ssl_old_test.c: Check inconsistent values from SSL_get0_alpn_selected()

Fixes Coverity 1534838

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@ope

ssl_old_test.c: Check inconsistent values from SSL_get0_alpn_selected()

Fixes Coverity 1534838

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)

show more ...

apps/spkac.c: Check result of ASN1_STRING_set()

Fixes Coverity 1027256

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged fr

apps/spkac.c: Check result of ASN1_STRING_set()

Fixes Coverity 1027256

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)

show more ...

quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE

Fixes openssl/project#134

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>

quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE

Fixes openssl/project#134

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21756)

show more ...

Add two missing entries to the OCSP CRLReason table

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from http

Add two missing entries to the OCSP CRLReason table

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21743)

show more ...

Fix a memory leak in tls_new_record_layer

If setting the crypto state has failed then memory might have been
partially allocated to fields within the partially constructed record
lay

Fix a memory leak in tls_new_record_layer

If setting the crypto state has failed then memory might have been
partially allocated to fields within the partially constructed record
layer. We need to call tls_int_free() to properly free it.

Found by the reproducible error patch in openssl#21668

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21753)

show more ...

Add X509_STORE_CTX_set_get_crl and X509_STORE_CTX_set_current_reasons

This change is for feature request #21679.

Adds a couple of setters to aid with custom CRL validation.

Add X509_STORE_CTX_set_get_crl and X509_STORE_CTX_set_current_reasons

This change is for feature request #21679.

Adds a couple of setters to aid with custom CRL validation.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21737)

show more ...

QUIC: Update SSL_shutdown manpage

Fixes https://github.com/openssl/project/issues/138

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

QUIC: Update SSL_shutdown manpage

Fixes https://github.com/openssl/project/issues/138

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21618)

show more ...

QUIC: Update SSL_accept_stream manpage

Fixes https://github.com/openssl/project/issues/135

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.or

QUIC: Update SSL_accept_stream manpage

Fixes https://github.com/openssl/project/issues/135

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21618)

show more ...

Don't free the prev BIO prematurely

We shouldn't free the prev BIO in ssl_set_new_record_layer until it is
no longer referenced by s->rlayer.rrlnext.

Found by the reproducible e

Don't free the prev BIO prematurely

We shouldn't free the prev BIO in ssl_set_new_record_layer until it is
no longer referenced by s->rlayer.rrlnext.

Found by the reproducible error patch in #21668

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)

show more ...

Fix a leak in an error path when duplicating an OSSL_DECODER_CTX.

Make sure we free process_data_dest if it is not actually used.

Found by the reproducible error patch in #21668

Fix a leak in an error path when duplicating an OSSL_DECODER_CTX.

Make sure we free process_data_dest if it is not actually used.

Found by the reproducible error patch in #21668

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)

show more ...

issue-21718: remove setting of PTHREAD_MUTEX_NORMAL

issue: https://github.com/openssl/openssl/issues/21718

build break reported:
crypto/threads_pthread.c:76:5: warning: implicit

issue-21718: remove setting of PTHREAD_MUTEX_NORMAL

issue: https://github.com/openssl/openssl/issues/21718

build break reported:
crypto/threads_pthread.c:76:5: warning: implicit declaration of function 'pthread_mutexattr_settype'; did you mean 'pthread_mutexattr_destroy'? [-Wimplicit-function-declaration]
76 | pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| pthread_mutexattr_destroy
crypto/threads_pthread.c:76:38: error: 'PTHREAD_MUTEX_NORMAL' undeclared (first use in this function); did you mean 'PTHREAD_MUTEX_TIMED_NP'?
76 | pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL);
| ^~~~~~~~~~~~~~~~~~~~
| PTHREAD_MUTEX_TIMED_NP

This occurs because PTHREAD_MUTEX_NORMAL is only defined in glibc if
__USE_UNIX98 or __USE_XOPEN2K8 is defined, which is derived from setting
__USE_POSIX_C_SOURCE or __XOPEN_SOURCE is selected in the glibc feature
set for a build. Since openssl selects no specific feature set from
glibc, the build break occurs

We could select a feature set of course, but that seems like a
significant discussion to have prior to doing so. Instead, the simpler
solution is to just not set the mutex type at all, given that
pthread_mutexattr_init sets the default mutex type, which should be akin
to normal anyway (i.e. no mutex error checking or allowed-recursive
behavior)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21726)

show more ...

Fix decoders so that they use the passed in propq.

Fixes #21198

decoder objects were setting propq as NULL.
Added a set_ctx/settable_ctx to all decoders that should supply
a

Fix decoders so that they use the passed in propq.

Fixes #21198

decoder objects were setting propq as NULL.
Added a set_ctx/settable_ctx to all decoders that should supply
a property query parameter to internal functions.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21219)

show more ...

Improve documentation for BIO_s_mem

Recent leak discovered by valgrind:
==1007580== at 0x483C815: malloc (vg_replace_malloc.c:431)
==1007580== by 0x2C2689: CRYPTO_zalloc (in /home/vi

Improve documentation for BIO_s_mem

Recent leak discovered by valgrind:
==1007580== at 0x483C815: malloc (vg_replace_malloc.c:431)
==1007580== by 0x2C2689: CRYPTO_zalloc (in /home/vien/microedge-c/test)
==1007580== by 0x295A17: BUF_MEM_new (in /home/vien/microedge-c/test)
==1007580== by 0x295A78: BUF_MEM_new_ex (in /home/vien/microedge-c/test)
==1007580== by 0x28CACE: mem_new (in /home/vien/microedge-c/test)
==1007580== by 0x285EA8: BIO_new_ex (in /home/vien/microedge-c/test)
==1007580== by 0x231894: convert_pubkey_ECC (tpm2_driver.c:221)
==1007580== by 0x232B73: create_ephemeral_key (tpm2_driver.c:641)
==1007580== by 0x232E1F: tpm_gen_keypair (tpm2_driver.c:695)
==1007580== by 0x22D60A: gen_keypair (se_driver_api.c:275)
==1007580== by 0x21FF35: generate_keypair (dhkey.c:142)
==1007580== by 0x24D4C8: __test_dhkey (dhkey_test.c:55)

led me to find that BIO_get_mem_data is informative only, it does not
transer ownership of a BIO_s_mems data structure to the caller.
Additionally treating it as such leads to the above leak, or possibly
data corruption in the event that BIO_set_close(bio, BIO_NOCLOSE) is not
set properly prior to calling BIO_free.

Made an attempt to fix it in a minimally invasive manner in the 3.1
branch, but based on discussion, its just not safe to do in an API
compatible way, so just document the sematics a little more clearly
here, and fix it properly in a future release

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21724)

(cherry picked from commit 66d1658b4d88c66b27a8a538b2fb365ef1907936)

show more ...

quic: process stateless resets

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21649)

Check i2d_X509_NAME return in X509_NAME_hash_ex/old

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/opens

Check i2d_X509_NAME return in X509_NAME_hash_ex/old

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21697)

show more ...

http_server.c: allow clients to connect with IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.

http_server.c: allow clients to connect with IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21033)

show more ...

Fix a leak in an error path in OSSL_DECODER_CTX_new_for_pkey()

Found via the reproducible error injection in #21668

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom

Fix a leak in an error path in OSSL_DECODER_CTX_new_for_pkey()

Found via the reproducible error injection in #21668

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21723)

show more ...

Fix a use-after-free in quic_tls.c

The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry

Fix a use-after-free in quic_tls.c

The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry flags on it. This means that we have to manage it properly, and update
it in the event of set1_bio() call on the record layer method.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

Add a test for receiving a post-handshake CertificateRequest

This should result in a QUIC PROTOCOL_VIOLATION

We also add tests for a post-handshake KeyUpdate, and a NewSessionTicket

Add a test for receiving a post-handshake CertificateRequest

This should result in a QUIC PROTOCOL_VIOLATION

We also add tests for a post-handshake KeyUpdate, and a NewSessionTicket
with an invalid max_early_data value.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

Add the ability to send NewSessionTicket messages when we want them

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi

Add the ability to send NewSessionTicket messages when we want them

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

TLS KeyUpdate messages are not allowed in QUIC

We already disallowed the sending of TLS KeyUpdate messages. We also treat
the receipt of a TLS KeyUpdate message as an unexpected message.

TLS KeyUpdate messages are not allowed in QUIC

We already disallowed the sending of TLS KeyUpdate messages. We also treat
the receipt of a TLS KeyUpdate message as an unexpected message.

RFC 9001 section 6:
Endpoints MUST treat the receipt of a TLS KeyUpdate message as a connection
error of type 0x010a, equivalent to a fatal TLS alert of unexpected_message;
see Section 4.8.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

NewSessionTickets with an early_data extension must have a valid max value

The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC.

NewSessionTickets with an early_data extension must have a valid max value

The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC. Otherwise it is a PROTOCOL_VIOLATION.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

Don't forget we are doing QUIC if we clear the QUIC TLS data

We should retain the TLS1_FLAGS_QUIC setting in in s3.flags even after a
"clear" operation.

Reviewed-by: Hugo Landau

Don't forget we are doing QUIC if we clear the QUIC TLS data

We should retain the TLS1_FLAGS_QUIC setting in in s3.flags even after a
"clear" operation.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION

An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-han

Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION

An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

Remove include/internal/decoder.h, as it's superfluous

The routines declared in there are entirely libcrypto internal, so
include/crypto/decoder.h is better suited for them.

Rev

Remove include/internal/decoder.h, as it's superfluous

The routines declared in there are entirely libcrypto internal, so
include/crypto/decoder.h is better suited for them.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21733)

show more ...