openssl.git
4 months agoAdd missing genpkey -rand support
Viktor Dukhovni [Sat, 13 Jan 2024 00:22:17 +0000 (19:22 -0500)]
Add missing genpkey -rand support

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23294)

4 months agoCheck whether the pubkey exists in ossl_ecx_key_dup
lan1120 [Wed, 13 Dec 2023 11:02:29 +0000 (19:02 +0800)]
Check whether the pubkey exists in ossl_ecx_key_dup

Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22984)

4 months agoRemove receiving of unused return value
Drokov Pavel [Fri, 12 Jan 2024 09:10:13 +0000 (04:10 -0500)]
Remove receiving of unused return value

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23277)

4 months agoMove discovery of the legacy alg type into the keymgmt
Matt Caswell [Thu, 11 Jan 2024 15:52:35 +0000 (15:52 +0000)]
Move discovery of the legacy alg type into the keymgmt

During creation of the EVP_PKEY_CTX we were trying to discover what legacy
alg it corresponds to every time which was slow. Instead we move this into
the construction of the EVP_KEYMGMT.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23265)

4 months agoError in s_server when -rev option is used with dtls.
Frederik Wedel-Heinen [Fri, 12 Jan 2024 09:14:43 +0000 (10:14 +0100)]
Error in s_server when -rev option is used with dtls.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23278)

4 months agoAdd X509_STORE_get1_objects
David Benjamin [Mon, 11 Dec 2023 06:47:25 +0000 (01:47 -0500)]
Add X509_STORE_get1_objects

X509_STORE_get0_objects returns a pointer to the X509_STORE's storage,
but this function is a bit deceptive. It is practically unusable in a
multi-threaded program. See, for example, RUSTSEC-2023-0072, a security
vulnerability caused by this OpenSSL API.

One might think that, if no other threads are mutating the X509_STORE,
it is safe to read the resulting list. However, the documention does not
mention that other logically-const operations on the X509_STORE, notably
certifcate verifications when a hash_dir is installed, will, under a
lock, write to the X509_STORE. The X509_STORE also internally re-sorts
the list on the first query.

If the caller knows to call X509_STORE_lock and X509_STORE_unlock, it
can work around this. But this is not obvious, and the documentation
does not discuss how X509_STORE_lock is very rarely safe to use. E.g.
one cannot call any APIs like X509_STORE_add_cert or
X509_STORE_CTX_get1_issuer while holding the lock because those
functions internally expect to take the lock. (X509_STORE_lock is
another such API which is not safe to export as public API.)

Rather than leave all this to the caller to figure out, the API should
have returned a shallow copy of the list, refcounting the values. Then
it could be internally locked and the caller can freely inspect the
result without synchronization with the X509_STORE.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23224)

4 months agoRemoved logically dead code from function i2r_issuer_sign_tool
Gopal Sharma [Fri, 12 Jan 2024 10:48:41 +0000 (16:18 +0530)]
Removed logically dead code from function i2r_issuer_sign_tool

Since new_line is assigned with 0 in the very begging of the function check added at line no. 106 will never become true. Hence removing.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23284)

4 months agoAdd CHANGES.md and NEWS.md entries for CVE-2023-6237
Tomas Mraz [Tue, 9 Jan 2024 17:08:22 +0000 (18:08 +0100)]
Add CHANGES.md and NEWS.md entries for CVE-2023-6237

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)

4 months agoLimit the execution time of RSA public key check
Tomas Mraz [Fri, 22 Dec 2023 15:25:56 +0000 (16:25 +0100)]
Limit the execution time of RSA public key check

Fixes CVE-2023-6237

If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.

Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)

4 months agoFix arithmetic expression overflow
Drokov Pavel [Fri, 12 Jan 2024 07:10:17 +0000 (02:10 -0500)]
Fix arithmetic expression overflow

If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)

4 months agoFix grammar in documentation
Akshat Maheshwari [Thu, 11 Jan 2024 17:21:59 +0000 (22:51 +0530)]
Fix grammar in documentation

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23266)

4 months agopoly1305_ieee754.c: fix PowerPC macros
barracuda156 [Thu, 11 Jan 2024 14:28:00 +0000 (22:28 +0800)]
poly1305_ieee754.c: fix PowerPC macros

Fixes #23264

cla: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23267)

4 months agoCheck ASN1_OBJECT_new result
Drokov Pavel [Thu, 11 Jan 2024 23:51:15 +0000 (18:51 -0500)]
Check ASN1_OBJECT_new result

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23270)

4 months agoAdd apps/x509 -set_issuer & -set_subject option to override issuer & subject
Job Snijders [Wed, 10 Jan 2024 17:15:52 +0000 (17:15 +0000)]
Add apps/x509 -set_issuer & -set_subject option to override issuer & subject

This changeset adds the counterpart to the '-subj' option to allow overriding
the Issuer. For consistency, the `-subj` option is aliased to `-set_subject`.

The issuer can be specified as following apps/openssl x509 -new -set_issuer
'/CN=example-nro-ta' -subj '/CN=2a7dd1d787d793e4c8af56e197d4eed92af6ba13' ...

This is useful in constructing specific test-cases or rechaining PKI trees

Joint work with George Michaelson (@geeohgeegeeoh)

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23257)

4 months agoaes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64
barracuda156 [Tue, 9 Jan 2024 22:35:33 +0000 (06:35 +0800)]
aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64

Current PowerPC-related defines omit Darwin ppc64 case.
Use __POWERPC__ in place of __ppc__ + __ppc64__
Fixes #23220

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23245)

4 months agoossl_rsa_fips186_4_gen_prob_primes(): Remove unused Xpout and Xqout
sharad3001 [Wed, 10 Jan 2024 12:00:58 +0000 (17:30 +0530)]
ossl_rsa_fips186_4_gen_prob_primes(): Remove unused Xpout and Xqout

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23253)

4 months agoAdd test/recipes/15-test_gensm2.t, to test SM2 key generation results
Richard Levitte [Thu, 4 Jan 2024 11:42:05 +0000 (12:42 +0100)]
Add test/recipes/15-test_gensm2.t, to test SM2 key generation results

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)

4 months agoFix the encoding of SM2 keys
Richard Levitte [Fri, 27 Oct 2023 07:01:19 +0000 (09:01 +0200)]
Fix the encoding of SM2 keys

OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).

Such keys should be encoded as ECC keys.

Fixes #22184

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)

4 months agoFix NULL pointer deref when parsing the stable section
Neil Horman [Thu, 7 Dec 2023 21:56:39 +0000 (16:56 -0500)]
Fix NULL pointer deref when parsing the stable section

When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min

Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value.  As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.

Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)

4 months agoAdd tests for re-using cipher contexts
Holger Dengler [Thu, 4 Jan 2024 18:25:08 +0000 (19:25 +0100)]
Add tests for re-using cipher contexts

Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.

This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)

4 months agoFix partial block encryption in cfb and ofb for s390x (legacy)
Holger Dengler [Fri, 5 Jan 2024 13:16:53 +0000 (14:16 +0100)]
Fix partial block encryption in cfb and ofb for s390x (legacy)

Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see 4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)

4 months agoFix partial block encryption in cfb and ofb for s390x
Holger Dengler [Thu, 4 Jan 2024 08:37:39 +0000 (09:37 +0100)]
Fix partial block encryption in cfb and ofb for s390x

Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.

Fixes: #23175
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)

4 months agouplink-x86_64.pl: make x86_64-xlate.pl accept $flavour parameter
Fs [Sat, 6 Jan 2024 00:43:22 +0000 (08:43 +0800)]
uplink-x86_64.pl: make x86_64-xlate.pl accept $flavour parameter

Match behavior of all other x86_64 asm.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23219)

4 months agoQUIC RCIDM: Minor updates
Hugo Landau [Fri, 22 Dec 2023 12:18:19 +0000 (12:18 +0000)]
QUIC RCIDM: Minor updates

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoUpdate fuzz corpora
Hugo Landau [Thu, 21 Dec 2023 09:40:58 +0000 (09:40 +0000)]
Update fuzz corpora

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC RCIDM: Update fuzz corpora
Hugo Landau [Tue, 19 Dec 2023 16:22:02 +0000 (16:22 +0000)]
QUIC RCIDM: Update fuzz corpora

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC RCIDM: Fix ANSI compliance
Hugo Landau [Tue, 19 Dec 2023 16:20:31 +0000 (16:20 +0000)]
QUIC RCIDM: Fix ANSI compliance

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC RCIDM: Add test
Hugo Landau [Tue, 7 Nov 2023 15:57:05 +0000 (15:57 +0000)]
QUIC RCIDM: Add test

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC RCIDM: Add counters to support RCID count enforcement
Hugo Landau [Tue, 7 Nov 2023 15:31:30 +0000 (15:31 +0000)]
QUIC RCIDM: Add counters to support RCID count enforcement

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC SRTM: Fixes for clang
Hugo Landau [Tue, 7 Nov 2023 15:24:54 +0000 (15:24 +0000)]
QUIC SRTM: Fixes for clang

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC RCIDM: Minor fixes
Hugo Landau [Tue, 7 Nov 2023 15:24:46 +0000 (15:24 +0000)]
QUIC RCIDM: Minor fixes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC RCIDM: Add fuzzer
Hugo Landau [Tue, 7 Nov 2023 15:24:17 +0000 (15:24 +0000)]
QUIC RCIDM: Add fuzzer

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoQUIC RCIDM: Add RCIDM
Hugo Landau [Mon, 6 Nov 2023 13:42:04 +0000 (13:42 +0000)]
QUIC RCIDM: Add RCIDM

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)

4 months agoUpdate Docs for EVP_MAC
Neil Horman [Mon, 8 Jan 2024 19:29:52 +0000 (14:29 -0500)]
Update Docs for EVP_MAC

For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated).  As such, document the fact that
re-initalization requires passing an IV parameter

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)

4 months agoDisable build of HWAES on PPC Macs
Tomas Mraz [Wed, 29 Nov 2023 08:17:39 +0000 (09:17 +0100)]
Disable build of HWAES on PPC Macs

Fixes #22818

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22860)

4 months agoevp_fetch.c: Check meth_id instead of name_id
sashan [Mon, 8 Jan 2024 21:53:42 +0000 (22:53 +0100)]
evp_fetch.c: Check meth_id instead of name_id

Fixes #23226

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23238)

4 months agodoc: "digest" must be explicitly set with deterministic ECDSA/DSA
James Muir [Wed, 10 Jan 2024 03:38:43 +0000 (22:38 -0500)]
doc: "digest" must be explicitly set with deterministic ECDSA/DSA

Fixes #23205

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23250)

4 months agoRemove wpend_ret that was only assigned and never used.
Frederik Wedel-Heinen [Wed, 3 Jan 2024 13:17:20 +0000 (14:17 +0100)]
Remove wpend_ret that was only assigned and never used.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23191)

4 months agoFix a similar memory leak in SXNET_add_id_INTEGER
Bernd Edlinger [Tue, 9 Jan 2024 14:05:30 +0000 (15:05 +0100)]
Fix a similar memory leak in SXNET_add_id_INTEGER

Even in the good case there was memory leak here.
Add a simple test case to have at least some test coverage.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)

4 months agoFix a possible memory leak in sxnet_v2i
Bernd Edlinger [Mon, 8 Jan 2024 14:31:32 +0000 (15:31 +0100)]
Fix a possible memory leak in sxnet_v2i

When a subsequent call to SXNET_add_id_asc fails
e.g. because user is a string larger than 64 char
or the zone is a duplicate zone id,
or the zone is not an integer,
a memory leak may be the result.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)

4 months agoPreserve callee-saved registers in aarch64 AES-CTR code
fangming.fang [Mon, 8 Jan 2024 09:35:46 +0000 (09:35 +0000)]
Preserve callee-saved registers in aarch64 AES-CTR code

The AES-CTR assembly code uses v8-v15 registers, they are
callee-saved registers, they must be preserved before the
use and restored after the use.

Change-Id: If9192d1f0f3cea7295f4b0d72ace88e6e8067493

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23233)

4 months agoCheck appropriate OSSL_PARAM_get_* functions for NULL
Neil Horman [Mon, 18 Dec 2023 15:55:25 +0000 (10:55 -0500)]
Check appropriate OSSL_PARAM_get_* functions for NULL

The base type OSSL_PARAM getters will NULL deref if they are initalized
as null.  Add NULL checks for those parameters that have no expectation
of returning null (int32/64/uint32/64/BN).  Other types can be left as
allowing NULL, as a NULL setting may be meaningful (string, utf8str,
octet string, etc).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23083)

4 months agoAdd CHANGES.md and NEWS.md entries for CVE-2023-6129
Tomas Mraz [Thu, 4 Jan 2024 09:32:32 +0000 (10:32 +0100)]
Add CHANGES.md and NEWS.md entries for CVE-2023-6129

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)

4 months agopoly1305-ppc.pl: Fix vector register clobbering
Rohan McLure [Thu, 4 Jan 2024 09:25:50 +0000 (10:25 +0100)]
poly1305-ppc.pl: Fix vector register clobbering

Fixes CVE-2023-6129

The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)

4 months agoSync CHANGES.md and NEWS.md with 3.2 branch
Tomas Mraz [Thu, 4 Jan 2024 09:07:17 +0000 (10:07 +0100)]
Sync CHANGES.md and NEWS.md with 3.2 branch

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)

4 months agoAugment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata()
Neil Horman [Mon, 28 Aug 2023 12:48:34 +0000 (08:48 -0400)]
Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata()

It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values
when not provided in the param list to EVP_PKEY_fromdata.  Augment the
provider in ossl_rsa_fromdata to preform this generation iff:
a) At least p q n e and e are provided
b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1

Fixes #21826

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21875)

4 months agoFail the Configure script with no Configurations
Will Sackfield [Wed, 29 Nov 2023 00:57:49 +0000 (19:57 -0500)]
Fail the Configure script with no Configurations

* Print a message about why the failure is
happening.
* Send the usage information.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22855)

4 months agoAvoid memory leak if SXNET_add_id_INTEGER() fails
Tomas Mraz [Fri, 5 Jan 2024 10:01:34 +0000 (11:01 +0100)]
Avoid memory leak if SXNET_add_id_INTEGER() fails

Fixes Coverity 1560046

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23211)

4 months agoVMS: Add the missing -p32 and -p64 variants for x86_64
Richard Levitte [Wed, 20 Dec 2023 07:25:22 +0000 (08:25 +0100)]
VMS: Add the missing -p32 and -p64 variants for x86_64

The pointer size support is already in the code, and is present for
all other supported hardwares.

Fixes #22899

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)

(cherry picked from commit a43f253d586279b5d96fffcaf1b26c7a2b0dd938)

4 months agoFix VMS installation - update vmsconfig.pm for consistency
Richard Levitte [Mon, 18 Dec 2023 11:49:08 +0000 (12:49 +0100)]
Fix VMS installation - update vmsconfig.pm for consistency

An effort was made to update the VMS installation data to align with
configuration data.  This touched the script templates in VMS/, but
didn't update the generation of vmsconfig.pm to match...  and also
missed a spot.

This change adds the missing updates

Ref:
https://github.com/openssl/openssl/pull/16842

Fixes #22899

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)

(cherry picked from commit 4058e121cbc6818235b0dcb618e636ce3c4d1f2f)

4 months agocleanse stack variable in kdf_pbkdf1_do_derive
Neil Horman [Wed, 3 Jan 2024 18:47:05 +0000 (13:47 -0500)]
cleanse stack variable in kdf_pbkdf1_do_derive

kdf_pbkdf1_do_derive stores key derivation information in a stack
variable, which is left uncleansed prior to returning.  Ensure that the
stack information is zeroed prior to return to avoid potential leaks of
key information

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23194)

4 months agoValidate config options during x509 extension creation
Neil Horman [Tue, 2 Jan 2024 20:48:00 +0000 (15:48 -0500)]
Validate config options during x509 extension creation

There are several points during x509 extension creation which rely on
configuration options which may have been incorrectly parsed due to
invalid settings.  Preform a value check for null in those locations to
avoid various crashes/undefined behaviors

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23183)

4 months agofixup! Adding interop tests
Neil Horman [Fri, 15 Dec 2023 19:35:04 +0000 (14:35 -0500)]
fixup! Adding interop tests

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)

4 months agoAdding interop tests
Neil Horman [Tue, 14 Nov 2023 11:01:51 +0000 (06:01 -0500)]
Adding interop tests

Fedora has some fairly nice interoperability tests that we can leverage
to build a PR and test it against gnutls and nss libraries.  This commit
adds the interop-tests.yml ci job to do that work, and run the interop
tests from beaker.

Fixes #20685

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)

4 months agoUpdate workflow to use GITHUB_WORKSPACE
Neil Horman [Tue, 19 Dec 2023 11:15:39 +0000 (06:15 -0500)]
Update workflow to use GITHUB_WORKSPACE

It was pointed out the GITHUB_WORKSPACE points to the container path of
the workspace, so we can use it instead of hardcoding the
__w/openssl/openssl path

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)

4 months agoAdding interop tests
Neil Horman [Tue, 14 Nov 2023 11:01:51 +0000 (06:01 -0500)]
Adding interop tests

Fedora has some fairly nice interoperability tests that we can leverage
to build a PR and test it against gnutls and nss libraries.  This commit
adds the interop-tests.yml ci job to do that work, and run the interop
tests from beaker.

Fixes #20685

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)

4 months agoCorrect ssl_old_test stream handling
Matt Caswell [Wed, 3 Jan 2024 09:43:16 +0000 (09:43 +0000)]
Correct ssl_old_test stream handling

The ssl_old_test has not been fully converted to the test framework but
it still reuses some test framework utilities. Notably it was creating
it's own copy of the global bio_err object directly (which is normally
created and owned by the test framework). This causes a problem because
ever since commit 2fa9044 access to the bio_err object is controlled by
a lock. Since ssl_old_test was circumventing the normal creation and
destruction of bio_err, the lock was not being created resulting in a
crash under certain error conditions.

We fix this by creating and destroying the bio_err object using the
test framework functions designed for that purpose.

Fixes #23184

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23187)

4 months agoClarify the PKCS12 docs
Matt Caswell [Wed, 3 Jan 2024 11:03:03 +0000 (11:03 +0000)]
Clarify the PKCS12 docs

Issue #23151 asks a question about the meaning of the PKCS12
documentation. This PR attempts to clarify how friendlyName and localKeyID
are added to the PKCS12 structure.

Fixes #23151

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23188)

4 months agoMake OPENSSL_sk_push return only 0 or 1
Tomas Mraz [Mon, 4 Dec 2023 10:16:45 +0000 (11:16 +0100)]
Make OPENSSL_sk_push return only 0 or 1

Most of the callers do not actually check for
the special -1 return condition because they do not
pass NULL to it. It is also extremely improbable that
any code depends on this -1 return value in this condition
so it can be safely changed to 0 return.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/22930)

4 months agocleanse stack variable in blake2[b|s] finalization
Neil Horman [Mon, 1 Jan 2024 14:25:03 +0000 (09:25 -0500)]
cleanse stack variable in blake2[b|s] finalization

If the output of a blake2[b|s] digest isn't a multipl of 8, then a stack
buffer is used to compute the final output, which is left un-zeroed
prior to return, allowing the potential leak of key data.  Ensure that,
if the stack variable is used, it gets cleared prior to return.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23173)

4 months agoSimplify ssl protocol version comparisons.
Frederik Wedel-Heinen [Thu, 28 Dec 2023 20:23:18 +0000 (21:23 +0100)]
Simplify ssl protocol version comparisons.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23163)

4 months agovalidate requested key length in kdf_pbkdf1_do_derive
Neil Horman [Mon, 1 Jan 2024 16:53:50 +0000 (11:53 -0500)]
validate requested key length in kdf_pbkdf1_do_derive

When using pbkdf1 key deriviation, it is possible to request a key
length larger than the maximum digest size a given digest can produce,
leading to a read of random stack memory.

fix it by returning an error if the requested key size n is larger than
the EVP_MD_size of the digest

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23174)

4 months agoprovider-keymgmt.pod: fix typo
rilysh [Fri, 29 Dec 2023 07:30:56 +0000 (02:30 -0500)]
provider-keymgmt.pod: fix typo

Fix a typo from asymmmetric to asymmetric

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23164)

4 months agoAdd missing documentation for X509_ATTRIBUTE related functions.
slontis [Wed, 8 Nov 2023 06:14:44 +0000 (16:14 +1000)]
Add missing documentation for X509_ATTRIBUTE related functions.

Partial fix for #8026

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22656)

4 months agoAllow duplicate CMS attributes
Tomas Mraz [Wed, 13 Dec 2023 11:21:04 +0000 (12:21 +0100)]
Allow duplicate CMS attributes

Fixes regression introduced with https://github.com/openssl/openssl/pull/21505

Fixes #22266

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23029)

4 months agoSet max protocol version for dtls renegotiation tests to dtls1.2
Frederik Wedel-Heinen [Fri, 29 Dec 2023 21:52:50 +0000 (22:52 +0100)]
Set max protocol version for dtls renegotiation tests to dtls1.2

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23168)

4 months agoriscv: Fix mispelling of extension test macro
Grant Nichol [Sat, 23 Dec 2023 05:46:39 +0000 (23:46 -0600)]
riscv: Fix mispelling of extension test macro

When refactoring the riscv extension test macros,
RISCV_HAS_ZKND_AND_ZKNE was mispelled.

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23139)

4 months agogate calling of evp_method_id on having a non-zero name id
Neil Horman [Wed, 20 Dec 2023 15:01:17 +0000 (10:01 -0500)]
gate calling of evp_method_id on having a non-zero name id

If a name is passed to EVP_<OBJ>_fetch of the form:
name1:name2:name3

The names are parsed on the separator ':' and added to the store, but
during the lookup in inner_evp_generic_fetch, the subsequent search of
the store uses the full name1:name2:name3 string, which fails lookup,
and causes subsequent assertion failures in evp_method_id.

instead catch the failure in inner_evp_generic_fetch and return an error
code if the name_id against a colon separated list of names fails.  This
provides a graceful error return path without asserts, and leaves room
for a future feature in which such formatted names can be parsed and
searched for iteratively

Add a simple test to verify that providing a colon separated name
results in an error indicating an invalid lookup.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23110)

4 months agoapps: Don't print hostname on bio_out during connect.
Sebastian Andrzej Siewior [Thu, 14 Dec 2023 19:53:35 +0000 (20:53 +0100)]
apps: Don't print hostname on bio_out during connect.

Printing the hostname on bio_out clutters the output and breaks
pipe like forwarding via openssl.

Print the hostname via bio_err.

Fixes #23013

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23056)

4 months agodoc: fix "the a" typos (and other things nearby)
James Muir [Sat, 16 Dec 2023 02:21:46 +0000 (21:21 -0500)]
doc: fix "the a" typos (and other things nearby)

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/23068)

4 months agoddd-02-conn-nonblocking-threads.c: Fix the leak of conn
zengwei2000 [Thu, 21 Dec 2023 08:41:57 +0000 (08:41 +0000)]
ddd-02-conn-nonblocking-threads.c: Fix the leak of conn

Signed-off-by: zengwei zengwei1@uniontech.com
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23115)

4 months agoAdd missing settable entry OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS for RSA asym
slontis [Fri, 17 Feb 2023 00:00:50 +0000 (10:00 +1000)]
Add missing settable entry OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS for RSA asym

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)

4 months agoLimit RSA-OAEP related functions to RSA keys only
slontis [Thu, 16 Feb 2023 23:54:58 +0000 (09:54 +1000)]
Limit RSA-OAEP related functions to RSA keys only

Make EVP_PKEY_CTX_set_rsa_oaep_md() and
EVP_PKEY_CTX_get_rsa_oaep_md_name() only work for RSA keys.

Since these calls use "digest" as a OSSL_PARAM, they should not
work for other key types.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)

4 months agoFix memleak in rsa_cms_decrypt
slontis [Thu, 16 Feb 2023 23:51:59 +0000 (09:51 +1000)]
Fix memleak in rsa_cms_decrypt

If a call to EVP_PKEY_CTX_set_rsa_mgf1_md() fails then the caller
needs to free the label.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)

4 months agoFix error handling in ASN1_mbstring_ncopy
Bernd Edlinger [Fri, 22 Dec 2023 18:28:38 +0000 (19:28 +0100)]
Fix error handling in ASN1_mbstring_ncopy

Sometimes the error handling returns an ASN1_STRING
object in *out although that was not passed in by the
caller, and sometimes the error handling deletes the
ASN1_STRING but forgets to clear the *out parameter.
Therefore the caller has no chance to know, if the leaked
object in *out shall be deleted or not.
This may cause a use-after-free error e.g. in asn1_str2type:

==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0
READ of size 8 at 0x603000073280 thread T0
    #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354
    #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204
    #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199
    #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20
    #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740
    #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137
    #6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
    #7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
    #8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
    #9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
    #10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
    #11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
    #12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
    #13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
    #14 0x564ed19d5f25 in req_main apps/req.c:806
    #15 0x564ed19b8de0 in do_cmd apps/openssl.c:564
    #16 0x564ed1985165 in main apps/openssl.c:183
    #17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
    #18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd)

0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288)
freed by thread T0 here:
    #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
    #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311
    #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300
    #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191
    #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
    #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
    #6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
    #7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
    #8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
    #9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
    #10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
    #11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
    #12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
    #13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
    #14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
    #15 0x564ed19d5f25 in req_main apps/req.c:806
    #16 0x564ed19b8de0 in do_cmd apps/openssl.c:564
    #17 0x564ed1985165 in main apps/openssl.c:183
    #18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221
    #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198
    #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236
    #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
    #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150
    #6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
    #7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
    #8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
    #9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
    #10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
    #11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
    #12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
    #13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
    #14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
    #15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
    #16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
    #17 0x564ed19d5f25 in req_main apps/req.c:806
    #18 0x564ed19b8de0 in do_cmd apps/openssl.c:564
    #19 0x564ed1985165 in main apps/openssl.c:183
    #20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23138)

4 months agodemos: fix cert scripts
James Muir [Sat, 23 Dec 2023 22:03:21 +0000 (17:03 -0500)]
demos: fix cert scripts

set LD_LIBRARY_PATH so the correct libs can be found.

Testing:

  cd demos/certs && sh mkcerts.sh
  cd demos/certs/apps && sh -x mkacerts.sh

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23142)

4 months agoparams: drop INT_MAX checks
James Muir [Sun, 24 Dec 2023 00:51:38 +0000 (19:51 -0500)]
params: drop INT_MAX checks

The INT_MAX checks in param_build.c do not appear to be needed.  Drop
them.  This was noted during the discussion for PR #22967.  This makes
param_build.c more consistent with params.c.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23143)

4 months agoDisable building quicserver utility when configured with `no-apps` option
Vitalii Koshura [Mon, 25 Dec 2023 11:38:24 +0000 (12:38 +0100)]
Disable building quicserver utility when configured with `no-apps` option

Signed-off-by: Vitalii Koshura <lestat.de.lionkur@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23149)

4 months agoFix typos found by codespell in man pages
Dimitri Papadopoulos [Fri, 22 Dec 2023 13:06:24 +0000 (14:06 +0100)]
Fix typos found by codespell in man pages

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23131)

4 months agoFix new typos found by codespell
Dimitri Papadopoulos [Fri, 22 Dec 2023 13:37:12 +0000 (14:37 +0100)]
Fix new typos found by codespell

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23133)

4 months agomd5: add assembly implementation for loongarch64
Min Zhou [Wed, 13 Dec 2023 14:40:14 +0000 (22:40 +0800)]
md5: add assembly implementation for loongarch64

This change can improve md5 performance by using a hand-optimized
assembly implementation of the inner loop of md5 calculation.
This implementation refered to md5-x86_64.pl and made more effort
to reorder instructions for separating data dependencies as much
as possible.

Test with:
$ openssl speed md5

3A5000
type             16 bytes    64 bytes     256 bytes    1024 bytes   8192 bytes   16384 bytes
md5              45061.04k   130440.75k   291105.28k   421101.23k   484639.27k   488320.43k
md5-modified     47179.95k   139015.57k   308836.69k   445963.26k   512540.67k   518215.00k
                   +5%         +7%          +6%          +6%          +6%          +6%

3A6000
type             16 bytes    64 bytes     256 bytes    1024 bytes   8192 bytes   16384 bytes
md5              60070.06k   161822.76k   325817.60k   438017.02k   486864.21k   492243.31k
md5-modified     62827.74k   170294.04k   343795.03k   463324.50k   515831.13k   520060.93k
                   +5%         +5%          +6%          +6%          +6%          +6%

Signed-off-by: Min Zhou <zhoumin@loongson.cn>
Co-authored-by: Xi Ruoyao <xry111@xry111.site>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21704)

4 months agoFix remaining provider config settings to be decisive in value
Neil Horman [Wed, 20 Dec 2023 18:00:57 +0000 (13:00 -0500)]
Fix remaining provider config settings to be decisive in value

There is one remaining config setting for providers, soft_load, which is
enabled when provided in a config, regardless of its value.  Augment it
to require a decisive value 1/0, yes/no, on/off, true/false, as we've
recently done for the activate setting.

Also, since it wasn't previously documented, add docs for it.

Fixes #23105

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23111)

4 months agoIgnore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT
Neil Horman [Thu, 14 Dec 2023 17:15:21 +0000 (12:15 -0500)]
Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT

The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and
OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider,
and the former causes a segfault when the provider attempts to call
EVP_MAC_init on an EVP_MAC object that has been instructed not to be
initalized (as the update function will not have been set in the MAC
object, which is unilaterally called from EVP_MAC_init

Remove the tests for the above flags, and document them as being
deprecated and ignored.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23054)

4 months agoOptimize circular buffer to avoid modulo
Rose [Tue, 19 Dec 2023 16:19:38 +0000 (11:19 -0500)]
Optimize circular buffer to avoid modulo

CLA: trivial

Avoid doing the division via modulo where possible.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23097)

4 months agoRemove uneeded cast to unsigned int
Rose [Tue, 19 Dec 2023 16:29:54 +0000 (11:29 -0500)]
Remove uneeded cast to unsigned int

CLA: trivial

cipher_ctx->blocksize is already unsigned.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23098)

4 months agoAES: Document that the XTS, SIV, WRAP modes do not support streaming
Tomas Mraz [Wed, 13 Dec 2023 09:06:59 +0000 (10:06 +0100)]
AES: Document that the XTS, SIV, WRAP modes do not support streaming

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23028)

4 months agoSM4: Document that the XTS mode does not support streaming
Tomas Mraz [Wed, 13 Dec 2023 09:03:07 +0000 (10:03 +0100)]
SM4: Document that the XTS mode does not support streaming

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23028)

4 months agoImprove the documentation on TLS record compression
Matt Caswell [Wed, 20 Dec 2023 10:07:39 +0000 (10:07 +0000)]
Improve the documentation on TLS record compression

TLS record compression is off by default. Even if you switch it on, it
cannot be used at security level 2 which is the default in OpenSSL 3.2 and
above. Update the docs to point this out.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23104)

4 months agocrypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_g...
Dr. David von Oheimb [Thu, 27 Jul 2023 18:03:16 +0000 (20:03 +0200)]
crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_get_int()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)

4 months agocmp_server.c,apps/lib/cmp_mock_srv.c: move polling state checks to cmp_server.c
Rajeev Ranjan [Wed, 3 May 2023 14:19:36 +0000 (16:19 +0200)]
cmp_server.c,apps/lib/cmp_mock_srv.c: move polling state checks to cmp_server.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)

4 months agocrypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery
Dr. David von Oheimb [Fri, 28 Apr 2023 11:45:21 +0000 (13:45 +0200)]
crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)

4 months agocrypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses
Rajeev Ranjan [Mon, 13 Mar 2023 08:16:57 +0000 (09:16 +0100)]
crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)

4 months agoDetect and prevent recursive config parsing
Neil Horman [Thu, 30 Nov 2023 19:28:09 +0000 (14:28 -0500)]
Detect and prevent recursive config parsing

If a malformed config file is provided such as the following:

openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
 = provider_sect

The config parsing library will crash overflowing the stack, as it
recursively parses the same provider_sect ad nauseum.

Prevent this by maintaing a list of visited nodes as we recurse through
referenced sections, and erroring out in the event we visit any given
section node more than once.

Note, adding the test for this revealed that our diagnostic code
inadvertently pops recorded errors off the error stack because
provider_conf_load returns success even in the event that a
configuration parse failed. The call path to provider_conf_load has been
updated in this commit to address that shortcoming, allowing recorded
errors to be visibile to calling applications.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22898)

4 months agoMake the activate setting more intuitive
Neil Horman [Fri, 1 Dec 2023 19:02:09 +0000 (14:02 -0500)]
Make the activate setting more intuitive

Currently, a provider is activated from our config file using the
activate parameter.  However, the presence of the config parameter is
sufficient to trigger activation, leading to a counterintuitive
situation in which setting "activate = 0" still activates the provider

Make activation more intuitive by requiring that activate be set to one
of yes|true|1 to trigger activation.  Any other value, as well as
omitting the parameter entirely, prevents activation (and also maintains
backward compatibility.

It seems a bit heavyweight to create a test specifically to validate the
plurality of these settings.  Instead, modify the exiting openssl config
files in the test directory to use variants of these settings, and
augment the default.cnf file to include a provider section that is
explicitly disabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22906)

4 months agoUse GH action commands to group/collapse filtered output
Neil Horman [Tue, 19 Dec 2023 11:36:02 +0000 (06:36 -0500)]
Use GH action commands to group/collapse filtered output

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22678)

4 months agoaugment test/run_tests.pl to filter indirect leaks
Neil Horman [Thu, 9 Nov 2023 14:12:51 +0000 (09:12 -0500)]
augment test/run_tests.pl to filter indirect leaks

When verbosity isn't set to 1 or higher, suppress indirect leaks (i.e.
only print direct leaks) to make output more human-readable.  Setting
V=1 on make test produces all leaks (direct and indirect)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22678)

4 months agoQUIC: Move CID generation to quic_types.c
Hugo Landau [Tue, 19 Dec 2023 16:09:04 +0000 (16:09 +0000)]
QUIC: Move CID generation to quic_types.c

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

4 months agoMinor updates
Hugo Landau [Tue, 19 Dec 2023 15:10:43 +0000 (15:10 +0000)]
Minor updates

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

4 months agoQUIC PORT: Add explicit cast to get_time wrapper
Hugo Landau [Tue, 19 Dec 2023 07:34:59 +0000 (07:34 +0000)]
QUIC PORT: Add explicit cast to get_time wrapper

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

4 months agoQUIC: Add more glossary entries
Hugo Landau [Tue, 19 Dec 2023 07:33:24 +0000 (07:33 +0000)]
QUIC: Add more glossary entries

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)