Commit Graph

5435 Commits

Author SHA1 Message Date
Tomas Mraz
7ed6de997f Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:35:49 +02:00
Viktor Dukhovni
b4e4bf29ba Check for excess data in CertificateVerify
As reported by Alicja Kario, we ignored excess bytes after the
signature payload in TLS CertificateVerify Messages.  These
should not be present.

Fixes: #25298

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25302)
2024-08-29 19:32:00 +02:00
erbsland-dev
c026101be0 Correct Alert Handling for Missing Compression Methods
Fixes #7940: Updated the compression check logic to improve protocol compliance. The code now returns `SSL_AD_DECODE_ERROR` when no compression method is provided in the ClientHello message. It returns `SSL_AD_ILLEGAL_PARAMETER` if the “null” compression method (0x00) is missing.

Additionally, refactored the related test code for enhanced readability and maintainability.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25255)
2024-08-29 19:16:38 +02:00
slontis
14c45338e9 EVP_MD_size() updates
For SHAKE algorithms we now return 0 from EVP_MD_size().
So all the places that check for < 0 needed to change to <= 0
(Otherwise the behaviour will be to digest nothing in most cases).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-29 10:29:53 +02:00
cx
c07a34e18b Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any other change_cipher_spec value(RFC 8446)
Fixes: #25086

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25257)
2024-08-26 10:58:10 +01:00
Matt Caswell
60358f2c5e Fix the alert used on a missing key_share
RFC8446 requires we send an illegal_parameter alert if we don't get a
key_share back from the server and our kex_modes require one. We were
instead reporting this as missing_extension.

Fixes #25040

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25059)
2024-08-21 15:35:51 +02:00
Matt Caswell
8781087a69 Ensure the msg_callback is called on CCS receipt in TLSv1.3
CCS records are ignore in TLSv1.3. But we should still call the msg_callback
anyway.

Fixes #25166

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25169)
2024-08-15 20:17:39 +02:00
Bhaskar Metiya
02b8b7b836 Return SSL_AD_DECRYPT_ERROR alert on PSK binder validation failure (RFC 8446)
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25176)
2024-08-15 11:21:24 +02:00
Michael Baentsch
38a7183102 adds TLS signature algorithms list feature
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24821)
2024-08-13 11:48:54 +10:00
Matt Caswell
c0c4e6ba0a Remove the event queue code
PR #18345 added some code for an event queue. It also added a test for it.
Unfortunately this event queue code has never been used for anything.
Additionally the test was never integrated into a test recipe, so it never
actually gets invoked via "make test". This makes the code entirely dead,
unnecessarily bloats the size of libssl and causes a decrease in our
testing code coverage value.

We remove the dead code.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25100)
2024-08-07 19:48:26 +02:00
Matt Caswell
293d0a0052 Check that a supported_versions extension is present in an HRR
If an HRR is sent then it MUST contain supported_versions according to the
RFC. We were sanity checking any supported_versions extension that was sent
but failed to verify that it was actually present.

Fixes #25041

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25068)
2024-08-07 19:34:23 +02:00
Leonie Theobald
cc37ef7d90 Add logging support for early data
-trace option didn't cover early data message which resulted in
misleading logging.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25026)
2024-08-07 19:32:17 +02:00
FdaSilvaYY
f21ededc3c ssl: factorize and improved hex conversion code
Add inline qualifier to avoid exporting a function for one unique use

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)
2024-08-07 19:25:10 +02:00
FdaSilvaYY
668fdb593a ssl: remove stdio.h and sprintf use from libssl.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)
2024-08-07 19:25:10 +02:00
Dimitri Papadopoulos
7d91d5ba35 Fix typos found by codespell
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24949)
2024-08-07 19:09:43 +02:00
Tomas Mraz
ca1d2db291 Do not implicitly start connection with SSL_handle_events() or SSL_poll()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25069)
2024-08-03 09:18:11 -04:00
Tomas Mraz
b1f4aebb74 Return infinity time from SSL_get_event_timeout when the connection is not started
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25069)
2024-08-03 09:18:11 -04:00
Tomas Mraz
b7f93c7fcb Do not falsely start the connection through SSL_pending()/_has_pending()
Fixes #25054

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25069)
2024-08-03 09:18:11 -04:00
Tomas Mraz
ed7a8bfd74 ssl_evp_cipher_fetch(): Avoid using 3DES from the FIPS provider
Avoid using a fetched cipher that is decrypt-only
which is the case for 3DES from the fips provider.

Add a decrypt-only parameter to the EVP_CIPHER and test it
in libssl when fetching.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25028)
2024-08-01 17:29:39 +02:00
Tomas Mraz
3bbcd0c537 3DES ciphersuites are not allowed in FIPS anymore
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25028)
2024-08-01 17:29:32 +02:00
Clemens Lang
5cec58bdff Speed up SSL_add_{file,dir}_cert_subjects_to_stack
The X509_NAME comparison function converts its arguments to DER using
i2d_X509_NAME before comparing the results using memcmp(). For every
invocation of the comparison function (of which there are many when
loading many certificates), it allocates two buffers of the appropriate
size for the DER encoding.

Switching to static buffers (possibly of X509_NAME_MAX size as defined
in crypto/x509/x_name.c) would not work with multithreaded use, e.g.,
when two threads sort two separate STACK_OF(X509_NAME)s at the same
time. A suitable re-usable buffer could have been added to the
STACK_OF(X509_NAME) if sk_X509_NAME_compfunc did have a void* argument,
or a pointer to the STACK_OF(X509_NAME) – but it does not.

Instead, copy the solution chosen in SSL_load_client_CA_file() by
filling an LHASH_OF(X509_NAME) with all existing names in the stack and
using that to deduplicate, rather than relying on sk_X509_NAME_find(),
which ends up being very slow.

Adjust SSL_add_dir_cert_subjects_to_stack() to keep a local
LHASH_OF(X509_NAME)s over the complete directory it is processing.

In a small benchmark that calls SSL_add_dir_cert_subjects_to_stack()
twice, once on a directory with one entry, and once with a directory
with 1000 certificates, and repeats this in a loop 10 times, this change
yields a speed-up of 5.32:

| Benchmark 1: ./bench 10 dir-1 dir-1000
|   Time (mean ± σ):      6.685 s ±  0.017 s    [User: 6.402 s, System: 0.231 s]
|   Range (min … max):    6.658 s …  6.711 s    10 runs
|
| Benchmark 2: LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000
|   Time (mean ± σ):      1.256 s ±  0.013 s    [User: 1.034 s, System: 0.212 s]
|   Range (min … max):    1.244 s …  1.286 s    10 runs
|
| Summary
|   LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000 ran
|    5.32 ± 0.06 times faster than ./bench 10 dir-1 dir-1000

In the worst case scenario where many entries are added to a stack that
is then repeatedly used to add more certificates, and with a larger test
size, the speedup is still very significant. With 15000 certificates,
a single pass to load them, followed by attempting to load a subset of
1000 of these 15000 certificates, followed by a single certificate, the
new approach is ~85 times faster:

| Benchmark 1: ./bench 1 dir-15000 dir-1000 dir-1
|   Time (mean ± σ):     176.295 s ±  4.147 s    [User: 174.593 s, System: 0.448 s]
|   Range (min … max):   173.774 s … 185.594 s    10 runs
|
| Benchmark 2: LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1
|   Time (mean ± σ):      2.087 s ±  0.034 s    [User: 1.679 s, System: 0.393 s]
|   Range (min … max):    2.057 s …  2.167 s    10 runs
|
| Summary
|   LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1 ran
|    84.48 ± 2.42 times faster than ./bench 1 dir-15000 dir-1000 dir-1

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25056)
2024-08-01 17:28:18 +02:00
pohsingwu
1b838621c3 Restrict the length of key-derivation key used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)
2024-08-01 16:47:12 +10:00
Neil Horman
32185d513c Fix second error from Coverity-161057
Coverity flagged a second error in this code

we're comparing block_padding and hs_padding for >= 0, which is always
true

With the change to the use of strtoul, inputs that are preceded with a -
(i.e. negative values), are caught already, so the check is redundant

just remove the check entirely

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24993)
2024-07-26 13:25:18 -04:00
Dimitri Papadopoulos
f83707dc6d open brace '{' following struct go on the same line
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
2024-07-22 06:55:35 -04:00
Dimitri Papadopoulos
962431d58b that open brace { should be on the previous line
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
2024-07-22 06:55:35 -04:00
Dimitri Papadopoulos
1cf2f8231e Remove trailing whitespace
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
2024-07-22 06:55:35 -04:00
Tomas Mraz
a988704147 tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length()
Fixes Coverity 1598052

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24929)
2024-07-21 12:00:20 -04:00
Neil Horman
0b67643ade Fix coverity-1610057
Coverity caught a error in a recent change, in which atoi was used to
assign a value to two size_t variables, and then checked them for being
>= 0, which will always be true.

given that atoi returns an undefined value (usually zero) in the event
of a failure, theres no good way to check the return value of atoi for
validitiy.

Instead use OPENSSL_strtoul and confirm both that the translation
passed, and that the endptr value is at the NULL terminator (indicating
that the entire string was consumed)

Fixes openssl/private#552

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24861)
2024-07-18 19:07:52 +02:00
Gerd Hoffmann
d7af3f7aa7 fix vs2019 warning
windows vs2019 throws warnings when compiling openssl for edk2:

ERROR - Compiler #2220 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : the following warning is treated as an error
WARNING - Compiler #4701 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local variable 'peer_rpk' used
WARNING - Compiler #4703 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local pointer variable 'peer_rpk' used

Explicitly initialize the peer_rpk variable to make the compiler happy.

Yes, it's a false positive, but you have to check the tls_process_rpk()
body in another source file to see that, which apparently is beyond the
compiler's capabilities.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24895)
2024-07-18 16:13:41 +02:00
Stephen Farrell
21dfb97596 Extend TLSv1.3 record layer padding API calls
Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex()
to allow separate padding block size values for handshake messages
and application data messages.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24796)
2024-07-10 11:44:39 +02:00
MrRurikov
35b1472f07 Add (void) cast to result of ossl_quic_rxfc_on_retire()
Return value of function 'ossl_quic_rxfc_on_retire', called at
quic_stream_map.c:767, is not checked, but it is usually checked
for this function.

CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24794)
2024-07-08 18:17:15 +02:00
Matt Caswell
238fa464d6 Add ALPN validation in the client
The ALPN protocol selected by the server must be one that we originally
advertised. We should verify that it is.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)
2024-06-27 10:30:51 +01:00
Matt Caswell
e10a3a84bf Correct return values for tls_construct_stoc_next_proto_neg
Return EXT_RETURN_NOT_SENT in the event that we don't send the extension,
rather than EXT_RETURN_SENT. This actually makes no difference at all to
the current control flow since this return value is ignored in this case
anyway. But lets make it correct anyway.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)
2024-06-27 10:30:51 +01:00
Matt Caswell
fc8ff75814 Use correctly formatted ALPN data in tserver
The QUIC test server was using incorrectly formatted ALPN data. With the
previous implementation of SSL_select_next_proto this went unnoticed. With
the new stricter implemenation it was failing.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)
2024-06-27 10:30:51 +01:00
Matt Caswell
c6e1ea2235 More correctly handle a selected_len of 0 when processing NPN
In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but
the selected_len is 0 we should fail. Previously this would fail with an
internal_error alert because calling OPENSSL_malloc(selected_len) will
return NULL when selected_len is 0. We make this error detection more
explicit and return a handshake failure alert.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)
2024-06-27 10:30:51 +01:00
Matt Caswell
2ebbe2d7ca Fix SSL_select_next_proto
Ensure that the provided client list is non-NULL and starts with a valid
entry. When called from the ALPN callback the client list should already
have been validated by OpenSSL so this should not cause a problem. When
called from the NPN callback the client list is locally configured and
will not have already been validated. Therefore SSL_select_next_proto
should not assume that it is correctly formatted.

We implement stricter checking of the client protocol list. We also do the
same for the server list while we are about it.

CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)
2024-06-27 10:30:51 +01:00
erbsland-dev
57b83edc46 bio_ssl.c: Do not call SSL_shutdown if not inited
Fixes #4545

If free is called for an SSL BIO that is in initialization phase,
the `SSL_shutdown` call is omitted.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24705)
2024-06-25 16:06:17 +02:00
Dimitri Papadopoulos
8f250985ad Fix typos found by codespell
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24691)
2024-06-24 15:09:11 +02:00
erbsland-dev
89c9c3b857 Extend mask of ssl_method_st to 64-bit
Fixes #23260: The bit count for `SSL_OP_*` flags has exceeded 32 bits, making it impossible to handle newer flags and protocol extensions with the existing 32-bit variables. This commit extends the `mask` field in the `ssl_method_st` structure to 64-bit, aligning them with the previously extended 64-bit `options` field.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24692)
2024-06-23 10:09:07 -04:00
Robert Schulze
af82623d32 Incorporate more review feedback
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24673)
2024-06-21 07:57:56 -04:00
Robert Schulze
8d934a7592 Incorporate review feedback
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24673)
2024-06-21 07:57:56 -04:00
Robert Schulze
79886c85b3 Fix data race between SSL_SESSION_list_add and ssl_session_dup
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24673)
2024-06-21 07:57:56 -04:00
Frederik Wedel-Heinen
fa49560451 Fix handling of max_fragment_length extension for PSK
A psk session was assumed to be a resumption which failed a check
when parsing the max_fragment_length extension hello from the client.

Relevant code from PR#18130 which was a suggested fix to the issue
was cherry-picked.

Fixes #18121

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24513)
2024-06-20 16:49:51 +02:00
Amir Mohammadi
1977c00f00 Fix memory leak in quic_trace.c
Fixes #24340

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24568)
2024-06-10 10:45:54 +02:00
Alexander Kanavin
00a6d0743a ssl_sess.c: deprecate SSL_SESSION_get_time/SSL_SESSION_set_time
Adjust the manpages at the same time so that only the new
functions are being presented.

Fixes: #23648

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24307)
2024-05-30 18:31:22 +02:00
Alexander Kanavin
86c9bb1378 ssl_sess.c: deprecate SSL_CTX_flush_sessions in favour of _ex() replacement
The original function is using long for time and is therefore
not Y2038-safe.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24307)
2024-05-30 18:31:22 +02:00
Matt Caswell
bfb8128190 Set rl->packet to NULL after we've finished using it
In order to ensure we do not have a UAF we reset the rl->packet pointer
to NULL after we free it.

Follow on from CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
2024-05-28 13:28:13 +01:00
Matt Caswell
38690cab18 Only free the read buffers if we're not using them
If we're part way through processing a record, or the application has
not released all the records then we should not free our buffer because
they are still needed.

CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
2024-05-28 13:28:13 +01:00
sashan
da9342ed5e Move stack of compression methods from libssl to OSSL_LIB_CTX
The compression methods are now a global variable in libssl.
This change moves it into OSSL library context.

It is necessary to eliminate atexit call from libssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24414)
2024-05-28 08:56:13 +02:00
irosay
3e9d933882 Release pkey_ctx on initialization failure
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24366)
2024-05-14 17:58:34 +02:00