32 +0100)]
Fix unused variable in QUIC send stream test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19526)
Xu Yizhou [Mon, 31 Oct 2022 03:28:15 +0000 (11:28 +0800)]
Apply SM4 optimization patch to Kunpeng-920
In the ideal scenario, performance can reach up to 2.2X.
But in single block input or CFB/OFB mode, CBC encryption,
performance could drop about 50%.
Perf data on Kunpeng-920 2.6GHz hardware, before and after optimization:
Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CTR 75318.96k 79089.62k 79736.15k 79934.12k 80325.44k 80068.61k
SM4-ECB 80211.39k 84998.36k 86472.28k 87024.93k 87144.80k 86862.51k
SM4-GCM 72156.19k 82012.08k 83848.02k 84322.65k 85103.65k 84896.43k
SM4-CBC 77956.13k 80638.81k 81976.17k 81606.31k 82078.91k 81750.70k
SM4-CFB 78078.20k 81054.87k 81841.07k 82396.38k 82203.99k 82236.76k
SM4-OFB 78282.76k 82074.03k 82765.74k 82989.06k 83200.68k 83487.17k
After:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CTR 35678.07k 120687.25k 176632.27k 177192.62k 177586.18k 178295.18k
SM4-ECB 35540.32k 122628.07k 175067.90k 178007.84k 178298.88k 178328.92k
SM4-GCM 34215.75k 116720.50k 170275.16k 171770.88k 172714.21k 172272.30k
SM4-CBC 35645.60k 36544.86k 36515.50k 36732.15k 36618.24k 36629.16k
SM4-CFB 35528.14k 35690.99k 35954.86k 35843.42k 35809.18k 35809.96k
SM4-OFB 35563.55k 35853.56k 35963.05k 36203.52k 36233.85k 36307.82k
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19547)
Pauli [Wed, 26 Oct 2022 09:09:24 +0000 (20:09 +1100)]
fips: verify that the RNG was restored after the self tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 02:51:02 +0000 (13:51 +1100)]
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 00:48:58 +0000 (11:48 +1100)]
Update FIPS KATs for 140-3
Co-authored-by: Randall Steck <rsteck@thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark@keypair.us>
Co-authored-by: Steve Weymann <steve@keypair.us>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 00:48:07 +0000 (11:48 +1100)]
dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1
This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision
against a newly calculated public key.
Co-authored-by: Randall Steck <rsteck@thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark@keypair.us>
Co-authored-by: Steve Weymann <steve@keypair.us>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Wed, 26 Oct 2022 00:47:48 +0000 (11:47 +1100)]
Remove DES cipher from the FIPS provider
Co-authored-by: Randall Steck <rsteck@thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark@keypair.us>
Co-authored-by: Steve Weymann <steve@keypair.us>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 05:21:58 +0000 (15:21 +1000)]
Update fipsinstall tests
Co-authored-by: Randall Steck <rsteck@thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark@keypair.us>
Co-authored-by: Steve Weymann <steve@keypair.us>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 03:44:35 +0000 (13:44 +1000)]
Remove conditional FIPS dependence for 3DES
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 00:59:01 +0000 (10:59 +1000)]
Move DES based test cases out of FIPS territory
Co-authored-by: Randall Steck <rsteck@thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark@keypair.us>
Co-authored-by: Steve Weymann <steve@keypair.us>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Thu, 22 Sep 2022 00:53:11 +0000 (10:53 +1000)]
Skip DES based tests in FIPS mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Pauli [Mon, 26 Sep 2022 05:20:14 +0000 (15:20 +1000)]
rand: add set0 calls for the private and public DRBGs
The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means
the entropy needs to be cooked. This permits this.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Tomas Mraz [Thu, 27 Oct 2022 11:49:29 +0000 (13:49 +0200)]
Dependabot configuration is not a workflow
Moving it one level up so it does not confuse CI.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19515)
Pauli [Wed, 26 Oct 2022 23:25:35 +0000 (10:25 +1100)]
punycode: add unit tests
These tests verify basic functionality and specifically test for
CVE-2022-3602.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
f0f530216bf93e9cdc9c2c9e3c095229d216da15)
Pauli [Wed, 26 Oct 2022 23:22:47 +0000 (10:22 +1100)]
Fix CVE-2022-3786 in punycode decoder.
Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).
The function also did not NUL-terminate the output in some cases.
The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
c42165b5706e42f67ef8ef4c351a9a4c5d21639a)
Pauli [Wed, 26 Oct 2022 23:21:41 +0000 (10:21 +1100)]
Fix CVE-2022-3602 in punycode decoder.
An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
fe3b639dc19b325846f4f6801f2f4604f56e3de3)
Richard Levitte [Fri, 28 Oct 2022 10:11:30 +0000 (12:11 +0200)]
crypto/dso/dso_vms.c: Better definition of DSO_MALLOC()
Now we cover all possible cases.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19529)
Richard Levitte [Fri, 28 Oct 2022 10:05:33 +0000 (12:05 +0200)]
providers/implementations/kdfs/pvkkdf.c: Ensure SIZE_MAX is defined
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19529)
Tomas Mraz [Mon, 24 Oct 2022 10:28:58 +0000 (12:28 +0200)]
tests: clear error queue before executing a testcase
There can be errors in the queue from previous tests and
we look at it to verify we do not add spurious errors in
some testcases.
Fixes #19477
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19483)
(cherry picked from commit
4bae06d47ae26b37a948d31f11884e1813f6d669)
Joakim Antman [Wed, 19 Oct 2022 16:12:39 +0000 (19:12 +0300)]
Fix parameter names for RSA private key example
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19443)
Richard Levitte [Wed, 6 Jul 2022 04:09:01 +0000 (06:09 +0200)]
Make openVMS seeding less dependent of OpenVMS version
SYS$GETTIM_PREC is a very new function, only available on OpenVMS v8.4.
OpenSSL binaries built on OpenVMS v8.4 become unusable on older OpenVM
versions, but building for the older CRTL version will make the high
precision time functions unavailable.
Tests have shown that on Alpha and Itanium, the time update granularity
between SYS$GETTIM and SYS$GETTIM_PREC is marginal, so the former plus
a sequence number turns out to be better to guarantee a unique nonce.
Fixes #18727
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18731)
Matt Caswell [Tue, 25 Oct 2022 15:29:43 +0000 (16:29 +0100)]
Check whether buffers have actually been allocated/freed
In the sslbuffertest we test the operation of SSL_alloc_buffers() and
SSL_free_buffers(). However this was done entirely using the public API,
and did not confirm that the buffers were actually allocated/freed. We
now extend the test to confirm this.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19472)
Matt Caswell [Fri, 21 Oct 2022 15:44:08 +0000 (16:44 +0100)]
Remove some unused OSSL_RECORD_METHOD functions
Remove two function pointers from the OSSL_RECORD_METHOD. Those functions
were no-ops and were never called.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19472)
Matt Caswell [Fri, 21 Oct 2022 15:12:31 +0000 (16:12 +0100)]
Make SSL_alloc_buffers() and SSL_free_buffers() work again
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19472)
Paul Kehrer [Wed, 19 Oct 2022 14:29:25 +0000 (09:29 -0500)]
add dependabot to keep actions versions up-to-date
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19441)
slontis [Wed, 26 Oct 2022 01:10:50 +0000 (11:10 +1000)]
Use RSA CRT parameters in FIPS self tests.
Fixes #19488
Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)
Pauli [Tue, 25 Oct 2022 09:01:12 +0000 (20:01 +1100)]
rand: remove the ossl_rand_pool_add_additional_data() function.
This function isn't called from anywhere and cannot easily be used
by the current RNG infrastructure.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/19493)
Todd C. Miller [Mon, 24 Oct 2022 14:00:48 +0000 (08:00 -0600)]
ssl_cipher_process_rulestr: don't read outside rule_str buffer
If rule_str ended in a "-", "l" was incremented one byte past the
end of the buffer. This resulted in an out-of-bounds read when "l"
is dereferenced at the end of the loop. It is safest to just return
early in this case since the condition occurs inside a nested loop.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19166)
Richard Levitte [Thu, 6 Oct 2022 11:05:39 +0000 (13:05 +0200)]
Fix 32-bit Windows issues related to QUIC Wire functions
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
Richard Levitte [Thu, 6 Oct 2022 09:43:16 +0000 (11:43 +0200)]
Fix 32-bit Windows issues related to QUIC_STREAM
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
Richard Levitte [Wed, 5 Oct 2022 08:52:59 +0000 (10:52 +0200)]
Fix 32-bit Windows issues related to QUIC_ACKM / QUIC_CC
The re-occuring surprise is that in Win32, size_t is 32 bits...
Fixed by changing size_t to uint64_t in QUIC_CC
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
Richard Levitte [Wed, 5 Oct 2022 08:20:35 +0000 (10:20 +0200)]
Fix definitions of SHUT_RD and SHUT_WR
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
Richard Levitte [Wed, 5 Oct 2022 07:34:11 +0000 (09:34 +0200)]
Github Actions: Enable building QUIC on Windows
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
Matt Caswell [Mon, 24 Oct 2022 08:22:01 +0000 (09:22 +0100)]
Fix a lock in provider_remove_store_methods()
We were taking a read lock. It should have been a write lock.
Fixes #19474
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19481)
Matt Caswell [Fri, 21 Oct 2022 13:32:51 +0000 (14:32 +0100)]
Fix test_tls13_encryption()
This test was disabled during the record write record layer refactor.
We can now enable it again.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19470)
Matt Caswell [Mon, 24 Oct 2022 08:18:34 +0000 (09:18 +0100)]
Fix a compilation failure in bio_comp_test.c
Compiling with clang, --strict-warnings and enable-zlib-dynamic resulted
in a compilation failure. This fixes it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19480)
Daniel Fiala [Mon, 10 Oct 2022 08:53:14 +0000 (10:53 +0200)]
openssl list: Fix help text about -cipher-algorithms option
Fixes openssl#19133
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19370)
Tomas Mraz [Thu, 20 Oct 2022 14:14:29 +0000 (16:14 +0200)]
Workaround egd rand source deficiencies
With egd as the rand source the reseed after fork confuses the egd.
Fixes #19396
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19454)
(cherry picked from commit
0b3fec502298f9a16889d2507948a916416e71cf)
xkernel [Wed, 19 Oct 2022 16:40:25 +0000 (00:40 +0800)]
Checking the return of BIO_new_fp(). If it returns NULL, then it is unnecessary to build the BIO chain and better make the caller directly return NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19445)