Commit Graph

33317 Commits

Author SHA1 Message Date
Matthias St. Pierre
ce451fb861 INSTALL: document shared library pinning for static builds
The libcrypto library uses shared library pinning to prevent its
cleanup handlers from crashing at program termination because of a
premature unloading of the shared library.

However, shared library pinning is enabled also for static builds,
which may lead to surpising behaviour if libcrypto is linked
statically to a shared third-party library, because in this case
the third-party library gets pinned.

This surprising behaviour is caused by the fact that the `no-shared`
configure option does not imply `no-pinshared`. Since this quirk
can't be changed without potentially breaking existing code, we just
document it here and provide a workaround.

Fixes #20977

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20985)
2023-06-12 08:33:00 +02:00
Theo Buehler
959c150a1d Fix incorrect ERR_raise() calls
A few ERR_raise() calls in v3_purp.c use the wrong library. For example,
in OpenSSL 3.1.1 we get

00000000:error:0580009E:x509 certificate routines:ossl_x509v3_cache_extensions:reason(158):crypto/x509/v3_purp.c:635:

instead of

00000000:error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate:crypto/x509/v3_purp.c:635:

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21168)
2023-06-12 08:26:20 +02:00
Michael Baentsch
e3b01eb6b2 add cygwin CI
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21006)
2023-06-12 08:18:46 +02:00
Michael Baentsch
9b9c42db3b Fix build on cygwin
Fixes #19531

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21006)
2023-06-12 08:18:03 +02:00
James Knight
78634e8ac2 Introduce [HAVE_/NO_]MADVISE defines
Toolchains that target a non-MMU architecture may not have the `madvise`
function available, even if the `sys/mman.h` header provides a define
for `MADV_DONTDUMP` (e.g. when targeting ARMv7-M with uClibc). The
following tweaks the implementation to use `HAVE_MADVISE`/`NO_MADVISE`
defines to help indicate when to attempt to use `madvise`. This change
operates in the same manner as the original implementation (i.e. relies
on `MADV_DONTDUMP` to indicate if `madvise` can be used); however, this
change now allows a builder to override the internal detection by
explicitly providing the `HAVE_MADVISE` define at compile time. This
should give flexibility for environments which do not have `madvise`
when there is no easy logic to set `NO_MADVISE`.

Signed-off-by: James Knight <james.d.knight@live.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20851)
2023-06-12 07:56:03 +02:00
Heiko Stuebner
6181a33367 riscv: aes: dual-license under Apache + 2-clause BSD
To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the 32+64bit aes implementations using the Zkn extension.

Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21018)
2023-06-11 01:30:14 -04:00
Heiko Stuebner
33523d6d66 riscv: GCM: dual-license under Apache + 2-clause BSD
To allow re-use of the already reviewed openSSL crypto code for RISC-V in
other projects - like the Linux kernel, add a second license (2-clause BSD)
to the recently added GCM ghash functions.

Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20649)
2023-06-11 01:26:45 -04:00
Tomas Mraz
ade969e27b Coverity 1528485: Remove unused assignment of wvalue
wvalue is always initialized at the beginning of each cycle
and used only within the cycle

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21145)
2023-06-10 19:23:59 -04:00
Tomas Mraz
ef1ed411e1 Coverity 1528486: Avoid assignment of unused value of bags
It is used only within the loop and always initialized
2023-06-10 19:23:59 -04:00
Tomas Mraz
265920f2a7 Coverity 1528487: Avoid assignment of unused value of i 2023-06-10 19:23:59 -04:00
Tomas Mraz
c71b72acf2 Coverity 1528488: Avoid assignment of unused value rctx
Also some move redirection_url inside loop
where it is only used.
2023-06-10 19:23:59 -04:00
Tomas Mraz
82b81161de Coverity 1528490: Avoid assignment of unused value of i
It is used only within the loop and initialized at the beginning
2023-06-10 19:23:59 -04:00
Tomas Mraz
a33842efa5 Coverity 1528492: Fix possible memory leak if t == NULL 2023-06-10 19:23:59 -04:00
Tomas Mraz
f9a4e2b663 Coverity 1528494 and 1528493: Remove unused assignment of wvalue
wvalue is always initialized at the beginning of each cycle
and used only within the cycle
2023-06-10 19:23:59 -04:00
Tomas Mraz
0c6c378287 Coverity 1528496: remove assignment of unused value
ctx is used only within the loop and always assigned at start
2023-06-10 19:23:59 -04:00
Tomas Mraz
a3fcafb349 Coverity 1529992: Check return value of sscanf()
Also moving the call to setup_tests() where it
fits better.
2023-06-10 19:23:59 -04:00
Tomas Mraz
7efc073dd7 Coverity 1531836: Check return value of CRYPTO_atomic_add() 2023-06-10 19:23:59 -04:00
Tomas Mraz
4bcbf8d444 Coverity 1531872: j is not used anywhere later, remove the assignment 2023-06-10 19:23:59 -04:00
Tomas Mraz
c4ce0e3303 Include poll.h instead of incorrect sys/poll.h
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
2023-06-10 22:34:42 +02:00
Tomas Mraz
ab77026cec Fix failures of OS Zoo CI
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21131)
2023-06-10 22:34:42 +02:00
Tomas Mraz
58e8af4cec Set RC4 defines on libcrypto/liblegacy
Also add missing prototype for rc4_md5_enc.

Fixes #21150

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21153)
2023-06-10 13:00:57 +02:00
Michael Baentsch
8a2e74d053 Cast the argument to unsigned char when calling isspace()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21151)
2023-06-09 17:30:28 +02:00
Matthias St. Pierre
0ef024a492 util/find-doc-nits: extend regex to match new OPT_INFORM A
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
2023-06-09 09:47:34 +02:00
Dr. Matthias St. Pierre
34df960a75 apps/asn1parse: improve RFC7462 compliance
The asn1parse command now supports three different input formats:

     openssl asn1parse -inform PEM|DER|B64

       PEM: base64 encoded data enclosed by PEM markers (RFC7462)
       DER: der encoded binary data
       B64: raw base64 encoded data

The PEM input format is the default format. It is equivalent
to the former `-strictpem` option which is now marked obsolete
and kept for backward compatibility only.

The B64 is equivalent to the former default input format of the
asn1parse command (without `-strictpem`)

Fixes #7317

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
2023-06-09 09:47:34 +02:00
Dr. Matthias St. Pierre
ca857d7332 apps/opt: refactor input format parsing
- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
2023-06-09 09:47:34 +02:00
fisher.yu
dc19f2f622 Optimize CMAC_Update for better performance.
Reduce the number of EVP_Cipher function calls in CMAC_Update,
    to improve performance of CMAC.
    Below are command and result of performance improvement.

    COMMAND: openssl speed -cmac ALGORITHM

    IMPROVEMENT(%):
    A72   stands for Cortex A72
    N1    stands for Neoverse N1
    N2    stands for Neoverse N2
                        A72	N1	N2	x86
    aes-128-cbc@256	65.4	54.6	37.9	86.6
    aes-128-cbc@1024	156.0	105.6	65.8	197.1
    aes-128-cbc@8192	237.7	139.2	80.5	285.8
    aes-128-cbc@16384	249.1	143.5	82.2	294.1
    aes-192-cbc@256	65.6	46.5	30.9	77.8
    aes-192-cbc@1024	154.2	87.5	50.8	167.4
    aes-192-cbc@8192	226.5	117.0	60.5	231.7
    aes-192-cbc@16384	236.3	120.1	61.7	238.4
    aes-256-cbc@256	66.0	40.3	22.2	69.5
    aes-256-cbc@1024	136.8	74.6	35.7	142.2
    aes-256-cbc@8192	189.7	93.5	41.5	191.7
    aes-256-cbc@16384	196.6	95.8	42.2	195.9
    des-ede3-cbc@64	6.9	4.4	2.9	7.2
    des-ede3-cbc@256	9.3	6.1	4.3	13.1
    des-ede3-cbc@1024	10.0	6.4	4.8	14.9
    des-ede3-cbc@8192	10.3	6.5	5.1	15.5
    des-ede3-cbc@16384	10.3	6.4	5.1	15.5
    sm4-cbc@256		9.5	3.0	-	18.0
    sm4-cbc@1024	12.3	3.6	-	24.6
    sm4-cbc@8192	13.2	3.8	-	27.0
    sm4-cbc@16384	13.5	3.8	-	27.2

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)
2023-06-09 09:08:27 +10:00
fisher.yu
fd54fadba6 Update CMAC cipher algorithm list and test cases.
1. Update manual, add SM4-CBC to CMAC cipher algorithm list.
    2. Add test case for SM4-CBC CMAC, add "data length is greater
       than 4 block-length" cases for aes-128-cbc, aes-192-cbc,
       aes-256-cbc and des-ede3-cbc.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)
2023-06-09 09:08:27 +10:00
Pauli
247f307f72 Add 3.0.9 to list of FIPS releases
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
2023-06-08 11:43:10 +02:00
Pauli
67fc06a776 Update versions tested to include 3.1.1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
2023-06-08 11:43:10 +02:00
Pauli
45fefe172a kdf test: restrict the version of the FIPS provider
Concatenation tests are provider version specific, limit them to supporting
versions.

Fixes #21134

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
2023-06-08 11:43:10 +02:00
Antony Polukhin
2c4124a3a1 Workaround false positive warning of MSAN in eng_rdrand.c
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21136)
2023-06-08 11:29:02 +02:00
dependabot[bot]
ac083de651 Bump coverallsapp/github-action from 2.1.2 to 2.2.0
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.1.2...v2.2.0)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21147)
2023-06-08 08:45:07 +02:00
Richard Levitte
b684ee2ce4 build.info: Introduce special syntax for dependencies on script modules
The DEPEND statement, when applied on files generated with GENERATE, may
be used to specify script modules that the template to be generated from
depends on.  In short, this sort of depend:

    DEPEND[generated]=util/perl/OpenSSL/something.pm

... would generate a perl run that has the inclusion directory
'util/perl/OpenSSL' and 'something' as the module to be loaded.  However,
the package name for this module is 'OpenSSL::something', so to load it the
way it's expected, the inclusion directory should be 'util/perl', and the
module to be loaded should be specified as 'OpenSSL/something' (to be
massaged into a proper module name by the build file template).

To allow this, we introduce a file syntax, where a single '|' is used as a
directory separator, to delineate what part should be used as the inclustion
directory, and which part the module name to be loaded should be derived
from:

    DEPEND[generated]=util/perl|OpenSSL/something.pm

Fixes #21112

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21117)
2023-06-08 07:53:10 +02:00
Matt Caswell
b8fa5be550 Modify ENGINE_pkey_asn1_find_str() to use a read lock instead of a write
ENGINE_pkey_asn1_find_str() does not make any modifications to fields
controlled by the global_engine_lock. The only change made is the struct_ref
field which is controlled separately. Therefore we can afford to only take
a read lock. This also impacts EVP_PKEY_asn1_find_str().

This lock ends up being obtained indirectly from numerous public API
functions including EVP_PKEY_key_gen(), EVP_PKEY_new_raw_public_key_ex(),
EVP_PKEY_copy_parameters() etc. This occurs even if no engines are actually
in use.

Some tests showed this lock being obtained 6 times after a "warmed up"
s_server instance with default configuration processed a handshake from a
default s_client. When processing a resumption handshake from s_client it
was obtained 8 times.

Partially fixes #20286

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
2023-06-06 17:09:13 +02:00
Matt Caswell
e568d64f9f Convert the ENGINE struct_ref field to be an atomic
We use atomic primitives to up ref and down the struct_ref field rather
than relying on the global lock for this.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
2023-06-06 17:09:13 +02:00
Alex Bozarth
68668243b1 Add SSL_get0_group_name() to get name of the group used for KEX
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20866)
2023-06-06 17:03:41 +02:00
Michael Baentsch
8229874476 Cast the argument to unsigned char when calling isdigit()
Fixes #21123

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21127)
2023-06-06 15:48:46 +02:00
Tomas Mraz
18f82df5b1 Make link to RFC 1578 in CHANGES.md be a proper link
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21130)
2023-06-06 11:32:15 +02:00
Richard Levitte
d63b3e7959 Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form.  For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes otc/security#96
Fixes CVE-2023-2650

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-06-06 10:48:50 +02:00
Vladimír Kotal
3ca28c9e81 allow to disable http
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21108)
2023-06-06 11:05:02 +10:00
Pauli
c69756e7a0 doc: note that out ChaCha20 isn't standard compliant.
Fixes #21095

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21098)
2023-06-06 11:02:57 +10:00
Matt Caswell
80935bf5ad Don't take a write lock to retrieve a value from a stack
ossl_x509_store_ctx_get_by_subject() was taking a write lock for the
store, but was only (usually) retrieving a value from the stack of
objects. We take a read lock instead.

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)
2023-06-05 09:09:32 +10:00
Matt Caswell
50001e0e15 Avoid an unneccessary lock if we didn't add anything to the store
Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)
2023-06-05 09:09:23 +10:00
Dmitry Belyavskiy
4c56539cb3 Remove pointless warning on pkcs12 import
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21107)
2023-06-03 16:15:33 +02:00
Tomas Mraz
26baecb28c Update fuzz/corpora submodule to latest data
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21118)
2023-06-02 16:08:28 +02:00
Darana
4ad2dd43d0 Fix documentation where openssl-genrsa is listed as
deprecated since OpenSSL 3.0

openssl-genrsa is not deprecated however the OpenSSL documentation
states that it is the case from OpenSSL 3.0. This has been fixed in the
documentation, specifically in manpage 1.

Fixes #21055

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21059)
2023-06-02 15:46:34 +02:00
Pauli
b4a1231007 possible workaround
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00
Pauli
944ee2c30b Update .gitignore
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00
Pauli
79d702250b gcm: use the new faster param location mechanism.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00
Pauli
e84b5fcc1b params: provide a faster TRIE based param lookup.
The separate file is a Perl script that generates the appropriate define
directives for inclusion in core_names.h.  By having this separation it
will be possible to prebuild data structures to give faster access when
looking up parameters by name.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00