This changes the alert according to RFC 8446.
Fixes: #25402
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25547)
When BIO_parse_hostserv() fails it may still have allocated memory, yet
this memory is not freed. Fix it by jumping to the err label.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25817)
Also avoid leak if stack push fails.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26230)
Recent test additions have increased the number of jobs spawned by the
interop runner test which exceeds the maximum allowed.
This occurs because the matrix expands to:
7 server elements
6 client elements
7 tests
2 test steps (client interop and server interop
Because of how github ci does matrix expansion, this results in
2 * 7 * 7 * 6 = 588
But most of those are invalid because each of the 2 steps only considers
either the client or server elements, and so get rerun multiple times
Alter the steps to be individual jobs, each with their own reduced
matrix to only run each relevant test once, limiting our job count to
at most 49 jobs.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26275)
This makes `ikmlen` have a length of at least `Nsk`.
Closes#26213
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26254)
Add a test to check that if the user reduces the default TLS security level
at configure time, then the tests still pass.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26256)
The compile time default TLS security level can be changed if the user
sets `-DOPENSSL_TLS_SECURITY_LEVEL=x` at configure time (where "x" is some
number, typically 0 or 1).
Since OpenSSL 3.4 tests are failing if the default security level is 0. We
fix the tests for this case.
Fixes#26255
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26256)
Previously there was no way to create a CMS SignedData signature without a
signing time attribute, because CMS_SignerInfo_sign added it unconditionally.
However, there is a use case (PAdES signatures) where this attribute is not
allowed, so this commit introduces a new flag to the CMS API that causes this
attribute to be omitted at signing time.
Also add -no_signing_time option to cms command.
Fixes#15777
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15783)
When we put algorithm to the store, we have a fallback to the
OSSL_LIB_CTX level store when store is NULL.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26197)
When data contains only zero values a buffer overflow happens.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26190)
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4880
Facing the below issue after openssl is upgraded
Edk2\CryptoPkg\Library\OpensslLib\openssl\include\internal/safe_math.h(19):
warning C4668: '__GNUC__' is not defined as a preprocessor macro, replacing
with '0' for '#if/#elif'
CLA: trivial
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Kalavakolanu Hema Anmisha <hema.anmisha.kalavakolanu@intel.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26204)
Also add a check to find-doc-nits for HISTORY sections.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26188)
Because this ci job only runs from the master branch, we need to add the
test here to validate that our server respects amplification limits in
our ci runs.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26181)
If it is NULL, ctx->pctx->pmeth dereference will cause a crash.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26176)
We just avoid the special handling needed for Apple M1.
Fixes#26135
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26145)
With b911fef216, there is no longer a
default xoflen for shake algorithms. Update the manual to reflect this.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26129)
Several quic interop implementations have a server implementation, but
not a client implementation. Don't bother trying to run those
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26130)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26146)
Fixes Coverity 1636676
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26154)
We must set pending_delete before the actual deletion as another inserting
or deleting thread can pick up the delete callback before the
ossl_ht_write_unlock() call.
This can happen only if no read locks are pending and only on Windows where
we do not use the write mutex to get the callback list.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26152)
Only absent parameters allowed in RFC 3370.
Fixes#25824
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26058)
It will be just xor-ed over the existing entropy
in the pool.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26128)
We use REF_PRINT_COUNT to dump out the value of various reference
counters in our code
However, we commonly use this macro after an increment or decrement. On
increment its fine, but on decrement its not, because the macro
dereferences the object holding the counter value, which may be freed by
another thread, as we've given up our ref count to it prior to using the
macro.
The rule is that we can't reference memory for an object once we've
released our reference, so lets fix this by altering REF_PRINT_COUNT to
accept the value returned by CRYPTO_[UP|DOWN]_REF instead. The
eliminates the need to dereference the memory the object points to an
allows us to use the call after we release our reference count
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25664)
If we had refcounted object allowing lockless writes
the relaxed semantics on DOWN_REF would allow scheduling
these writes after simultaneous release of the object by
another thread.
We do not have any such objects yet, but better to make
the refcount correct just in case we will have them
in future.
TSAN doesn't properly understand this so we use
even stronger acq_rel semantics if building with TSAN.
Fixes#25660
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25664)
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26122)
