Hugo Landau [Fri, 8 Sep 2023 10:40:03 +0000 (11:40 +0100)]
QLOG: Configuration
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Fri, 8 Sep 2023 10:13:39 +0000 (11:13 +0100)]
QLOG: JSON Encoder: Design
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22037)
Hugo Landau [Thu, 1 Feb 2024 07:45:15 +0000 (07:45 +0000)]
libssl: Make some global mutable structures constant
x
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23450)
Randall S. Becker [Thu, 25 Jan 2024 22:11:27 +0000 (22:11 +0000)]
Add atexit configuration option to using atexit() in libcrypto at build-time.
This fixes an issue with a mix of atexit() usage in DLL and statically linked
libcrypto that came out in the test suite on NonStop, which has slightly
different DLL unload processing semantics compared to Linux. The change
allows a build configuration to select whether to register OPENSSL_cleanup()
with atexit() or not, so avoid situations where atexit() registration causes
SIGSEGV.
INSTALL.md and CHANGES.md have been modified to include and describe this
option.
The no-atexit option has been added to .github/workflows/run-checker-daily.yml.
Fixes: #23135
Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23394)
Matt Caswell [Tue, 30 Jan 2024 16:51:52 +0000 (16:51 +0000)]
Remove a CVE reference from CHANGES/NEWS
master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before
it was released.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23432)
Neil Horman [Fri, 12 Jan 2024 15:55:04 +0000 (10:55 -0500)]
Add exemplar use case for rcu locks
To demonstrate the use of RCU locks, convert CONF_MOD api to using rcu
rather than RW locks
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22729)
Neil Horman [Fri, 12 Jan 2024 15:39:56 +0000 (10:39 -0500)]
RCU lock implementation
Introduce an RCU lock implementation as an alternative locking mechanism
to openssl. The api is documented in the ossl_rcu.pod
file
Read side implementaiton is comparable to that of RWLOCKS:
ossl_rcu_read_lock(lock);
<
critical section in which data can be accessed via
ossl_derefrence
>
ossl_rcu_read_unlock(lock);
Write side implementation is:
ossl_rcu_write_lock(lock);
<
critical section in which data can be updated via
ossl_assign_pointer
and stale data can optionally be scheduled for removal
via ossl_rcu_call
>
ossl_rcu_write_unlock(lock);
...
ossl_synchronize_rcu(lock);
ossl_rcu_call fixup
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22729)
Ingo Franzki [Wed, 31 Jan 2024 07:46:52 +0000 (08:46 +0100)]
Fix typo in CHANGES.md
OSSL_PKEY_PARAM_DERIVE_FROM_PQ must be OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ
(note the missing '_RSA').
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23438)
Tomas Mraz [Wed, 27 Dec 2023 18:21:49 +0000 (19:21 +0100)]
Document the implications of setting engine-based low-level methods
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)
Tomas Mraz [Fri, 15 Dec 2023 12:45:50 +0000 (13:45 +0100)]
Revert "Improved detection of engine-provided private "classic" keys"
This reverts commit
2b74e75331a27fc89cad9c8ea6a26c70019300b5.
The commit was wrong. With 3.x versions the engines must be themselves
responsible for creating their EVP_PKEYs in a way that they are treated
as legacy - either by using the respective set1 calls or by setting
non-default EVP_PKEY_METHOD.
The workaround has caused more problems than it solved.
Fixes #22945
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)
Neil Horman [Wed, 24 Jan 2024 18:23:28 +0000 (13:23 -0500)]
Check all frames for stateless reset conditions
In writing the quic stateless reset test we found that the quic rx code
wasn't checking for stateless reest conditions, as the SRT frames were
getting discarded due to failed lcdim lookups. Move the SRT check above
the lcdim lookup in the rx path to ensure we handle SRT properly in the
client.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23384)
Neil Horman [Tue, 23 Jan 2024 14:49:27 +0000 (09:49 -0500)]
Add QUIC stateless reset test
QUIC supports the concept of stateless reset, in which a specially
crafted frame is sent to a client informing it that the QUIC state
information is no longer available, and the connection should be closed
immediately. Test for proper client support here
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23384)
Richard Levitte [Mon, 29 Jan 2024 07:51:52 +0000 (08:51 +0100)]
Fix error reporting in EVP_PKEY_{sign,verify,verify_recover}
For some reason, those functions (and the _init functions too) would
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE when the passed
ctx is NULL, and then not check if the provider supplied the function
that would support these libcrypto functions.
This corrects the situation, and has all those libcrypto functions
raise ERR_R_PASS_NULL_PARAMETER if ctx is NULL, and then check for the
corresponding provider supplied, and only when that one is missing,
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE.
Because 0 doesn't mean error for EVP_PKEY_verify(), -1 is returned when
ERR_R_PASSED_NULL_PARAMETER is raised. This is done consistently for all
affected functions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23411)
Bernd Edlinger [Sun, 28 Jan 2024 22:50:16 +0000 (23:50 +0100)]
Fix a possible memleak in bind_afalg
bind_afalg calls afalg_aes_cbc which allocates
cipher_handle->_hidden global object(s)
but if one of them fails due to out of memory,
the function bind_afalg relies on the engine destroy
method to be called. But that does not happen
because the dynamic engine object is not destroyed
in the usual way in dynamic_load in this case:
If the bind_engine function fails, there will be no
further calls into the shared object.
See ./crypto/engine/eng_dyn.c near the comment:
/* Copy the original ENGINE structure back */
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23409)
K1 [Tue, 16 Jan 2024 13:07:38 +0000 (21:07 +0800)]
Optimize the implementation of ec_field_size()
No need to create and copy BIGNUM p, a and b, just call
EC_GROUP_get0_field() instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/23313)
Matt Caswell [Mon, 29 Jan 2024 10:14:30 +0000 (10:14 +0000)]
Fix compilation on Windows using icc
The parameter list for CRYPTO_DOWN_REF for the icc on windows build was
incorrect.
This issue was introduced by
99fd5b2b10
Fixes #23414
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23415)
Matt Caswell [Tue, 16 Jan 2024 13:53:30 +0000 (13:53 +0000)]
Extend the testing of resetting/clearing an SSL connection
SSL_clear() explicitly clears an SSL object to enable it to be reused.
You can have a similar effect by calling SSL_set_accept_state() or
SSL_set_connect_state(). We extend the testing of SSL_clear() to use these
other methods. We also ensure we test the case where we have unread
bufferred data that needs to be cleared.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Matt Caswell [Thu, 18 Jan 2024 12:25:47 +0000 (12:25 +0000)]
Free the QUIC TLS object before freeing the channel
Freeing the QUIC TLS object may make calls back into QUIC so we should
free it first.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Matt Caswell [Thu, 18 Jan 2024 12:16:55 +0000 (12:16 +0000)]
Free the tserver TLS object before freeing the channel
The TLS object may make callbacks into QUIC during cleanup so we must
free it first.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Matt Caswell [Thu, 18 Jan 2024 12:08:52 +0000 (12:08 +0000)]
Rationalise RECORD_LAYER_clear() and clear_record_layer()
We had two functions which were very similarly named, that did almost the
same thing, but not quite. We bring the two together. Doing this also fixes
a possible bug where some data may not be correctly freed when the
RECORD_LAYER_clear() version was used.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Matt Caswell [Thu, 18 Jan 2024 12:07:27 +0000 (12:07 +0000)]
When selecting a method ensure we use the correct client/server version
Using the client one when the server once should be used could cause a
later call to SSL_set_accept_state() to unexpectedly fail.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
Matt Caswell [Wed, 10 Jan 2024 16:44:12 +0000 (16:44 +0000)]
Fix an assertion failure in tls_common.c
When we clear the record layer, we better make sure we clear all relevant
fields, otherwise we can get ourselves into an unexpected state.
Fixes #23255
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
dependabot[bot] [Mon, 29 Jan 2024 17:50:56 +0000 (17:50 +0000)]
Bump suisei-cn/actions-download-file from 1.4.0 to 1.6.0
Bumps [suisei-cn/actions-download-file](https://github.com/suisei-cn/actions-download-file) from 1.4.0 to 1.6.0.
- [Release notes](https://github.com/suisei-cn/actions-download-file/releases)
- [Commits](https://github.com/suisei-cn/actions-download-file/compare/v1.4.0...v1.6.0)
---
updated-dependencies:
- dependency-name: suisei-cn/actions-download-file
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23425)
Neil Horman [Fri, 26 Jan 2024 16:33:18 +0000 (11:33 -0500)]
fix missing null check in kdf_test_ctrl
Coverity issue
1453632 noted a missing null check in kdf_test_ctrl
recently. If a malformed value is passed in from the test file that
does not contain a ':' character, the p variable will be NULL, leading
to a NULL derefence prepare_from_text
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23398)
Matt Caswell [Mon, 29 Jan 2024 16:19:24 +0000 (16:19 +0000)]
Update CHANGES.md and NEWS.md for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/23421)
rilysh [Sun, 21 Jan 2024 06:48:09 +0000 (12:18 +0530)]
replace strstr() with strchr() for single characters
strstr() is used to match multiple characters in the haystack,
whereas strchr() is used to matched only single character.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23347)
Richard Levitte [Tue, 23 Jan 2024 12:17:31 +0000 (13:17 +0100)]
Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits
The failure would be caught later on, so this went unnoticed, until someone
tried with just one hex digit, which was simply ignored.
Fixes #23373
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23374)
Matt Caswell [Fri, 19 Jan 2024 14:32:18 +0000 (14:32 +0000)]
Add some tests for various PKCS12 files with NULL ContentInfo
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.
We add test for various instances of this problem.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
Matt Caswell [Fri, 19 Jan 2024 11:28:58 +0000 (11:28 +0000)]
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
Neil Horman [Mon, 11 Dec 2023 18:17:26 +0000 (13:17 -0500)]
Add tests for return codes for EVP_CIPHER_CTX_get[block_size|iv_length]
make sure that we get the expected error codes when we do bad things,
rather than a crash
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
Neil Horman [Sat, 9 Dec 2023 18:40:01 +0000 (13:40 -0500)]
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.
Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
Bernd Edlinger [Mon, 22 Jan 2024 15:02:59 +0000 (16:02 +0100)]
Fix a possible memory leak in req_main
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)
Tomas Mraz [Mon, 8 Jan 2024 13:13:49 +0000 (14:13 +0100)]
ci.yml: Replace actions-rs/toolchain@v1 with dtolnay/rust-toolchain
actions-rs/toolchain is unmaintained and generates warnings
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23232)
Tomas Mraz [Fri, 19 Jan 2024 09:59:03 +0000 (10:59 +0100)]
tlsfuzzer.sh: Use python3
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Tomas Mraz [Thu, 18 Jan 2024 15:32:33 +0000 (16:32 +0100)]
tlsfuzzer.sh: Make it more informative on errors
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Tomas Mraz [Fri, 5 Jan 2024 10:22:28 +0000 (11:22 +0100)]
tlsfuzzer.sh: Run openssl version on the built app and not system one
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Tomas Mraz [Wed, 3 Jan 2024 11:36:10 +0000 (12:36 +0100)]
gost_engine.sh: Set OPENSSL_ENGINES_DIR
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
Jakub Wilk [Fri, 19 Jan 2024 19:47:04 +0000 (20:47 +0100)]
Fix typos
CLA: trivial
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23345)
Hugo Landau [Fri, 19 Jan 2024 15:06:39 +0000 (15:06 +0000)]
Add CHANGES entry
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 15:00:07 +0000 (15:00 +0000)]
Fix docs
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 14:56:37 +0000 (14:56 +0000)]
QUIC MULTISTREAM TEST: Test optimised FIN API
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 14:52:44 +0000 (14:52 +0000)]
QUIC APL: Implement optimised FIN API
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Hugo Landau [Fri, 19 Jan 2024 12:52:26 +0000 (12:52 +0000)]
QUIC: Add optimised FIN API
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23343)
Lars Schmertmann [Fri, 19 Jan 2024 15:24:52 +0000 (16:24 +0100)]
Remove mios-simulator-version-min from default iOS configuration
* iOS 6 and 7 got its last updates 2014.
* Adding -mios-simulator-version-min=14.0 to the configure command leads to two occurences of this parameter during compilation.
* So lets remove this values to allow a robust configuration from outside and avoid updates here in the future.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23344)
Dr. David von Oheimb [Thu, 18 Jan 2024 13:46:17 +0000 (14:46 +0100)]
02-test_errstr.t: make robust on `openssl errstr` crashes
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23330)
Frederik Wedel-Heinen [Mon, 15 Jan 2024 19:05:26 +0000 (20:05 +0100)]
Removes unsed function: ssl_bad_method()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23307)
shashankmca80 [Sat, 13 Jan 2024 12:46:25 +0000 (18:16 +0530)]
Uninitialized array variable
array"key" is uninitialized and it is being read directly in function SipHash_Init() as per the below statements making a way for the garbage values :
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23298)
Paul Dreik [Thu, 7 Dec 2023 15:59:57 +0000 (16:59 +0100)]
prevent integer overflow in ossl_asn1_time_from_tm
this could be triggered by the following code (assuming 64 bit time_t):
time_t t = 67768011791126057ULL;
ASN1_TIME* at = ASN1_TIME_set(NULL, t);
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
Paul Dreik [Thu, 7 Dec 2023 19:31:50 +0000 (20:31 +0100)]
add test for provoking integer overflow in ossl_asn1_time_from_tm
this needs a sanitized 64 bit time_t build to be detected (or possibly
valgrind, trapv or similar)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
Matt Caswell [Tue, 2 Jan 2024 16:48:43 +0000 (16:48 +0000)]
Don't apply max_frag_len checking if no Max Fragment Length extension
Don't check the Max Fragment Length if the it hasn't been negotiated. We
were checking it anyway, and using the default value
(SSL3_RT_MAX_PLAIN_LENGTH). This works in most cases but KTLS can cause the
record length to actually exceed this in some cases.
Fixes #23169
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
Matt Caswell [Tue, 2 Jan 2024 16:37:29 +0000 (16:37 +0000)]
Fix a FreeBSD build failure when KTLS is enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
Matt Caswell [Tue, 2 Jan 2024 15:56:43 +0000 (15:56 +0000)]
Add a KTLS test where we write long app data records
Check that we can write and read back long app data records when using
KTLS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
Dr. David von Oheimb [Thu, 14 Dec 2023 11:48:33 +0000 (12:48 +0100)]
X509_dup.pod: add caveat that extra data is not copied and hints, e.g., to use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
Frederik Wedel-Heinen [Fri, 5 Jan 2024 11:01:00 +0000 (12:01 +0100)]
Move increment of dtls epoch to change cipher state function
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23212)
Matt Caswell [Mon, 15 Jan 2024 08:55:48 +0000 (08:55 +0000)]
Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23304)
Kevin Jerebica [Tue, 16 Jan 2024 15:30:26 +0000 (16:30 +0100)]
Add a deprecation warning for a function in docs
The function in question is SSL_get_peer_certificate()
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23315)
Tomas Mraz [Wed, 17 Jan 2024 16:25:35 +0000 (17:25 +0100)]
Fix reason value collision for CMP_R_UNEXPECTED_SENDER
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23323)
Neil Horman [Sun, 3 Dec 2023 03:22:32 +0000 (22:22 -0500)]
Introduce hash thunking functions to do proper casting
ubsan on clang17 has started warning about the following undefined
behavior:
crypto/lhash/lhash.c:299:12: runtime error: call to function err_string_data_hash through pointer to incorrect function type 'unsigned long (*)(const void *)'
[...]/crypto/err/err.c:184: note: err_string_data_hash defined here
#0 0x7fa569e3a434 in getrn [...]/crypto/lhash/lhash.c:299:12
#1 0x7fa569e39a46 in OPENSSL_LH_insert [...]/crypto/lhash/lhash.c:119:10
#2 0x7fa569d866ee in err_load_strings [...]/crypto/err/err.c:280:15
[...]
The issue occurs because, the generic hash functions (OPENSSL_LH_*) will
occasionaly call back to the type specific registered functions for hash
generation/comparison/free/etc, using functions of the (example)
prototype:
[return value] <hash|cmp|free> (void *, [void *], ...)
While the functions implementing hash|cmp|free|etc are defined as
[return value] <fnname> (TYPE *, [TYPE *], ...)
The compiler, not knowing the type signature of the function pointed to
by the implementation, performs no type conversion on the function
arguments
While the C language specification allows for pointers to data of one
type to be converted to pointers of another type, it does not
allow for pointers to functions with one signature to be called
while pointing to functions of another signature. Compilers often allow
this behavior, but strictly speaking it results in undefined behavior
As such, ubsan warns us about this issue
This is an potential fix for the issue, implemented using, in effect,
thunking macros. For each hash type, an additional set of wrapper
funtions is created (currently for compare and hash, but more will be
added for free/doall/etc). The corresponding thunking macros for each
type cases the actuall corresponding callback to a function pointer of
the proper type, and then calls that with the parameters appropriately
cast, avoiding the ubsan warning
This approach is adventageous as it maintains a level of type safety,
but comes at the cost of having to implement several additional
functions per hash table type.
Related to #22896
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23192)
Dr. David von Oheimb [Sat, 10 Jun 2023 13:20:07 +0000 (15:20 +0200)]
cmp_vfy.c/check_msg_all_certs(): remove needless trace output in case 3GPP mode is not enabled
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
Dr. David von Oheimb [Wed, 4 Jan 2023 12:45:57 +0000 (13:45 +0100)]
ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
Dr. David von Oheimb [Mon, 19 Dec 2022 10:36:31 +0000 (11:36 +0100)]
80-test_cmp_http_data/: add tests for -no_cache_extracerts, fix and extend further test cases
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
Dr. David von Oheimb [Mon, 19 Dec 2022 10:31:10 +0000 (11:31 +0100)]
CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
Dr. David von Oheimb [Mon, 19 Dec 2022 10:09:33 +0000 (11:09 +0100)]
CMP app: make -ignore_keyusage apply also for mock server
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
Lin Runze [Sun, 14 Jan 2024 12:21:49 +0000 (20:21 +0800)]
Fix performance regression of ChaCha20 on LoongArch64
The regression was introduced in PR #22817.
In that pull request, the input length check was moved forward,
but the related ori instruction was missing, and it will cause
input of any length down to the much slower scalar implementation.
Fixes #23300
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23301)
Samuel Thibault [Sat, 13 Jan 2024 00:03:56 +0000 (01:03 +0100)]
hurd: Fix dgram_sendmmsg
GNU/Hurd does not have IP_PKTINFO yet, thus SUPPORT_LOCAL_ADDR is undef,
data->local_addr_enabled never set to 1, and thus the M_METHOD_RECVMSG
method would end up raising BIO_R_LOCAL_ADDR_NOT_AVAILABLE immediately.
Fixes #22872
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23293)
Viktor Dukhovni [Sat, 13 Jan 2024 00:22:17 +0000 (19:22 -0500)]
Add missing genpkey -rand support
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23294)
lan1120 [Wed, 13 Dec 2023 11:02:29 +0000 (19:02 +0800)]
Check whether the pubkey exists in ossl_ecx_key_dup
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22984)
Drokov Pavel [Fri, 12 Jan 2024 09:10:13 +0000 (04:10 -0500)]
Remove receiving of unused return value
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23277)
Matt Caswell [Thu, 11 Jan 2024 15:52:35 +0000 (15:52 +0000)]
Move discovery of the legacy alg type into the keymgmt
During creation of the EVP_PKEY_CTX we were trying to discover what legacy
alg it corresponds to every time which was slow. Instead we move this into
the construction of the EVP_KEYMGMT.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23265)
Frederik Wedel-Heinen [Fri, 12 Jan 2024 09:14:43 +0000 (10:14 +0100)]
Error in s_server when -rev option is used with dtls.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23278)
David Benjamin [Mon, 11 Dec 2023 06:47:25 +0000 (01:47 -0500)]
Add X509_STORE_get1_objects
X509_STORE_get0_objects returns a pointer to the X509_STORE's storage,
but this function is a bit deceptive. It is practically unusable in a
multi-threaded program. See, for example, RUSTSEC-2023-0072, a security
vulnerability caused by this OpenSSL API.
One might think that, if no other threads are mutating the X509_STORE,
it is safe to read the resulting list. However, the documention does not
mention that other logically-const operations on the X509_STORE, notably
certifcate verifications when a hash_dir is installed, will, under a
lock, write to the X509_STORE. The X509_STORE also internally re-sorts
the list on the first query.
If the caller knows to call X509_STORE_lock and X509_STORE_unlock, it
can work around this. But this is not obvious, and the documentation
does not discuss how X509_STORE_lock is very rarely safe to use. E.g.
one cannot call any APIs like X509_STORE_add_cert or
X509_STORE_CTX_get1_issuer while holding the lock because those
functions internally expect to take the lock. (X509_STORE_lock is
another such API which is not safe to export as public API.)
Rather than leave all this to the caller to figure out, the API should
have returned a shallow copy of the list, refcounting the values. Then
it could be internally locked and the caller can freely inspect the
result without synchronization with the X509_STORE.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23224)
Gopal Sharma [Fri, 12 Jan 2024 10:48:41 +0000 (16:18 +0530)]
Removed logically dead code from function i2r_issuer_sign_tool
Since new_line is assigned with 0 in the very begging of the function check added at line no. 106 will never become true. Hence removing.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23284)
Tomas Mraz [Tue, 9 Jan 2024 17:08:22 +0000 (18:08 +0100)]
Add CHANGES.md and NEWS.md entries for CVE-2023-6237
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
Tomas Mraz [Fri, 22 Dec 2023 15:25:56 +0000 (16:25 +0100)]
Limit the execution time of RSA public key check
Fixes CVE-2023-6237
If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.
Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
Drokov Pavel [Fri, 12 Jan 2024 07:10:17 +0000 (02:10 -0500)]
Fix arithmetic expression overflow
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)
Akshat Maheshwari [Thu, 11 Jan 2024 17:21:59 +0000 (22:51 +0530)]
Fix grammar in documentation
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23266)
barracuda156 [Thu, 11 Jan 2024 14:28:00 +0000 (22:28 +0800)]
poly1305_ieee754.c: fix PowerPC macros
Fixes #23264
cla: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23267)
Drokov Pavel [Thu, 11 Jan 2024 23:51:15 +0000 (18:51 -0500)]
Check ASN1_OBJECT_new result
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23270)
Job Snijders [Wed, 10 Jan 2024 17:15:52 +0000 (17:15 +0000)]
Add apps/x509 -set_issuer & -set_subject option to override issuer & subject
This changeset adds the counterpart to the '-subj' option to allow overriding
the Issuer. For consistency, the `-subj` option is aliased to `-set_subject`.
The issuer can be specified as following apps/openssl x509 -new -set_issuer
'/CN=example-nro-ta' -subj '/CN=
2a7dd1d787d793e4c8af56e197d4eed92af6ba13' ...
This is useful in constructing specific test-cases or rechaining PKI trees
Joint work with George Michaelson (@geeohgeegeeoh)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23257)
barracuda156 [Tue, 9 Jan 2024 22:35:33 +0000 (06:35 +0800)]
aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64
Current PowerPC-related defines omit Darwin ppc64 case.
Use __POWERPC__ in place of __ppc__ + __ppc64__
Fixes #23220
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23245)
sharad3001 [Wed, 10 Jan 2024 12:00:58 +0000 (17:30 +0530)]
ossl_rsa_fips186_4_gen_prob_primes(): Remove unused Xpout and Xqout
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23253)
Richard Levitte [Thu, 4 Jan 2024 11:42:05 +0000 (12:42 +0100)]
Add test/recipes/15-test_gensm2.t, to test SM2 key generation results
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
Richard Levitte [Fri, 27 Oct 2023 07:01:19 +0000 (09:01 +0200)]
Fix the encoding of SM2 keys
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).
Such keys should be encoded as ECC keys.
Fixes #22184
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
Neil Horman [Thu, 7 Dec 2023 21:56:39 +0000 (16:56 -0500)]
Fix NULL pointer deref when parsing the stable section
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min
Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value. As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.
Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)
Holger Dengler [Thu, 4 Jan 2024 18:25:08 +0000 (19:25 +0100)]
Add tests for re-using cipher contexts
Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.
This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
Holger Dengler [Fri, 5 Jan 2024 13:16:53 +0000 (14:16 +0100)]
Fix partial block encryption in cfb and ofb for s390x (legacy)
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see
4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
Holger Dengler [Thu, 4 Jan 2024 08:37:39 +0000 (09:37 +0100)]
Fix partial block encryption in cfb and ofb for s390x
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.
Fixes: #23175
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
Fs [Sat, 6 Jan 2024 00:43:22 +0000 (08:43 +0800)]
uplink-x86_64.pl: make x86_64-xlate.pl accept $flavour parameter
Match behavior of all other x86_64 asm.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23219)
Hugo Landau [Fri, 22 Dec 2023 12:18:19 +0000 (12:18 +0000)]
QUIC RCIDM: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Thu, 21 Dec 2023 09:40:58 +0000 (09:40 +0000)]
Update fuzz corpora
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Tue, 19 Dec 2023 16:22:02 +0000 (16:22 +0000)]
QUIC RCIDM: Update fuzz corpora
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Tue, 19 Dec 2023 16:20:31 +0000 (16:20 +0000)]
QUIC RCIDM: Fix ANSI compliance
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Tue, 7 Nov 2023 15:57:05 +0000 (15:57 +0000)]
QUIC RCIDM: Add test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Tue, 7 Nov 2023 15:31:30 +0000 (15:31 +0000)]
QUIC RCIDM: Add counters to support RCID count enforcement
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Tue, 7 Nov 2023 15:24:54 +0000 (15:24 +0000)]
QUIC SRTM: Fixes for clang
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Tue, 7 Nov 2023 15:24:46 +0000 (15:24 +0000)]
QUIC RCIDM: Minor fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Tue, 7 Nov 2023 15:24:17 +0000 (15:24 +0000)]
QUIC RCIDM: Add fuzzer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Hugo Landau [Mon, 6 Nov 2023 13:42:04 +0000 (13:42 +0000)]
QUIC RCIDM: Add RCIDM
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
Neil Horman [Mon, 8 Jan 2024 19:29:52 +0000 (14:29 -0500)]
Update Docs for EVP_MAC
For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated). As such, document the fact that
re-initalization requires passing an IV parameter
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)
Tomas Mraz [Wed, 29 Nov 2023 08:17:39 +0000 (09:17 +0100)]
Disable build of HWAES on PPC Macs
Fixes #22818
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22860)