openssl.git
6 hours agoFix the return values of the aarch64 unroll8_eor_aes_gcm_*_*_kernel functions master
Tom Cosgrove [Sat, 28 Jan 2023 18:43:30 +0000 (18:43 +0000)]
Fix the return values of the aarch64 unroll8_eor_aes_gcm_*_*_kernel functions

These aren't currently checked when they are called in cipher_aes_gcm_hw_armv8.inc,
but they are declared as returning as size_t the number of bytes they have processed,
and the aes_gcm_*_*_kernel (unroll by 4) versions of these do return the correct
values.

Change-Id: Ic3eaf139e36e29e8779b5bd8b867c08fde37a337

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20191)

7 hours agoCMP cert_response(): add missing rejection status on client rejecting new cert
Dr. David von Oheimb [Wed, 1 Feb 2023 16:22:17 +0000 (17:22 +0100)]
CMP cert_response(): add missing rejection status on client rejecting new cert

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agocmp_client_test.c: add tests for errors reported by server on subsequent requests...
Dr. David von Oheimb [Wed, 1 Feb 2023 14:50:54 +0000 (15:50 +0100)]
cmp_client_test.c: add tests for errors reported by server on subsequent requests in a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agoossl_cmp_mock_srv_new.pod: correct/update names of internal test support functions
Dr. David von Oheimb [Wed, 1 Feb 2023 14:47:14 +0000 (15:47 +0100)]
ossl_cmp_mock_srv_new.pod: correct/update names of internal test support functions

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agoOSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of...
Dr. David von Oheimb [Wed, 1 Feb 2023 14:43:35 +0000 (15:43 +0100)]
OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agocmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer}
Dr. David von Oheimb [Wed, 1 Feb 2023 14:39:52 +0000 (15:39 +0100)]
cmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer}

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agoCMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce
Dr. David von Oheimb [Wed, 1 Feb 2023 14:37:21 +0000 (15:37 +0100)]
CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agoossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)
Dr. David von Oheimb [Wed, 1 Feb 2023 14:36:25 +0000 (15:36 +0100)]
ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agotest_get_libctx(): prevent crash when called with NULL provider arg
Dr. David von Oheimb [Wed, 1 Feb 2023 14:34:19 +0000 (15:34 +0100)]
test_get_libctx(): prevent crash when called with NULL provider arg

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

7 hours agoFix BIO_set_indent() check
Niels Dossche [Wed, 1 Feb 2023 14:06:12 +0000 (15:06 +0100)]
Fix BIO_set_indent() check

This function returns an errorcode <= 0, but only < 0 is checked. Other
callers that check the return value perform this check correctly. Fix it
by changing the check to <= 0.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20186)

7 hours agoAdd tests for FIPS keygen self test failures.
slontis [Tue, 31 Jan 2023 23:19:02 +0000 (09:19 +1000)]
Add tests for FIPS keygen self test failures.

During key generation RSA, EC and DSA have extra tests that run in FIPS mode
All 3 algorithms have a pairwise test, EC & DSA also run a KAT test.

This test uses the self test callback to force an error
during each of the extra pairwise and KAT tests.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20183)

7 hours agoFix incomplete BIO_dup_state() error check
ndossche [Thu, 2 Feb 2023 13:02:34 +0000 (14:02 +0100)]
Fix incomplete BIO_dup_state() error check

BIO_dup_state() returns an error code <= 0 according to my analysis tool
and the documentation. Currently only == 0 is checked. Fix it by
changing the check condition.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20194)

7 hours agoFix incomplete check on CMS_SharedInfo_encode
ndossche [Tue, 31 Jan 2023 15:30:26 +0000 (16:30 +0100)]
Fix incomplete check on CMS_SharedInfo_encode

CMS_SharedInfo_encode() can also return a negative error value, but this
is not checked in the current check, only the zero error return value is
covered. A previous PR [1] fixed the other caller's check of
CMS_SharedInfo_encode in this file, but it seems like this place was
missed. Fix it by changing the check to <= 0.

[1] https://github.com/openssl/openssl/pull/12628/commits/a752fc4da5e1dfd5b3a730d95272c2e2b0c48f1a

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20181)

7 hours agoFix error check on default_check() helper function
ndossche [Mon, 30 Jan 2023 14:24:01 +0000 (15:24 +0100)]
Fix error check on default_check() helper function

default_check() can return a zero value to indicate an internal error in
one condition for the PRE_CTRL_STR_TO_PARAMS state. This state can be
reached from the default_fixup_args() function which does not check for
a zero value. All other callers of default_check() in that file do check
for a zero return value. Fix it by changing the check to <= 0.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20175)

7 hours agoApply aes-gcm unroll8+eor3 optimization patch to Neoverse V2
Xiaokang Qian [Sun, 29 Jan 2023 06:22:43 +0000 (06:22 +0000)]
Apply aes-gcm unroll8+eor3 optimization patch to Neoverse V2

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20184)

7 hours agoS390x: Support ME and CRT offloading
Juergen Christ [Fri, 20 Jan 2023 16:43:59 +0000 (17:43 +0100)]
S390x: Support ME and CRT offloading

S390x has to ability to offload modular exponentiation and CRT operations to
Crypto Express Adapters.  This possible performance optimization was not yet
used by OpenSSL.  Add support for offloading and implement an optimized
version of RSA and DH with it.

The environment variable OPENSSL_s390xcap now recognizes the token "nocex" to
prevent offloading.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20113)

7 hours agoFix incomplete error check on BIO_set_md()
ndossche [Thu, 2 Feb 2023 15:11:16 +0000 (16:11 +0100)]
Fix incomplete error check on BIO_set_md()

BIO_set_md() can return an error value <= 0 according to my analysis
tool and the documentation. But only an error value == 0 is currently
checked. Fix it by changing the check condition.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20195)

7 hours agoCMS_decrypt_set1_*(): fix NULL deref on unsuitable content type
Dr. David von Oheimb [Mon, 2 Jan 2023 12:05:08 +0000 (13:05 +0100)]
CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type

Fixes #19975
for CMS_decrypt_set1_pkey_and_peer() in the obvious way,
and a related potential crash in CMS_decrypt_set1_password().

The point is that the input might have an unexpected content type,
so a guard is needed at both places after `ec` is obtained.

Note that in CMS_decrypt_set1_pkey_and_peer() there was
no such ec != NULL guard for
```
    if (ris != NULL)
        debug = ec->debug;
```
maybe because it is implied here by ris != NULL.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19981)

7 hours agoAdd coverage test for ossl_rsa_sp800_56b_derive_params_from_pq
slontis [Thu, 2 Feb 2023 23:37:51 +0000 (09:37 +1000)]
Add coverage test for ossl_rsa_sp800_56b_derive_params_from_pq

This test runs the error path for the above function.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20200)

7 hours agoCMP app and doc: improve texts on (un-)trusted certs, srvCert, etc.
Dr. David von Oheimb [Mon, 19 Dec 2022 09:56:50 +0000 (10:56 +0100)]
CMP app and doc: improve texts on (un-)trusted certs, srvCert, etc.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19946)

7 hours agoNew function EC_GROUP_to_params to convert an EC_GROUP to an array of OSSL_PARAM.
Oliver Mihatsch [Thu, 2 Feb 2023 11:15:14 +0000 (12:15 +0100)]
New function EC_GROUP_to_params to convert an EC_GROUP to an array of OSSL_PARAM.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20205)

7 hours agocheck-format.pl: fix statistics on whitespace and nesting issues
Dr. David von Oheimb [Wed, 30 Nov 2022 20:11:48 +0000 (21:11 +0100)]
check-format.pl: fix statistics on whitespace and nesting issues

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19796)

7 hours agocheck-format.pl: fix detection of '#ifdef __cplusplus'
Dr. David von Oheimb [Wed, 30 Nov 2022 20:12:20 +0000 (21:12 +0100)]
check-format.pl: fix detection of '#ifdef __cplusplus'

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19796)

7 hours agocheck-format.pl: fix detection of function body start
Dr. David von Oheimb [Wed, 30 Nov 2022 20:07:40 +0000 (21:07 +0100)]
check-format.pl: fix detection of function body start

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19796)

7 hours agoRationalize FIPS sources
Tomas Mraz [Fri, 11 Nov 2022 15:18:48 +0000 (16:18 +0100)]
Rationalize FIPS sources

Avoid including QUIC related stuff in the FIPS sources.
Also avoid including libssl headers in ssl3_cbc.c.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19658)

7 hours agoAdd Tests for RSA_sign_ASN1_OCTET_STRING & RSA_verify_ASN1_OCTET_STRING
slontis [Mon, 6 Feb 2023 04:26:23 +0000 (14:26 +1000)]
Add Tests for RSA_sign_ASN1_OCTET_STRING & RSA_verify_ASN1_OCTET_STRING

Note: Internally RSA_sign_ASN1_OCTET_STRING() is used with
RSA signing only when the digest is MDC2,
and RSA_verify_ASN1_OCTET_STRING() is unused.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20220)

7 hours agoAdd more punycode tests and remove ossl_a2ucompare()
slontis [Tue, 31 Jan 2023 00:50:22 +0000 (10:50 +1000)]
Add more punycode tests and remove ossl_a2ucompare()

The unused and untested internal function ossl_a2ucompare() has been
removed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20177)

7 hours agofuzz: make post handshake reachable
Philippe Antoine [Wed, 25 Jan 2023 14:43:50 +0000 (15:43 +0100)]
fuzz: make post handshake reachable

So that CVE-2021-3449 can be found through fuzzing

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/20128)

7 hours agoDocument limits on static and dynamic linking for HPE NonStop platforms.
Randall S. Becker [Wed, 21 Dec 2022 17:32:32 +0000 (10:32 -0700)]
Document limits on static and dynamic linking for HPE NonStop platforms.

Documentation is necessary as static and dynamic linking cause SIGSEGV
during atexit() processing on the platform.

Fixes: 19951
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19952)

(cherry picked from commit e80518db6d52f9e6faec09df7c25f08a74e8aec2)

8 hours agoFix a potential memory leak in apps/s_server.c
besher [Sat, 4 Feb 2023 23:08:14 +0000 (00:08 +0100)]
Fix a potential memory leak in apps/s_server.c

Allocate memory for a new SSL session.
If any of these steps fail,
free the key memory and the tmpsess object
before returning 0 to prevent a memory leak.

Fixes: #20110
CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20213)

8 hours agoFix incomplete error check on BIO_set_accept_name()
ndossche [Fri, 3 Feb 2023 12:43:03 +0000 (13:43 +0100)]
Fix incomplete error check on BIO_set_accept_name()

BIO_set_accept_name() can return error values -1 and 0 according to
my analysis tool and the documentation. Documentation says a value of 1
indicates success. Currently, only an error value != 0 is checked which
erroneously interprets a -1 error return value as success.
Fix it by changing the check condition.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20206)

8 hours agoRestrict the Arm 'LDR REG, =VALUE' pseudo instruction on Neon, to appease clang
Tom Cosgrove [Mon, 6 Feb 2023 08:32:46 +0000 (08:32 +0000)]
Restrict the Arm 'LDR REG, =VALUE' pseudo instruction on Neon, to appease clang

Unlike gcc, the clang assembler has issues with the maximum value of the literal
in the `ldr REG, #VALUE` pseudo-instruction (where the assembler places the
value into a literal pool and generates a PC-relative load from that pool) when
used with Neon registers.

Specifically, while dN refers to 64-bit Neon registers, and qN refers to 128-bit
Neon registers, clang assembly only supports a maximum of 32-bit loads to
either with this instruction.

Therefore restrict accordingly to avoid breakage when building with clang.

clang appears to support the correct maximums with the scalar registers xN etc.

This will prevent the kind of breakage we saw when #19914 was merged (which has
since been fixed by #20202) - assembly authors will need to manually apply the
literal load, as is done in #20202.

None of the Arm assembler code uses this pseudo-instruction anyway, as it
doesn't seem to avoid duplication of constants.

Change-Id: If52f6ce22c10feb1cc334d996ff71b1efed3218e

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20222)

8 hours agoci: Add djgpp build
J.W. Jagersma [Wed, 28 Sep 2022 18:12:55 +0000 (20:12 +0200)]
ci: Add djgpp build

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19307)

12 hours agodes: prevent error when using two key triple DES with a random key
Pauli [Mon, 6 Feb 2023 22:29:57 +0000 (09:29 +1100)]
des: prevent error when using two key triple DES with a random key

Two key 3DES only sets two keys and the random generation errors out if fewer
than three keys are required.  It shouldn't.

Fixes #20212

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20224)

12 hours agoFix more VMS inclusions
Richard Levitte [Thu, 2 Feb 2023 16:51:26 +0000 (17:51 +0100)]
Fix more VMS inclusions

inclusing quic/quic_local.h from ssl/ssl_lib.c presented another challenge
for the current VMS C.  Since ssl/quic/quic_local.h in turn includes
../ssl_local.h, we compensated for with the usual whack-a-mole in
Configurations/descrip.mms.tmpl.

As far as my personal tests go, this seems to be the last fix of this sort,
so far.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20196)

15 hours agoInternaly declare the DSA type for no-deprecated builds
Tomas Mraz [Fri, 3 Feb 2023 13:57:04 +0000 (14:57 +0100)]
Internaly declare the DSA type for no-deprecated builds

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 7a21a1b5fa2dac438892cf3292d1f9c445d870d9)
(cherry picked from commit 2ad9928170768653d19d81881deabc5f9c1665c0)

26 hours agoremove EdDSA from changes entry about non-fips algorithms
Pauli [Sun, 5 Feb 2023 20:46:22 +0000 (07:46 +1100)]
remove EdDSA from changes entry about non-fips algorithms

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20219)

26 hours agodoc: remove EdDSA from list of non-FIPS algorithms.
Pauli [Sun, 5 Feb 2023 20:44:36 +0000 (07:44 +1100)]
doc: remove EdDSA from list of non-FIPS algorithms.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20219)

26 hours agoPut EdDSA back as approved algorithms.
Pauli [Sun, 5 Feb 2023 20:39:49 +0000 (07:39 +1100)]
Put EdDSA back as approved algorithms.

With FIPS 186-5 being published, these can again be validated.
https://csrc.nist.gov/publications/detail/fips/186/5/final

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20219)

30 hours agoEnable some disabled __owurs
Dmitry Belyavskiy [Thu, 24 Jun 2021 17:23:07 +0000 (19:23 +0200)]
Enable some disabled __owurs

Fixes #15902

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/15905)

31 hours agoAdditional testcase for missing return check of BIO_set_md() calls
Tomas Mraz [Thu, 19 Jan 2023 07:37:53 +0000 (08:37 +0100)]
Additional testcase for missing return check of BIO_set_md() calls

This tests the handling of PKCS7 signedAndEnveloped type.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
31 hours agoSupport signedAndEnveloped content in PKCS7_decrypt()
Tomas Mraz [Wed, 18 Jan 2023 17:07:55 +0000 (18:07 +0100)]
Support signedAndEnveloped content in PKCS7_decrypt()

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
31 hours agoAdd testcase for missing return check of BIO_set_md() calls
Tomas Mraz [Wed, 18 Jan 2023 16:07:24 +0000 (17:07 +0100)]
Add testcase for missing return check of BIO_set_md() calls

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
31 hours agopk7_doit.c: Check return of BIO_set_md() calls
Tomas Mraz [Wed, 18 Jan 2023 08:27:53 +0000 (09:27 +0100)]
pk7_doit.c: Check return of BIO_set_md() calls

These calls invoke EVP_DigestInit() which can fail for digests
with implicit fetches. Subsequent EVP_DigestUpdate() from BIO_write()
or EVP_DigestFinal() from BIO_read() will segfault on NULL
dereference. This can be triggered by an attacker providing
PKCS7 data digested with MD4 for example if the legacy provider
is not loaded.

If BIO_set_md() fails the md BIO cannot be used.

CVE-2023-0401

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
31 hours agoFix GENERAL_NAME_cmp for x400Address (master)
Hugo Landau [Tue, 17 Jan 2023 17:45:42 +0000 (17:45 +0000)]
Fix GENERAL_NAME_cmp for x400Address (master)

CVE-2023-0286

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
31 hours agoAdd test for DSA pubkey without param import and check
Tomas Mraz [Fri, 13 Jan 2023 17:46:15 +0000 (18:46 +0100)]
Add test for DSA pubkey without param import and check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
31 hours agoDo not create DSA keys without parameters by decoder
Tomas Mraz [Fri, 13 Jan 2023 16:59:52 +0000 (17:59 +0100)]
Do not create DSA keys without parameters by decoder

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
31 hours agoPrevent creating DSA and DH keys without parameters through import
Tomas Mraz [Fri, 13 Jan 2023 16:57:59 +0000 (17:57 +0100)]
Prevent creating DSA and DH keys without parameters through import

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
31 hours agoFix NULL deference when validating FFC public key.
slontis [Wed, 11 Jan 2023 01:05:04 +0000 (11:05 +1000)]
Fix NULL deference when validating FFC public key.

Fixes CVE-2023-0217

When attempting to do a BN_Copy of params->p there was no NULL check.
Since BN_copy does not check for NULL this is a NULL reference.

As an aside BN_cmp() does do a NULL check, so there are other checks
that fail because a NULL is passed. A more general check for NULL params
has been added for both FFC public and private key validation instead.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
31 hours agoAdd test for d2i_PKCS7 NULL dereference
Tomas Mraz [Mon, 16 Jan 2023 18:56:20 +0000 (19:56 +0100)]
Add test for d2i_PKCS7 NULL dereference

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
31 hours agoDo not dereference PKCS7 object data if not set
Tomas Mraz [Mon, 16 Jan 2023 18:45:23 +0000 (19:45 +0100)]
Do not dereference PKCS7 object data if not set

Fixes CVE-2023-0216

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
31 hours agoCheck CMS failure during BIO setup with -stream is handled correctly
Matt Caswell [Wed, 14 Dec 2022 17:15:18 +0000 (17:15 +0000)]
Check CMS failure during BIO setup with -stream is handled correctly

Test for the issue fixed in the previous commit

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
31 hours agoFix a UAF resulting from a bug in BIO_new_NDEF
Matt Caswell [Wed, 14 Dec 2022 16:18:14 +0000 (16:18 +0000)]
Fix a UAF resulting from a bug in BIO_new_NDEF

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
31 hours agoAdd a test for CVE-2022-4450
Matt Caswell [Tue, 13 Dec 2022 15:02:26 +0000 (15:02 +0000)]
Add a test for CVE-2022-4450

Call PEM_read_bio_ex() and expect a failure. There should be no dangling
ptrs and therefore there should be no double free if we free the ptrs on
error.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
31 hours agoAvoid dangling ptrs in header and data params for PEM_read_bio_ex
Matt Caswell [Tue, 13 Dec 2022 14:54:55 +0000 (14:54 +0000)]
Avoid dangling ptrs in header and data params for PEM_read_bio_ex

In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.

Thanks to Dawei Wang for reporting this issue.

Based on a proposed patch by Kurt Roeckx.

CVE-2022-4450

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
31 hours agoFix Timing Oracle in RSA decryption
Dmitry Belyavskiy [Wed, 30 Nov 2022 13:48:40 +0000 (14:48 +0100)]
Fix Timing Oracle in RSA decryption

A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Patch written by Dmitry Belyavsky and Hubert Kario

CVE-2022-4304

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
31 hours agoAdd testcase for nc_match_single type confusion
Tomas Mraz [Tue, 13 Dec 2022 18:45:09 +0000 (19:45 +0100)]
Add testcase for nc_match_single type confusion

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
31 hours agoFix type confusion in nc_match_single()
Viktor Dukhovni [Tue, 13 Dec 2022 07:49:13 +0000 (08:49 +0100)]
Fix type confusion in nc_match_single()

This function assumes that if the "gen" is an OtherName, then the "base"
is a rfc822Name constraint. This assumption is not true in all cases.
If the end-entity certificate contains an OtherName SAN of any type besides
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
OtherName (of any type), then "nc_email_eai" will be invoked, with the
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.

Reported by Corey Bonnell from Digicert.

CVE-2022-4203

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2 days agoFix SM4-XTS build failure on Mac mini M1
Xu Yizhou [Fri, 3 Feb 2023 07:59:59 +0000 (15:59 +0800)]
Fix SM4-XTS build failure on Mac mini M1

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20202)

5 days agoFix typo in Ordinals.pm from PR #14074
Viktor Dukhovni [Fri, 3 Feb 2023 01:29:33 +0000 (20:29 -0500)]
Fix typo in Ordinals.pm from PR #14074

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20201)

6 days agoAPPS/{storeutl,gendsa}: give error on extra arguments, improve doc
Dr. David von Oheimb [Fri, 27 Jan 2023 13:31:45 +0000 (14:31 +0100)]
APPS/{storeutl,gendsa}: give error on extra arguments, improve doc

Point out that options must be given before the final file/URI arg.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20156)

6 days agoAPPS load_key_certs_crls(): improve diagnostics on not finding expected types of...
Dr. David von Oheimb [Mon, 16 Jan 2023 18:38:01 +0000 (19:38 +0100)]
APPS load_key_certs_crls(): improve diagnostics on not finding expected types of contents

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20156)

6 days agoSM4 AESE optimization for ARMv8
Xu Yizhou [Wed, 18 Jan 2023 01:55:02 +0000 (09:55 +0800)]
SM4 AESE optimization for ARMv8

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19914)

6 days agoFix incomplete check on EVP_CIPHER_param_to_asn1()
ndossche [Tue, 31 Jan 2023 12:20:17 +0000 (13:20 +0100)]
Fix incomplete check on EVP_CIPHER_param_to_asn1()

That function is a wrapper around evp_cipher_param_to_asn1_ex() which
can return 0 as an error value via its ret <= 0 check [1].
Furthermore, all other callers of this function check against <= 0
instead of < 0 and this is also in line with what the documentation
tells us. Fix the incomplete check by changing it to <= 0 as well.

CLA: trivial

[1] https://github.com/openssl/openssl/blob/114d99b46bfb212ffc510865df317ca2c1542623/crypto/evp/evp_lib.c#L164-L165

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20180)

7 days agoUse $config{build_file} instead of $target{build_file}
Richard Levitte [Mon, 30 Jan 2023 12:54:01 +0000 (13:54 +0100)]
Use $config{build_file} instead of $target{build_file}

If the user specifies an alternative build file than the default, this
alternative is recorded in $config{build_file}, not $target{build_file}.
Therefore, the former should be used, leaving the latter as a mere default.

This is a bug.  While fixing it, document it better too.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20173)

8 days agoFix a potential memory leak in crypto/provider_child.c
Ruili Fang [Sun, 29 Jan 2023 04:48:24 +0000 (23:48 -0500)]
Fix a potential memory leak in crypto/provider_child.c

Fix issue #20063.
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20163)

8 days agoBIO_read.pod: fix small typo
Andrea Pappacoda [Mon, 30 Jan 2023 09:28:49 +0000 (10:28 +0100)]
BIO_read.pod: fix small typo

Add missing `I` to `<b>`

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20169)

8 days agoDesign for the Fault Injector
Matt Caswell [Fri, 9 Dec 2022 17:01:01 +0000 (17:01 +0000)]
Design for the Fault Injector

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19877)

8 days agoDo not include sparse_array.o in libssl with no-shared
Tomas Mraz [Fri, 27 Jan 2023 09:25:10 +0000 (10:25 +0100)]
Do not include sparse_array.o in libssl with no-shared

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20137)

8 days agoAvoid duplicating symbols in legacy.a with some build options
Tomas Mraz [Wed, 25 Jan 2023 15:32:02 +0000 (16:32 +0100)]
Avoid duplicating symbols in legacy.a with some build options

If no-module or no-shared is used, the symbols from
libcrypto should not be duplicated in legacy.a

Also the BIGNUM functions are currently not needed
in legacy.a at all.

Fixes #20124

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20137)

8 days ago[doc] Sync documentation now that 3.0 honors OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT
Nicola Tuveri [Tue, 13 Dec 2022 23:55:49 +0000 (01:55 +0200)]
[doc] Sync documentation now that 3.0 honors OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT

https://github.com/openssl/openssl/pull/19901 backported the
"Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to
UNCOMPRESSED" changeset to 3.0.

This commit updates:

- the HISTORY notes of the relevant documentation to mark the change
  happened since 3.0.8.

- the `CHANGES.md file` to sync up with the tip of the `openssl-3.0`
  branch

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20003)

8 days agoFix incomplete check on X509V3_add1_i2d()
ndossche [Fri, 27 Jan 2023 14:43:42 +0000 (15:43 +0100)]
Fix incomplete check on X509V3_add1_i2d()

X509V3_add1_i2d() can return both -1 and 0 as an error code. This check
only checked for 0. Change it into <= 0 to also catch the -1 error code.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20157)

8 days agoWorkaround crash in atexit on NonStop platforms
Tomas Mraz [Tue, 6 Dec 2022 09:52:47 +0000 (10:52 +0100)]
Workaround crash in atexit on NonStop platforms

We cannot dynamically load the legacy provider into an application
that is linked statically to libcrypto as this causes
a double loading of libcrypto (one static and one dynamic) and
on NonStop this leads to a segfault in atexit().

Fixes #17537

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19844)

9 days agoChaCha20-Poly1305 no longer supports truncated IV's.
slontis [Fri, 27 Jan 2023 03:18:17 +0000 (13:18 +1000)]
ChaCha20-Poly1305 no longer supports truncated IV's.

Fixes #20084

In the 3.0 provider implementation the generic code that handles IV's
only allows a 12 byte IV. Older code intentionally added the ability for
the IV to be truncated.
As this truncation is unsafe, the documentation has been updated to
state that this in no longer allowed. The code has been updated to
produce an error when the iv length is set to any value other than 12.

NOTE: It appears that this additional padding may have originated from the code
which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes.

Note that legacy behaviour in e_chacha20_poly1305.c has not been
updated.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20151)

9 days agoQUIC Probes Support: Minor tweaks
Hugo Landau [Thu, 26 Jan 2023 13:30:38 +0000 (13:30 +0000)]
QUIC Probes Support: Minor tweaks

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19925)

9 days agoQUIC TXP: Allow TXP to generate probes
Hugo Landau [Fri, 16 Dec 2022 10:57:11 +0000 (10:57 +0000)]
QUIC TXP: Allow TXP to generate probes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19925)

9 days agoQUIC ACKM: Rework probe reporting to allow use for bookkeeping
Hugo Landau [Fri, 16 Dec 2022 10:53:02 +0000 (10:53 +0000)]
QUIC ACKM: Rework probe reporting to allow use for bookkeeping

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19925)

9 days agoQUIC ACKM: Clarify probe types
Hugo Landau [Fri, 16 Dec 2022 10:11:10 +0000 (10:11 +0000)]
QUIC ACKM: Clarify probe types

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19925)

9 days agoSSL_conf_cmd: add support for IgnoreUnexpectedEOF
Steffen Nurpmeso [Thu, 19 Jan 2023 21:04:46 +0000 (22:04 +0100)]
SSL_conf_cmd: add support for IgnoreUnexpectedEOF

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20089)

10 days agoEnable AES optimisation on Apple Silicon M2-based systems
Tom Cosgrove [Wed, 25 Jan 2023 19:34:25 +0000 (19:34 +0000)]
Enable AES optimisation on Apple Silicon M2-based systems

Gives a performance enhancement of 16-38%, similar to the M1.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20141)

10 days agocoverity 1520506: error handling
Pauli [Wed, 25 Jan 2023 01:06:23 +0000 (12:06 +1100)]
coverity 1520506: error handling

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20132)

10 days agocoverity 1520505: error handling
Pauli [Wed, 25 Jan 2023 01:06:09 +0000 (12:06 +1100)]
coverity 1520505: error handling

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20132)

12 days agocompute_pqueue_growth(): Fix the return type
Tomas Mraz [Mon, 16 Jan 2023 11:26:20 +0000 (12:26 +0100)]
compute_pqueue_growth(): Fix the return type

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20012)

12 days agoImplement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() code
Tomas Mraz [Mon, 9 Jan 2023 17:39:50 +0000 (18:39 +0100)]
Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() code

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20012)

12 days agoRevert "Give BIO_s_mem() the ability to support datagrams"
Tomas Mraz [Mon, 9 Jan 2023 17:03:07 +0000 (18:03 +0100)]
Revert "Give BIO_s_mem() the ability to support datagrams"

This reverts commit 5a4ba72f00f9b336a4d65abff822699ceb9617c6.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20012)

12 days agoQUIC FIN Support: Documentation fixups
Hugo Landau [Thu, 26 Jan 2023 13:24:35 +0000 (13:24 +0000)]
QUIC FIN Support: Documentation fixups

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoQUIC FIN Support: Various fixes
Hugo Landau [Tue, 24 Jan 2023 10:34:00 +0000 (10:34 +0000)]
QUIC FIN Support: Various fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoQUIC TSERVER: Fix probable nondeterminism in some OS network stacks
Hugo Landau [Thu, 5 Jan 2023 10:51:14 +0000 (10:51 +0000)]
QUIC TSERVER: Fix probable nondeterminism in some OS network stacks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoQUIC: Add documentation for stream and connection shutdown functions
Hugo Landau [Thu, 5 Jan 2023 08:35:07 +0000 (08:35 +0000)]
QUIC: Add documentation for stream and connection shutdown functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoQUIC Test Server: Exercise end-of-stream condition on read and write
Hugo Landau [Tue, 13 Dec 2022 12:29:23 +0000 (12:29 +0000)]
QUIC Test Server: Exercise end-of-stream condition on read and write

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoQUIC Front End I/O API: Add support for signalling and detecting end-of-stream
Hugo Landau [Tue, 13 Dec 2022 12:28:54 +0000 (12:28 +0000)]
QUIC Front End I/O API: Add support for signalling and detecting end-of-stream

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoQUIC TXP: Fix handling of FIN stream chunks
Hugo Landau [Tue, 13 Dec 2022 12:27:43 +0000 (12:27 +0000)]
QUIC TXP: Fix handling of FIN stream chunks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoQUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex
Hugo Landau [Tue, 13 Dec 2022 12:27:05 +0000 (12:27 +0000)]
QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

12 days agoAdd notes about ignoring initialization failures on contexts
Tomas Mraz [Wed, 25 Jan 2023 09:15:05 +0000 (10:15 +0100)]
Add notes about ignoring initialization failures on contexts

Fixes #20130

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20136)

13 days agoDocument that the RSA e value is mandatory when importing.
slontis [Wed, 25 Jan 2023 01:06:34 +0000 (11:06 +1000)]
Document that the RSA e value is mandatory when importing.

The lab tried doing a RSA decryption primitive using just n (using p, q) and d.

This failed for 2 reasons:
(1) e is required when importing
(2) Internally e is used for blinding.

Note n and e can be calculated using:
n = pq
e = (1/d) mod (p-1)(q-1)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20133)

13 days agoFix Coverity 1520485: logically dead code
Pauli [Tue, 24 Jan 2023 01:23:37 +0000 (12:23 +1100)]
Fix Coverity 1520485: logically dead code

The check is unnecessary as the condition is already checked
before the switch statement.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20121)

13 days agoRevert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*"
Christoph Müllner [Wed, 25 Jan 2023 16:48:41 +0000 (17:48 +0100)]
Revert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*"

This reverts commit e787c57c538d0922004e49a10be0d403af773272.

The current CI host system is Ubuntu 22.04, which ships with QEMU 6.2.
This QEMU release is too old for the required RISC-V extensions.
We would need at least QEMU 7.1 (Aug 2022) for this patch.

Let's revert the patch.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20139)

13 days agoClarify the change of enc -S behavior in 3.0
Viktor Dukhovni [Tue, 24 Jan 2023 13:40:57 +0000 (14:40 +0100)]
Clarify the change of enc -S behavior in 3.0

Fixes  #19730

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19732)

13 days agorename 90-test_traceapi.t to 90-test_trace_api.t for consistency
Dr. David von Oheimb [Wed, 21 Dec 2022 13:16:33 +0000 (14:16 +0100)]
rename 90-test_traceapi.t to 90-test_trace_api.t for consistency

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)

13 days agoOSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense
Dr. David von Oheimb [Fri, 1 Jul 2022 20:12:08 +0000 (22:12 +0200)]
OSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)