Commit Graph

33346 Commits

Author SHA1 Message Date
Matt Caswell
27195689a8 Before we do anything the ping deadline is infinite
Needed for tserver so that it the deadline isn't immediate before we've
accepted a connection.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
fb4a2bba71 Ensure SSL_connect() actually blocks if we are in blocking mode
Fix supplied by Hugo Landau.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
b49d9de0e6 The CC wake up deadline is now if we have TX allowance
If we have TX allowance then there is no need to wait if we have something
to send - the wake up deadline is immediate.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
23fe02e597 Add a non-blocking QUIC client demo
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
37f27b91de Add a test quicserver utility
This QUIC server utility is intended for test purposes only and is expected
to be replaced in a future version of OpenSSL by s_server. At that point
it will be removed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Vladimír Kotal
956b4c75dc add no-docs option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21240)
2023-06-28 09:32:03 +10:00
Tomas Mraz
32d2b5fdd9 s390xcap.c: Avoid copying structure on initialization
This is problematic on old compilers. It also avoids duplicating
the read-only data.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21284)

(cherry picked from commit 0dee3b0421)
2023-06-28 08:31:07 +10:00
Hugo Landau
64aa8eaf12 Miscellaneous updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:41 +10:00
Hugo Landau
e4c2988dc5 Multi-Stream API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:41 +10:00
Hugo Landau
aef2496127 QUIC API: More minor tweaks
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:06 +10:00
Hugo Landau
0a3fb1fb05 QUIC API: Minor tweaks
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:06 +10:00
Hugo Landau
b7956859cc QUIC API Overview: Add SSL API triage list
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:06 +10:00
Hugo Landau
9532c51759 QUIC API: Shutdown handling, etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:06 +10:00
Hugo Landau
88e3a640d9 QUIC API Overview: Add Q&A, minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:06 +10:00
Hugo Landau
5c0356a240 QUIC API Overview Design Document
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:06 +10:00
Fergus Dall
81bafac5cb Add support for SHA256/192
This is defined in NIST SP 800-208 as the truncation to 192 bits of
SHA256. Unlike other truncated hashes in the SHA2 suite, this variant
doesn't have a different initial state, it is just a pure truncation
of the output.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21180)
2023-06-28 08:00:43 +10:00
Tomas Mraz
8b7d5ea7dd CONF_modules_load_file_ex(): Do not try to load an empty file name
Fixes #21258

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/21282)
2023-06-27 14:48:33 +02:00
Matt Caswell
2c59d54cd7 Add some test_ssl_new tests for the ffdhe groups
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
2023-06-27 10:50:08 +01:00
Matt Caswell
e609a4565f Fix supported_groups handing in TLSv1.2
In TLSv1.2 we should not attempt to use a supported_group value that is
intended for use with TLSv1.3 - even if both the server and the client
support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but
not for TLSv1.2.

Fixes #21081

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
2023-06-27 10:50:08 +01:00
Matt Caswell
810f7dc1c7 Add a test for pkeyutl encrypt/decrypt using SM2
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
2023-06-26 09:28:23 +01:00
Matt Caswell
849450746f Don't truncate the input when decrypting in pkeyutl
The pkeyutl app was truncating the input file for decryption leading to
incorrect results. This was probably ok historically when RSA was being
used for decryption which has short maximum sizes. This is not ok with SM2.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
2023-06-26 09:28:23 +01:00
fullwaywang
43596b306b Check for 0 modulus in BN_RECP_CTX_set.
The function BN_RECP_CTX_set did not check whether arg d is zero,
in which case an early failure should be returned to the invoker.
This is a similar fix to the cognate defect of CVE-2015-1794.

Fixes #21111

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21255)
2023-06-26 08:07:55 +10:00
Vladimír Kotal
a7c54dde51 add note about retrieving error stack
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21220)
2023-06-26 08:04:17 +10:00
Richard Levitte
1a27cc3626 Add a test case for the password prompt on garbage PKCS#12 file
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)
2023-06-26 08:00:52 +10:00
Richard Levitte
7a520619c9 OSSL_STORE and PKCS#12: Check if there is a MAC to verify before prompting
When a DER object with unknown contents comes all the way to
ossl_store_handle_load_result(), and it attempts to decode them as different
objects, the PKCS#12 decoding attempt would (almost) always prompt for a
passphrase, even if there isn't a MAC to verify it against in the PKCS#12
object.

This change checks if there is a MAC to verify against before attempting to
prompt for a passphrase, leading to less surprising behavior.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)
2023-06-26 08:00:52 +10:00
Dimitri Papadopoulos
c5f55a4605 Consistency: "Authors" after "The OpenSSL Project"
All source files show "The OpenSSL Project Authors" as the
copyright owner.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21268)
2023-06-26 07:58:03 +10:00
Kurt Roeckx
a9e6100bc9 Add decoder fuzzer
This found CVE-2023-0217

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20269)
2023-06-23 15:54:54 +02:00
Matt Caswell
adf33f9e26 Add a test for an invalid group in the HRR
Test that if the client sends a key share for a group in the server's
supported_group list but is otherwise invalid, that we don't select it
in the HRR.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
2023-06-23 14:15:08 +01:00
Matt Caswell
7a949ae5f1 Don't ask for an invalid group in an HRR
If the client sends us a group in a key_share that is in our
supported_groups list but is otherwise not suitable (e.g. not compatible
with TLSv1.3) we reject it. We should not ask for that same group again
in a subsequent HRR.

Fixes #21157

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
2023-06-23 14:14:59 +01:00
Tomas Mraz
a02571a024 Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21182)
2023-06-23 14:31:45 +02:00
Vladimír Kotal
ff88545e02 Allow to disable apps building with no-apps
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21212)
2023-06-23 11:39:12 +02:00
Preveen Padmanabhan
7197abddb8 updated the end copyright year in README.md to 2023
CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21225)
2023-06-21 20:19:56 +10:00
Yannik Sembritzki
7f4cc3bc34 Remove restriction to only cross-sign self-signed certificates
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21137)
2023-06-20 16:38:33 +10:00
Vladimír Kotal
6b1f763c69 add no-http
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21217)
2023-06-19 17:06:10 +10:00
Vladimír Kotal
f52aec3526 log actual NID causing the 'unknown message digest algorithm error'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21214)
2023-06-18 16:58:54 +10:00
Vladimír Kotal
d808fa0151 return immediately if namemap is NULL
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21223)
2023-06-18 16:55:09 +10:00
Dimitri Papadopoulos
6ea4da6e4d Fix new typos found by codespell
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21210)
2023-06-18 16:53:09 +10:00
fisher.yu
6c0ecc2bce Fix function signatures in aes-gcm-armv8 comments.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21208)
2023-06-16 20:15:24 +10:00
Pauli
ff934cfdc8 fips: use tsan counter instead of tsan_add to increment
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21199)
2023-06-16 20:10:23 +10:00
Hugo Landau
2525109f90 QUIC: Allow application to trigger TXKU
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:48 +10:00
Hugo Landau
692a3cab11 QUIC: Minor fixups
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:48 +10:00
Hugo Landau
29a541fe36 QUIC CHANNEL: Inform the ACKM when the handshake is confirmed
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:48 +10:00
Hugo Landau
693b23e3d0 QUIC: Test key update works correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:48 +10:00
Hugo Landau
37ba2bc722 QUIC CHANNEL: Optimise key update using ACKs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:28 +10:00
Hugo Landau
16f3b542f8 QUIC: Add internal APIs for white-box testing of key update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:28 +10:00
Hugo Landau
48120ea5e3 QUIC CHANNEL: Enforce the RX packet forgery limit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:28 +10:00
Hugo Landau
c93f766860 QUIC RXDP: Strictly enforce ACK PNs with regard to TX key epochs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:28 +10:00
Hugo Landau
54fb0072c6 QUIC CHANNEL: Ensure new packets aren't enforced with old keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:28 +10:00
Hugo Landau
8a65e7a529 QUIC CHANNEL: Handle key updates correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:28 +10:00
Hugo Landau
b98c38d40a QUIC TXP: Make TXP use time callback correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
2023-06-16 09:26:28 +10:00