When both -o and -MT are used, GCC 4.1 prints the object file twice in
the dependency file. e.g.:
foo.o foo.o: foo.c
If the file name is long, then the second occurrence moves to the next
line. e.g.:
ssl/statem/libssl-shlib-statem_dtls.o \
ssl/statem/libssl-shlib-statem_dtls.o: ../ssl/statem/statem_dtls.c \
add-depends script scans one line at a time, so when the first line is
processed, the object file becomes a dependency itself.
Fix by removing -MT altogether.
This also fixes makedepend for nonstop platform.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25455)
(cherry picked from commit 6288aa440c)
Related to #8331
Addressing found issues by adding specific error messages to improve
feedback when tag length checks fail for the `EVP_CTRL_AEAD_SET_TAG`
parameter in the AES-OCB algorithm.
- Added PROV_R_INVALID_TAG_LENGTH error to indicate when the current tag
length exceeds the maximum tag length of the algorithm.
- Added `PROV_R_INVALID_TAG_LENGTH` error to indicate when the current tag
length in the context does not match a custom tag length provided as
a parameter.
- Added `ERR_R_PASSED_INVALID_ARGUMENT` error to handle cases where an
invalid pointer is passed in encryption mode.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25425)
(cherry picked from commit 645edf50f0)
Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to
'gcm_ghash_4bit' being undeclared. Fix that by not setting the function
pointer when building with OPENSSL_SMALL_FOOTPRINT, matching openssl
behavior on x86.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25419)
(cherry picked from commit 2a53df6947)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
(cherry picked from commit a4954ea01a)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
(cherry picked from commit ecab977464)
thread/arch/thread_win.c must be included into libcrypto as rcu depends
on ossl_crypto_mutex implementation on Windows.
Fixes#25337
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
(cherry picked from commit f0fd24d5f3)
Check that using the nonce-type sigopt via the dgst app works correctly
Based on the reproducer from #25012
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
(cherry picked from commit c9e36a8221)
We just allow all possible settables all the time. Some things like the
digest name can't actually be changed in some circumstances - but we already
have checks for those things. It's still possible to pass a digest of the
same name to one that's already been set for example.
Fixes#25012
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
(cherry picked from commit d244abb651)
We need a digest for the none when doing deterministic ECDSA. Give a
better error message if one hasn't been supplied.
See openssl/openssl#25012
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
(cherry picked from commit 8cc0a97d60)
Fixes#8018
Documented the potential issue of premature connection closure in
non-interactive environments, such as cron jobs, when using `s_client`.
Added guidance on using the `-ign_eof` option and input redirection to
ensure proper handling of `stdin` and completion of TLS session data exchange.
Highlight potential issues with the `-ign_eof` flag and provide solutions for
graceful disconnection in SMTP and HTTP/1.1 scenarios to avoid indefinite hangs.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25311)
(cherry picked from commit 26521fdcf4)
- Converted password declaration from `char*` to `const char[]`.
- Updated `memcpy` and `return` statements accordingly to use `sizeof` instead of predefined lengths.
- Renamed `key_password` into `weak_password` to match test name.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
(cherry picked from commit d52e92f835)
Refactor the callback test code to replace global variables with local structures, enhancing memory management and reducing reliance on redundant cleanup logic.
Using a local struct containing a magic number and result flag to ensure the correct handling of user data and to verify that the callback function is invoked at least once during the test.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
(cherry picked from commit 9808ccc53f)
Fixes#8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end.
Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
(cherry picked from commit 5387b71acb)
Related to #8441
This commit introduces a test suite for the password callback mechanism used when reading or writing encrypted and PEM or DER encoded keys via a BIO in OpenSSL. The test is designed to cover various edge cases, particularly focusing on scenarios where the password callback might return unexpected or malformed data from user code.
By simulating different callback behaviors, including negative returns, zero-length passwords, passwords that exactly fill the buffer and wrongly reported lengths. Also testing for the correct behaviour of binary passwords that contain a null byte in the middle.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
(cherry picked from commit fa6ae88a47)
The error happens with MSVC v143,C++ Clang Compiler for Windows(16.0.5)
Error is "brackets expression not supported on this target" in libcrypto-shlib-bsaes-armv8.obj.asm
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25293)
(cherry picked from commit d20cf21b20)
Correctly display the number of requested threads and the number
of available threads.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25375)
(cherry picked from commit 60725f8511)
CLA:trivial
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25338)
(cherry picked from commit 6fd9bc6568)
Fixes#25270
CLA: trivial
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25318)
(cherry picked from commit f2b7a00fbb)
Fixes#8310: Document that the number of authenticated bytes returned by EVP_CipherUpdate() varies with the cipher used. Mention that stream ciphers like ChaCha20 can handle 1 byte at a time, while OCB mode requires processing data one block at a time. Ensure it's clear that passing unpadded data in one call is safe.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24961)
(cherry picked from commit d15077d336)
InterlockedExchangeAdd expects arguments of type LONG *, LONG
but the int arguments were improperly cast to long *, long
Note:
- LONG is always 32 bit
- long is 32 bit on Win32 VC x86/x64 and MingW-W64
- long is 64 bit on cygwin64
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25360)
(cherry picked from commit b0ed90cc30)
If the call to X509_ALGOR_set0 fails then the allocated ASN1_STRING
variable passed as parameter leaks. Fix by explicitly freeing like
how all other codepaths with X509_ALGOR_set0 do.
Fixes#22680
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24868)
(cherry picked from commit 5efc57caf2)
The download-artifact action was updated to 4.x
and the upload-artifact must be kept in sync.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25383)
(cherry picked from commit c4a5d70d98)
The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.
The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.
The code in question was lightly refactored with the intent to make it more
obviously correct.
Fixes CVE-2024-6119
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 0890cd13d4)
The fips_provider_version_* functions return true if the FIPS provider isn't
loaded. This is somewhat counterintuitive and the fix in #25327 neglected
this nuance resulting in not running the SM2 tests when the FIPS provider
wasn't being loaded.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25331)
(cherry picked from commit c6c6af18ea)
As reported by Alicja Kario, we ignored excess bytes after the
signature payload in TLS CertificateVerify Messages. These
should not be present.
Fixes: #25298
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25302)
(cherry picked from commit b4e4bf29ba)
The Argon2 KDF uses OSSL_KDF_PARAM_PROPERTIES to fetch implementations
of blake2bmac and blake2b512 if ctx->mac and ctx->md are NULL. This
isn't documented in the manpage, so users that might, for example, want
to fetch an instance of Argon2 with the -fips property query to obtain
a working Argon2 KDF even though the default property query requires
fips=yes are left wondering why this fails.
Fortunately, EVP_KDF(3)/PARAMETERS already explains what the properties
are used for, so we really just need to add a single line.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25306)
(cherry picked from commit 6772c2ab1b)
Added sm2 testcases to endecode_test.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25266)
(cherry picked from commit 25bd0c77bf)
Fixes cross testing with OpenSSL 3.4 with removed SHA1 from the self
tests.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25262)
(cherry picked from commit 06179b4be0)
This fixes the possible memory leak in OBJ_add_object
when a pre-existing object is replaced by a new one,
with identical NID, OID, and/or short/long name.
We do not try to delete any orphans, but only mark
them as type == -1, because the previously returned
pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln
may be cached by applications and can thus not
be cleaned up before the application terminates.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22534)
(cherry picked from commit e91384d5b0)
noticed by @sftcd
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25111)
(cherry picked from commit 4688f9b821)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25111)
(cherry picked from commit ef4df981ae)
Add OSSL_PROVIDER_unload() when OSSL_PROVIDER_add_builtin() fails to avoid memory leak.
Fixes: 5442611dff ("Add a test for OSSL_LIB_CTX_new_child()")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25109)
(cherry picked from commit 55662b6745)
Add OSSL_PROVIDER_unload() when test_provider() fails to avoid memory leak.
Fixes: f995e5bdcd ("TEST: Add provider_fallback_test, to test aspects of
fallback providers")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25108)
(cherry picked from commit 6e8a1031ed)
ca man page: link to section
Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25011)
(cherry picked from commit 1985ba60bb)
If fdopen() call fails we need to close the fd. Also
return early as this is most likely some fatal error.
Fixes#25064
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25081)
(cherry picked from commit d604834439)
Orgad Shaneh
erbsland-dev
Gerd Hoffmann
Michael Baentsch
Tomas Mraz
Matt Caswell
XZ-X
Zhiqing Xie
dependabot[bot]
PIums
Pablo Rodríguez
Alessandro Chitarrini
Zhihao Yuan
Georgi Valkov
Daniel Gustafsson
Viktor Dukhovni
Pauli
Viktor Dukhovni
Clemens Lang
Jamie Cui
slontis
Bernd Edlinger
FdaSilvaYY
Jiasheng Jiang
Hubert Kario
shridhar kalavagunta