[pull] master from openssl:master #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
openssl-machine
force-pushed
the
master
branch
2 times, most recently
from
93f410e to
43d7856
Compare
openssl-machine
force-pushed
the
master
branch
3 times, most recently
from
caab85c to
6be83cc
Compare
openssl-machine
force-pushed
the
master
branch
from
c5cc222 to
556f338
Compare
Use non-usual params of pkcs11 module will trigger a null ptr deref bug. Fix it for #25493 CLA: trivial Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25496)
Fixes #25260 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25453)
Fixes #25448 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25450)
Fixes #24416 Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25458)
See Section 5 Key Agreement Using Diffie-Hellman and MQV of [NIST SP 800-131Ar2](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf). Strengths less than 112bits is disallowed, thus eliminating SHA1. Skip cms test case that requires use of SHA1 with X9.42 DH. Rename ossl_fips_ind_digest_check to ossl_fips_ind_digest_exch_check Add myself to Changes for fips indicator work Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Shane Lontis <[email protected]> (Merged from #25517)
To match changes in #25526 Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25536)
To match changes in #25526 Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25536)
To match changes in #25526 Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25536)
Documents when the command was added. Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from #25546)
Document new command line options added in 3.1.0 Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from #25546)
Document new command line options added in 3.2.0 Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from #25546)
Document new command line options added in 3.4.0 Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from #25546)
Similar to other KDFs, the input key should be 112 bits long. Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25529)
The code was not detecting that the cofactor was set up correctly if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect FIPS indicator error being triggered. Added a test for all possible combinations of a EVP_PKEY setting OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE. This only affects the B & K curves (which have a cofactor that is not 1). Bug reported by @abkarcher Testing this properly, also detected a memory leak of privk when the FIPS indicator error was triggered (in the case where mode = 0 and use_cofactor was 1). Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25548)
These were added in #25548 but didn't include a FIPS version check which causes failures testing older FIPS providers against later versions. Also change some skips to use TEST_skip. Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25582)
Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25583)
Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25583)
In this function the salt can be either a zero buffer of exactly mdlen length, or an arbitrary salt of prevsecretlen length. Although in practice OpenSSL will always pass in a salt of mdlen size bytes in the current TLS 1.3 code, the openssl kdf command can pass in arbitrary values (I did it for testing), and a future change in the higher layer code could also result in unmatched lengths. If prevsecretlen is > mdlen this will cause incorrect salt expansion, if prevsecretlen < mdlen this could cause a crash or reading random information. Inboth case the generated output would be incorrect. Signed-off-by: Simo Sorce <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25579)
Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26040)
We would dereference p7->d.sign pointer which can be NULL. Reported by Han Zheng. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from #26078)
Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #26080)
FreeBSD has supported both getrandom(2) and getentropy(3) since 12.0. The last version which did *not* have these went EoL in September 2021. Use getrandom(2) unconditionally and fallback to sysctl kern.arandom if we do happen to have a FreeBSD that old. This is generally a necessary step for FreeBSD's _FORTIFY_SOURCE implementation, which needs to do some symbol renaming tricks with the getentropy declaration that would otherwise add some platform-specific hacks here to accommodate. getentropy(3) uses getrandom(2) internally on FreeBSD, so we just cut out the middleman. While we're here, it doesn't seem to make sense to ever prefer the sysctl on FreeBSD or NetBSD. For both platforms, it's limited to 256 bytes in a single request while getrandom(2) will generally use the same backend but service the entire request in one shot, even for larger amounts of entropy, modulo the EINTR possibility that presents itself with larger requests. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #24903)
Commit fa338aa added zeroization of public security parameters as required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit overlooked ECX keys, which are used for EdDSA and X25519/X448. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25807)
Fixes #25917 Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25966)
We currently run interop tests as a client only from the master branch. While we are developing quic-server it would be beneficial to also get interop test results from the quic-server branch run as both a client and a server, until such time as the feature branch is merged. Add building and running of a container in the test harness to our CI set Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26090)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26095)
By adding the additional input directly to the pool we were using just the additional input. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #26112)
Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #26112)
Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26109)
Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26122)
Fixes #26079 Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: David von Oheimb <[email protected]> (Merged from #26100) (cherry picked from commit afd36cb)
Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: David von Oheimb <[email protected]> (Merged from #26100) (cherry picked from commit ef0be53)
Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from #25664)
If we had refcounted object allowing lockless writes the relaxed semantics on DOWN_REF would allow scheduling these writes after simultaneous release of the object by another thread. We do not have any such objects yet, but better to make the refcount correct just in case we will have them in future. TSAN doesn't properly understand this so we use even stronger acq_rel semantics if building with TSAN. Fixes #25660 Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from #25664)
We use REF_PRINT_COUNT to dump out the value of various reference counters in our code However, we commonly use this macro after an increment or decrement. On increment its fine, but on decrement its not, because the macro dereferences the object holding the counter value, which may be freed by another thread, as we've given up our ref count to it prior to using the macro. The rule is that we can't reference memory for an object once we've released our reference, so lets fix this by altering REF_PRINT_COUNT to accept the value returned by CRYPTO_[UP|DOWN]_REF instead. The eliminates the need to dereference the memory the object points to an allows us to use the call after we release our reference count Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25664)
It will be just xor-ed over the existing entropy in the pool. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #26128)
Only absent parameters allowed in RFC 3370. Fixes #25824 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26058)
Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25476)
Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25476)
Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #25476)
Fixes #26106 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26140)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )