Commit Graph

34640 Commits

Author SHA1 Message Date
barracuda156
7068e5e2dc poly1305_ieee754.c: fix PowerPC macros
Fixes #23264

cla: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23267)
2024-01-15 10:45:07 +01:00
Drokov Pavel
6b92a966e0 Check ASN1_OBJECT_new result
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23270)
2024-01-15 10:43:44 +01:00
Job Snijders
4e5bf93313 Add apps/x509 -set_issuer & -set_subject option to override issuer & subject
This changeset adds the counterpart to the '-subj' option to allow overriding
the Issuer. For consistency, the `-subj` option is aliased to `-set_subject`.

The issuer can be specified as following apps/openssl x509 -new -set_issuer
'/CN=example-nro-ta' -subj '/CN=2a7dd1d787d793e4c8af56e197d4eed92af6ba13' ...

This is useful in constructing specific test-cases or rechaining PKI trees

Joint work with George Michaelson (@geeohgeegeeoh)

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23257)
2024-01-15 10:40:01 +01:00
barracuda156
df04e81794 aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64
Current PowerPC-related defines omit Darwin ppc64 case.
Use __POWERPC__ in place of __ppc__ + __ppc64__
Fixes #23220

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23245)
2024-01-12 19:33:33 +01:00
sharad3001
d8184e982c ossl_rsa_fips186_4_gen_prob_primes(): Remove unused Xpout and Xqout
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23253)
2024-01-12 17:28:14 +01:00
Richard Levitte
d4d9b57530 Add test/recipes/15-test_gensm2.t, to test SM2 key generation results
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
2024-01-12 11:07:39 +01:00
Richard Levitte
1d490694df Fix the encoding of SM2 keys
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).

Such keys should be encoded as ECC keys.

Fixes #22184

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
2024-01-12 11:07:39 +01:00
Neil Horman
0981c20f8e Fix NULL pointer deref when parsing the stable section
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min

Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value.  As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.

Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)
2024-01-12 10:37:22 +01:00
Holger Dengler
3cb1b51ddd Add tests for re-using cipher contexts
Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.

This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
2024-01-12 10:34:39 +01:00
Holger Dengler
f9ccd209c3 Fix partial block encryption in cfb and ofb for s390x (legacy)
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see 4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
2024-01-12 10:34:39 +01:00
Holger Dengler
576a3572be Fix partial block encryption in cfb and ofb for s390x
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.

Fixes: #23175

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
2024-01-12 10:34:39 +01:00
Fs
0856bf519f uplink-x86_64.pl: make x86_64-xlate.pl accept $flavour parameter
Match behavior of all other x86_64 asm.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23219)
2024-01-12 08:56:14 +01:00
Hugo Landau
9eabb30ab4 QUIC RCIDM: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:16:27 +01:00
Hugo Landau
ad08c814d8 Update fuzz corpora
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
8e1593e647 QUIC RCIDM: Update fuzz corpora
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
3ba9345eb9 QUIC RCIDM: Fix ANSI compliance
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
433ef94187 QUIC RCIDM: Add test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
9575b21851 QUIC RCIDM: Add counters to support RCID count enforcement
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
044fd04cb4 QUIC SRTM: Fixes for clang
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
3fe0899ab7 QUIC RCIDM: Minor fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
d0bac943c9 QUIC RCIDM: Add fuzzer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Hugo Landau
63f77f0454 QUIC RCIDM: Add RCIDM
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
2024-01-11 11:14:18 +01:00
Neil Horman
7c1d533a51 Update Docs for EVP_MAC
For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated).  As such, document the fact that
re-initalization requires passing an IV parameter

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)
2024-01-11 11:12:10 +01:00
Tomas Mraz
493ad484e9 Disable build of HWAES on PPC Macs
Fixes #22818

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22860)
2024-01-11 11:08:31 +01:00
sashan
da840c3775 evp_fetch.c: Check meth_id instead of name_id
Fixes #23226

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23238)
2024-01-11 10:18:25 +01:00
James Muir
ff7b32e1d7 doc: "digest" must be explicitly set with deterministic ECDSA/DSA
Fixes #23205

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23250)
2024-01-11 10:15:03 +01:00
Frederik Wedel-Heinen
0a40b23cb8 Remove wpend_ret that was only assigned and never used.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23191)
2024-01-11 10:04:14 +01:00
Bernd Edlinger
3980118484 Fix a similar memory leak in SXNET_add_id_INTEGER
Even in the good case there was memory leak here.
Add a simple test case to have at least some test coverage.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
2024-01-10 17:59:53 +01:00
Bernd Edlinger
0151e77219 Fix a possible memory leak in sxnet_v2i
When a subsequent call to SXNET_add_id_asc fails
e.g. because user is a string larger than 64 char
or the zone is a duplicate zone id,
or the zone is not an integer,
a memory leak may be the result.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
2024-01-10 17:59:53 +01:00
fangming.fang
1d1ca79fe3 Preserve callee-saved registers in aarch64 AES-CTR code
The AES-CTR assembly code uses v8-v15 registers, they are
callee-saved registers, they must be preserved before the
use and restored after the use.

Change-Id: If9192d1f0f3cea7295f4b0d72ace88e6e8067493

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23233)
2024-01-10 09:52:15 +01:00
Neil Horman
806bbafe2d Check appropriate OSSL_PARAM_get_* functions for NULL
The base type OSSL_PARAM getters will NULL deref if they are initalized
as null.  Add NULL checks for those parameters that have no expectation
of returning null (int32/64/uint32/64/BN).  Other types can be left as
allowing NULL, as a NULL setting may be meaningful (string, utf8str,
octet string, etc).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23083)
2024-01-09 16:56:55 +01:00
Tomas Mraz
858c7bc210 Add CHANGES.md and NEWS.md entries for CVE-2023-6129
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
2024-01-09 15:45:44 +01:00
Rohan McLure
8d847a3ffd poly1305-ppc.pl: Fix vector register clobbering
Fixes CVE-2023-6129

The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
2024-01-09 15:45:32 +01:00
Tomas Mraz
5dc2b72df7 Sync CHANGES.md and NEWS.md with 3.2 branch
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
2024-01-09 15:45:32 +01:00
Neil Horman
f3be536686 Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata()
It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values
when not provided in the param list to EVP_PKEY_fromdata.  Augment the
provider in ossl_rsa_fromdata to preform this generation iff:
a) At least p q n e and e are provided
b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1

Fixes #21826

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21875)
2024-01-09 12:03:32 +01:00
Will Sackfield
0a22436ea5 Fail the Configure script with no Configurations
* Print a message about why the failure is
happening.
* Send the usage information.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22855)
2024-01-08 14:17:16 +01:00
Tomas Mraz
7054fc1ca3 Avoid memory leak if SXNET_add_id_INTEGER() fails
Fixes Coverity 1560046

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23211)
2024-01-08 13:51:45 +01:00
Richard Levitte
8d8c1600ae VMS: Add the missing -p32 and -p64 variants for x86_64
The pointer size support is already in the code, and is present for
all other supported hardwares.

Fixes #22899

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)

(cherry picked from commit a43f253d58)
2024-01-08 07:28:19 +01:00
Richard Levitte
3077bfb78e Fix VMS installation - update vmsconfig.pm for consistency
An effort was made to update the VMS installation data to align with
configuration data.  This touched the script templates in VMS/, but
didn't update the generation of vmsconfig.pm to match...  and also
missed a spot.

This change adds the missing updates

Ref:
https://github.com/openssl/openssl/pull/16842

Fixes #22899

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)

(cherry picked from commit 4058e121cb)
2024-01-08 07:28:19 +01:00
Neil Horman
5963aa8c19 cleanse stack variable in kdf_pbkdf1_do_derive
kdf_pbkdf1_do_derive stores key derivation information in a stack
variable, which is left uncleansed prior to returning.  Ensure that the
stack information is zeroed prior to return to avoid potential leaks of
key information

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23194)
2024-01-05 14:25:55 -05:00
Neil Horman
bac7e687d7 Validate config options during x509 extension creation
There are several points during x509 extension creation which rely on
configuration options which may have been incorrectly parsed due to
invalid settings.  Preform a value check for null in those locations to
avoid various crashes/undefined behaviors

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23183)
2024-01-05 13:20:34 -05:00
Neil Horman
b062a3c552 fixup! Adding interop tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
2024-01-05 12:36:45 -05:00
Neil Horman
83783dd16e Adding interop tests
Fedora has some fairly nice interoperability tests that we can leverage
to build a PR and test it against gnutls and nss libraries.  This commit
adds the interop-tests.yml ci job to do that work, and run the interop
tests from beaker.

Fixes #20685

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
2024-01-05 12:36:18 -05:00
Neil Horman
638ad52ae5 Update workflow to use GITHUB_WORKSPACE
It was pointed out the GITHUB_WORKSPACE points to the container path of
the workspace, so we can use it instead of hardcoding the
__w/openssl/openssl path

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
2024-01-05 15:11:42 +01:00
Neil Horman
337eb99c84 Adding interop tests
Fedora has some fairly nice interoperability tests that we can leverage
to build a PR and test it against gnutls and nss libraries.  This commit
adds the interop-tests.yml ci job to do that work, and run the interop
tests from beaker.

Fixes #20685

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
2024-01-05 15:11:42 +01:00
Matt Caswell
2995be50e8 Correct ssl_old_test stream handling
The ssl_old_test has not been fully converted to the test framework but
it still reuses some test framework utilities. Notably it was creating
it's own copy of the global bio_err object directly (which is normally
created and owned by the test framework). This causes a problem because
ever since commit 2fa9044 access to the bio_err object is controlled by
a lock. Since ssl_old_test was circumventing the normal creation and
destruction of bio_err, the lock was not being created resulting in a
crash under certain error conditions.

We fix this by creating and destroying the bio_err object using the
test framework functions designed for that purpose.

Fixes #23184

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23187)
2024-01-05 12:13:19 +01:00
Matt Caswell
3348713ad3 Clarify the PKCS12 docs
Issue #23151 asks a question about the meaning of the PKCS12
documentation. This PR attempts to clarify how friendlyName and localKeyID
are added to the PKCS12 structure.

Fixes #23151

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23188)
2024-01-04 16:42:41 +00:00
Tomas Mraz
98d6016afe Make OPENSSL_sk_push return only 0 or 1
Most of the callers do not actually check for
the special -1 return condition because they do not
pass NULL to it. It is also extremely improbable that
any code depends on this -1 return value in this condition
so it can be safely changed to 0 return.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/22930)
2024-01-04 14:51:48 +01:00
Neil Horman
8b9cf1bc2c cleanse stack variable in blake2[b|s] finalization
If the output of a blake2[b|s] digest isn't a multipl of 8, then a stack
buffer is used to compute the final output, which is left un-zeroed
prior to return, allowing the potential leak of key data.  Ensure that,
if the stack variable is used, it gets cleared prior to return.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23173)
2024-01-03 12:42:01 -05:00
Frederik Wedel-Heinen
6fd3794814 Simplify ssl protocol version comparisons.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23163)
2024-01-03 15:55:17 +00:00