Skip to content

Fast-forward scossl-1.10 to include commits from main #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MS-megliu merged 4 commits into from
Jul 17, 2025
Merged

Fast-forward scossl-1.10 to include commits from main #138

MS-megliu merged 4 commits into from
Jul 17, 2025

Conversation

@MS-megliu
Copy link
Contributor

@MS-megliu MS-megliu commented Jul 17, 2025

Fast-forward scossl-1.10 to include commits from main

MS-megliu and others added 4 commits July 8, 2025 17:05
@MS-megliu
CFB fix. change the blocksize to 1 for all CFBs (#131)
9ed0b76 
CFB fix. change the blocksize to 1 for all CFBs per
https://docs.openssl.org/3.0/man3/EVP_EncryptInit/#gettable-evp_cipher-parameters:~:text=%22blocksize%22%20(OSSL_CIPHER_PARAM_BLOCK_SIZE,the%20cached%20value.

test:
(1) test code from sql team passed.
(2) sslplay passed.
(3) buddy pipeline, functional test pipeline successfully.
@samuel-lee-msft
Fix for TLS 1.x CBC ciphersuites (#130)
e3dd13a 
Builds on fix: compatibility issue between SCOSSL and TLS 1.2 ciphersuites which use HMAC in AzL3 #129 but handles overly large padding on decryption

Addresses bug 58142883
Error Message:
openssl s_client -connect tcs.microsoftstore.com.cn:443 -tls1_2 -cipher ECDHE-RSA-AES256-SHA384
40D79C8E857B0000:error:0A0003FC:SSL routines:ssl3_read_bytes:ssl/tls alert bad record mac:ssl/record/rec_layer_s3.c:907:SSL alert number 20

Root cause:
(1) TLS1.2 uses PKCS7-like padding for CBC cipher modes, but it is not PKCS7. SCOSSL was using PKCS7 padding incorrectly in TLS CBC paths, both causing errors on encryption path (other party would expect padding to be one byte longer and normally fail in padding check, if not in subsequent MAC check), and the decryption path (one byte of other party's padding would be interpreted as the last byte of the MAC)
(2) copy_mac didn't copy the correct mac for aes get parameter to consume, caused bad mac in decryption path.
(3) fix typo in 1.10 for public key export

Test:
(1) sslplay passed
(2) openssl s_client -connect tcs.microsoftstore.com.cn:443 -tls1_2 -cipher ECDHE-RSA-AES256-SHA384 worked.
@samuel-lee-msft
Fix use of uninitialized memory and consistency of code handling allo…
8a6a595 
…cations (#133)

* Refactor logic to avoid use of uninitialized memory and improve
consistency

* Fix up a few more nitpicks

+ Potential memory leak in common gcm init ctx (never hit with provider,
  but could be hit from engine)
+ Consistency of dupctx ERR and assignment

* Fix some unhandled OPENSSL_strdup failures
@samuel-lee-msft
Additional allocation hardening (#137)
a69991e 
* Based on additional fixes made when porting previous fix to 1.9 branch
  (#135)
* Check for failure in CRYPTO_THREAD_lock_new
* Reduce scope for unexpected behavior in RSA keygen
@MS-megliu MS-megliu marked this pull request as ready for review July 17, 2025 22:05
@MS-megliu MS-megliu requested a review from ccalik July 17, 2025 22:10
@MS-megliu MS-megliu merged commit 30252d0 into scossl-1.10 Jul 17, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ccalik ccalik ccalik approved these changes

@samuel-lee-msft samuel-lee-msft samuel-lee-msft approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MS-megliu @ccalik @samuel-lee-msft