Commit Graph

32140 Commits

Author SHA1 Message Date
Hugo Landau
d55fc027b9 Add thread pool design document (phase 1)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19455)
2022-11-14 12:21:22 +01:00
Matt Caswell
cbf965b4f3 Test SSL_shutdown() with async writes
As well as SSL_shutdown() itself this excercises the async write paths
in ssl3_dispatch_alert().

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19550)
2022-11-14 10:14:49 +01:00
Matt Caswell
732435026b Resolve a TODO in ssl3_dispatch_alert
Properly handle the case where there is pending write data and we want
to send an alert.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19550)
2022-11-14 10:14:41 +01:00
Tomas Mraz
6f3072212c Update Stream Receive Buffers design document with implementation details
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
2022-11-14 08:01:58 +00:00
Tomas Mraz
a17c713a7a Plug the QUIC_RSTREAM to the RX depacketizer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
2022-11-14 08:01:57 +00:00
Tomas Mraz
e77396f6f5 QUIC Receive Stream Management: Call QUIC flow control
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
2022-11-14 08:01:57 +00:00
Tomas Mraz
bbf902c34a QUIC Receive Stream Management
Added SFRAME_LIST structure and QUIC_RSTREAM object to
manage received stream data.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)
2022-11-14 08:01:57 +00:00
Serge Croisé
aa197f36a8 COMP_expand_block: spelling (algorithm)
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19509)
2022-11-14 07:54:50 +00:00
Matt Caswell
20c7febc86 Fix memory leak when freeing the DTLS record layer
We need to check whether the sent_messages has actually buffered any
messages in it. If not we won't free the old record layer later when we
clear out the old buffered messages and a memory leak will result.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:26 +00:00
Matt Caswell
22094d11a7 Rename SSL3_RECORD to TLS_RL_RECORD
The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead
of TLS_RECORD because that type already exists elsewhere.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:26 +00:00
Matt Caswell
e9189cc4af Rename SSL3_BUFFER to TLS_BUFFER
The SSL3 prefix no longer seems appropriate.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:25 +00:00
Matt Caswell
23c57f001d Move declarations out of record.h and record_local.h
We move many of the declarations in record.h and record_local.h into
locations inside ssl/record/methods instead. Also many declarations were
no longer required and could be removed completely.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:17 +00:00
Matt Caswell
c89c21f8f5 Move tls_pad.c into ssl/record/methods
This file is used by libssl record layer methods and therefore should now
be in the methods subdir

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:17 +00:00
Matt Caswell
1e42708e17 Remove references to read_mac_secret and write_mac_secret
They are no longer used and can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:17 +00:00
Matt Caswell
b83eac48ed Remove the read_iv/write_iv fields from SSL_CONNECTION
These fields are instead held in the new record layer code and are
therefore no longer needed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:17 +00:00
Matt Caswell
6d814fd607 Remove compress/expand fields from SSL_CONNECTION
They are no longer needed. The new record layer handles this.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:17 +00:00
Matt Caswell
f471f60a8a Remove remaining refs to enc_(write|read)_ctx/(read|write)_hash
Those fields are no longer used. Their previous function is now in the new
record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)
2022-11-14 07:51:17 +00:00
J.W. Jagersma
1e065a1511 use OSSL_PARAM_construct_uint32 for max_early_data
Otherwise, this causes a warning on platforms where 'uint32_t' is
defined as 'unsigned long int' instead of 'unsigned int'.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:54 +00:00
J.W. Jagersma
b9179ae555 djgpp: Fix unused-but-set-variable warning
I chose to just hide this behind '#ifndef __DJGPP__', instead of listing
all the macro combinations where it *is* used.  That would make quite a
mess.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:53 +00:00
J.W. Jagersma
d8bcd64170 djgpp: Skip check for negative timeval
This causes a warning since tv_sec is unsigned.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:53 +00:00
J.W. Jagersma
523e54c15c Define threads_lib.c functions only for OPENSSL_SYS_UNIX
This matches the declaration in <openssl/crypto.h>.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:53 +00:00
J.W. Jagersma
71faab72b8 Cast socklen_t to size_t in assert comparison
This causes a warning otherwise when socklen_t is signed (Watt32).

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:53 +00:00
J.W. Jagersma
1555c86e5f Cast values to match printf format strings.
For some reason djgpp uses '(unsigned) long int' for (u)int32_t.  This
causes errors with -Werror=format, even though these types are in
practice identical.

Obvious solution: cast to the types indicated by the format string.

For asn1_time_test.c I changed the format string to %lli since time_t
may be 'long long' some platforms.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:53 +00:00
Bernd Edlinger
43086b1bd4 Resign test/certs/rootCA.pem to expire in 100 years
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
2022-11-12 13:17:57 +01:00
Bernd Edlinger
42f9174329 Update the validity period of ed25519 cerificates
Note: The private key is test/certs/root-ed25519.privkey.pem

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19654)
2022-11-12 13:17:57 +01:00
Tomas Mraz
a0783b83a3 test_CMAC_keygen(): Avoid using ECB cipher with CMAC
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
2022-11-11 16:54:50 +01:00
Tomas Mraz
94976a1e8d cmac_set_ctx_params(): Fail if cipher mode is not CBC
Also add negative test cases for CMAC and GMAC using
a cipher with wrong mode.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
2022-11-11 16:54:50 +01:00
Tomas Mraz
9270f67059 demos/mac/cmac-aes256: Clarify the cipher algorithm used
The currently used cipher is aes256 which is an alias to AES-256-CBC,
so the demo is correct.
However it might be misleading so make it clear the CBC mode
cipher is used.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
2022-11-11 16:53:27 +01:00
Tomas Mraz
10119e7475 Add test for generating safeprime DH parameters
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)
2022-11-11 11:59:23 +01:00
Tomas Mraz
990d280da9 Use libctx when generating DH parameters
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19635)
2022-11-11 11:59:23 +01:00
Pauli
8aa82b3370 fuzz: add punycode decoder fuzz test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
2022-11-11 08:14:48 +11:00
Pauli
905ba92439 punycode: update to use WPACKET instead of using custom range checking
Add test for `.' overflows, remove the output size argument from
ossl_a2ulabel() since it was never used and greatly complicated the code.
Convert ossl_a2ulabel() to use WPACKET for building the output string.
Update the documentation to match the new definition of ossl_a2ulabel().

x509: let punycode handle the '\0' string termination.  Saves a memset(3)
and some size fiddling.  Also update to deal with the modified parameters.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
2022-11-11 08:14:47 +11:00
Milan Broz
373d901280 pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey
Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
2022-11-10 18:10:48 +01:00
Milan Broz
608aca8ed2 pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional
The copy of PKEY should be released on the error path.
Easily reproduced with "ED448" context.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
2022-11-10 18:10:47 +01:00
Tomas Mraz
4378e3cd2a Limit size of modulus for BN_mod_exp_mont_consttime()
Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19632)
2022-11-10 17:41:55 +01:00
Pauli
75fcf10628 Revert "Skip DES based tests in FIPS mode"
This reverts commit 5db2b4a292.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
2022-11-10 12:25:04 +01:00
Pauli
ccc860a77e Revert "Remove conditional FIPS dependence for 3DES"
This reverts commit 464c1011b0.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
2022-11-10 12:25:04 +01:00
Pauli
c69cf38ec4 Revert "Move DES based test cases out of FIPS territory"
This reverts commit c511953a08.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
2022-11-10 12:25:04 +01:00
Pauli
a0ea8ac134 Put 3DES back into the FIPS provider as a non-approved algorithm
This reverts commit fc0bb3411b and changes
how 3DES is advertised.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
2022-11-10 12:25:04 +01:00
Cameron Cawley
2a5c0d93cf pkcs7: Remove unused includes
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19608)
2022-11-10 08:11:57 +11:00
Tomas Mraz
ada6f0533d fips-label.yml: Fix the script after actions/github-script upgrade
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19636)
2022-11-09 13:56:05 +01:00
Sam James
e8cec34c39 CI: Add Alpine (musl)
I'm not intending to add every single possible combination of distros
to compiler-zoo, but I think this one is worthwhile.

musl tends to be Different Enough (TM) to allow problems to be found,
in particular (but not limited to) its malloc implementation ("mallocng").

It's also quite a common environment, especially in containers, so
I think it's worth testing on.

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19577)
2022-11-09 08:15:08 +01:00
Alexander Sosedkin
ce74e3fb50 Fix CertificateCompressionAlgorithm to be read as 2-octet-wide
CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19600)
2022-11-08 16:12:26 +01:00
Reinhard Urban
91b7520e23 Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overread
Either suppress the error, or better make smbuf longer.
Detected with -Werror.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19528)
2022-11-07 19:21:56 +01:00
Hugo Landau
6db5cb8448 QUIC CFQ Fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:34 +00:00
Hugo Landau
0ede517cfa QUIC FIFD
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:05 +00:00
Hugo Landau
d77aea5916 QUIC TXPIM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:04 +00:00
Hugo Landau
c282da8bc7 QUIC CFQ
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:04 +00:00
Hugo Landau
66a6659a24 QUIC Frame-in-Flight Manager Design
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19206)
2022-11-07 18:18:04 +00:00
Matt Caswell
ecacbc5e3c Use the same encryption growth macro consistently
We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.

Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19622)
2022-11-07 17:12:01 +00:00