Richard Levitte [Mon, 30 Aug 2021 11:19:30 +0000 (13:19 +0200)]
PEM to DER decoder: Specify object type and data structure more consistently
The data structure wasn't given for recognised certificates or CRLs.
It's better, though, to specify it for those objects as well, so they
can be used to filter what actually gets decoded, which will be
helpful for our OSSL_STORE 'file:' scheme implementation.
Fixes #16224
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
Richard Levitte [Mon, 30 Aug 2021 11:16:42 +0000 (13:16 +0200)]
DECODER: check the first decoded structure name against user given structure
In a chain of decoders, the first that specifies an input structure
gets it compared with the structure specified by the user, if there is
one. If they aren't the same, that decoder is skipped.
Because the first structure can appear anywhere along a chain of
decoders, not just the decoders associated with the resulting OpenSSL
type, the code that checked the structure name when building up the
chain of decoders is removed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
slontis [Thu, 2 Sep 2021 06:50:45 +0000 (16:50 +1000)]
Add KEM dupctx test
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16495)
slontis [Thu, 2 Sep 2021 06:49:37 +0000 (16:49 +1000)]
Fix dh dupctx refcount error
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16495)
slontis [Thu, 2 Sep 2021 06:39:21 +0000 (16:39 +1000)]
Fix double free in EVP_PKEY_CTX_dup()
If the internal operations dupctx() fails then a free is done (e.g. EVP_KEYEXCH_free()). If this is not set to NULL the EVP_PKEY_CTX_free() will do a double free.
This was found by testing kdf_dupctx() in kdf_exch.c (Note this always
fails since the internal KDF's do not have a dup method).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16495)
PW Hu [Thu, 2 Sep 2021 04:02:06 +0000 (12:02 +0800)]
EVP_PKEY_gettable_params.pod: Update argument names
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16494)
Richard Levitte [Thu, 2 Sep 2021 11:10:33 +0000 (13:10 +0200)]
VMS: Compensate for x86_64 cross compiler type incompatibility
The x86_64 cross compiler says that 'unsigned long long' isn't the
same as 'unsigned __int64'. Sure, and considering that
providers/implementations/rands/seeding/rand_vms.c is specific VMS
only code, it's easy to just change the type to the exact same as
what's specified in the system headers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16497)
(cherry picked from commit
1ef526ef421febe50a105bb140d7e3a70bd76b61)
Richard Levitte [Tue, 31 Aug 2021 16:38:15 +0000 (18:38 +0200)]
Prepare for 3.1
Because we now have an openssl-3.0 branch, master is moved to be the
next potential minor version.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16484)
Viktor Dukhovni [Mon, 30 Aug 2021 19:09:43 +0000 (15:09 -0400)]
Test for DANE cross cert fix
Reviewed-by: Tomáš Mráz <tomas@openssl.org>
Viktor Dukhovni [Mon, 30 Aug 2021 18:17:16 +0000 (14:17 -0400)]
Prioritise DANE TLSA issuer certs over peer certs
When building the certificate chain, prioritise any Cert(0) Full(0)
certificates from TLSA records over certificates received from the peer.
This is important when the server sends a cross cert, but TLSA records include
the underlying root CA cert. We want to construct a chain with the issuer from
the TLSA record, which can then match the TLSA records (while the associated
cross cert may not).
Reviewed-by: Tomáš Mráz <tomas@openssl.org>
Pauli [Mon, 26 Jul 2021 06:11:34 +0000 (16:11 +1000)]
rand: avoid using the derivation function for the public and private DRBGs
There is no point using it becuase they are getting full quality entropy from
the primary DRBG (which remains using the d.f.).
Also cleaned up the parameter passing to the DRBGs to not pass parameters that
are unknown.
Fixes #16117
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16156)
Daniel Bevenius [Wed, 1 Sep 2021 09:45:45 +0000 (11:45 +0200)]
Fix indentation of tls13_hkdf_expand parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16489)
Pauli [Fri, 27 Aug 2021 00:37:35 +0000 (10:37 +1000)]
CI: add last run-checker fuzzing CIs to Actions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16438)
a1346054 [Thu, 19 Aug 2021 11:05:15 +0000 (11:05 +0000)]
always use the same perl in $PATH
Different tests may use unexpectedly different versions of perl,
depending on whether they hardcode the path to the perl executable or if
they resolve the path from the environment. This fixes it so that the
same perl is always used.
Fix some trailing whitespace and spelling mistakes as well.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16362)
Mattias Ellert [Tue, 31 Aug 2021 06:26:06 +0000 (08:26 +0200)]
Openssl fails to compile on Debian with kfreebsd kernels
(kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler
is:
../crypto/uid.c: In function 'OPENSSL_issetugid':
../crypto/uid.c:50:22: error: 'AT_SECURE' undeclared (first use in this function)
50 | return getauxval(AT_SECURE) != 0;
| ^~~~~~~~~
This commit changes the code to use the freebsd code in this case.
This fixes the compilation.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16477)
Richard Levitte [Tue, 31 Aug 2021 10:07:33 +0000 (12:07 +0200)]
dev/release.sh: Adjust release branch names to votes
The OTC voted today that the release branch for OpenSSL 3.0 should be
openssl-3.0 rather than openssl-3.0.x. The release script is changed
accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16481)
Matt Caswell [Thu, 26 Aug 2021 09:03:51 +0000 (10:03 +0100)]
Add a test for verifying an email with a bad othername type
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16443)
Matt Caswell [Thu, 26 Aug 2021 08:43:50 +0000 (09:43 +0100)]
Ensure that we check the ASN.1 type of an "otherName" before using it
We should not assume that the type of an ASN.1 value is UTF8String as
expected. We must actually check it, otherwise we could get a NULL ptr
deref, or worse memory errors.
Reported by David Benjamin.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16443)
slontis [Sun, 29 Aug 2021 23:59:54 +0000 (09:59 +1000)]
Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE
Fixes #16457
The ECDSA and DSA signature tests use Pairwise tests instead of KATS.
Note there is a seperate type used by the keygen for conditional Pairwise Tests.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16461)
Matt Caswell [Mon, 30 Aug 2021 14:54:22 +0000 (15:54 +0100)]
Add a warning about locking in the child provider callback docs
The child provider callbacks can hold the store lock. In order to avoid
deadlocks we require that the callback implementations don't themselves
call functions that may aquire those locks.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)
Pauli [Mon, 16 Aug 2021 02:20:56 +0000 (12:20 +1000)]
Add additional test to thread sanitizer build
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)
Matt Caswell [Mon, 30 Aug 2021 12:04:31 +0000 (13:04 +0100)]
Refactor provider_core.c to adhere to the locking rules
The previous commit provided some guidelines and some rules for using
locking in order to avoid deadlocks. This commit refactors the code in
order to adhere to those guidelines and rules.
Fixes #16312
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)
Matt Caswell [Mon, 30 Aug 2021 14:33:07 +0000 (15:33 +0100)]
Add commentary about lock usage in provider_core.c
Provide some guidelines, as well as some rules for using the locks in
provider_core.c, in order to avoid the introduction of deadlocks.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)
Pauli [Mon, 30 Aug 2021 06:06:49 +0000 (16:06 +1000)]
CI: add builds covering a number of different compiler versions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16463)
Tomas Mraz [Tue, 31 Aug 2021 07:05:59 +0000 (09:05 +0200)]
apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
Tomas Mraz [Thu, 26 Aug 2021 13:13:58 +0000 (15:13 +0200)]
ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
Tomas Mraz [Thu, 26 Aug 2021 13:08:15 +0000 (15:08 +0200)]
Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
Fixes #16428
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
slontis [Wed, 25 Aug 2021 01:50:20 +0000 (11:50 +1000)]
Document that EVP_get_cipherbyname() does not work for some new algorithm names.
These algorithms were added to providers but have no const EVP_CIPHER*
mapping. Ciphers for SIV and CTS were previously only available via low level
function calls that are deprecated.
Reported by @reaperhulk.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16414)
Jaime Hablutzel [Mon, 30 Aug 2021 18:18:48 +0000 (13:18 -0500)]
Typo correction.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16470)
Nicola Tuveri [Sat, 21 Aug 2021 01:04:51 +0000 (04:04 +0300)]
Use applink to fix windows tests
(readapted from
5c69c66a6972f84d56160c9ea4b30bab8fc2d3d4 by @bernd-edlinger)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
Nicola Tuveri [Thu, 16 Jul 2020 00:23:26 +0000 (03:23 +0300)]
[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead
set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
This is a follow-up to https://github.com/openssl/openssl/pull/12312
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
Nicola Tuveri [Wed, 15 Jul 2020 23:02:16 +0000 (02:02 +0300)]
Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
This commit fixes the public headers to reflect these changes.
Fixes #12443
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
Nicola Tuveri [Wed, 15 Jul 2020 22:57:09 +0000 (01:57 +0300)]
Add tests for i2d_TYPE_fp and d2i_TYPE_fp
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
@@ Note: This commit limits to ECPKParameters as a type.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
Daniel Krügler [Fri, 27 Aug 2021 16:32:20 +0000 (18:32 +0200)]
Ensure that _GNU_SOURCE is defined for bss_dgram.c
This fixes the following error with gcc10 under strict ANSI conditions:
.../crypto/bio/bss_dgram.c:373:20: error: 'const struct in6_addr' has no member named 's6_addr32'
CLA: trivial
Fixes #16449
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16451)
Dmitry Belyavskiy [Fri, 27 Aug 2021 16:03:15 +0000 (18:03 +0200)]
Adjust the list of default provider's algorithms
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16448)
Bernd Edlinger [Fri, 27 Aug 2021 11:11:39 +0000 (13:11 +0200)]
Fix the "Out of memory" EVP KDF scrypt test
This test did not really execute, since usually
the OPENSSL_malloc(0) will fail and prevent the
execution of the KDF.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16444)
Rich Salz [Thu, 26 Aug 2021 20:03:15 +0000 (16:03 -0400)]
Yet another doc-nits fix
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16436)
zhaozg [Tue, 24 Aug 2021 14:43:18 +0000 (22:43 +0800)]
cms: fix memleaks in cms_env.c
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16403)
(cherry picked from commit
58e1e397c6774be11b903c0f88e85bd2b8c4206f)
Xiaofei Bai [Wed, 18 Aug 2021 07:57:26 +0000 (07:57 +0000)]
Fix libdir path on darwin
In current Configure script, libdir can be specified either an absolute
path or relative, while in Configurations/shared-info.pl, on darwin
system "-install_name" only accepts relative libdir path, and the
program fails when receiving absolute libdir path. This PR is to fix
this and match requirements of scripts.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16393)
David Carlier [Wed, 25 Aug 2021 07:54:38 +0000 (08:54 +0100)]
Darwin platform allows to build on releases before Yosemite/ios 8.
backport #16409
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16418)
Tomas Mraz [Wed, 25 Aug 2021 15:06:47 +0000 (17:06 +0200)]
doc: Add note about operation parameters validation
Fixes #16394
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16424)
Matt Caswell [Wed, 25 Aug 2021 13:39:29 +0000 (14:39 +0100)]
Add a test for running the config twice
Make sure there are no leaks from running the config file twice.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16425)
Matt Caswell [Tue, 24 Aug 2021 16:41:39 +0000 (17:41 +0100)]
Add locking for the provider_conf.c
Avoid races where 2 threads attempt to configure activation of providers
at the same time. E.g. via an explicit and an implict load of the config
file at the same time.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16425)
Matt Caswell [Tue, 17 Aug 2021 09:32:49 +0000 (10:32 +0100)]
When activating providers via config check we've not already activated them
We skip the activation if we already configured them.
Fixes #16250
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16425)
Dr. David von Oheimb [Wed, 25 Aug 2021 10:21:06 +0000 (12:21 +0200)]
APPS/req: Fix AKID generation in case -CA option is used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16420)
Dr. David von Oheimb [Wed, 25 Aug 2021 10:11:38 +0000 (12:11 +0200)]
APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16420)
Dr. David von Oheimb [Wed, 25 Aug 2021 06:35:40 +0000 (08:35 +0200)]
APPS/x509: fix -extfile option, which was ignored with -x509toreq
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16417)
Tomas Mraz [Wed, 25 Aug 2021 11:50:40 +0000 (13:50 +0200)]
EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls
The legacy implementation duplicates the pctx before creating/verifying
the signature unless EVP_MD_CTX_FLAG_FINALISE is set. We have to do the
same with provided implementations.
Fixes #16321
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16422)
zhaozg [Wed, 18 Aug 2021 07:40:22 +0000 (15:40 +0800)]
ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16347)
Pauli [Wed, 25 Aug 2021 00:06:11 +0000 (10:06 +1000)]
doc: document the rsa_oaep_md: pkeyopt
This was missing but essential for using non-SHA1 digests with OAEP.
Fixes #15998
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16410)
Pauli [Mon, 23 Aug 2021 23:40:52 +0000 (09:40 +1000)]
aes-wrap: improve error handling
The AES wrap cipher was return -1 on error from the provider rather than 0.
This is fixed.
There was a problem with the error handling in AES wrap which fell back to a
default "final error". This adds a fix for the error and more specific errors
for the different failure possibilities.
Fixes #16387
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16391)
Pauli [Mon, 23 Aug 2021 23:40:28 +0000 (09:40 +1000)]
Add invalid input length error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16391)
Dr. David von Oheimb [Tue, 24 Aug 2021 10:15:41 +0000 (12:15 +0200)]
CMS app: Fix new -wrap option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16396)
Pauli [Tue, 24 Aug 2021 09:07:18 +0000 (19:07 +1000)]
changes: add note about 3DES key wrap matching the standard
Also note that it is no longer interoperable with 1.1.1.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16343)
Pauli [Wed, 18 Aug 2021 01:58:11 +0000 (11:58 +1000)]
test: add unit tests for TDES key wrap
This functionality was completely untested.
Doesn't fix #16002 since that's a bug against 1.1.1.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16343)
Bernd Edlinger [Mon, 23 Aug 2021 09:11:29 +0000 (11:11 +0200)]
Avoid using undefined value in generate_stateless_cookie_callback
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16384)
Paul Dreik [Fri, 29 Nov 2019 18:23:35 +0000 (19:23 +0100)]
Avoid invoking memcpy if size is zero or the supplied buffer is NULL
This allows for passing a NULL pointer with zero max_len.
Invoking memcpy on NULL is undefined behaviour, even if the size is zero.
https://en.cppreference.com/w/c/string/byte/memcpy
The function can now be queried for the necessary buffer length.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10541)
Bernd Edlinger [Mon, 23 Aug 2021 12:03:20 +0000 (14:03 +0200)]
Fix the array size of dtlsseq in tls1_enc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16385)
Richard Levitte [Tue, 24 Aug 2021 11:45:27 +0000 (13:45 +0200)]
Add multilib to the NonStop configuration definitions.
Fixes: #16373
Co-authored-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16398)
Richard Levitte [Mon, 23 Aug 2021 12:12:28 +0000 (14:12 +0200)]
VMS: Correct faulty source directory specification
$(SRCDIR)/doc doesn't work right on VMS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16395)
Tianjia Zhang [Mon, 23 Aug 2021 09:40:22 +0000 (17:40 +0800)]
apps/ciphers: Fix wrong return value when using -convert parameter
Command 'openssl ciphers -convert <name>' always returns failure,
this patch set the correct return value.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16383)
Dr. David von Oheimb [Tue, 17 Aug 2021 17:57:08 +0000 (19:57 +0200)]
APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16344)
Pauli [Wed, 25 Aug 2021 00:44:01 +0000 (10:44 +1000)]
news/changes: fix formatting nits
The news/changes files are being nitted causing CI failure. This addresses the
issues.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16413)
Pauli [Wed, 25 Aug 2021 00:32:12 +0000 (10:32 +1000)]
cpp: fix included files to avoid failure in no-deprecated builds
A header file was missing but only in no-deprecated builds.
Also add some ending comments for #if preprocessor statements.
Move function declaration inside #ifdef guard for header.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16412)
Pauli [Wed, 25 Aug 2021 00:12:17 +0000 (10:12 +1000)]
sm2: fix error raise to not fail make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16411)
Tomas Mraz [Wed, 11 Aug 2021 11:09:09 +0000 (13:09 +0200)]
rsa: Try legacy encoding functions for pubkey
If there are no suitable encoders it might mean the key is in
an engine and thus it is a legacy key. Try legacy encoding
routines to encode the public key. We do not attempt encoding
a private key as it would be in most cases impossible anyway.
Fixes #16256
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16289)
Matt Caswell [Tue, 24 Aug 2021 12:37:49 +0000 (13:37 +0100)]
Updates CHANGES.md and NEWS.md for new 1.1.1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 13 Aug 2021 15:58:21 +0000 (16:58 +0100)]
Check the plaintext buffer is large enough when decrypting SM2
Previously there was no check that the supplied buffer was large enough.
It was just assumed to be sufficient. Instead we should check and fail if
not.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Matt Caswell [Fri, 13 Aug 2021 13:49:47 +0000 (14:49 +0100)]
Extend tests for SM2 decryption
Check the case where C1y < 32 bytes in length (i.e. short overhead), and
also the case with longer plaintext and C1x and C1y > 32 bytes in length
(i.e. long overhead)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Matt Caswell [Fri, 13 Aug 2021 13:14:51 +0000 (14:14 +0100)]
Correctly calculate the length of SM2 plaintext given the ciphertext
Previously the length of the SM2 plaintext could be incorrectly calculated.
The plaintext length was calculated by taking the ciphertext length and
taking off an "overhead" value.
The overhead value was assumed to have a "fixed" element of 10 bytes.
This is incorrect since in some circumstances it can be more than 10 bytes.
Additionally the overhead included the length of two integers C1x and C1y,
which were assumed to be the same length as the field size (32 bytes for
the SM2 curve). However in some cases these integers can have an additional
padding byte when the msb is set, to disambiguate them from negative
integers. Additionally the integers can also be less than 32 bytes in
length in some cases.
If the calculated overhead is incorrect and larger than the actual value
this can result in the calculated plaintext length being too small.
Applications are likely to allocate buffer sizes based on this and therefore
a buffer overrun can occur.
CVE-2021-3711
Issue reported by John Ouyang.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Matt Caswell [Fri, 20 Aug 2021 14:23:32 +0000 (15:23 +0100)]
Fix the error handling in i2v_AUTHORITY_KEYID
Previously if an error path is entered a leak could result.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Thu, 19 Aug 2021 14:25:04 +0000 (15:25 +0100)]
Allow fuzz builds to detect string overruns
If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it
any for safety in normal builds.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Thu, 19 Aug 2021 11:24:17 +0000 (12:24 +0100)]
Fix EC_GROUP_new_from_ecparameters to check the base length
Check that there's at least one byte in params->base before trying to
read it.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Thu, 19 Aug 2021 11:23:38 +0000 (12:23 +0100)]
Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 16:58:23 +0000 (17:58 +0100)]
Fix append_ia5 function to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 16:37:41 +0000 (17:37 +0100)]
Fix test code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 16:37:23 +0000 (17:37 +0100)]
Fix CMP code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 16:08:58 +0000 (17:08 +0100)]
Fix the name constraints code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 13:02:40 +0000 (14:02 +0100)]
Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 11:34:55 +0000 (12:34 +0100)]
Fix GENERAL_NAME_print to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 11:31:38 +0000 (12:31 +0100)]
Fix POLICYINFO printing to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 11:24:22 +0000 (12:24 +0100)]
Fix i2v_GENERAL_NAME to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Zengit [Wed, 11 Aug 2021 14:21:03 +0000 (17:21 +0300)]
Add a clarification to NOTES-UNIX.md
I just wasted almost 2 hours troubleshooting, because lowercase L
and 1 look too similar, this should help some people save time.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16295)
Dmitry Belyavskiy [Fri, 20 Aug 2021 14:45:15 +0000 (16:45 +0200)]
Get rid of warn_binary
Current implementation of warn_binary introduces a regression
when the content is passed in /dev/stdin as an explicit file name
and reads the file to be processed twice otherwise.
I suggest to reimplement this functionality after 3.0 if necessary.
Fixes #16359
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16367)
Omair Majid [Wed, 18 Aug 2021 18:57:57 +0000 (14:57 -0400)]
Fix documentation referring to 'function code'
ERR_GET_FUNC was removed, so remove references to 'function code' as
well from docs.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16353)
Beat Bolli [Mon, 16 Aug 2021 20:37:41 +0000 (22:37 +0200)]
doc: fix a mistyped "=item" perldoc marker
Searching didn't reveal any other similar cases.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16354)
Rich Salz [Tue, 17 Aug 2021 15:42:21 +0000 (11:42 -0400)]
Replace CONFIG_NOWAIT env var with -w option
And document the -w option
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Rich Salz [Mon, 16 Aug 2021 20:29:09 +0000 (16:29 -0400)]
Set KERNEL_BITS, add CONFIG_NOWAIT
Avoid perl "undefined variable in regexp" message.
Not all uses were changed because I wasn't sure.
Add support for CONFIG_NOWAIT environment variable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Rich Salz [Mon, 16 Aug 2021 20:25:03 +0000 (16:25 -0400)]
Minor doc enhancements to INSTALL.md
Describe current relationship between config and Configure.
Put the environment variable list in alphabetical order.
Add description of KERNEL_BITS.
Add new variable CONFIG_NOWAIT.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Richard Levitte [Thu, 19 Aug 2021 18:45:00 +0000 (20:45 +0200)]
util/add-depends.pl: Rebuild the build file after reconfiguration
Reconfiguration is assumed if any dependency (.d) file is older than
configdata.pm.
Fixes #16364
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16365)
Richard Levitte [Thu, 19 Aug 2021 11:07:30 +0000 (13:07 +0200)]
util/add-depends.pl: Only add dependencies on existing or generated headers
Headers that fulfill neither of those conditions are skipped.
This avoids build breaks when development has removed a previously
existing header.
Fixes #16360
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16361)
Todd Short [Mon, 16 Aug 2021 20:37:10 +0000 (16:37 -0400)]
Fix state name abbreviation
The TRSCV state abbrev was used for two states:
* TLS_ST_CR_CERT_VRFY
* TLS_ST_SW_CERT_VRFY
The second one is wrong because it's a write operation.
The state for TLS_ST_SW_CERT_VRFY should be "TWSCV"
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16327)
Richard Levitte [Tue, 17 Aug 2021 12:32:35 +0000 (14:32 +0200)]
Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16334)
Richard Levitte [Tue, 17 Aug 2021 06:46:23 +0000 (08:46 +0200)]
EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated
A check is added to fail this function if the string buffer isn't
large enough to accomodate a terminating NUL byte.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16334)
Pauli [Mon, 16 Aug 2021 22:54:55 +0000 (08:54 +1000)]
doc: remove errant blank line to appease doc-nits
Fixes #16328
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/16330)
Pauli [Tue, 17 Aug 2021 03:17:17 +0000 (13:17 +1000)]
pkcs12: check for zero length digest to avoid division by zero
Fixes #16331
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/16332)
Shane Lontis [Fri, 13 Aug 2021 04:36:21 +0000 (14:36 +1000)]
Fix CTS cipher decrypt so that the updated IV is returned correctly.
Adding KRB5 test vector 'NextIV' values to evp_test data for AES CTS indicated that the CTS decrypt functions incorrectly returned the wrong IV. The returned IV should match the value returned by the encrypt methods.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Shane Lontis [Thu, 12 Aug 2021 09:20:05 +0000 (19:20 +1000)]
Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Shane Lontis [Thu, 12 Aug 2021 08:22:50 +0000 (18:22 +1000)]
Add support for camellia cbc cts mode
Fixes #16276
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Shane Lontis [Thu, 12 Aug 2021 08:20:48 +0000 (18:20 +1000)]
Refactor cipher aes_cts code so that it can be used by other 128bit ciphers
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)