Tomas Mraz [Wed, 26 Oct 2022 09:29:49 +0000 (11:29 +0200)]
When using PEM_read_bio_PrivateKey_ex() the public key is optional
Fixes #19498
However the private key part is not optional which was
mishandled by the legacy routine.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19505)
(cherry picked from commit
adb408dc791e83f59f3a86bd90d8e804c814ac30)
Dr. David von Oheimb [Mon, 19 Sep 2022 11:15:04 +0000 (13:15 +0200)]
add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function
Fixup for glitch while handling merge conflict in OSSL_CMP_CTX_new.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
a2ede0396addd13f7fe9a629b450a14892152a83)
Dr. David von Oheimb [Mon, 19 Sep 2022 11:15:04 +0000 (13:15 +0200)]
add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
a2ede0396addd13f7fe9a629b450a14892152a83)
Dr. David von Oheimb [Wed, 14 Sep 2022 15:37:27 +0000 (17:37 +0200)]
OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
1c04866c671db4a6db0a1784399b351ea061bc16)
Dr. David von Oheimb [Sat, 17 Sep 2022 18:58:16 +0000 (20:58 +0200)]
CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
7e3034939b40ee15013bdba9ff6178de6bcc26d4)
Jan [Wed, 23 Nov 2022 15:14:07 +0000 (16:14 +0100)]
Fix typo in openssl-x509.pod.in
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19746)
(cherry picked from commit
0b7ad5d928f9ee749cfc670ad08067a961217fea)
Jiaxun Yang [Tue, 22 Nov 2022 19:53:38 +0000 (19:53 +0000)]
Add SM2 support for EVP_PKEY_Q_keygen
There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19736)
(cherry picked from commit
3f32d29ad464591ed968a1e430111e1525280f4c)
Dr. David von Oheimb [Tue, 13 Sep 2022 20:22:48 +0000 (22:22 +0200)]
CMP: fix handling of unset or missing failInfo PKI status information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
(cherry picked from commit
cba0e2afd6a222aa041e05f8455e83c9e959d05b)
Dr. David von Oheimb [Tue, 13 Sep 2022 13:43:59 +0000 (15:43 +0200)]
CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages
On this occasion, replace magic constants by mnemonic ones; update doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
(cherry picked from commit
19ddcc4cbb43464493a4b82332a1ab96da823451)
slontis [Thu, 17 Nov 2022 01:58:36 +0000 (11:58 +1000)]
Fix coverity issues in X509v3_addr
CID
1516955 : Null pointer deref (REVERSE_INULL)
CID
1516954 : Null pointer deref (REVERSE_INULL)
CID
1516953 : RESOURCE_LEAK of child
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19700)
(cherry picked from commit
26cfa4cd85f6b26dd7a48c2ff06bfa4a2cea4764)
slontis [Wed, 16 Nov 2022 21:26:06 +0000 (07:26 +1000)]
Add missing HISTORY sections for OpenSSL 3.0 related documents.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)
(cherry picked from commit
4741c80c0556653c74252ec91425dcb74066b2ec)
slontis [Wed, 16 Nov 2022 05:40:09 +0000 (15:40 +1000)]
Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.
Removed fields from missingcrypto.txt that are no longer missing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19692)
(cherry picked from commit
ad60cd522b4f717a69c690f68f1591371a048591)
Tomas Mraz [Fri, 11 Nov 2022 11:29:52 +0000 (12:29 +0100)]
evp_extra_test2: Test DH param checks with non-NULL libctx
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19656)
(cherry picked from commit
5e38e0acf4e1681ae32fa1b164adbc08719bd613)
Tomas Mraz [Fri, 11 Nov 2022 11:29:44 +0000 (12:29 +0100)]
DH_check[_params]() use libctx of the dh for prime checks
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19656)
(cherry picked from commit
7c639f0b8e97b8290b9f935e83d5e948614c5bf7)
Dr. David von Oheimb [Tue, 15 Nov 2022 15:33:21 +0000 (16:33 +0100)]
ParseC.pm: gracefully handle DOS-style end-of-line in source files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19686)
(cherry picked from commit
c507db9678f50482df5f6c58e42572fe6fe3007c)
Graham Woodward [Mon, 14 Nov 2022 21:15:27 +0000 (21:15 +0000)]
Add test to confirm IPAddressFamily_check_len catches invalid len
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19273)
(cherry picked from commit
7489ada9f3fd902c5bc3c58cc03a90de2800d0ab)
Graham Woodward [Tue, 27 Sep 2022 11:37:59 +0000 (12:37 +0100)]
Catch incorrect IPAddressFamily lengths
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19273)
(cherry picked from commit
9351f675fab42abbc321f0994bff7e0b27cfbe57)
Simo Sorce [Mon, 14 Nov 2022 15:25:15 +0000 (10:25 -0500)]
Drop explicit check for engines in opt_legacy_okay
The providers indication should always indicate that this is not a
legacy request.
This makes a check for engines redundant as the default return is that
legacy is ok if there are no explicit providers.
Fixes #19662
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19671)
(cherry picked from commit
2fea56832780248af2aba2e4433ece2d18428515)
Peiwei Hu [Tue, 15 Nov 2022 04:22:24 +0000 (12:22 +0800)]
Fix the check of EC_GROUP_check_named_curve
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19678)
(cherry picked from commit
3b6154ccaf3e64bcdfda4859f2b98ef21b08c5b2)
Peiwei Hu [Tue, 15 Nov 2022 03:25:38 +0000 (11:25 +0800)]
apps/speed.c: fix the wrong checks
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19678)
(cherry picked from commit
9dd009dd513276e602b6592bc337a8563a1a82a1)
Joachim Vandersmissen [Mon, 14 Nov 2022 11:56:32 +0000 (12:56 +0100)]
Add documentation for CPUID bit #64+17
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19670)
(cherry picked from commit
ec7689186f3ea5c1a4d1564089cd8df287dfcf3c)
Simo Sorce [Fri, 11 Nov 2022 17:18:26 +0000 (12:18 -0500)]
Add test for EVP_PKEY_eq
This tests that the comparison work even if a provider can only return
a public key.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
(cherry picked from commit
e5202fbd461cb6c067874987998e91c6093e5267)
Simo Sorce [Thu, 10 Nov 2022 21:58:28 +0000 (16:58 -0500)]
Update documentation for keymgmt export utils
Change function prototypes and explain how to use the selection
argument.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
(cherry picked from commit
504427eb5f32108dd64ff7858012863fe47b369b)
Simo Sorce [Thu, 10 Nov 2022 15:46:32 +0000 (10:46 -0500)]
Propagate selection all the way on key export
EVP_PKEY_eq() is used to check, among other things, if a certificate
public key corresponds to a private key. When the private key belongs to
a provider that does not allow to export private keys this currently
fails as the internal functions used to import/export keys ignored the
selection given (which specifies that only the public key needs to be
considered) and instead tries to export everything.
This patch allows to propagate the selection all the way down including
adding it in the cache so that a following operation actually looking
for other selection parameters does not mistakenly pick up an export
containing only partial information.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
(cherry picked from commit
98642df4ba886818900ab7e6b23703544e6addd4)
GW [Sat, 12 Nov 2022 06:51:15 +0000 (08:51 +0200)]
apps/ocsp.c: Add missing test if make_ocsp_response failed
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19660)
(cherry picked from commit
93e1271eedfe3af0a1c1b14d26899d2c8bde98e9)
Pauli [Mon, 14 Nov 2022 02:15:43 +0000 (13:15 +1100)]
fipsinstall test: skip PCT DSA signature test for new providers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19665)
Pauli [Mon, 14 Nov 2022 02:13:44 +0000 (13:13 +1100)]
test: add two comparision options to fips version test utility code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19665)
Matt Caswell [Mon, 7 Nov 2022 12:02:08 +0000 (12:02 +0000)]
Use the same encryption growth macro consistently
We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.
Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19264)
(cherry picked from commit
3d004cefec5135a3b080dc898d7f7d5452ef309f)
Vinz2008 [Thu, 10 Nov 2022 17:36:44 +0000 (18:36 +0100)]
apps/speed.c: add verifying if fdopen returns NULL
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19651)
(cherry picked from commit
c9a542e41837ea65671dcd75c448d7113d34a4fd)
Bernd Edlinger [Thu, 10 Nov 2022 17:51:44 +0000 (18:51 +0100)]
Resign test/certs/rootCA.pem to expire in 100 years
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
(cherry picked from commit
43086b1bd48958ce95fadba8459ad88675da4fdf)
Bernd Edlinger [Thu, 10 Nov 2022 17:23:25 +0000 (18:23 +0100)]
Update the validity period of
ed25519 cerificates
Note: The private key is test/certs/root-
ed25519.privkey.pem
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
(cherry picked from commit
42f917432999b34ad8618ae03a5f199738a2b5ba)
Tomas Mraz [Wed, 9 Nov 2022 12:36:21 +0000 (13:36 +0100)]
Add test for generating safeprime DH parameters
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)
(cherry picked from commit
10119e7475bb198e13b1722b186303b8a7528dfe)
Tomas Mraz [Wed, 9 Nov 2022 09:55:48 +0000 (10:55 +0100)]
Use libctx when generating DH parameters
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)
(cherry picked from commit
990d280da95d3c955b86f38b01f5b95ea88d42bb)
Milan Broz [Sat, 29 Oct 2022 09:48:51 +0000 (11:48 +0200)]
pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey
Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
(cherry picked from commit
373d90128042cb0409e347827d80b50a99d3965a)
Milan Broz [Sat, 29 Oct 2022 09:46:34 +0000 (11:46 +0200)]
pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional
The copy of PKEY should be released on the error path.
Easily reproduced with "ED448" context.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
(cherry picked from commit
608aca8ed2becccfe9c238846834ea2b162fc98b)
Tomas Mraz [Tue, 8 Nov 2022 16:43:22 +0000 (17:43 +0100)]
Limit size of modulus for BN_mod_exp_mont_consttime()
Otherwise the powerbufLen can overflow.
Issue reported by Jiayi Lin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19632)
(cherry picked from commit
4378e3cd2a4d73a97a2349efaa143059d8ed05e8)
Tomas Mraz [Tue, 11 Oct 2022 15:26:23 +0000 (17:26 +0200)]
Release the drbg in the global default context before engines
Fixes #17995
Fixes #18578
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/19390)
Bernd Edlinger [Sat, 2 Apr 2022 11:41:12 +0000 (13:41 +0200)]
Add a test case for the engine crash with AES-256-CTR
Implement the AES-256-CTR cipher in the dasync engine.
Use that to reproduce the reported problems with the
devcrypto engine in our normal test environment.
See #17995 and #17532 for details.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19390)
Tomas Mraz [Wed, 9 Nov 2022 12:55:56 +0000 (13:55 +0100)]
fips-label.yml: Fix the script after actions/github-script upgrade
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19636)
(cherry picked from commit
ada6f0533d3299833b27e623ff1bfe3134e8e466)
Reinhard Urban [Fri, 28 Oct 2022 07:56:05 +0000 (09:56 +0200)]
Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread
Either suppress the error, or better make smbuf longer.
Detected with -Werror.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19528)
(cherry picked from commit
91b7520e2385a513ad879dfa8fe8e45466315a27)
slontis [Mon, 30 May 2022 04:37:53 +0000 (14:37 +1000)]
Fix documentation for some i2d return values.
i2d_XXX_bio and i2d_XXX_fp return either 0 or 1.
Other i2d_XXX functions return the number of bytes or negative on error.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18427)
(cherry picked from commit
943051d0f9ce8dcb38707774a5757a5dc436704f)
Tomas Mraz [Fri, 4 Nov 2022 11:31:16 +0000 (12:31 +0100)]
Test that signatures using hash name commands work properly
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)
(cherry picked from commit
e9e6827445528caf1d9d6647953fbe67a0c78716)
Tomas Mraz [Fri, 4 Nov 2022 11:20:08 +0000 (12:20 +0100)]
apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name
Fixes #19589
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19606)
(cherry picked from commit
1e5780dbc79dab14c1ec1584313755fc2fd2cf55)
Wangchong Zhou [Fri, 28 Oct 2022 03:47:50 +0000 (11:47 +0800)]
Check for private key existence before calling eddsa sign functions
Fixes #19524
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19525)
(cherry picked from commit
f5a10d5cc19215ab22be55b4a2ee1e41bd38fb14)
Richard Levitte [Fri, 4 Nov 2022 09:37:13 +0000 (10:37 +0100)]
crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case
The use case is that uppercase .ASM extension may be used on some platforms,
and we were only testing for the lowercase extension.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19604)
(cherry picked from commit
119b7b5f2ad7efcf273f395e7633747f56ff3f95)
Richard Levitte [Thu, 3 Nov 2022 14:24:52 +0000 (15:24 +0100)]
Configurations/*.tmpl: overhaul assembler make rules.
NOTE: Not Configurations/unix-Makefile.tmpl, as that was done 4 years
ago, in commit
a23f03166e0ec49ac09b3671e7ab4ba4fa57d42a.
So far assembly modules were intended to be built as .pl->.S->.{asmext}
followed by .{asmext}->.o. This posed a problem in build_all_generated
rule if it was executed on another computer, and also turned out to be
buggy, as .S was also translated to .{asmext} on Windows and VMS.
Both issues are fixed by changing the rule sequence to .pl->.S and then
.S->.s->.o, with the added benefit that the Windows and VMS build file
templates are more in sync with unix-Makefile.tmpl and slightly simpler.
Fixes #19594
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19598)
(cherry picked from commit
b8d3cf0954737a9665e3b2bff25bc689a5114010)
Tomas Mraz [Wed, 2 Nov 2022 07:53:36 +0000 (08:53 +0100)]
Update GitHub actions as suggested by dependabot
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19581)
(cherry picked from commit
ec33ed712665ca65cabcd87d446e5db79a64379e)
Pauli [Wed, 2 Nov 2022 01:20:16 +0000 (12:20 +1100)]
Coverity
1516624: Fix overrun memory access.
Not possible to hit but good to address.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19576)
(cherry picked from commit
ce0a7cadadb973216399e70d3a69f352b0843deb)
Matt Caswell [Thu, 27 Oct 2022 13:14:53 +0000 (14:14 +0100)]
Fix the ceiling on how much encryption growth we can have
Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.
Note that this is not a security issue. Even though we can overflow the
amount of bytes reserved in the WPACKET for the encryption, the underlying
buffer is still big enough.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19517)
(cherry picked from commit
eaa206007322ab0b1eaf9f83485e56deafc9df80)
Richard Levitte [Mon, 31 Oct 2022 07:56:15 +0000 (08:56 +0100)]
providers/common/der/oids_to_c.pm: Remove use of Data::Dumper
This is a development remnant, which should have been remove when finalized.
Fixes #19546
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19548)
(cherry picked from commit
57d2bccdb2112cc09de1bec585da878161b1364f)
yangyangtiantianlonglong [Thu, 27 Oct 2022 09:17:55 +0000 (17:17 +0800)]
Potential null pointer reference
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19429)
(cherry picked from commit
15c8df81083f31dd35aedbe2d58ec702d0c0dc65)
Tomas Mraz [Tue, 1 Nov 2022 14:15:30 +0000 (15:15 +0100)]
Prepare for 3.0.8
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Tomas Mraz [Tue, 1 Nov 2022 14:14:36 +0000 (15:14 +0100)]
Prepare for release of 3.0.7
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Tomas Mraz [Tue, 1 Nov 2022 14:14:19 +0000 (15:14 +0100)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Tomas Mraz [Tue, 1 Nov 2022 13:40:27 +0000 (14:40 +0100)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Tomas Mraz [Tue, 1 Nov 2022 10:38:31 +0000 (11:38 +0100)]
Update CHANGES.md and NEWS.md for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Pauli [Wed, 26 Oct 2022 23:25:35 +0000 (10:25 +1100)]
punycode: add unit tests
These tests verify basic functionality and specifically test for
CVE-2022-3602.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Pauli [Wed, 26 Oct 2022 23:22:47 +0000 (10:22 +1100)]
Fix CVE-2022-3786 in punycode decoder.
Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).
The function also did not NUL-terminate the output in some cases.
The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Pauli [Wed, 26 Oct 2022 23:21:41 +0000 (10:21 +1100)]
Fix CVE-2022-3602 in punycode decoder.
An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Tomas Mraz [Mon, 24 Oct 2022 10:28:58 +0000 (12:28 +0200)]
tests: clear error queue before executing a testcase
There can be errors in the queue from previous tests and
we look at it to verify we do not add spurious errors in
some testcases.
Fixes #19477
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19483)
Joakim Antman [Wed, 19 Oct 2022 16:12:39 +0000 (19:12 +0300)]
Fix parameter names for RSA private key example
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19443)
(cherry picked from commit
c8c678e7d91ca2cea41c6c574cf7656a9404646f)
Richard Levitte [Wed, 6 Jul 2022 04:09:01 +0000 (06:09 +0200)]
Make openVMS seeding less dependent of OpenVMS version
SYS$GETTIM_PREC is a very new function, only available on OpenVMS v8.4.
OpenSSL binaries built on OpenVMS v8.4 become unusable on older OpenVM
versions, but building for the older CRTL version will make the high
precision time functions unavailable.
Tests have shown that on Alpha and Itanium, the time update granularity
between SYS$GETTIM and SYS$GETTIM_PREC is marginal, so the former plus
a sequence number turns out to be better to guarantee a unique nonce.
Fixes #18727
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18731)
(cherry picked from commit
7056dc9c50baa4af5152c625c4735806d51c67cd)
slontis [Wed, 26 Oct 2022 01:10:50 +0000 (11:10 +1000)]
Use RSA CRT parameters in FIPS self tests.
Fixes #19488
Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)
(cherry picked from commit
c7424fe68c65aa2187a8e4028d7dea742b95d81a)
(cherry picked from commit
4215d649e92bc4c42997ec4a1e65beba1055bbe1)
Sam James [Wed, 19 Oct 2022 23:18:35 +0000 (00:18 +0100)]
test: driver: fix -Wunused-but-set-variable
The value of 'num_failed_inner' isn't ever used.
Fixes this error with Clang 15:
```
test/testutil/driver.c:341:17: error: variable 'num_failed_inner' set but not used [-Werror,-Wunused-but-set-variable]
int num_failed_inner = 0;
^
1 error generated.
```
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
6a94c5849ea7d1f08d4fcaa9a6fc0a947e19da66)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)
Sam James [Wed, 19 Oct 2022 23:14:53 +0000 (00:14 +0100)]
x509: fix -Wunused-but-set-variable
The value of 'l' isn't ever actually used.
Fixes this error with Clang 15:
```
crypto/x509/x_name.c:506:9: error: variable 'l' set but not used [-Werror,-Wunused-but-set-variable]
int l, i;
^
1 error generated.
```
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
c71318668571b3680fe10035a1a350ff46e459af)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)
Sam James [Wed, 19 Oct 2022 23:10:27 +0000 (00:10 +0100)]
txt_db: fix -Wunused-but-set-variable
The loop never uses the value of 'ln'.
Fixes this error with Clang 15:
```
crypto/txt_db/txt_db.c:24:10: error: variable 'ln' set but not used [-Werror,-Wunused-but-set-variable]
long ln = 0;
^
1 error generated.
```
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
f9e8e2c0ab73409862bb78a9285c1b72e0511750)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)
Sam James [Wed, 19 Oct 2022 22:58:39 +0000 (23:58 +0100)]
pem: fix -Wunused-but-set-variable
The loop never uses the value of 'line'.
Fixes this error with Clang 15:
```
crypto/pem/pem_lib.c:821:14: error: variable 'line' set but not used [-Werror,-Wunused-but-set-variable]
int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
^
1 error generated.
```
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
71bc497dc321adeb08e7541556dea019c81c9a87)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)
Sam James [Wed, 19 Oct 2022 22:04:25 +0000 (23:04 +0100)]
CI: add Clang 15
We have to use the PPA provided by LLVM because Clang 15 isn't
officially part of Ubuntu 22.04 (or any other Ubuntu release yet),
see https://apt.llvm.org/ for details.
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
75ecda930e0a961f9605ce090af64d95c98ed161)
Signed-off-by: Sam James <sam@gentoo.org>
(Merged from https://github.com/openssl/openssl/pull/19500)
Sam James [Thu, 23 Jun 2022 03:24:32 +0000 (04:24 +0100)]
CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14
Notably, this might have caught #18225, as Clang 14 wasn't - and is not yet
until this commit - in OpenSSL's CI.
It makes sense to ensure CI tests compilers used in newer Linux distributions:
* Fedora 36 ships with GCC 12
* Ubuntu 22.04 ships with Clang 14
We switch from 'ubuntu-latest' (which can change meaning but currently points
to ubuntu-20.04) to ubuntu-20.04 for the older existing compilers, and
ubuntu-22.04 for the newer ones added by this commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit
712c13c57b97e2e25ca23048f3ba6f50115cacd7)
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19500)
Sam James [Wed, 22 Jun 2022 06:20:31 +0000 (07:20 +0100)]
CI: add GCC 11
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit
6332f4c4a2c153869b169d250d9736962abe12c6)
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19500)
Todd C. Miller [Mon, 24 Oct 2022 14:00:48 +0000 (08:00 -0600)]
ssl_cipher_process_rulestr: don't read outside rule_str buffer
If rule_str ended in a "-", "l" was incremented one byte past the
end of the buffer. This resulted in an out-of-bounds read when "l"
is dereferenced at the end of the loop. It is safest to just return
early in this case since the condition occurs inside a nested loop.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19166)
(cherry picked from commit
428511ca66670e169a0e1b12e7540714b0be4cf8)
Tomas Mraz [Tue, 25 Oct 2022 16:32:41 +0000 (18:32 +0200)]
Add missing ERR_R_XXX_LIB codes
Fixes CI regression on 3.0 branch from a cherry-picked commit.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19499)
Richard Levitte [Sun, 16 Oct 2022 05:52:09 +0000 (07:52 +0200)]
Finer grained error records for provider load/init failures
When a provider is activated, these three cases would record that the
provider init function failed (implying that it was called):
- failure to load the provider module (in case it's a dynamically
loadable module)
- the init function not being present (i.e. being NULL)
- the init function being called and returning an error indication
(i.e. returning a false value)
This is confusing.
Separating the three cases so that they record different errors will
make it easier to determine causes of failure.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19419)
(cherry picked from commit
2d23ba14630551ee347acafcab81fa1a290c6504)
Matt Caswell [Mon, 24 Oct 2022 08:22:01 +0000 (09:22 +0100)]
Fix a lock in provider_remove_store_methods()
We were taking a read lock. It should have been a write lock.
Fixes #19474
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19481)
(cherry picked from commit
6962e21b7c51480343db1a275f52525754dcbe44)
Daniel Fiala [Mon, 10 Oct 2022 08:53:14 +0000 (10:53 +0200)]
openssl list: Fix help text about -cipher-algorithms option
Fixes openssl#19133
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19370)
(cherry picked from commit
2eb75291c1357cdaf852e0da613edc14f3d5ae4f)
Tomas Mraz [Thu, 20 Oct 2022 14:14:29 +0000 (16:14 +0200)]
Workaround egd rand source deficiencies
With egd as the rand source the reseed after fork confuses the egd.
Fixes #19396
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19454)
xkernel [Wed, 19 Oct 2022 16:40:25 +0000 (00:40 +0800)]
Checking the return of BIO_new_fp(). If it returns NULL, then it is unnecessary to build the BIO chain and better make the caller directly return NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19445)
(cherry picked from commit
fb03e6145961005a6db011d2f36660d2eed734e2)
Pauli [Thu, 20 Oct 2022 23:29:09 +0000 (10:29 +1100)]
doc: fix copy/paste error
Fixes #19460
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19461)
(cherry picked from commit
5b9480fc1e814bf8fa2dce0dbbede147f04d477c)
Tomas Mraz [Thu, 13 Oct 2022 11:05:20 +0000 (13:05 +0200)]
Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)
(cherry picked from commit
3a09dfb4f9aace93d2c20d6d1b4968cc583884d6)
Tomas Mraz [Thu, 13 Oct 2022 09:39:35 +0000 (11:39 +0200)]
Document the stack functions that are forgiving
I.e., those that can be called with NULL stack parameter or invalid index.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)
(cherry picked from commit
0778364f8ec1f9702e62e6298aaa212ec40b6111)
Tomas Mraz [Wed, 12 Oct 2022 08:36:20 +0000 (10:36 +0200)]
stack: Do not add error if pop/shift/value accesses outside of the stack
This partially reverts commit
30eba7f35983a917f1007bce45040c0af3442e42.
This is legitimate use of the stack functions and no error
should be reported apart from the NULL return value.
Fixes #19389
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)
(cherry picked from commit
a8086e6bfc37355626393751a94bc5c92df7e9d3)
Tomas Mraz [Wed, 19 Oct 2022 14:54:52 +0000 (16:54 +0200)]
Fix trivial check_docs CI failure
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19442)
Tomas Mraz [Wed, 19 Oct 2022 13:40:00 +0000 (15:40 +0200)]
Add changes entry for RIPEMD160 in 3.0.7
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19438)
(cherry picked from commit
b6553796190ad7401b89c6cd0499bae77b39d1a6)
xkernel [Wed, 19 Oct 2022 17:11:16 +0000 (01:11 +0800)]
Replace BIO_free(bio_err) with BIO_free_all(bio_err)
dup_bio_err() can return a BIO chain when 'OPENSSL_SYS_VMS' is defined.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19446)
(cherry picked from commit
a73bdc24e14760413a65d478d7c88356b4b95bb5)
Paul Kehrer [Wed, 19 Oct 2022 14:21:37 +0000 (09:21 -0500)]
update pyca cryptography to 38.0.2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19439)
(cherry picked from commit
efd59f7a37bf1f9034b62b67f730c25dff0e8d8e)
Paul Kehrer [Wed, 19 Oct 2022 14:07:32 +0000 (09:07 -0500)]
link the pyca tests against the correct openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19439)
(cherry picked from commit
097752da99d9c27702e9e9d51609efedd3a4d0cf)
Gibeom Gwon [Tue, 11 Oct 2022 17:53:00 +0000 (02:53 +0900)]
Fix no longer implicitly refresh the cached TBSCertificate
This reverts commit
9249a34b076df9a9d55ab74ab465d336980cae6a.
Fixes #19388
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19393)
(cherry picked from commit
963e0bc43369a6dbe6644f709630f6c9f63dccf9)
Dr. David von Oheimb [Fri, 29 Jul 2022 11:09:52 +0000 (13:09 +0200)]
Fix many inconsistencies in doc of CMS_verify() and PKC7_verify() etc.
Also change B< to I< in {CMS,PKCS7}_verify.pod, PKCS7_sign{,_add_signer}.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19108)
Pauli [Mon, 17 Oct 2022 22:07:19 +0000 (09:07 +1100)]
ripemd: document as being present in the default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)
(cherry picked from commit
fdc5043d58900663b493147298e64f11353b35fe)
Tomas Mraz [Mon, 17 Oct 2022 15:05:09 +0000 (17:05 +0200)]
Avoid putting ripemd_prov.c in libcommon otherwise it is regarded as fips source
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)
(cherry picked from commit
155a82d1fe1c50d859081ff67f26633b9d7dada8)
Pauli [Tue, 11 Oct 2022 00:23:57 +0000 (11:23 +1100)]
default provider: include RIPEMD160
Including RIPEMD160 in both the default and legacy providers shouldn't break
anyone and makes the algorithm available more readily.
Fixes #17722
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19375)
(cherry picked from commit
ecd831469919215b0a45693b00ec0fd7d42d5d61)
Matt Caswell [Fri, 30 Sep 2022 15:59:05 +0000 (16:59 +0100)]
Add a test for TLSv1.3 only client sending a correct key_share
Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)
Matt Caswell [Fri, 30 Sep 2022 15:51:58 +0000 (16:51 +0100)]
Add a test for where a client sends a non-TLSv1.3 key share
This should not happen but we should tolerate and send an HRR
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)
Matt Caswell [Fri, 30 Sep 2022 13:21:50 +0000 (14:21 +0100)]
Ensure that the key share group is allowed for our protocol version
We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)
Pauli [Thu, 9 Jun 2022 00:23:58 +0000 (10:23 +1000)]
init: fix defined but unused warning/error
The #ifdefs weren't quite correct at times.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18503)
(cherry picked from commit
979575c6ef10ab9b8d74d8c00852b2250eb78f29)
Sebastian Pop [Mon, 28 Mar 2022 20:58:15 +0000 (20:58 +0000)]
disable 5x interleave on buffers shorter than 512 bytes: 3% speedup on Graviton2
d6e4287c9726691e800bff221be71edd894a3c6a introduced 5x interleaving as an
optimization for ThunderX2, and that leads to some performance degradation on
when encoding short buffers. We found this performance degradation by measuring
the performance of nginx on Ubuntu 20.04 that comes with OpenSSL 1.1.1f and
Ubuntu 22.04 with OpenSSL 3.0.1.
This patch limits the 5x interleave to buffers larger than 512 bytes.
On Graviton2 we see the following performance with this patch:
$ openssl speed -evp aes-128-gcm -bytes 128
AES-128-GCM 64 bytes 79 bytes 80 bytes 128 bytes 256 bytes 511 bytes 512 bytes 1024 bytes
master
1062564.71k 775113.11k
1069959.33k
1411716.28k
1653114.86k
1585981.16k
1973683.03k
2203214.08k
master+patch
1062729.28k 771915.11k
1103883.42k
1458665.43k
1708701.20k
1647060.84k
1975571.80k
2204038.42k
diff 0% 0% 3% 3% 3% 4% 0% 0%
revert d6e428
1055290.03k 773448.92k
1117411.97k
1441478.57k
1695698.52k
1634598.04k
1981851.65k
2196680.36k
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17984)
(cherry picked from commit
9c140a33663f319ad4000a6a985c3e14297c7389)
Joachim Vandersmissen [Thu, 13 Oct 2022 09:55:57 +0000 (09:55 +0000)]
Fix documentation for OFB/OCB in the FIPS provider
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19408)
(cherry picked from commit
7d3600a6c906c5f4cf81db95aec7b58b9d018c49)
Tomas Mraz [Thu, 13 Oct 2022 14:04:43 +0000 (16:04 +0200)]
Add missing include for DH_get0_priv_key()
Fixes #19410
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/19411)
(cherry picked from commit
bbaa24b7c5ca4d712ad539d4c5ed16af0dd908f4)
Bernd Edlinger [Tue, 11 Oct 2022 18:25:33 +0000 (20:25 +0200)]
Fix an occasional CI failure due to unaligned access
This happens rarely, but only because very few CI runs
use the exotic CPU type that is necessary to execute
anything within rsaz_exp_x2.c and enable UBSAN at the same time.
crypto/bn/rsaz_exp_x2.c:562:20: runtime error: load of misaligned address 0x612000022cc6 for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
0x612000022cc6: note: pointer points here
84 a3 78 e0 8e 8d 4a a5 51 9c 57 d0 d6 41 f3 26 d1 4e e1 98 42 b5 3a 9f 04 f1 73 d2 1d bf 73 44
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crypto/bn/rsaz_exp_x2.c:562:20 in
../../util/wrap.pl ../../fuzz/server-test ../../fuzz/corpora/server => 1
not ok 2 - Fuzzing server
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19412)
Juergen Christ [Wed, 5 Oct 2022 11:57:21 +0000 (13:57 +0200)]
Add translation for ECX group parameter
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519
and X448. The translation of this parameter resulted in an error. This
caused errors for legacy keys and engines.
Fix this situation by adding a translation that simply checks that the correct
parameter is to be set, but does not actually set anything. This is correct
since the group name is anyway optional for these two curves.
Fixes #19313
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19348)
(cherry picked from commit
c048779520d47962316ddb436d08a050d5659666)