Commit Graph

33346 Commits

Author SHA1 Message Date
Hugo Landau
629b408c12 QUIC: Fix bugs where threading is disabled
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:54 +01:00
Hugo Landau
1a0de4c1ee QUIC TSERVER: Use a random port in the tserver test
Fixes nondeterministic failures where BIO_bind would fail on some
platforms.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
7ba8f79a0f QUIC MSMT: macOS robustness fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
faa3a180ef QUIC APL: Make SSL_get_error per-stream, error raising refactor
This refactors the error raising code in the APL to automatically raise
errors in the correct SSL object, either a QCSO or QSSO depending on the
circumstances. The QCTX structure's responsibilities are expanded to
facilitate this. This further drives towards a unified mechanism for
generic dispatch precondition checking and error raising.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
0554f723c1 QUIC MSMT TESTS: Add tests to exercise MAX_STREAMS
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
dea57ecf3d QUIC RXDP: Ensure all stream-related frames autocreate a stream
RFC requirement.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
3dde3435ab QUIC FC: Correct operation of stream count mode
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
e8142d2ce8 QUIC QSM: Correct the logic for determining stream count limits
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
5915a900af QUIC QSM: Allow QSM to know if we are in the server role
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
fca44cfc1c QUIC MSMT: Stress tests, support for repeating test opoerations
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
274bb489cb QUIC MSMT: Add a basic multithreading test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
a350db7318 QUIC MSMT: Revise tests to support multithreading
Alsoo rename OPK_C_ACCEPT_STREAM to reflect its current behaviour.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
1df479a9f9 QUIC TSERVER: Allow detection of new incoming streams
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Richard Levitte
bc89c9f977 Drop the last reference of SHLIB_EXT
SHLIB_EXT is a variable that exists on OpenSSL build file templates before
version 3.0, for which much of the logic for figuring out file names and
such was moved to the 'platform' set of routines.

But, it seems that one (now useless) reference remained on the VMS specific
descrip.mms.tmpl.  We replace it with an explicit '.EXE', which is the
default extension for shared libraries on VMS.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21007)
2023-05-24 06:18:59 +02:00
lan1120
b501df3cef Fix incorrect parameter verification in EVP_MD_CTX_get_params
Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21022)
2023-05-24 10:02:09 +10:00
Richard Levitte
f925bfebbb doc/fingerprints.txt: Add the OpenSSL OMC PGP key fingerprint
We want to move to using this key for tarball and announcement signatures.
It won't happen immediately, though, as we must have it specified in the
latest update of each release branch, so people can verify properly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21015)
2023-05-23 15:24:38 +02:00
Dmitry Belyavskiy
c5aa719502 If oaep_md is not initialized, correctly initialize it
Fixes #20993

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20994)
2023-05-23 15:10:09 +02:00
Tomas Mraz
ab17dd8fa3 Update the FIPS checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
2023-05-22 15:14:31 +02:00
Tomas Mraz
c509c04022 fips.module.sources: Add missing cpuid and related .c sources for other architectures
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
2023-05-22 15:14:31 +02:00
Yi Li
2c500578fc crypto/params: drop float for UEFI
Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.

Avoid those problems by not compiling the related code for floating
point numbers.

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20992)
2023-05-22 07:45:10 +01:00
Dragan Zuvic
f3afe15fb7 Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311
and changed hopefully all occurences for that OID

Signed-off-by: Dragan Zuvic <dragan.zuvic@mercedes-benz.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20986)
2023-05-22 07:43:00 +01:00
Nicky Mouha
56a51b5a1e Update hkdf.c to avoid potentially vulnerable code pattern
The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.

This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.

It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)
2023-05-19 12:42:08 +02:00
Richard Levitte
d500f04400 Add information on the 'ias' port for OpenVMS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
2023-05-19 10:02:04 +10:00
Richard Levitte
d6175dcca7 Update VMS configurations
A native x86_64 C compiler has appeared.

We preserve the previous config target with a new name to indicate that it's
for cross compilation, at least for the time being.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
2023-05-19 10:02:04 +10:00
Masatake YAMATO
859521e579 util/ctags.sh: a script for generating tags file with expanding macros
This script requires Universal Ctags 6.0.0 or newer.

Usage:

	./util/ctags.sh [...options passed to ctags...]

Fixing #10251

Running the script in "tags" make target is suggested by
Dmitry Belyavskiy <beldmit@gmail.com>.

The falling back action for running older ctags if u-ctags 6 is not
available is suggested
by Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20960)
2023-05-18 13:29:43 +02:00
Marco Abbadini
26cf0767a7 pkcs12: Fix macsaltlen parameter type
It expects an integer so change it from non-argument type to positive integer type.

Fixes #20969

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20979)
2023-05-18 13:25:28 +02:00
Tomas Mraz
95d3c148ca Initial design for error handling in QUIC
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20857)
2023-05-18 13:24:05 +02:00
Marc Brooks
831ef53472 Add support for --version and synonyms
Just like --help is explicitly supported, we should support --version.
This will greatly ease people adopting openssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20936)
2023-05-18 17:18:10 +10:00
Tomas Mraz
219db5e43c quic_newcid_test: Add negative test case
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:22 +01:00
Tomas Mraz
80b9eca279 Add test for handling NEW_CONNECTION_ID frame
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
bbc9754026 quic_tserver: Add possibility to change the connection id
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
c301149ad4 Fix test cases using NEW_CONNECTION_ID frame
seq_id must be >= retire_prior_to.

Add negative testcase.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
eff046524b Add minimal handling of NEW_CONNECTION_ID frames
We actively use only the latest DCID received. And retire only
DCIDs requested by the peer to be retired.

Also changed the active_conn_id_limit to 2 as the minimum value allowed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
dbca844cb3 quic_txp_test.c: Cleanup use of WPACKET
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:17 +01:00
Hugo Landau
4b4e246ccb QUIC Documentation: update man(7) for multi-stream
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19899)
2023-05-17 11:10:45 +01:00
Hugo Landau
f89c2a9926 QUIC man(7) Documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19899)
2023-05-17 11:10:45 +01:00
Bernd Edlinger
a64c48cff8 Fix stack corruption in ui_read
This is an alternative to #20893

Additionally this fixes also a possible issue in UI_UTIL_read_pw:

When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
2023-05-17 12:07:02 +02:00
Yuan, Shuai
43d5dac9d0 Fixed EVP_PKEY_CTX_set_ec_paramgen_curve_nid() for SM2 in ENGINEs
The CTRL translation is missing for SM2 key types.

Fixes #20899
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20900)
2023-05-15 12:04:55 +02:00
Hugo Landau
2b5a546ce1 QUIC: Documentation fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:15 +01:00
Hugo Landau
de521629c1 QUIC APL: De-publicise SSL_attach_stream/SSL_detach_stream
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:15 +01:00
Hugo Landau
5da3e02c5e QUIC: Fix CRYPTO_GET_REF
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:15 +01:00
Hugo Landau
83df44ae53 QUIC MSST: Rename SSL_set_incoming_stream_reject_policy
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:15 +01:00
Hugo Landau
bb9b8a333f QUIC MSST: Revise SSL_get_conn_close_info API (char)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:15 +01:00
Hugo Landau
5fc256cd6b QUIC MSST: Documentation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:15 +01:00
Hugo Landau
4f2d32d6b6 QUIC MSST: Fix test on macOS
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:15 +01:00
Hugo Landau
5e125829c0 QUIC MSST: Further documentation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:14 +01:00
Hugo Landau
3a61a96c1e QUIC MSST: Clarify default XSO transitions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:14 +01:00
Hugo Landau
47238a3d3f QUIC MSST: Documentation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:14 +01:00
Hugo Landau
433d107a9b QUIC APL: Fix a bug where avail could be used uninitialized
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:14 +01:00
Hugo Landau
97f30fd5d8 QUIC MSST: Test that SSL_free works in either order
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
2023-05-12 14:47:14 +01:00