Commit Graph

33437 Commits

Author SHA1 Message Date
Hugo Landau
6cdb672d0f QUIC RXDP: Make ACK eliciting definition more resilient and centralised
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
f80e61b61f QUIC CONFORMANCE: RFC 9000 s. 19.14: STREAMS_BLOCKED Frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
f084a8f761 QUIC CONFORMANCE: RFC 9000 s. 19.13: STREAM_DATA_BLOCKED Frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
b5b40c4e18 QUIC CONFORMANCE: RFC 9000 s. 19.7
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
283938fca5 RFC 9000 s. 19.8: Enforce maximum stream size
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
212616ed09 QUIC CONFORMANCE: RFC 9000 s. 17.2.5.1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
fd0d593220 QUIC CONFORMANCE: RFC 9000 s. 17.2.2: Enforce no initial token from server
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
08cb9a8327 QUIC CONFORMANCE: Enforce packet header reserved bits
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
5b9452e037 QUIC WIRE: Allow encoding/decoding of reserved header bits
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
22f21fbdd6 QUIC CONFORMANCE: RFC 9000 s. 13.3: MAX_STREAM_DATA generation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
96fa10f36f QUIC CONFORMANCE: RFC 9000 s. 12.5: Application CONNECTION_CLOSE frame masking
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
8d2e353df4 QUIC CONFORMANCE: RFC 9000 s. 12.5: Ensure CFQ can not be used to send disallowed frame types in a given PN space
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
5a1b1d2be3 QUIC CONFORMANCE: RFC 9000 s. 12.3: PN Limit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
dfe5e7fa98 QUIC CONFORMANCE: RFC 9000 s. 12.3: PN duplicate suppression
Make sure PN duplicate suppression is side-channel safe by doing
the duplicate test after AEAD verification.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
85bbef270c QUIC ACKM: Clarify the role of is_inflight
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
6c1d0e2865 QUIC CONFORMANCE: Enforce minimal frame type encoding
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
0911cb4a07 QUIC CONFORMANCE: Packet handling fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
7e3fa44f24 QUIC CONFORMANCE: Handle RESET_STREAM final size correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
2cc0e2dddf QUIC CONFORMANCE: Validate RESET_STREAM final sizes correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
c407d5e568 QUIC: Note that we do not retransmit stream data for retransmitted streams
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
28d0e35cd6 QUIC QSM: Free unneeded stream buffers, calculate RESET_STREAM final size correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
418e122cd4 QUIC QSM: Model final sizes and handle STOP_SENDING correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
01715f2b41 QUIC CONFORMANCE: RFC 9000 s. 3.3: Stream States — Permitted Frame Types — STREAM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
Hugo Landau
2f018d14f0 QUIC QSM/STREAM: Refactor to use RFC stream states
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
2023-07-17 08:17:57 +10:00
ljuzwiuk
64b1d2fb06 Fix RSA OAEP set/get label for legacy engine
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21401)
2023-07-17 08:15:06 +10:00
ljuzwiuk
f1b7243cda Remove duplicated values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21401)
2023-07-17 08:15:06 +10:00
Matt Caswell
29f25a10e5 Test loading a PEM file from multiple threads
The new decoder optimisation has some locking involved so we confirm that
reading a PEM file from multiple threads works as expected.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
2023-07-17 08:12:06 +10:00
Matt Caswell
32d3c3abf3 Optimise PKEY decoders
The most expensive part of using a PKEY decoder is the
OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder
chains, which is a complex and time consuming operation. However, if no
new providers have been loaded/unloaded since the last time it was called
we can expect the same results for the same parameters. Note that this
operation takes place *before* we event parse the data for decoding so it
is not dependent on the parsed data at all.

We introduce a cache for OSSL_DECODER_CTX objects. If we have been called
with the same parameters then we just duplicate an existing
OSSL_DECODER_CTX. This should be significantly faster than creating a new
one every time.

Partially addressed the issue in #15199

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
2023-07-17 08:12:06 +10:00
Tomas Mraz
1e398bec53 Add CHANGES.md and NEWS.md entries for CVE-2023-2975
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14 13:01:05 +02:00
Tomas Mraz
3993bb0c0c Add testcases for empty associated data entries with AES-SIV
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14 12:59:02 +02:00
Tomas Mraz
c426c281cf Do not ignore empty associated data with AES-SIV mode
The AES-SIV mode allows for multiple associated data items
authenticated separately with any of these being 0 length.

The provided implementation ignores such empty associated data
which is incorrect in regards to the RFC 5297 and is also
a security issue because such empty associated data then become
unauthenticated if an application expects to authenticate them.

Fixes CVE-2023-2975

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14 12:59:02 +02:00
Randall S. Becker
ba189e0a4b Modified OSSL_parse_url to initialize pport_num to 0.
This change is intended to provide some safety for uninitialized stack failures
that have appeared in 80-test_cmp_http on NonStop x86 when run in a complex
CI/CD Jenkins environment. This change also adds init_pint() to handle the
initialization of a pointer to int value.

Fixes: #21083

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21109)

(cherry picked from commit 45cd2554ef)
2023-07-14 12:04:38 +02:00
Tomas Mraz
b6bf1cbf1d quicapitest: Fix SSL_trace() test on big endian platforms
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)
2023-07-14 11:51:48 +02:00
Tomas Mraz
69aef72264 ossl_quic_wire_encode_pkt_hdr(): Assign ptrs only on static buf wpkt
Pointers can be invalidated when the underlying BUF_MEM grows.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)
2023-07-14 11:51:48 +02:00
dependabot[bot]
bdff325831 Bump coverallsapp/github-action from 2.2.0 to 2.2.1
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21454)
2023-07-14 10:12:21 +02:00
dependabot[bot]
dbe36351dc Bump actions/setup-python from 4.6.1 to 4.7.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21455)
2023-07-14 10:08:01 +02:00
slontis
2b42290f08 Add FIPS build instructions
If you are building the latest release source code with enable-fips configured
then the FIPS provider you are using is not likely to be FIPS compliant.

This update demonstrates how to build a FIPS provider that is compliant
and use it with the latest source code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20907)
2023-07-14 11:35:23 +10:00
Amir Ayupov
2fd82c2283 Move Keccak rhotates tables to rodata
rhotates tables are placed to .text section which confuses tools such as BOLT.
Move them to rodata to unbreak and avoid polluting icache/iTLB with data.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21440)
2023-07-14 11:15:45 +10:00
Pauli
7a3d32ae46 Add a NEWS entry covering the FIPS related changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21386)

(cherry picked from commit dfc4b6c93b)
2023-07-14 09:53:42 +10:00
Pankul94
15e041b751 Changes to resolve symbol conflict due to gf_mul
CLA: trivial

Changed names of internal functions to resolve symbol conflict when Openssl is used with intel/ISA-L.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21421)
2023-07-14 08:44:26 +10:00
Liu-ErMeng
ed6dfd1e36 use '__builtin_expect' to improve EVP_EncryptUpdate performance for gcc/clang.
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21425)
2023-07-13 22:54:14 +10:00
Dr. David von Oheimb
5be8233d2b EVP_PKEY_{en,de}capsulate.pod: fix glitches and add some detail and hints
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21397)
2023-07-13 11:24:04 +02:00
Marcin Kolny
66f61ece72 Add more fixes for WebAssembly/WASI build
* force use timegm - WASI does not have timezone tables
* use basic implementation for `OPENSSL_issetugid()` - WASI doesn't support forking processes

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21389)
2023-07-12 10:50:09 +10:00
Matt Caswell
0a3733babb Add an SSL BIO test for QUIC
We create an SSL BIO using a QUIC based SSL_CTX and then use that BIO
to create a connection and read/write data from streams.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21367)
2023-07-11 17:51:34 +02:00
Tomas Mraz
9f3cd808b3 Fix no-srtp build failure
SRTP related functions aren't available when built with no-srtp.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21412)
2023-07-10 22:06:18 -04:00
Matt Caswell
ff9728c6d5 Fix test_quic_write_read()
Fix the "test 2" case of test_quic_write_read(). It is intended to be run
in blocking mode.

The result of a bad interaction between #21087 and #21332

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21409)
2023-07-10 11:40:12 +01:00
Rajeev Ranjan
1d32ec20fe CMP: support specifying certificate to be revoked via issuer and serial number
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21116)
2023-07-10 08:03:38 +02:00
Hugo Landau
780b252747 QUIC APL: Tick on SSL_read failure in non-blocking mode
...

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21381)
2023-07-10 09:09:30 +10:00
Tomas Mraz
bd38c6b61b Edit question template to direct users to GH Discussions
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21393)
2023-07-10 09:08:04 +10:00
Pauli
dc6f3b9b8d fips: make installations FIPS compliant by default
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21363)
2023-07-09 16:27:22 +10:00