Dmitry Belyavskiy [Fri, 20 Jan 2023 15:03:40 +0000 (15:03 +0000)]
Fix Timing Oracle in RSA decryption
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
Patch written by Dmitry Belyavsky and Hubert Kario
CVE-2022-4304
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Tomas Mraz [Tue, 13 Dec 2022 18:45:09 +0000 (19:45 +0100)]
Add testcase for nc_match_single type confusion
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Viktor Dukhovni [Tue, 13 Dec 2022 07:49:13 +0000 (08:49 +0100)]
Fix type confusion in nc_match_single()
This function assumes that if the "gen" is an OtherName, then the "base"
is a rfc822Name constraint. This assumption is not true in all cases.
If the end-entity certificate contains an OtherName SAN of any type besides
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
OtherName (of any type), then "nc_email_eai" will be invoked, with the
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.
Reported by Corey Bonnell from Digicert.
CVE-2022-4203
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Dr. David von Oheimb [Tue, 31 Jan 2023 10:42:30 +0000 (11:42 +0100)]
doc/man1/{storeutl,gendsa}: point out that extra options/arguments are ignored
... and therefore all options must be given before the final file/URI arg.
This is essentially a backport of the doc portion of #20156 to 3.0 and 3.1,
where the missing error checking/reporting likely will not be added.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20179)
ndossche [Tue, 31 Jan 2023 12:20:17 +0000 (13:20 +0100)]
Fix incomplete check on EVP_CIPHER_param_to_asn1()
That function is a wrapper around evp_cipher_param_to_asn1_ex() which
can return 0 as an error value via its ret <= 0 check [1].
Furthermore, all other callers of this function check against <= 0
instead of < 0 and this is also in line with what the documentation
tells us. Fix the incomplete check by changing it to <= 0 as well.
CLA: trivial
[1] https://github.com/openssl/openssl/blob/
114d99b46bfb212ffc510865df317ca2c1542623/crypto/evp/evp_lib.c#L164-L165
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20180)
(cherry picked from commit
e3663717fc16bd140f54ee7f1600bdced7f9ea66)
Richard Levitte [Mon, 30 Jan 2023 12:54:01 +0000 (13:54 +0100)]
Use $config{build_file} instead of $target{build_file}
If the user specifies an alternative build file than the default, this
alternative is recorded in $config{build_file}, not $target{build_file}.
Therefore, the former should be used, leaving the latter as a mere default.
This is a bug. While fixing it, document it better too.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20173)
(cherry picked from commit
aa2d7e0ee15d1b7015479c38f370a25ceec690fc)
Ruili Fang [Sun, 29 Jan 2023 04:48:24 +0000 (23:48 -0500)]
Fix a potential memory leak in crypto/provider_child.c
Fix issue #20063.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20163)
(cherry picked from commit
e788c772b12eea5ced4ce46619e13acf0e0eb6ba)
Andrea Pappacoda [Mon, 30 Jan 2023 09:28:49 +0000 (10:28 +0100)]
BIO_read.pod: fix small typo
Add missing `I` to `<b>`
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20169)
(cherry picked from commit
0414899887b98f973067f286ac126d8b529873e3)
Tomas Mraz [Fri, 27 Jan 2023 09:25:10 +0000 (10:25 +0100)]
Do not include sparse_array.o in libssl with no-shared
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20137)
(cherry picked from commit
aea9b0e4b6c35c7f90b2e5a3475084500488775d)
(cherry picked from commit
984d28b9fe191ac9dfcd214b3a421d915b77ebf8)
Tomas Mraz [Wed, 25 Jan 2023 15:32:02 +0000 (16:32 +0100)]
Avoid duplicating symbols in legacy.a with some build options
If no-module or no-shared is used, the symbols from
libcrypto should not be duplicated in legacy.a
Also the BIGNUM functions are currently not needed
in legacy.a at all.
Fixes #20124
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20137)
(cherry picked from commit
f6a6f7b6aa84dab44384780cb77050d15c5f575e)
(cherry picked from commit
58e8162e73d9061bd056f041bf07a1573d202d7a)
ndossche [Fri, 27 Jan 2023 14:43:42 +0000 (15:43 +0100)]
Fix incomplete check on X509V3_add1_i2d()
X509V3_add1_i2d() can return both -1 and 0 as an error code. This check
only checked for 0. Change it into <= 0 to also catch the -1 error code.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20157)
(cherry picked from commit
ecd445464a73bb3f125327a604dd13ad16303ebc)
slontis [Fri, 27 Jan 2023 03:18:17 +0000 (13:18 +1000)]
ChaCha20-Poly1305 no longer supports truncated IV's.
Fixes #20084
In the 3.0 provider implementation the generic code that handles IV's
only allows a 12 byte IV. Older code intentionally added the ability for
the IV to be truncated.
As this truncation is unsafe, the documentation has been updated to
state that this in no longer allowed. The code has been updated to
produce an error when the iv length is set to any value other than 12.
NOTE: It appears that this additional padding may have originated from the code
which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes.
Note that legacy behaviour in e_chacha20_poly1305.c has not been
updated.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20151)
(cherry picked from commit
a01152370676e7e11fb461cff8628eb50fa41b81)
Pauli [Wed, 25 Jan 2023 01:06:23 +0000 (12:06 +1100)]
coverity
1520506: error handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20132)
(cherry picked from commit
a4347a9a57dcb985283bba03dd3b16294b55945b)
Pauli [Wed, 25 Jan 2023 01:06:09 +0000 (12:06 +1100)]
coverity
1520505: error handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20132)
(cherry picked from commit
00407fbf0b25d65f5e6d99defdb081432e810449)
Tomas Mraz [Wed, 25 Jan 2023 09:15:05 +0000 (10:15 +0100)]
Add notes about ignoring initialization failures on contexts
Fixes #20130
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20136)
(cherry picked from commit
d4c5d8ff483d99f94d649fb67f1f26fce9694c92)
slontis [Wed, 25 Jan 2023 01:06:34 +0000 (11:06 +1000)]
Document that the RSA e value is mandatory when importing.
The lab tried doing a RSA decryption primitive using just n (using p, q) and d.
This failed for 2 reasons:
(1) e is required when importing
(2) Internally e is used for blinding.
Note n and e can be calculated using:
n = pq
e = (1/d) mod (p-1)(q-1)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20133)
(cherry picked from commit
6e3b1c81736b1829584e3f40c2d00040fe1aa881)
Pauli [Tue, 24 Jan 2023 01:23:37 +0000 (12:23 +1100)]
Fix Coverity
1520485: logically dead code
The check is unnecessary as the condition is already checked
before the switch statement.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20121)
(cherry picked from commit
01a17b24f6649fc192ba6bb9ea34e28ce9678e6c)
Viktor Dukhovni [Tue, 24 Jan 2023 13:40:57 +0000 (14:40 +0100)]
Clarify the change of enc -S behavior in 3.0
Fixes #19730
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19732)
(cherry picked from commit
a4aa977d3a8049d5386dc583e16c17727c712eaa)
Niels Dossche [Mon, 23 Jan 2023 16:16:34 +0000 (17:16 +0100)]
Fix incomplete checks for EVP_CIPHER_asn1_to_param
EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.
Fixes: #20116
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)
(cherry picked from commit
114d99b46bfb212ffc510865df317ca2c1542623)
Dr. David von Oheimb [Thu, 22 Dec 2022 10:47:41 +0000 (11:47 +0100)]
OSSL_trace_set_channel(): add important statement that it takes BIO ownership
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)
(cherry picked from commit
bfd5680e6be789fd554acf2ad34428816a644eec)
Dr. David von Oheimb [Thu, 22 Dec 2022 10:42:14 +0000 (11:42 +0100)]
set_trace_data(): prevent double free on OPENSSL_strdup() failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)
(cherry picked from commit
0fec2121c0c40d8b098896c9bdf629a48fbafa63)
Hugo Landau [Wed, 18 Jan 2023 15:43:56 +0000 (15:43 +0000)]
Fix corruption when searching for CRLs in hashed directories
The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been loaded for a given
X509_NAME hash which is being requested. This avoids loading already
loaded CRL files and repeated stat() calls.
This OPENSSL_STACK is searched using sk_find, however this mutates
the OPENSSL_STACK unless it is known to be sorted. This operation
therefore requires a write lock, which was not taken.
Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This
guarantees no mutation will occur during sk_find. This is chosen over
taking a write lock during sk_find as retrieving a CRL by X509_NAME is
assumed to be a hotter path than the case where a new CRL is installed.
Also optimise the code by avoiding creating the structure to track the
last CRL file sequence number in the circumstance where it would match
the initial value, namely where no CRL with the given hash is installed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20076)
(cherry picked from commit
3147785eb23bb27080a0b7accbbff46ac471e86c)
Matt Caswell [Fri, 20 Jan 2023 14:08:42 +0000 (14:08 +0000)]
Add DTLS support to the large app data test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20086)
(cherry picked from commit
d36a9d66dc72fb2262f6e7491f658fb1da8242d7)
Matt Caswell [Thu, 19 Jan 2023 11:59:44 +0000 (11:59 +0000)]
Ensure our buffer allocation allows for the Explicit IV
Some ciphers/protocol versions have an explicit IV. We need to make sure we
have sufficient room for it in the underlying buffer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20086)
(cherry picked from commit
3be93f1b264d35ad93ceb71affacdef1b930c3c6)
Matt Caswell [Thu, 19 Jan 2023 10:52:45 +0000 (10:52 +0000)]
Add a test for large app data
Test that sending large app data records works correctly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20086)
(cherry picked from commit
5e73bf03d78da6a635a0a48e1e584f5b9ead45e2)
Tomas Mraz [Fri, 20 Jan 2023 10:40:45 +0000 (11:40 +0100)]
MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20095)
(cherry picked from commit
61222b95ff20f6a7bb20668e43b657561efdb922)
Dr. David von Oheimb [Mon, 16 Jan 2023 07:38:01 +0000 (08:38 +0100)]
X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)
(cherry picked from commit
ec6cbda0f2e435ae0efaec308dc5569c75bb759b)
Dr. David von Oheimb [Tue, 11 Oct 2022 14:21:20 +0000 (16:21 +0200)]
cmp_client.c: fix handling of total_timeout for RR and GENM transactions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit
d7d1d0928af2f14e7e187fa8c78115d0d1aa28eb)
Dr. David von Oheimb [Fri, 25 Nov 2022 09:43:12 +0000 (10:43 +0100)]
cmp_client_test.c: add tests for end_time being initialized for RR/GENM
To this end, tweak the internal handling of ctx->total_timeout.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit
b908ec0f217da0a23f9d81442f81d44c94c98f23)
Dr. David von Oheimb [Fri, 25 Nov 2022 11:08:42 +0000 (12:08 +0100)]
CMP docs: clarify behavior on message/total timeout values given
Clarify behavior of OSSL_CMP_CTX_set_option() when given (negative)
values for OSSL_CMP_OPT_MSG_TIMEOUT or OSSL_CMP_OPT_TOTAL_TIMEOUT.
Fix doc of -msg_timeout and -total_timeout in openssl-cmp.pod.in
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit
5acd4007a0646ef1f9d0015ce438b891d1b24a62)
Thib [Fri, 20 Jan 2023 13:07:15 +0000 (14:07 +0100)]
Fixes wrong return type in BIO_do_connect man page.
Current man page indicates the function returns an int while it returns
a long.
Fixes #20096.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20097)
(cherry picked from commit
2bde260ac0e30da39f4453e972c461cd9d1342e0)
Niels Dossche [Sat, 21 Jan 2023 12:34:34 +0000 (13:34 +0100)]
Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()
RAND_bytes_ex() can also return 0 on failure. Other callers do check
this correctly. Change the check from <0 to <=0.
Fixes: #20100
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20106)
(cherry picked from commit
a2b01ae1c84ccc250d5d5cb5f2f8714573e3f11b)
ValdikSS [Wed, 18 Jan 2023 17:14:48 +0000 (20:14 +0300)]
Padlock: fix byte swapping assembly for AES-192 and 256
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.
This commit correctly sets the number of swapping loops to be done.
Fixes #20073
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20077)
(cherry picked from commit
7331e7ef79fe4499d81cc92249e9c97e9ff9291a)
Pauli [Wed, 18 Jan 2023 07:03:33 +0000 (18:03 +1100)]
Add link to EBNF definition
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit
69d6ecb7c320bafe0d30a88949eb22e19704221a)
Pauli [Sun, 15 Jan 2023 23:04:11 +0000 (10:04 +1100)]
Add negative test for unquoted property string
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit
543ac2f0191f10d8a3774727fa691543de8b15bb)
Pauli [Wed, 11 Jan 2023 00:39:02 +0000 (11:39 +1100)]
Correct property EBNF for unquoted strings
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit
9866200bbe8eb65628f3f3e6eb290c48efb5a8ac)
Niels Dossche [Tue, 17 Jan 2023 19:27:49 +0000 (20:27 +0100)]
Fix incorrect error return value in i2r_ADMISSION_SYNTAX()
The other implementations of i2r return 0 in case of an error, but
i2r_ADMISSION_SYNTAX() returns -1. That means the check on i2r does not
catch the error. Change it to return 0 like the others do.
Fixes: #20066
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20068)
(cherry picked from commit
53b5d6c30f3b8eaf7a582da2265c0d1cfe14d54f)
Juergen Christ [Mon, 16 Jan 2023 10:37:15 +0000 (11:37 +0100)]
Fix potential NULL pointer dereference
In EC key generation, if allocation of struct ec_gen_ctx fails, values
provided by parameters are copied into the context at represented by a NULL
pointer. To fix this, prevent copy if allocation fails.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20055)
(cherry picked from commit
235ef96049dbe337a3c3c5d419dacbb5a81df1b3)
north-16 [Fri, 13 Jan 2023 01:33:46 +0000 (17:33 -0800)]
Clarify documentation of X509_STORE_CTX_get_current_cert()
CLA: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20038)
(cherry picked from commit
ed77c14d91ec008d4d78d7293f37bd4aa60071f0)
Tomas Mraz [Fri, 13 Jan 2023 13:48:52 +0000 (14:48 +0100)]
pkey: Imply public check if -pubin is specified
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20044)
(cherry picked from commit
3b1c0c8f3cd66e80f81a9b7c9810bdada39363f2)
dependabot[bot] [Mon, 16 Jan 2023 15:24:25 +0000 (15:24 +0000)]
Bump actions/setup-python from 4.4.0 to 4.5.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
CLA: trivial
Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20046)
(cherry picked from commit
c4edfa220e6d3705a0c6299463c83e61fd5f9d2c)
Dmitry Belyavskiy [Tue, 10 Jan 2023 17:54:51 +0000 (18:54 +0100)]
Documenting lack of error codes stability
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20019)
(cherry picked from commit
ae61bd34e676036f22e44e8184d1ba649a990619)
Bernd Edlinger [Tue, 8 Nov 2022 16:43:22 +0000 (17:43 +0100)]
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime
Otherwise the alloca can cause an exception.
Issue reported by Jiayi Lin.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
(cherry picked from commit
30667f5c306dbc11ac0e6fddc7d26fd984d546ab)
Bernd Edlinger [Sat, 7 Jan 2023 06:58:21 +0000 (07:58 +0100)]
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"
This reverts commit
4378e3cd2a4d73a97a2349efaa143059d8ed05e8.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
(cherry picked from commit
92d306b32b63dd502531a89fb96c4172be0ddb49)
slontis [Tue, 20 Dec 2022 03:44:18 +0000 (13:44 +1000)]
SSKDF with KMAC should return SIZE_MAX when EVP_KDF_CTX_get_kdf_size()
is used.
Fixes #19934
The existing code was looking for the digest size, and then returned
zero.
The example code in EVP_KDF-SS.pod has been corrected to not use a
digest.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19935)
(cherry picked from commit
e8add4d379075a6daef2591edd830297d469b9f4)
Nobuhiro IMAI [Tue, 10 Jan 2023 09:44:44 +0000 (18:44 +0900)]
fix manpage of `d2i_X509(3)`
* capitalize `X509_NAME`
* add missing suffixes to `i2d_TYPE`
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20016)
(cherry picked from commit
5adca946c3b6f779eb593bff6dbefe0a85238d84)
Tomas Mraz [Tue, 10 Jan 2023 17:00:59 +0000 (18:00 +0100)]
Do not check definition of a macro and use it in a single condition
The condition evaluation in #if conditions does not tolerate this
if the macro is not defined.
Fixes #19628
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20018)
(cherry picked from commit
a509b97d2c4efd96e231913d49544ac7cb36b51b)
Richard Levitte [Tue, 10 Jan 2023 07:27:44 +0000 (08:27 +0100)]
OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated
A zero BIGNUM contains zero bytes, while OSSL_PARAMs with an INTEGER (or
UNSIGNED INTEGER) data type are expected to have at least one data byte
allocated, containing a zero. This wasn't handled correctly.
Fixes #20011
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
(cherry picked from commit
c455f87aebf245814ba58d6a398b45ca4e80d1d7)
(cherry picked from commit
e33c37aead7e7dd5647d949db7be875c8fa8c137)
Richard Levitte [Tue, 10 Jan 2023 11:22:39 +0000 (12:22 +0100)]
In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1
This way, we guarantee that a zero is represented with one byte of data
that's set to zero.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
(cherry picked from commit
c2ae89148343750e420b72ef1b709ebbc16e47b8)
(cherry picked from commit
fcc224a3c5c868ee4c0f5ab71d2f47e7f620bc98)
Richard Levitte [Tue, 10 Jan 2023 06:50:24 +0000 (07:50 +0100)]
test/param_build_test.c: test zero BIGNUM
We also add tests where the zero bignum is the only parameter, to test what
that does with the allocated blocks that the OSSL_PARAM_BLD functionality
handles.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
(cherry picked from commit
b49cf273883c8d3f47542941fe5cc6cb51aec9c9)
(cherry picked from commit
2b7b7eebf9b7d01f8abab88b9ae0685f33c74b54)
Tomas Mraz [Thu, 15 Dec 2022 14:54:54 +0000 (15:54 +0100)]
Add testcase for OSSL_trace_set_callback()
Also test the OSSL_TRACE_CATEGORY_TRACE tracing - this fails
on address sanitizer runs without the fix for #19915
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(cherry picked from commit
e64a169fc678b5e57db28d06c25020d69bc61e4c)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
Tomas Mraz [Thu, 15 Dec 2022 10:45:48 +0000 (11:45 +0100)]
Avoid ifdefs in trace categories
The trace code assumes all categories are present and
the category numbers are equal to the index in the table.
Fixes #19915
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(cherry picked from commit
78bd646b2f6a18cf8515e05a5f3efadff03b3920)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
Dr. David von Oheimb [Sat, 24 Sep 2022 21:57:19 +0000 (23:57 +0200)]
test/trace_api_test.c: fix gcc error on -Werror=strict-prototypes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(cherry picked from commit
1fcd84c7017416a3c9461914d7a943591ad87a82)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
Daniel Fiala [Fri, 5 Aug 2022 02:44:51 +0000 (04:44 +0200)]
Add tests for trace_api.
Fixes openssl#17422
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
fcff5bd43c85418cc4aa8052e3dc3dba344d763e)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
slontis [Thu, 22 Dec 2022 08:52:17 +0000 (18:52 +1000)]
Doc: Update history section of EC_GROUP API's.
Fixes #8630
The remaining functions are at least as old as 0.9.8 so it is
not worth documenting this.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19956)
(cherry picked from commit
8d927e55b751ba1af6c08cd4e37d565a43c56157)
Nikhil Bisht [Thu, 22 Dec 2022 20:56:28 +0000 (02:26 +0530)]
Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19962)
(cherry picked from commit
3be76745e55eab9ea976f7a23e6c8ecd3bb8136c)
Greg McLearn [Fri, 6 Jan 2023 08:40:04 +0000 (03:40 -0500)]
info.c: Fix typos in seed macro name and description string
Fixes: #19996
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20001)
(cherry picked from commit
9c3de015121fb4ebbecccfbbda9eed8d4a3cb2d5)
Tomas Mraz [Mon, 9 Jan 2023 07:57:33 +0000 (08:57 +0100)]
rsaz_exp_x2.c: Remove leftover from broken cherry-pick
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20010)
Tomas Mraz [Mon, 9 Jan 2023 07:55:37 +0000 (08:55 +0100)]
Revert "rsaz_exp_x2.c: Remove unused ALIGN64 macro"
This reverts commit
2a57a117a2e5b433a93ae6c15686d9751b9dc527.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20010)
Tomas Mraz [Thu, 3 Nov 2022 13:01:56 +0000 (14:01 +0100)]
rsaz_exp_x2.c: Remove unused ALIGN64 macro
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
(cherry picked from commit
4b65d79d7132d6e46bfb385a76082f6502ef617b)
Tomas Mraz [Thu, 3 Nov 2022 12:48:55 +0000 (13:48 +0100)]
rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasing
Fixes #19584
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
(cherry picked from commit
9506a2e274c643b94a2c265019ea9288f99a521a)
Tomas Mraz [Thu, 3 Nov 2022 12:26:22 +0000 (13:26 +0100)]
Revert "Fix an occasional CI failure due to unaligned access"
This reverts commit
8511520842b744d1794ea794c032ce5f78cd874b.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
(cherry picked from commit
f83490fb9ce4dd1c09d4f94526fbcad14bd2fd85)
Hugo Landau [Thu, 15 Dec 2022 07:23:53 +0000 (07:23 +0000)]
BIO_s_dgram: add documentation and hazard warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19913)
(cherry picked from commit
69e18a4d93ee5f50bcbf62268b4a59df29d67a02)
Tomas Mraz [Tue, 27 Dec 2022 10:22:05 +0000 (11:22 +0100)]
Avoid possible divide by zero
Backport of commit
624efd2
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19967)
(cherry picked from commit
8c29e5ebfd5f19442422ba43fea4c95816417e34)
Tomas Mraz [Thu, 22 Dec 2022 10:25:16 +0000 (11:25 +0100)]
80-test_cms.t: Fix rsapssSaltlen check on MinGW
Fixes #19907
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19957)
(cherry picked from commit
55e2dd8c3162d7313d9408cb20fca8a4fe6e6f5a)
slontis [Thu, 22 Dec 2022 02:01:02 +0000 (12:01 +1000)]
Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.
Fixes #9205
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19954)
(cherry picked from commit
177d433bda2ffd287d676bc53b549b6c246973e6)
dependabot[bot] [Thu, 22 Dec 2022 17:10:52 +0000 (17:10 +0000)]
Bump actions/setup-python from 4.3.1 to 4.4.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.1...v4.4.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19961)
(cherry picked from commit
43a9e682d80d0abe4ffd0c76d18c43cf059a2bcc)
Tomas Mraz [Thu, 22 Dec 2022 14:24:24 +0000 (15:24 +0100)]
INSTALL.md: Remove trailing space
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19960)
(cherry picked from commit
98663afce7a909be1518921a9995540308a52462)
slontis [Tue, 20 Dec 2022 05:54:34 +0000 (15:54 +1000)]
Docs: Move deprecated ECDSA_ functions into a separate file.
Fixes #19829
Examples added for setting/getting ECDSA SIG related r and s values
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19936)
(cherry picked from commit
c99209264de98da94937b073a42219bada9ff7f5)
slontis [Fri, 16 Dec 2022 02:26:44 +0000 (12:26 +1000)]
Change HKDF to alloc the info buffer.
Fixes #19909
I have enforced a maximum bound still but it is much higher.
Note also that TLS13 still uses the 2048 buffer size.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19923)
(cherry picked from commit
e8115bd1654d5cd7718109679b2047ca573083a8)
xkernel [Wed, 14 Dec 2022 16:22:40 +0000 (00:22 +0800)]
ec_kmgmt.c: check the return of BN_CTX_get() in time.
If x and y are all NULL, then it is unnecessary to do subsequent operations.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19905)
(cherry picked from commit
467b0492c1e597857b30b91ed72605387aa9825b)
Matheus Cunha [Sun, 11 Dec 2022 05:02:48 +0000 (02:02 -0300)]
INSTALL.md: Fix typo
CLA:trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19882)
(cherry picked from commit
0e4e03c8528ab54a5b125582afdf2cdadfb6c9bb)
slontis [Wed, 7 Dec 2022 20:03:26 +0000 (06:03 +1000)]
Add Demos for DSA params/DSA keygen.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19853)
(cherry picked from commit
de1164102083730298e4f53eb465c9324aa6a0c0)
Bernd Edlinger [Sun, 13 Nov 2022 20:34:16 +0000 (21:34 +0100)]
Fix possible UB in init_info_strings
"openssl version -c" may create undefined behavior in the shift:
crypto/info.c:42:50: runtime error: left shift of
4275712515
by 32 places cannot be represented in type 'long long int'
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19668)
(cherry picked from commit
ee17dcc7ffbd6621f82838c75792f19aa97bd5d7)
Matt Caswell [Tue, 6 Dec 2022 15:12:59 +0000 (15:12 +0000)]
Add a CMS test for a bad encryption algorithm
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
(cherry picked from commit
0c5fe6e4e740e7150ecb9f0a1954ef085f1fcf10)
Matt Caswell [Tue, 6 Dec 2022 14:51:54 +0000 (14:51 +0000)]
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID
If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an error rather than continuing on
regardless. Continuing on still ends up failing - but later on and with a
more cryptic error message.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
(cherry picked from commit
cc122995d1fa12fb8f93562e0aca4a62cd83fc5b)
Matt Caswell [Tue, 6 Dec 2022 14:35:53 +0000 (14:35 +0000)]
Fix BIO_f_asn1() to properly report some errors
Some things that may go wrong in asn1_bio_write() are serious errors
that should be reported as -1, rather than 0 (which just means "we wrote
no data").
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
(cherry picked from commit
903e96599b53639d6a72f9b05514f93136eaf03b)
Matt Caswell [Tue, 6 Dec 2022 14:21:23 +0000 (14:21 +0000)]
Fix SMIME_crlf_copy() to properly report an error
If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not
correctly reporting the error. We modify it to properly propagate the
error condition.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
(cherry picked from commit
6259cf34eab1abdcfde12b7b3892b4780844091b)
Matt Caswell [Tue, 6 Dec 2022 14:18:53 +0000 (14:18 +0000)]
Fix BIO_f_cipher() flushing
If an error occurs during a flush on a BIO_f_cipher() then in some cases
we could get into an infinite loop. We add a check to make sure we are
making progress during flush and exit if not.
This issue was reported by Octavio Galland who also demonstrated an
infinite loop in CMS encryption as a result of this bug.
The security team has assessed this issue as not a CVE. This occurs on
*encryption* only which is typically processing trusted data. We are not
aware of a way to trigger this with untrusted data.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
(cherry picked from commit
54b5aeb94c34cc78166dec7cf756c12ee858eb29)
Nicola Tuveri [Sun, 27 Nov 2022 21:43:16 +0000 (23:43 +0200)]
Update pyca-cryptography submodule to 38.0.4
(cherry picked from commit
d656efb9eb7692c0b1cba843d7787751e388cc8a)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19901)
Nicola Tuveri [Sat, 18 Sep 2021 15:17:39 +0000 (18:17 +0300)]
Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.
Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).
Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.
This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.
For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.
Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
change in behavior for our providers.
Fixes #16595
(cherry picked from commit
926db476bc669fdcc4c4d2f1cb547060bdbfa153)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19901)
Bernd Edlinger [Fri, 16 Dec 2022 18:30:29 +0000 (19:30 +0100)]
Fix a logic flaw in test_mod_exp_zero
Due to the logic flaw, possible test failures
in this test case might be ignored.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19929)
(cherry picked from commit
42061268ee8f9ae0555d522870740fc91b744f4f)
Tomas Mraz [Tue, 20 Dec 2022 08:24:51 +0000 (09:24 +0100)]
Raise the KMAC limits for key and custom size to 512 bytes
This is necessary to pass new ACVP tests and to
fix the CI failure in FIPS provider compat CI
Partial cherry pick of
211c47ca1b1ac129dcee59d383cae44e36532bb9
Original-author: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19937)
slontis [Mon, 7 Nov 2022 05:32:07 +0000 (15:32 +1000)]
Update FIPS related build instructions.
This also links back to the new location that lists the cert and
security policy.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19617)
(cherry picked from commit
e8241fb6fe4e73bb337c9068e5a2421948ee40ad)
Peiwei Hu [Fri, 2 Dec 2022 07:43:01 +0000 (15:43 +0800)]
Refine the documents of several APIs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19816)
(cherry picked from commit
dd1f28427b375931fda45180619c8f5971cd6bca)
slontis [Wed, 7 Dec 2022 22:16:03 +0000 (08:16 +1000)]
Update HMAC() documentation.
Fixes #19782
Clarify that EVP_Q_MAC() can be used as an alternative that allows
setting of the libctx.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19855)
(cherry picked from commit
d1ebd99397e18de367918c201c25c389f1f07005)
Tomas Mraz [Wed, 14 Dec 2022 15:44:48 +0000 (16:44 +0100)]
Fix FIPS Provider compat CI of 3.0 libcrypto with 3.2 FIPS provider
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19904)
Pauli [Tue, 13 Dec 2022 22:21:39 +0000 (09:21 +1100)]
Coverity: fix 272011 resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19900)
(cherry picked from commit
a167e048a40151f9884014680c9a765ef79c3b44)
Simo Sorce [Wed, 7 Dec 2022 23:50:51 +0000 (18:50 -0500)]
Fix openssl storeutl to allow serial + issuer
storeutl wants to enforce the use of issuer and serial together,
however the current code prevents to use them together and returns an
error if only one of them is specified.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19856)
(cherry picked from commit
abdf35158e4398deedcf160c28bd07c7080edf47)
Tomas Mraz [Fri, 9 Dec 2022 12:27:02 +0000 (13:27 +0100)]
Make error reason for disallowed legacy sigalg more specific
The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.
Fixes #19867
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)
(cherry picked from commit
97b8db1af2f71059ecea986e4d12fc6a23699a74)
Čestmír Kalina [Fri, 2 Dec 2022 15:53:57 +0000 (16:53 +0100)]
crypto/err: expand on error code generation
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19823)
(cherry picked from commit
2ee2b74cc7b78d2fd3c15dab08adb76fee6249f9)
Tomas Mraz [Fri, 9 Dec 2022 11:13:36 +0000 (12:13 +0100)]
Run-checker merge CI: Memleak test does not work without ubsan
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19874)
(cherry picked from commit
1ca61aa56090356bbdbb16cf48916fbd9886c78d)
Tomas Mraz [Fri, 9 Dec 2022 11:12:35 +0000 (12:12 +0100)]
Revert "Run-checker merge CI: Replace no-shared with no-modules"
This reverts commit
d5696547e46e9ea85fcb7581b9d49c58b7c24eeb.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19874)
(cherry picked from commit
b71b9534c423eaae79378556337e466a7dec8e35)
wangyuhang [Wed, 7 Dec 2022 08:48:16 +0000 (16:48 +0800)]
unbuffer stdin before get passwd from stdin
commond LD_LIBRARY_PATH= openssl rsa -aes256 -passout stdin <<< "xxxxxx” will get pass(fun app_get_pass()) from stdin first, and then load key(fun load_key()). but it unbuffer stdin before load key, this will cause the load key to fail.
now unbuffer stdin before get pass, this will solve https://github.com/openssl/openssl/issues/19835
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19851)
(cherry picked from commit
efec0f4611ee854f2b0b3da0c135e839bf8e7d04)
Clemens Lang [Mon, 21 Nov 2022 13:33:57 +0000 (14:33 +0100)]
Obtain PSS salt length from provider
Rather than computing the PSS salt length again in core using
ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
salt length, obtain it from the provider using the
OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
interpretation of the magic constants in the provider differs from that
of OpenSSL core.
Add tests that verify that the rsa_pss_saltlen:max,
rsa_pss_saltlen:<integer> and rsa_pss_saltlen:digest options work and
put the computed digest length into the CMS_ContentInfo struct when
using CMS. Do not add a test for the salt length generated by a provider
when no specific rsa_pss_saltlen option is defined, since that number
could change between providers and provider versions, and we want to
preserve compatibility with older providers.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
5a3bbe1712435d577bbc5ec046906979e8471d8b)
(Merged from https://github.com/openssl/openssl/pull/19863)
Tomas Mraz [Thu, 8 Dec 2022 13:24:40 +0000 (14:24 +0100)]
Run-checker merge CI: Replace no-shared with no-modules
ASAN otherwise fails to detect memleaks.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
(cherry picked from commit
d5696547e46e9ea85fcb7581b9d49c58b7c24eeb)
Tomas Mraz [Thu, 8 Dec 2022 11:28:51 +0000 (12:28 +0100)]
Cross compiles CI: Disable stringop-overflow warning on s390x and m68k
These warnings trigger on false positives on these platforms
with recent compiler update.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
(cherry picked from commit
8b63a305bf2db0e980cb76040fa66a17f781d6c7)
Tomas Mraz [Thu, 8 Dec 2022 10:33:30 +0000 (11:33 +0100)]
Fuzz checker CI: Use more generic include dir for fuzzer includes
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19860)
(cherry picked from commit
aef6b82882750594b7f8e50ad734d9fe1d70f049)
dependabot[bot] [Thu, 8 Dec 2022 17:13:32 +0000 (17:13 +0000)]
Bump actions/setup-python from 4.3.0 to 4.3.1
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.0...v4.3.1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19866)
(cherry picked from commit
7176c1af1077e1740f9d5e0dfc1028cf8a422792)
Todd Short [Mon, 5 Dec 2022 15:30:27 +0000 (10:30 -0500)]
Fix `no-ec enable-ktls` build
The KTLS test uses a TLSv1.2 cipher that uses ECDHE
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19841)
(cherry picked from commit
2dded44a4911250acb989a535d2bad0bcf0ccc78)