Fix CID 1465214 Resource leak (in file_load.c)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)

Fix CID 1465215 : Explicit null dereferenced (in test)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)

Fix CID #1465216 Resource leak in property_fetch

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)

Ensure we excluse ec2m curves if ec2m is disabled

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)

Add a test to check having a provider loaded without a groups still works

As long as we have at least one provider loaded which offers some
groups, it doesn't matter if we have others lo

Add a test to check having a provider loaded without a groups still works

As long as we have at least one provider loaded which offers some
groups, it doesn't matter if we have others loaded that don't.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)

show more ...

Fix an incorrect error flow in add_provider_groups

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)

Fix OSSL_PROVIDER_get_capabilities()

It is not a failure to call OSSL_PROVIDER_get_capabilities() with a
provider loaded that has no capabilities.

Fixes #12286

Reviewed

Fix OSSL_PROVIDER_get_capabilities()

It is not a failure to call OSSL_PROVIDER_get_capabilities() with a
provider loaded that has no capabilities.

Fixes #12286

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)

show more ...

Add support to zeroize plaintext in S3 record layer

Some applications want even all plaintext copies beeing
zeroized. However, currently plaintext residuals are kept in rbuf
within t

Add support to zeroize plaintext in S3 record layer

Some applications want even all plaintext copies beeing
zeroized. However, currently plaintext residuals are kept in rbuf
within the s3 record layer.

This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to
optionally enable cleansing of decrypted plaintext data.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12251)

show more ...

[test][15-test_genec] Improve EC tests with genpkey

Test separately EC parameters and EC key generation.

Some curves only support explicit params encoding.

For some curves

[test][15-test_genec] Improve EC tests with genpkey

Test separately EC parameters and EC key generation.

Some curves only support explicit params encoding.

For some curves we have had cases in which generating the parameters
under certain conditions failed, while generating and serializing a key
under the same conditions did not.
See <https://github.com/openssl/openssl/issues/12306> for more details.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12307)

show more ...

[apps/genpkey] exit status should not be 0 on output errors

If the key is to be serialized or printed as text and the framework
returns an error, the app should signal the failure to the

[apps/genpkey] exit status should not be 0 on output errors

If the key is to be serialized or printed as text and the framework
returns an error, the app should signal the failure to the user using
a non-zero exit status.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12305)

show more ...

[EC][ASN1] Detect missing OID when serializing EC parameters and keys

The following built-in curves do not have an assigned OID:

- Oakley-EC2N-3
- Oakley-EC2N-4

In gene

[EC][ASN1] Detect missing OID when serializing EC parameters and keys

The following built-in curves do not have an assigned OID:

- Oakley-EC2N-3
- Oakley-EC2N-4

In general we shouldn't assume that an OID is always available.

This commit detects such cases, raises an error and returns appropriate
return values so that the condition can be detected and correctly
handled by the callers, when serializing EC parameters or EC keys with
the default `ec_param_enc:named_curve`.

Fixes #12306

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12313)

show more ...

improve SSL_CTX_set_tlsext_ticket_key_cb ref impl

improve reference implementation code in
SSL_CTX_set_tlsext_ticket_key_cb man page

change EVP_aes_128_cbc() to EVP_aes_256_cb

improve SSL_CTX_set_tlsext_ticket_key_cb ref impl

improve reference implementation code in
SSL_CTX_set_tlsext_ticket_key_cb man page

change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication
of requiring longer keys. Updating this code brings the reference
implementation in line with implementation in openssl committed in 2016:
commit 05df5c20
Use AES256 for the default encryption algoritm for TLS session tickets

add comments where user-implementation is needed to complete code

CLA: trivial

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12063)

show more ...

Ensure TLS padding is added during encryption on the provider side

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

Convert SSLv3 handling to use provider side CBC/MAC removal

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

Ensure any allocated MAC is freed in the provider code

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

Decreate the length after decryption for the stitched ciphers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

Ensure the sslcorrupttest checks all errors on the queue

sslcorrupttest was looking for a "decryption failed or bad record mac"
error in the queue. However if there were multiple errors

Ensure the sslcorrupttest checks all errors on the queue

sslcorrupttest was looking for a "decryption failed or bad record mac"
error in the queue. However if there were multiple errors on the queue
then it would fail to find it. We modify the test to check all errors.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

show more ...

Ensure GCM "update" failures return 0 on error

EVP_CipherUpdate is supposed to return 1 for success or 0 for error.
However for GCM ciphers it was sometimes returning -1 for error.

Ensure GCM "update" failures return 0 on error

EVP_CipherUpdate is supposed to return 1 for success or 0 for error.
However for GCM ciphers it was sometimes returning -1 for error.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

show more ...

Ensure cipher_generic_initkey gets passed the actual provider ctx

We were not correctly passing the provider ctx down the chain during
initialisation of a new cipher ctx. Instead the pro

Ensure cipher_generic_initkey gets passed the actual provider ctx

We were not correctly passing the provider ctx down the chain during
initialisation of a new cipher ctx. Instead the provider ctx got set to
NULL.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

show more ...

Make the NULL cipher TLS aware

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

Change ChaCha20-Poly1305 to be consistent with out ciphers

Other ciphers return the length of the Payload for TLS as a result of an
EVP_DecryptUpdate() operation - but ChaCha20-Poly1305

Change ChaCha20-Poly1305 to be consistent with out ciphers

Other ciphers return the length of the Payload for TLS as a result of an
EVP_DecryptUpdate() operation - but ChaCha20-Poly1305 did not. We change
it so that it does.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

show more ...

Make libssl start using the TLS provider CBC support

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

Add provider support for TLS CBC padding and MAC removal

The previous commits separated out the TLS CBC padding code in libssl.
Now we can use that code to directly support TLS CBC paddi

Add provider support for TLS CBC padding and MAC removal

The previous commits separated out the TLS CBC padding code in libssl.
Now we can use that code to directly support TLS CBC padding and MAC
removal in provided ciphers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

show more ...

Remove SSL dependencies from tls_pad.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

Split the padding/mac removal functions out into a separate file

We split these functions out into a separate file because we are
preparing to make this file shared between libssl and pr

Split the padding/mac removal functions out into a separate file

We split these functions out into a separate file because we are
preparing to make this file shared between libssl and providers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

show more ...