Once RNG is used, triggering FIPS on-demand self tests (via
OSSL_PROVIDER_self_test() API) crashes the application. This happens because the
RNG context is stored before self tests, and restored after their execution.
In the meantime - before context restoration - RAND_set0_private() function is
called, which decrements the stored RNG context reference counter and frees it.
To resolve the issue, the stored RNG context refcount has been incremented via
the EVP_RAND_CTX_up_ref() API to avoid its deallocation during the RNG context
switch performed by the self test function.
The provider_status_test test has been updated to reproduce the issue as
a regression test.
Signed-off-by: Karol Brzuskiewicz <kabr@arista.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24599)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24681)
reject invalid IPv4 addresses in ipv4_from_asc
The old scanf-based parser accepted all kinds of invalid inputs like:
"1.2.3.4.5"
"1.2.3.4 "
"1.2.3. 4"
" 1.2.3.4"
"1.2.3.4."
"1.2.3.+4"
"1.2.3.4.example.test"
"1.2.3.01"
"1.2.3.0x1"
Thanks to Amir Mohamadi for pointing this out.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24438)
Added tests for SDA and AI extensions.
Added internal function ossl_print_attribute_value() with documentation.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24669)
Fixes#23260: The bit count for `SSL_OP_*` flags has exceeded 32 bits, making it impossible to handle newer flags and protocol extensions with the existing 32-bit variables. This commit extends the `mask` field in the `ssl_method_st` structure to 64-bit, aligning them with the previously extended 64-bit `options` field.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24692)
Bulk editing had history wrongly specify current functions as deprecated,
among other small errors.
Fixes#24678
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24680)
Update the `x509_req_test` to ensure ANSI compatibility. The integrated certificate string was too long, so the PEM certificate has been moved to `certs/x509-req-detect-invalid-version.pem`. The test have been updated to load this certificate from the file on disk.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24677)
Tests #5738: Introduce a new test to verify that a malformed X509 request with the version field set to version 6 fails either early when reading from data or later when `X509_REQ_verify` is called.
Adding a new test recipe `60-test_x509_req.t`
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24677)
Fixes#5738: This change introduces a check for the version number of a CSR document before its signature is verified. If the version number is not 1 (encoded as zero), the verification function fails with an `X509_R_UNSUPPORTED_VERSION` error.
To minimize impact, this check is only applied when verifying a certificate signing request using the `-verify` argument, resulting in a `X509_REQ_verify` call. This ensures that malformed certificate requests are rejected by a certification authority, enhancing security and preventing potential issues.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24677)
Use full allocated buffer for reads to not call into switch() over and
over; also increase the size of the buffer to 16 kiB (max for TLS
records). The server side already is using 16 kiB buffers.
Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24688)
If there is no get_ctx_params() implemented in the key exchange
provider implementation the fallback will not work. Instead
check the gettable_ctx_params() to see if the fallback should be
performed.
Fixes#24611
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24661)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24673)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24673)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24673)
Signed-off-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24676)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24660)
(cherry picked from commit 72bff68f6a)
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24630)
(cherry picked from commit d38d264228)
A psk session was assumed to be a resumption which failed a check
when parsing the max_fragment_length extension hello from the client.
Relevant code from PR#18130 which was a suggested fix to the issue
was cherry-picked.
Fixes#18121
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24513)
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24662)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24267)
- No concurrency, one client-at-a-time
- Blocking
- No client certs
- Fixed chain and key file names
- Minimal support for session resumption
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24505)
function must make sure memorry allocated for `p8`
gets freed in error path. Issue reported by LuMingYinDetect
Fixes#24453
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24456)
The intermediate configuration items to support Guardian builds are left
in place as a convenience for users who want to set up configurations
for Guardian on their own.
Fixes: #22175
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24579)
Support for the targetingInformation X.509v3 extension defined in ITU-T
Recommendation X.509 (2019), Section 17.1.2.2. This extension is used
in attribute certificates.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22206)
perl's realpath() seems to be buggy on Windows, so we turn to rel2abs()
there as well.
Fixes#23593
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24569)
- Free objects returned from PEM read
- Free objects returned from d2i_*
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24478)
Fixes#24106
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24107)
All public releases have the information of the new PGP key in
doc/fingerprints.txt, so it is finally time to drop the old.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24563)
This commit also adds an implementation for P256 that avoids some
expensive initialization of Montgomery arithmetic structures in favor
of precomputation. Since ECC groups are not always cached by higher
layers this brings significant savings to TLS handshakes.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22746)
The test recipe includes a TEST_skip when OpenSSL is built with _PUT_MODEL_
based on design assumptions for QUIC and incompatibility with PUT wrapper
methods.
Fixes: #24442Fixes: #24431
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24468)
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24526)
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24518)
