In child library contexts, which contain child "clones" of the
providers the application has in store, one of these children will
always be the provider that creates the child library context; let's
call them self-refering child providers.
For these self-refering child providers, we don't increment the parent
provider reference count, nor do we free the parent provider, as those
become self defeating and hinder the teardown and unloading process
when the application cleans up.
For non self-refering child providers, we must retain this propagation
of reference count to the parent, so that aren't torn down too early,
i.e. when there's still a "foreign" reference (fetched algorithm).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
The `alg_cleanup` didn't properly clear the OPENSSL_SA leaf that it
had just freed the contents of. Fortunately, `ossl_sa_ALGORITHM_doall_arg()`
allows us to pass the store pointer itself as an extra argument, which
allows a modified `alg_cleanup` to complete the job.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
This adds ossl_method_store_remove_all_provided(), which selectively
removes methods from the given store that are provided by the given
provider.
This also adds the EVP specific evp_method_store_remove_all_provided(),
which matches ossl_method_store_remove_all_provided() but can also
retrieve the correct store to manipulate for EVP functions.
This allows us to modify ossl_provider_self_test() to do the job it's
supposed to do, but through clearly defined functions instead of a
cache flushing call that previously did more than that.
ossl_provider_deactivate() is also modified to remove methods associated
with the deactivated provider, and not just clearing the cache.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
When evp_method_store_flush() flushed the query cache, it also freed
all methods in the EVP method store, through an unfortunate call of
ossl_method_store_flush_cache() with an argument saying that all
methods should indeed be dropped.
To undo some of the confusion, ossl_method_store_flush_cache() is
renamed to ossl_method_store_cache_flush_all(), and limited to do
only that. Some if the items in the internal ALGORITHM structure are
also renamed and commented to clarify what they are for.
Fixes#18150
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
The existing pre- and post-condition functions are supposed to check if
methods have already been created and stored, using provider operation
bits. This is supposed to only be done for "permanent" method stores.
However, the way the pre-condition was called, it could not know if the
set of implementations to be stored is likely to end up in a "permanent"
or a temporary store. It needs access to the |no_store| flag returned
by the provider's operation query function, because that call was done
after the pre-condition was called.
This requires a bit of refactoring, primarly of |algorithm_do_this()|,
but also of |ossl_method_construct_precondition()|.
Fixes#18150
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
This is a misused function, as it was called during query cache flush,
when the provider operation bits were meant to record if methods for a
certain operation has already been added to the method store.
Fixes#18150
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
The option -proxy of openssl s_client works fine. The option
-starttls also works fine. However, try putting both of them
on command line. It breaks, these options don't work together.
The problem is that -proxy option is implemented using starttls_proto
(the option parsing code sets it to PROTO_CONNECT) and -starttls option
overwrites the same variable again based on argument value.
The suggested fix is to independently handle -proxy option before
-starttls so the s_client can connect through HTTP proxy server and
then use STARTTLS command.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17925)
Fixes#18184
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18230)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14417)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15778)
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18220)
Except on VMS where it is safe.
This fixes CVE-2022-1292.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.
CVE-2022-1434
Fixes#18112
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
The "-no_cert_checks" option causes the flag OCSP_NOCHECKS to be set.
The bug fixed in the previous commit will cause the ocsp app to respond with
a success result in the case when the OCSP response signing certificate
fails to verify and -no_cert_checks is used - so we test that it fails in
this case.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
The function `OCSP_basic_verify` validates the signer certificate on an OCSP
response. The internal function, ocsp_verify_signer, is responsible for this
and is expected to return a 0 value in the event of a failure to verify.
Unfortunately, due to a bug, it actually returns with a postive success
response in this case. In the normal course of events OCSP_basic_verify
will then continue and will fail anyway in the ocsp_check_issuer function
because the supplied "chain" value will be empty in the case that
ocsp_verify_signer failed to verify the chain. This will cause
OCSP_basic_verify to return with a negative result (fatal error). Normally
in the event of a failure to verify it should return with 0.
However, in the case of the OCSP_NOCHECKS flag being used, OCSP_basic_verify
will return with a positvie result. This could lead to callers trusting an
OCSP Basic response when it should not be.
CVE-2022-1343
Fixes#18053
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
This patch accelerates chacha20 on aarch64 when Scalable Vector Extension
(SVE) is supported by CPU. Tested on modern micro-architecture with
256-bit SVE, it has the potential to improve performance up to 20%
The solution takes a hybrid approach. SVE will handle multi-blocks that fit
the SVE vector length, with Neon/Scalar to process any tail data
Test result:
With SVE
type 1024 bytes 8192 bytes 16384 bytes
ChaCha20 1596208.13k 1650010.79k 1653151.06k
Without SVE (by Neon/Scalar)
type 1024 bytes 8192 bytes 16384 bytes
chacha20 1355487.91k 1372678.83k 1372662.44k
The assembly code has been reviewed internally by
ARM engineer Fangming.Fang@arm.com
Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17916)
Fixes#16947
Also refactor out algctx freeing into a separate function.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18105)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18204)
This memory leak is triggered when configuring with 'no-legacy'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18179)
Fixes an issue disassembling the functions because the symtab contains
an attribute indicating the presence of data within them.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18086)
Also reset the updated flag when Poly1305_Init is called.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18143)
If GNU toolchain is used, use the __attribute__((constructor))
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18147)
Also fully duplicate the context on dup
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18142)
Refer to OSSL_ENCODER_to_bio and OSSL_DECODER_from_bio man pages.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18164)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18155)
macOS 10.7 and 10.8 had a bit wired clang which is detected as
`__GNUC__` which has `__ATOMIC_ACQ_REL` but it excepts one option at
`__atomic_is_lock_free` instead of 2.
This prevents OpenSSL to be compiled on such systems.
Fixes: #18055
Signed-off-by: Kirill A. Korinsky <kirill@korins.ky>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18056)
gcc6.3 doesn't seem to support the register aliases fp and lr for x29 and x30,
so use the x names.
Fixes#18114
Change-Id: I077edda42af4c7cdb7b24f28ac82d1603f550108
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18127)
