Fix a possible memory leak of ssl->s3.tmp.psk

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/

Fix a possible memory leak of ssl->s3.tmp.psk

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22637)

show more ...

After a stream has implicit length don't add more stream related frames

Once we have decided that a stream has an implicit length then we should
treat the packet as full and not try to a

After a stream has implicit length don't add more stream related frames

Once we have decided that a stream has an implicit length then we should
treat the packet as full and not try to add any more stream related frames
to the packet.

Fixes #22658

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22662)

show more ...

Add config tests for including provider config files

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

Add config tests for including provider config files

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22598)

show more ...

Add CHANGES.md and NEWS.md entry for CVE-2023-5678

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

Add CHANGES.md and NEWS.md entry for CVE-2023-5678

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22647)

(cherry picked from commit 4ee71b4c302a06c24b46a5def1cff2096bd57f0b)

show more ...

Sync CHANGES.md and NEWS.md with 3.1 branch

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/op

Sync CHANGES.md and NEWS.md with 3.1 branch

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22647)

(cherry picked from commit 2d0d3edb04ab0fa53e30e3cbdd114de9933d5361)

show more ...

QUIC TXP: Handle padding correctly for ACK_ONLY archetype

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

QUIC TXP: Handle padding correctly for ACK_ONLY archetype

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22615)

show more ...

QUIC TXP: Fix use of implicit-length STREAM frames in presence of PATH_REPSONSE frames

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merge

QUIC TXP: Fix use of implicit-length STREAM frames in presence of PATH_REPSONSE frames

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22615)

show more ...

add locking around fake_now

fake_now in the quictestlib is read/written by potentially many threads,
and as such should have a surrounding lock to prevent WAR/RAW errors as
caught by

add locking around fake_now

fake_now in the quictestlib is read/written by potentially many threads,
and as such should have a surrounding lock to prevent WAR/RAW errors as
caught by tsan:

2023-11-03T16:27:23.7184999Z ==================
2023-11-03T16:27:23.7185290Z WARNING: ThreadSanitizer: data race (pid=18754)
2023-11-03T16:27:23.7185720Z Read of size 8 at 0x558f6f9fe970 by main thread:
2023-11-03T16:27:23.7186726Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7187665Z #1 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7188567Z #2 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7189561Z #3 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7190294Z #4 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7190720Z
2023-11-03T16:27:23.7190902Z Previous write of size 8 at 0x558f6f9fe970 by thread T1:
2023-11-03T16:27:23.7191607Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aecf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7192505Z #1 run_server_thread quictestlib.c (quicapitest+0x14b1d6) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7193361Z #2 thread_run quictestlib.c (quicapitest+0x14cadf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7193848Z
2023-11-03T16:27:23.7194220Z Location is global 'fake_now.0' of size 8 at 0x558f6f9fe970 (quicapitest+0x1af4970)
2023-11-03T16:27:23.7194636Z
2023-11-03T16:27:23.7194816Z Thread T1 (tid=18760, running) created by main thread at:
2023-11-03T16:27:23.7195465Z #0 pthread_create <null> (quicapitest+0xca12d) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7196317Z #1 qtest_create_quic_connection_ex <null> (quicapitest+0x14adcb) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7197214Z #2 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7198111Z #3 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7198940Z #4 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7199661Z #5 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7200083Z
2023-11-03T16:27:23.7200862Z SUMMARY: ThreadSanitizer: data race (/home/runner/work/openssl/openssl/test/quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) in qtest_create_quic_connection_ex

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22616)

show more ...

Correct order of ossl_condvar_signal in quic_multistream_test

quic_multistream test was issuing a signal on a condvar after dropping
the corresponding mutex, not before, leading to poten

Correct order of ossl_condvar_signal in quic_multistream_test

quic_multistream test was issuing a signal on a condvar after dropping
the corresponding mutex, not before, leading to potential race
conditions in the reading of the associated data

Fixes #22588

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22616)

show more ...

Add unit test for #22644

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22646)

Fix bug in priority queue remove function

The short circuit in the remove function when the element is the last in the
heap, failed to add the removed slot back to the freelist.

Fix bug in priority queue remove function

The short circuit in the remove function when the element is the last in the
heap, failed to add the removed slot back to the freelist.

Fixes #22644

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22646)

show more ...

apps/rehash.c: avoid printf format warning [-Wformat]

The `aarch64-linux-android33-clang` cross-compiler (v14.0.6)
complains twice about an unsupported '%n' format specifier,
prevent

apps/rehash.c: avoid printf format warning [-Wformat]

The `aarch64-linux-android33-clang` cross-compiler (v14.0.6)
complains twice about an unsupported '%n' format specifier,
preventing a successful `--strict-warnings` build:

error: '%n' specifier not supported on this platform [-Werror,-Wformat]
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",

This is a false positive, because BIO_snprintf() implements its
own format parsing (which is implemented in the _dopr() function).

This commit fixes the problem by rewriting the code to dispense with
the dubious '%n' format specifier. As a side-effect, the code becomes
a little bit more comprehensible and self-explaining.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22511)

show more ...

CHANGES.md: note BLAKE2s supports BLAKE2b-like "size" setting

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

CHANGES.md: note BLAKE2s supports BLAKE2b-like "size" setting

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)

show more ...

Document BLAKE2's variable size

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)

Implement BLAKE2s with the same macro as BLAKE2b

This avoids code duplication and provides variable-size support
for BLAKE2s like 786b9a8

Test data obtained with libb2 with the

Implement BLAKE2s with the same macro as BLAKE2b

This avoids code duplication and provides variable-size support
for BLAKE2s like 786b9a8

Test data obtained with libb2 with the following programs:

==> b2.c <==
#include <blake2.h>
#include <unistd.h>

int main() {
char buf[16] = {};
blake2s(buf, 0, 0, 16, 0, 0);
write(1, buf, 16);
}

==> b3.c <==
#include <blake2.h>
#include <unistd.h>

int main() {
char buf[10] = {};
blake2s(buf, "\x61", 0, 10, 1, 0);
write(1, buf, 10);
}

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)

show more ...

Lift BLAKE2B provider definition into a macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Lift BLAKE2B provider definition into a macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)

show more ...

Fix a possible memory leak in custom_ext_add

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Fix a possible memory leak in custom_ext_add

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22638)

show more ...

quic http3 demo: minor updates

-update run command to include LD_LIBRARY_PATH
-suggest installing libnghttp3-dev on Ubuntu
-drop "-f" from clean recipe (it is already included in $(R

quic http3 demo: minor updates

-update run command to include LD_LIBRARY_PATH
-suggest installing libnghttp3-dev on Ubuntu
-drop "-f" from clean recipe (it is already included in $(RM))

Part of https://github.com/openssl/project/issues/253

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22623)

show more ...

Use proper KDF SS parameter name

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged fr

Use proper KDF SS parameter name

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22636)

show more ...

Fix conflicts between DH check flags and FFC check flags

There are comments in include/openssl/dh.h and include/internal/ffc.h
that they must be aligned with each other, and yet, clashes

Fix conflicts between DH check flags and FFC check flags

There are comments in include/openssl/dh.h and include/internal/ffc.h
that they must be aligned with each other, and yet, clashes have been
introduced.

The simplest fix is to move the offending FFC flags out of the way, as they
are indeed internal and shouldn't affect any public interface, apart from
those that are aligned with the DH flags, which are public.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22453)

show more ...

Make DH_check_pub_key() and DH_generate_key() safer yet

We already check for an excessively large P in DH_generate_key(), but not in
DH_check_pub_key(), and none of them check for an exc

Make DH_check_pub_key() and DH_generate_key() safer yet

We already check for an excessively large P in DH_generate_key(), but not in
DH_check_pub_key(), and none of them check for an excessively large Q.

This change adds all the missing excessive size checks of P and Q.

It's to be noted that behaviours surrounding excessively sized P and Q
differ. DH_check() raises an error on the excessively sized P, but only
sets a flag for the excessively sized Q. This behaviour is mimicked in
DH_check_pub_key().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22453)

show more ...

Introduce libabigail checking in ci

It would be nice if we could monitor the consistency of our ABI from PR to PR,
to ensure there are no inadvertent changes to the library ABI.

Introduce libabigail checking in ci

It would be nice if we could monitor the consistency of our ABI from PR to PR,
to ensure there are no inadvertent changes to the library ABI.

Introduce a new CI job that runs the libabigail tools to build an ABI
representation of the PR-built library and compares it to a stored/expected
representation, reporting any discrepancies it finds.

Fixes #22571

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22589)

show more ...

Correctly track the original length when generating a stream frame

txp_generate_stream_frames() plans chunks of data to send via the
function txp_plan_stream_chunk(). That function may c

Correctly track the original length when generating a stream frame

txp_generate_stream_frames() plans chunks of data to send via the
function txp_plan_stream_chunk(). That function may clamp the amount in
the chunk due to flow control, even though there is more available to send.

We should take this into account when deciding whether or not to try
serializing the next chunk.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22601)

show more ...

tparam_on_enc_ext(): Remove dead code in cleanup

Fixes Coverity 1548382

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-

tparam_on_enc_ext(): Remove dead code in cleanup

Fixes Coverity 1548382

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22606)

show more ...

ossl_quic_new(): Avoid dereferencing NULL qc during cleanup

Fixes Coverity 1548383

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

ossl_quic_new(): Avoid dereferencing NULL qc during cleanup

Fixes Coverity 1548383

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22606)

show more ...