When calling qrx_relocate_buffer, both the rxe and the pointer to the token
may be changing locations. We have to use a temporary copy of the token
pointer to avoid referencing the old location of the rxe.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

We shouldn't ever have the case where the data flags indicate that
err_data has been malloc'd, but the err_data field is NULL.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

We ignore such a bad signature when fuzzing - it will never be correct.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

We accept a bad original destination connection id in the transport params
while we are fuzzing since this may change every time.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

Handle retryable errors from SSL_read(). Also ensure the underlying BIO
handles the destination address capability.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

Earlier today, it took me five manuals! to find what on earth the
"Performance"/"EVP_MD_fetch(3)" crosslinks actually mean:
  EVP_sha1(3)
  crypto(7)
  EVP_MD_fetch(3) (but not there! don't read that!)
  OSSL_PROVIDER-default(7)
  EVP_MD-SHA1(7)

If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/,
which it should do, since it's supposed to be what you're replacing it
with, but it doesn't actually say that, maybe people would use it.
I know I didn't because it's basically just deadass buried

As found by git grep -l 'and should consider using'
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22420)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)

struct timeval doesn't support nanosecs but OSSL_TIME does. We round up
any nanosecs to ensure that a non-zero input always results in a non-zero
output.

This fixes a quic-client fuzzer hang.

Fixes #22437
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22439)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22436)

Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 file.
Additionally the JDK currently requires that pkcs12 files setting this
oid _not_ contain any additional keys, and in response will produce
unpredictable results.

This could be solved by implying --nokeys when the pkcs12 utility is run
and the config option is set, but thatcould confuse users who didn't
specify nokeys on the command line.  As such, remove the config file
setting for this feature, and replace it with a -jdktrust command line
option, that is documented to assert nokeys when a users specifies the
new command line option.

Fixes #22215
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22422)

Return SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN with semantics
similar to TLS connections.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)

The one in ch_rx_handle_packet() is a tuning thing -> QUIC FUTURE
The one in ossl_quic_tserver_shutdown() is a server thing -> QUIC SERVER
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)

The `get_user_{entropy,nonce}` callbacks were add recently to the
dispatch table in commit 4cde7585. Instead of adding corresponding
`cleanup_user_{entropy,nonce}` callbacks, the `cleanup_{entropy,nonce}`
callbacks were reused. This can cause a problem in the case where the
seed source is replaced by a provider: the buffer gets allocated by
the provider but cleared by the core.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22423)

If the CC TX allowance is zero then we cannot send a PING frame at the
moment, so do not take into account the ping deadline when calculating the
tick deadline in that case.

This avoids the hang found by the fuzzer mentioned in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765131727Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22410)

RFC 9000 s 17.2.5.2 says

> After the client has received and processed an Initial or Retry packet
> from the server, it MUST discard any subsequent Retry packets that it
> receives.

We were checking for multiple Retry packets, but not if we had already
processed an Initial packet.

Fixes the assertion failure noted in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765618884Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22411)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)

This is unnecessary and conceptualy wrong as
headers from internal should not include headers from crypto
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)

Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22318)

Fixes #22306
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22318)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22369)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)

Its not required that crt params be available in an RSA key, so don't
perform an error check on them

Fixes #29135
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)

Theres no reason we should gate ossl_rsa_todata on there being a minimum
set of parameters. EVP_PKEY_todata makes no guarantees about the
validity of a key, it only returns the parameters that are set in the
requested key, whatever they may be.  Remove the check.

Fixes #21935
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)

This makes them zeroes otherwise
where NULLs actually mean the values aren't present.

Fixes #21935
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22334)

external calls to OBJ_new_nid will fail on an attempt to lock the
ossl_obj_nid_lock as it won't have been initalized yet.

Bifurcate OBJ_new_nid into an external and internal variant, in which
the former calls ossl_obj_write_lock (ensuring that the nid_lock is
initalized), while OBJ_create (the sole internal caller) uses the latter
to avoid having to drop and re-acquire the lock

Fixes #22337
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22350)

Fixes #22225

In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to
the special "undefined" ASN1_OBJECT is returned.  Check for the
undefined-ASN1_OBJECT and return an error.  Also, add a test for this
in 80-test_cms.t.

Testing:

  #!/bin/bash -x

  shopt -s expand_aliases

  alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl"

  echo "This is a confidential message.  It should be encrypted." > msg.txt

  ## this should fail b/c there is no OID for aes-256-ctr
  openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem
  echo $?
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22392)

CLA: trivial
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22108)

According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label()
should accept NULL as the label argument, though the function
currently rejects it while setting the corresponding octet string
parameter with OSSL_PARAM_construct_octet_string, which expects
non-NULL input.  This adds a workaround to the caller for backward
compatibility.
Signed-off-by: NDaiki Ueno <dueno@redhat.com>
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22397)

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)