Its possible for get_ocsp_resp_from_responder to return OK after having
freed *sk_resp without setting the freed pointer to NULL, leading us to
set a garbage pointer in other code.
Ensure that we set it to NULL after freeing
Addresses https://scan5.scan.coverity.com/#/project-view/60762/10222?selectedIssue=1659225
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)
Co-authored-by: Michael Krueger
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20945)
This would be useful when testing with browsers / downloaders which
support 0-RTT only through HTTP.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16055)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
void f() should probably be void f(void)
Found by running the checkpatch.pl Linux script to enforce coding style.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21468)
The valtype value of dkeyform defined in the s_server_options structure is F, which leads to the judgment that the engine is not supported when processing parameters in the opt_next function.
This the valtype value of dkeyform should be changed to "f".
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21982)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21467)
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).
Add APIs
Add unit tests
Add documentation
Add s_client/s_server support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
Allocate memory for a new SSL session.
If any of these steps fail,
free the key memory and the tmpsess object
before returning 0 to prevent a memory leak.
Fixes: #20110
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20213)
TLS device offload allows to perform zerocopy sendfile transmissions.
FreeBSD provides this feature by default, and Linux 5.19 introduced it
as an opt-in. Zerocopy improves the TX rate significantly, but has a
side effect: if the underlying file is changed while being transmitted,
and a TCP retransmission happens, the receiver may get a TLS record
containing both new and old data, which leads to an authentication
failure and termination of connection. This effect is the reason Linux
makes a copy on sendfile by default.
This commit adds support for TLS zerocopy sendfile on Linux disabled by
default to avoid any unlikely backward compatibility issues on Linux,
although sacrificing consistency in OpenSSL's behavior on Linux and
FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable
the new zerocopy behavior on Linux. This option should be used when the
the application guarantees that the file is not modified during
transmission, or it doesn't care about breaking the connection.
The related documentation is also added in this commit. The unit test
added doesn't test the actual functionality (it would require specific
hardware and a non-local peer), but solely checks that it's possible to
set the new option flag.
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Boris Pismenny <borisp@nvidia.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18650)
Also, remove inclusions of internal/e_os.h where it seems no longer
necessary.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19330)
As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18595)
Fixes: openssl#18047.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18154)
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18220)
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
Also check return value of functions that call BIO_new() internally
such as dup_bio_out().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17421)
Fix a bug in `openssl s_server -WWW` where it would attempt to invoke
`SSL_sendfile` if `-ktls -sendfile` was passed on the command line, even
if KTLS has not actually been enabled, for example because it is not
supported by the host. Since `SSL_sendfile` is only supported when KTLS
is actually being used, this resulted in a failure to serve requests.
Fixes#17503.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17788)
As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the dereference of NULL pointer.
And because 'bio_s_msg' is checked before being used everytime, which has no need to add the check.
But 'bio_s_out' is not.
And since the check 'if (bio_s_out == NULL)' is redundant, it can be removed to make the code succincter.
Also the 'sbio' and so forth should be checked like the other places in the same file.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17710)
Since the OPENSSL_strdup() may return NULL if allocation
fails, the 'port' could be NULL.
And then it will be used in do_server(), which can accept
NULL as an valid parameter.
That means that the system could run with a wrong parameter.
Therefore it should be better to check it, like the other
memory allocation.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17673)
as the code uses BIO_gets, and it always null terminates the
strings it reads, when it reads a record 2^14 byte long, it actually
returns 2^14-1 bytes to the calling application, in general it returns
size-1 bytes to the caller
This makes the code sub-optimal (as every 2^14 record will need two
BIO_gets() calls) and makes it impossible to use -rev option to test
all plaintext lengths (like in openssl#15706)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17538)
When s_server responds to a file data with the -WWW parameter, it
always gets a path named "GET". In this case, we need to skip the
"GET /" character to get the correct file path.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17231)
Since TLS v1.3 eschews renegotiation entirely it’s misleading to have
these apps say it’s “not supported” when in fact the TLS version is
new enough not to need renegotiation at all.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16937)
Commit 0007ff257c added a protocol version check to psk_server_cb but
failed to take account of DTLS causing DTLS based psk connections to
fail.
Fixes#16707
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16838)
From openssl-3.0.0-alpha15, KTLS is turned off by default, even if
KTLS feature in compilation, which makes it difficult to use KTLS
through s_server/s_client, so a parameter option 'ktls' is added
to enable KTLS through cmdline.
At the same time, SSL_sendfile() depends on KTLS feature to work
properly, make parameters sendfile depend on parameters ktls.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16609)
Issue #15951 describes a scenario which causes s_server to fail when using
a PSK. In the originally described issue this only impacted master and not
1.1.1. However, in fact this issue does also impact 1.1.1 - but only if you
additionally supply the option "-no_ticket" to the s_server command line.
The difference between the behaviour in master and 1.1.1 is due to 9c13b49,
which changed PSK_MAX_IDENTITY_LEN from 128 to 256. It just so happens that
a default OpenSSL TLSv1.3 ticket length happens to fall between those 2
values. Tickets are presented in TLSv1.3 as a PSK "identity". Passing
"no_ticket" doesn't actually stop TLSv1.3 tickets completely, it just
forces the use of "session ids as a ticket" instead. This significantly
reduces the ticket size to below 128 in 1.1.1.
The problem was due to s_server setting a TLSv1.2 PSK callback and a
TLSv1.3 PSK callback. For backwards compat reasons the TLSv1.2 PSK
callbacks also work in TLSv1.3 but are not preferred. In the described
scenario we use a PSK to create the initial connection. Subsequent to that
we attempt a resumption using a TLSv1.3 ticket (psk). If the psk length is
below PSK_MAX_IDENTITY_LEN then we first call the TLSv1.2 PSK callback.
Subsequently we call the TLSv1.3 PSK callback. Unfortunately s_server's
TLSv1.2 PSK callback accepts the identity regardless, even though it is an
unexpected value, and hence the binder subsequently fails to verify.
The fix is to bail early in the TLSv1.2 callback if we detect we are being
called from a TLSv1.3 connection.
Fixes#15951
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16008)
Since the service is echo-like (see TCP port 7 from RFC 862 or
gnutls-serv --echo), make it easier to find by mentioning "echo" in
the description of it in the help message an man page
Also fixes the man page inconsistency ("sends it back to the server")
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15739)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15415)
Fixes#15071
It always tries loading the cert as DH which previously did not produce
an error. The errors are not suppressed for these operations.
The output now matches previous versions of OpenSSL.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15670)
New style BIO_debug_callback_ex() function added to provide
replacement for BIO_debug_callback().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15440)
Neil Horman
martin
Tomas Mraz
openssl-machine
Frederik Wedel-Heinen
Daiki Ueno
FdaSilvaYY
Richard Levitte
olszomal
Dimitri Papadopoulos
wangcheng
Todd Short
besher
Peiwei Hu
Maxim Mikityanskiy
Jiasheng Jiang
Daniel Fiala
JHH20
Matt Caswell
Dmitry Belyavskiy
xkernel
Hugo Landau
Hubert Kario
Dr. David von Oheimb
Tianjia Zhang
Felipe Gasper
Pauli
Rich Salz
Shane Lontis