Matt Caswell [Tue, 30 Jan 2024 13:20:46 +0000 (13:20 +0000)]
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Matt Caswell [Mon, 29 Jan 2024 16:19:24 +0000 (16:19 +0000)]
Update CHANGES.md and NEWS.md for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/23423)
Richard Levitte [Tue, 23 Jan 2024 12:17:31 +0000 (13:17 +0100)]
Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits
The failure would be caught later on, so this went unnoticed, until someone
tried with just one hex digit, which was simply ignored.
Fixes #23373
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23374)
(cherry picked from commit
ea6268cfceaba24328d66bd14bfc97c4fac14a58)
Matt Caswell [Fri, 19 Jan 2024 14:32:18 +0000 (14:32 +0000)]
Add some tests for various PKCS12 files with NULL ContentInfo
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.
We add test for various instances of this problem.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)
Matt Caswell [Fri, 19 Jan 2024 11:28:58 +0000 (11:28 +0000)]
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)
Bernd Edlinger [Mon, 22 Jan 2024 15:02:59 +0000 (16:02 +0100)]
Fix a possible memory leak in req_main
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)
(cherry picked from commit
ff78d94b131d7bb3b761509d3ce0dd864b1420e3)
Tomas Mraz [Mon, 8 Jan 2024 13:13:49 +0000 (14:13 +0100)]
ci.yml: Replace actions-rs/toolchain@v1 with dtolnay/rust-toolchain
actions-rs/toolchain is unmaintained and generates warnings
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23232)
(cherry picked from commit
cd5911a6b300453eefb4b6d9d797c9d1cdefb956)
Tomas Mraz [Fri, 19 Jan 2024 09:59:03 +0000 (10:59 +0100)]
tlsfuzzer.sh: Use python3
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit
15f479e25f9591a2749fabb436dcdfb9304c5c7b)
Tomas Mraz [Thu, 18 Jan 2024 15:32:33 +0000 (16:32 +0100)]
tlsfuzzer.sh: Make it more informative on errors
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit
825b7cb16e0624d81421441949e843e9876c81f9)
Tomas Mraz [Fri, 5 Jan 2024 10:22:28 +0000 (11:22 +0100)]
tlsfuzzer.sh: Run openssl version on the built app and not system one
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit
150b3b18dfde317621a6bf26acfe0d06193e52fd)
Tomas Mraz [Wed, 3 Jan 2024 11:36:10 +0000 (12:36 +0100)]
gost_engine.sh: Set OPENSSL_ENGINES_DIR
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit
017c7cf2bb5f5461071d9e992eb3206c34a69c2c)
shashankmca80 [Sat, 13 Jan 2024 12:46:25 +0000 (18:16 +0530)]
Uninitialized array variable
array"key" is uninitialized and it is being read directly in function SipHash_Init() as per the below statements making a way for the garbage values :
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23298)
(cherry picked from commit
a0826b184eed2dccc56cdf80e3e0bc061cc89ddc)
Matt Caswell [Mon, 15 Jan 2024 08:55:48 +0000 (08:55 +0000)]
Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23327)
Dr. David von Oheimb [Thu, 14 Dec 2023 11:48:33 +0000 (12:48 +0100)]
X509_dup.pod: add caveat that extra data is not copied and hints, e.g., to use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
(cherry picked from commit
66adaf2b31bb51e00ffad784f60bdf195e5dd736)
Kevin Jerebica [Tue, 16 Jan 2024 15:30:26 +0000 (16:30 +0100)]
Add a deprecation warning for a function in docs
The function in question is SSL_get_peer_certificate()
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23315)
(cherry picked from commit
3e938453be47751d50917e25b8f7334b482844b3)
lan1120 [Wed, 13 Dec 2023 11:02:29 +0000 (19:02 +0800)]
Check whether the pubkey exists in ossl_ecx_key_dup
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22984)
(cherry picked from commit
aac531e5daa2edec5d47e702a7f115cf77fe07f9)
Frederik Wedel-Heinen [Fri, 12 Jan 2024 09:14:43 +0000 (10:14 +0100)]
Error in s_server when -rev option is used with dtls.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23278)
(cherry picked from commit
575117efe1e0eb8073c2d26ae3dff8926be00591)
Tomas Mraz [Tue, 9 Jan 2024 17:08:22 +0000 (18:08 +0100)]
Add CHANGES.md and NEWS.md entries for CVE-2023-6237
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit
38b2508f638787842750aec9a75745e1d8786743)
Tomas Mraz [Fri, 22 Dec 2023 15:25:56 +0000 (16:25 +0100)]
Limit the execution time of RSA public key check
Fixes CVE-2023-6237
If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.
Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit
e09fc1d746a4fd15bb5c3d7bbbab950aadd005db)
Drokov Pavel [Fri, 12 Jan 2024 07:10:17 +0000 (02:10 -0500)]
Fix arithmetic expression overflow
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)
(cherry picked from commit
486ab0fb003d05f89620662260486d31bd3faa8c)
Richard Levitte [Thu, 4 Jan 2024 11:42:05 +0000 (12:42 +0100)]
Add test/recipes/15-test_gensm2.t, to test SM2 key generation results
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit
d4d9b57530b2ecdca6b4263b5841b42c820e5275)
Richard Levitte [Fri, 27 Oct 2023 07:01:19 +0000 (09:01 +0200)]
Fix the encoding of SM2 keys
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).
Such keys should be encoded as ECC keys.
Fixes #22184
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit
1d490694dfa790d8e47f8f2ea62ea1d9b1251179)
Neil Horman [Thu, 7 Dec 2023 21:56:39 +0000 (16:56 -0500)]
Fix NULL pointer deref when parsing the stable section
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min
Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value. As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.
Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)
(cherry picked from commit
0981c20f8efa68bf9d68d7715280f83812c19a7e)
Holger Dengler [Thu, 4 Jan 2024 18:25:08 +0000 (19:25 +0100)]
Add tests for re-using cipher contexts
Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.
This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit
3cb1b51dddf4deaf5e3886b827f3245d81670bc7)
Holger Dengler [Fri, 5 Jan 2024 13:16:53 +0000 (14:16 +0100)]
Fix partial block encryption in cfb and ofb for s390x (legacy)
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see
4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit
f9ccd209c3d121668c51a992613c698f2a774cb3)
Holger Dengler [Thu, 4 Jan 2024 08:37:39 +0000 (09:37 +0100)]
Fix partial block encryption in cfb and ofb for s390x
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.
Fixes: #23175
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit
576a3572bebf6115df1c03527114cbf74d06f861)
Neil Horman [Mon, 8 Jan 2024 19:29:52 +0000 (14:29 -0500)]
Update Docs for EVP_MAC
For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated). As such, document the fact that
re-initalization requires passing an IV parameter
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)
(cherry picked from commit
7c1d533a512181b13de3bc0b7fa2fd8c481032d3)
sashan [Mon, 8 Jan 2024 21:53:42 +0000 (22:53 +0100)]
evp_fetch.c: Check meth_id instead of name_id
Fixes #23226
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23238)
(cherry picked from commit
da840c3775f52fc9766c654b5ad6ee031ffc9fd9)
Bernd Edlinger [Tue, 9 Jan 2024 14:05:30 +0000 (15:05 +0100)]
Fix a similar memory leak in SXNET_add_id_INTEGER
Even in the good case there was memory leak here.
Add a simple test case to have at least some test coverage.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
(cherry picked from commit
398011848468c7e8e481b295f7904afc30934217)
Bernd Edlinger [Mon, 8 Jan 2024 14:31:32 +0000 (15:31 +0100)]
Fix a possible memory leak in sxnet_v2i
When a subsequent call to SXNET_add_id_asc fails
e.g. because user is a string larger than 64 char
or the zone is a duplicate zone id,
or the zone is not an integer,
a memory leak may be the result.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
(cherry picked from commit
0151e772195fc03cce0f12e5e266e51dc15243a0)
Tomas Mraz [Thu, 4 Jan 2024 09:32:32 +0000 (10:32 +0100)]
Add CHANGES.md and NEWS.md entries for CVE-2023-6129
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
(cherry picked from commit
858c7bc210a406cc7f891ac2aed78692d2e02937)
Rohan McLure [Thu, 4 Jan 2024 09:25:50 +0000 (10:25 +0100)]
poly1305-ppc.pl: Fix vector register clobbering
Fixes CVE-2023-6129
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
(cherry picked from commit
8d847a3ffd4f0b17ee33962cf69c36224925b34f)
Tomas Mraz [Fri, 5 Jan 2024 10:01:34 +0000 (11:01 +0100)]
Avoid memory leak if SXNET_add_id_INTEGER() fails
Fixes Coverity
1560046
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23211)
(cherry picked from commit
7054fc1ca3945342777f588fba43b77f669509ad)
Tomas Mraz [Fri, 5 Jan 2024 16:29:20 +0000 (17:29 +0100)]
Add missing sm4_ccm_dupctx() and sm4_gcm_dupctx()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23217)
Richard Levitte [Wed, 20 Dec 2023 07:25:22 +0000 (08:25 +0100)]
VMS: Add the missing -p32 and -p64 variants for x86_64
The pointer size support is already in the code, and is present for
all other supported hardwares.
Fixes #22899
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)
(cherry picked from commit
a43f253d586279b5d96fffcaf1b26c7a2b0dd938)
Richard Levitte [Mon, 18 Dec 2023 11:49:08 +0000 (12:49 +0100)]
Fix VMS installation - update vmsconfig.pm for consistency
An effort was made to update the VMS installation data to align with
configuration data. This touched the script templates in VMS/, but
didn't update the generation of vmsconfig.pm to match... and also
missed a spot.
This change adds the missing updates
Ref:
https://github.com/openssl/openssl/pull/16842
Fixes #22899
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)
(cherry picked from commit
4058e121cbc6818235b0dcb618e636ce3c4d1f2f)
Neil Horman [Wed, 3 Jan 2024 18:47:05 +0000 (13:47 -0500)]
cleanse stack variable in kdf_pbkdf1_do_derive
kdf_pbkdf1_do_derive stores key derivation information in a stack
variable, which is left uncleansed prior to returning. Ensure that the
stack information is zeroed prior to return to avoid potential leaks of
key information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23194)
(cherry picked from commit
5963aa8c196d7c5a940a979299a07418527932af)
Neil Horman [Tue, 2 Jan 2024 20:48:00 +0000 (15:48 -0500)]
Validate config options during x509 extension creation
There are several points during x509 extension creation which rely on
configuration options which may have been incorrectly parsed due to
invalid settings. Preform a value check for null in those locations to
avoid various crashes/undefined behaviors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23183)
(cherry picked from commit
bac7e687d71b124b09ad6ad3e15be9b38c08a1ba)
Neil Horman [Fri, 15 Dec 2023 19:35:04 +0000 (14:35 -0500)]
fixup! Adding interop tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
(cherry picked from commit
b062a3c552bf283319dede3437598f1747730053)
Neil Horman [Tue, 14 Nov 2023 11:01:51 +0000 (06:01 -0500)]
Adding interop tests
Fedora has some fairly nice interoperability tests that we can leverage
to build a PR and test it against gnutls and nss libraries. This commit
adds the interop-tests.yml ci job to do that work, and run the interop
tests from beaker.
Fixes #20685
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
(cherry picked from commit
83783dd16e767483020e5b2dc3b1c0ac26520917)
Neil Horman [Tue, 19 Dec 2023 11:15:39 +0000 (06:15 -0500)]
Update workflow to use GITHUB_WORKSPACE
It was pointed out the GITHUB_WORKSPACE points to the container path of
the workspace, so we can use it instead of hardcoding the
__w/openssl/openssl path
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
(cherry picked from commit
638ad52ae53ece2e870984430493e454f75d048a)
Neil Horman [Tue, 14 Nov 2023 11:01:51 +0000 (06:01 -0500)]
Adding interop tests
Fedora has some fairly nice interoperability tests that we can leverage
to build a PR and test it against gnutls and nss libraries. This commit
adds the interop-tests.yml ci job to do that work, and run the interop
tests from beaker.
Fixes #20685
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
(cherry picked from commit
337eb99c8474ed380f3aa6fbd6b2a4ab5d39aa26)
Neil Horman [Tue, 12 Sep 2023 21:09:06 +0000 (17:09 -0400)]
Fix a key repointing in various ciphers
In the dupctx fixups I missed a pointer that needed to be repointed to
the surrounding structures AES_KEY structure for the sm4/aes/aria
ccm/gcm variants. This caused a colliding use of the key and possible
use after free issues.
Fixes #22076
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)
(cherry picked from commit
0398bc20080de037a8433fe81cfdef3ba0ec9d4c)
Neil Horman [Fri, 1 Sep 2023 17:47:15 +0000 (13:47 -0400)]
Add dupctx support to rc4_hmac_md5 algo
Pretty straightforward, just clone the requested context, no pointers to
fixup
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)
(cherry picked from commit
f9163efe96e218adeae2a0dc6a4cbef568f395ee)
Neil Horman [Fri, 1 Sep 2023 17:22:03 +0000 (13:22 -0400)]
implement dupctx for chacha20_poly1305
Same as chacha20 in the last commit, just clone the ctx and its
underlying tlsmac array if its allocated
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)
(cherry picked from commit
e7ef50c3e3b670a476aa0e864da5b5cc874b3528)
Neil Horman [Fri, 1 Sep 2023 15:28:33 +0000 (11:28 -0400)]
implement dupctx for aes_WRAP methods
create a dupctx method for aes_WRAP implementations of all sizes
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)
(cherry picked from commit
a5bea0a8d423c7e52052d903b99f75034e78cecf)
Neil Horman [Fri, 1 Sep 2023 13:10:35 +0000 (09:10 -0400)]
Add dupctx support to aead ciphers
Add dupctx method support to to ciphers implemented with IMPLEMENT_aead_cipher
This includes:
aes-<kbits>-gcm
aria-<kbits>-ccm
aria-<kbits>-gcm
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)
(cherry picked from commit
879a853a1dc968fb010e5bf17d2e8888acc70742)
Neil Horman [Tue, 29 Aug 2023 19:42:48 +0000 (15:42 -0400)]
make inability to dup/clone ciphers an error
There should be no reason that a cipher can't be duplicated
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)
(cherry picked from commit
58a6aa0c9fe6abad996f45c6b452983035db7105)
Dmitry Misharov [Thu, 4 Jan 2024 13:19:10 +0000 (14:19 +0100)]
fix buildtest job runner
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23203)
Dr. David von Oheimb [Mon, 1 Aug 2022 14:35:42 +0000 (16:35 +0200)]
add missing doc of X509_REQ_get_extensions() and X509_REQ_add_extensions{,_nid}()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(cherry picked from commit
47dc828c6b652feb9cef5b0e4186d010986f197c)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23190)
Matt Caswell [Wed, 3 Jan 2024 11:03:03 +0000 (11:03 +0000)]
Clarify the PKCS12 docs
Issue #23151 asks a question about the meaning of the PKCS12
documentation. This PR attempts to clarify how friendlyName and localKeyID
are added to the PKCS12 structure.
Fixes #23151
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23188)
(cherry picked from commit
3348713ad390372ba5a0a0f98b46b2f637475e47)
Neil Horman [Mon, 1 Jan 2024 14:25:03 +0000 (09:25 -0500)]
cleanse stack variable in blake2[b|s] finalization
If the output of a blake2[b|s] digest isn't a multipl of 8, then a stack
buffer is used to compute the final output, which is left un-zeroed
prior to return, allowing the potential leak of key data. Ensure that,
if the stack variable is used, it gets cleared prior to return.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23173)
(cherry picked from commit
8b9cf1bc2c3085b6e9493a057209ffd0bddf48a6)
Neil Horman [Mon, 1 Jan 2024 16:53:50 +0000 (11:53 -0500)]
validate requested key length in kdf_pbkdf1_do_derive
When using pbkdf1 key deriviation, it is possible to request a key
length larger than the maximum digest size a given digest can produce,
leading to a read of random stack memory.
fix it by returning an error if the requested key size n is larger than
the EVP_MD_size of the digest
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23174)
(cherry picked from commit
8d89050f0f676b429043fd5445e5a570d54ad225)
rilysh [Fri, 29 Dec 2023 07:30:56 +0000 (02:30 -0500)]
provider-keymgmt.pod: fix typo
Fix a typo from asymmmetric to asymmetric
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23164)
(cherry picked from commit
cf8fea86f73c4606f132133cb34c07f8dad42482)
slontis [Wed, 8 Nov 2023 06:14:44 +0000 (16:14 +1000)]
Add missing documentation for X509_ATTRIBUTE related functions.
Partial fix for #8026
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22656)
(cherry picked from commit
f1f0731ddf6cb31d62a2c0f406b009ae9817ed7f)
Tomas Mraz [Wed, 13 Dec 2023 11:21:04 +0000 (12:21 +0100)]
Allow duplicate CMS attributes
Fixes regression introduced with https://github.com/openssl/openssl/pull/21505
Fixes #22266
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23029)
(cherry picked from commit
d7e707cb4983a35b1a265c6042da410d829f3b19)
Neil Horman [Wed, 20 Dec 2023 15:01:17 +0000 (10:01 -0500)]
gate calling of evp_method_id on having a non-zero name id
If a name is passed to EVP_<OBJ>_fetch of the form:
name1:name2:name3
The names are parsed on the separator ':' and added to the store, but
during the lookup in inner_evp_generic_fetch, the subsequent search of
the store uses the full name1:name2:name3 string, which fails lookup,
and causes subsequent assertion failures in evp_method_id.
instead catch the failure in inner_evp_generic_fetch and return an error
code if the name_id against a colon separated list of names fails. This
provides a graceful error return path without asserts, and leaves room
for a future feature in which such formatted names can be parsed and
searched for iteratively
Add a simple test to verify that providing a colon separated name
results in an error indicating an invalid lookup.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23110)
(cherry picked from commit
94be985cbcc1f0a5cf4f172d4a8d06c5c623122b)
James Muir [Sat, 16 Dec 2023 02:21:46 +0000 (21:21 -0500)]
doc: fix "the a" typos (and other things nearby)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/23068)
(cherry picked from commit
aa3347ba9d670a747b46974ce46f2ed9ecb38662)
slontis [Fri, 17 Feb 2023 00:00:50 +0000 (10:00 +1000)]
Add missing settable entry OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS for RSA asym
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)
(cherry picked from commit
26183614ed1dc03f509f26839b8a465684ca0f84)
slontis [Thu, 16 Feb 2023 23:54:58 +0000 (09:54 +1000)]
Limit RSA-OAEP related functions to RSA keys only
Make EVP_PKEY_CTX_set_rsa_oaep_md() and
EVP_PKEY_CTX_get_rsa_oaep_md_name() only work for RSA keys.
Since these calls use "digest" as a OSSL_PARAM, they should not
work for other key types.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)
(cherry picked from commit
0c3eb31b55d3c1544e4e044c2e3c939655bac93d)
slontis [Thu, 16 Feb 2023 23:51:59 +0000 (09:51 +1000)]
Fix memleak in rsa_cms_decrypt
If a call to EVP_PKEY_CTX_set_rsa_mgf1_md() fails then the caller
needs to free the label.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)
(cherry picked from commit
d32dd65053431ee744d213b336b9a03a035807e6)
Gopal Sharma [Tue, 19 Dec 2023 06:14:42 +0000 (11:44 +0530)]
Fixed windows compilation issue
Fixed - Windows compilation issue - unbale to find correct definitions of _InterlockedExchangeAdd.
Issue number - https://github.com/openssl/openssl/issues/21080
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23087)
(cherry picked from commit
aa50768bf6d0a987028175c4a3cac8a142b15941)
Bernd Edlinger [Sun, 10 Dec 2023 14:07:08 +0000 (15:07 +0100)]
Fix a possible memory leak in dh_cms_encrypt
Add a missing check of the return code of X509_ALGOR_set0,
otherwise the ASN1_STRING object wrap_str may be leaked.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22998)
Tomas Mraz [Wed, 13 Dec 2023 09:06:59 +0000 (10:06 +0100)]
AES: Document that the XTS, SIV, WRAP modes do not support streaming
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23028)
(cherry picked from commit
8f0f814d791e0825b96c30494594de619da3e5a5)
Neil Horman [Thu, 30 Nov 2023 19:28:09 +0000 (14:28 -0500)]
Detect and prevent recursive config parsing
If a malformed config file is provided such as the following:
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
= provider_sect
The config parsing library will crash overflowing the stack, as it
recursively parses the same provider_sect ad nauseum.
Prevent this by maintaing a list of visited nodes as we recurse through
referenced sections, and erroring out in the event we visit any given
section node more than once.
Note, adding the test for this revealed that our diagnostic code
inadvertently pops recorded errors off the error stack because
provider_conf_load returns success even in the event that a
configuration parse failed. The call path to provider_conf_load has been
updated in this commit to address that shortcoming, allowing recorded
errors to be visibile to calling applications.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22898)
(cherry picked from commit
682fd21afb5428b5716e62eaefb09a7419f9cfd7)
dependabot[bot] [Tue, 19 Dec 2023 18:00:12 +0000 (18:00 +0000)]
Bump actions/setup-python from 4.7.1 to 5.0.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.7.1...v5.0.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22963)
(cherry picked from commit
51c85496dc227f277adbe0748d596e07d9a34bc2)
Bernd Edlinger [Sun, 10 Dec 2023 14:21:19 +0000 (15:21 +0100)]
Fix a possible memory leak in ossl_x509_algor_md_to_mgf1
Add a missing check of the return code of X509_ALGOR_set0.
otherwise a memory leak may occur.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22999)
Tomas Mraz [Mon, 11 Dec 2023 14:19:47 +0000 (15:19 +0100)]
Fix provider compatibility check crash in evp_test
EVP_MAC_CTX_get_mac_size() cannot be called on older
unfixed versions before EVP_MAC_init().
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/23008)
Bernd Edlinger [Mon, 18 Dec 2023 20:38:22 +0000 (21:38 +0100)]
Fix no-des failure in test_cms
The newly introduced test case do not work
when configured with no-des, fix that by
choosing -aes128 as cipher.
Fixes
ffed597882ba ("cms: avoid intermittent test failure")
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23086)
(cherry picked from commit
5b4f4474b2562c4422193e1719461a0ef5cbc3e5)
Tomas Mraz [Tue, 19 Dec 2023 11:11:51 +0000 (12:11 +0100)]
ci.yml: Fix bad conflict fix in backported patch
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23090)
Tomas Mraz [Thu, 14 Dec 2023 17:33:57 +0000 (18:33 +0100)]
Consolidate raising errors in SSL_CONF_cmd()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
(cherry picked from commit
430dcbd0463573fece704263648cc15e891c3d49)
Tomas Mraz [Thu, 14 Dec 2023 15:37:58 +0000 (16:37 +0100)]
Test that incorrect entry in the ssl section is not fatal
The following entries should be still applied.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
(cherry picked from commit
17b4277d9ac6665e9b53a6270949418154cab2dc)
Tomas Mraz [Thu, 14 Dec 2023 15:26:21 +0000 (16:26 +0100)]
Always apply all configuration settings from the ssl section
Even if some configuration entry is incorrect, do not
skip the remaining ones.
Fixes #20789
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
(cherry picked from commit
69c067ffbc2c02295e20c90e557b6fcb2f7da69c)
Dmitry Misharov [Thu, 14 Dec 2023 12:36:04 +0000 (13:36 +0100)]
run Windows GitHub CI workflow on self-hosted runners
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23042)
(cherry picked from commit
ce42b72cb1ca2ba8669bc28a70ed9dca28b7a551)
Dmitry Misharov [Thu, 14 Dec 2023 11:29:23 +0000 (12:29 +0100)]
run GitHub CI workflow on self-hosted runners
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23042)
(cherry picked from commit
834a2d7088a042a4f8f95fa2b8327fd388556151)
Dmitry Misharov [Thu, 14 Dec 2023 10:09:15 +0000 (11:09 +0100)]
run Cross Compiles workflow on self-hosted runner
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23042)
(cherry picked from commit
625287bc80129deedab7484ee4c0ac112ae874a0)
James Muir [Thu, 14 Dec 2023 19:14:37 +0000 (14:14 -0500)]
cms: avoid intermittent test failure
If you decrypt a random input using RSAES-PKCS-v1_5, then there is a
non-negligible chance that the result will look like a valid plaintext
(that is why RSAES-PKCS-v1_5 shouldn't be used anymore). This was the
cause of an intermittent failure in a test that did a cms-encrypt
operation targetting multiple recipients.
The failure happened during key-only decrypt. The recipient decrypts
every RSA ciphertext -- only one is supposed to decrypt successfully,
which would reveal the right content-key. Occassionally, more than
one decrypted successfully.
Update the test by specifying the recipient cert in the decrypt op
(this avoids looping over all RSA ciphertexts).
Add a new test to get coverage for key-only decrypt, but use RSA-OAEP
during the encrypt op.
Fixes https://github.com/openssl/project/issues/380
Testing:
$ make TESTS='test_cms' test
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23055)
(cherry picked from commit
ffed597882baf2f07274e7eaa8f3c4fa9fa74ac1)
Xi Ruoyao [Tue, 12 Dec 2023 19:36:48 +0000 (03:36 +0800)]
Define L_ENDIAN for linux64-loongarch64
In commit
d7c0fc5b1a7b5cb2219f8d89a861f3879582fc16 we removed L_ENDIAN
definition for guessed linux64-loongarch64 as it had caused an
inconsistency between configurations with and without explicit
specifying linux64-loongarch64. Now add it back to the proper location.
Unlike MIPS or RISC-V, LoongArch is always little-endian [1].
By the way, change "LOONGARCH" to "LoongArch" in a comment as LOONGARCH
should only appear in the identifiers of macros, constants, etc.
[1]:https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#endian
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23064)
(cherry picked from commit
e1002c84725a64b6a097f3155dc6851b57f7ba8e)
dependabot[bot] [Mon, 18 Dec 2023 09:58:53 +0000 (09:58 +0000)]
Bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23053)
(cherry picked from commit
1ee0560f43a38d3a2de6c2cd2cacb0879c75cf46)
Dmitry Kobets [Fri, 15 Dec 2023 04:12:43 +0000 (20:12 -0800)]
Fix instructions for running tests on Windows
In the command `nmake TEST='foo' test`, on Windows the runner
will look for test `'foo'` and complain about the test not being found
(due to the extraneous single quotes), whereas with `nmake TEST="foo" test`,
the test `foo` will be correctly found.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23059)
(cherry picked from commit
cf424d1da05b3cd928c97596af08e260429b308c)
Hugo Landau [Mon, 11 Dec 2023 07:57:54 +0000 (07:57 +0000)]
LHASH: Document down_load functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23032)
(cherry picked from commit
f8c75e053569cdcbf0d39620e28b4044f1be04f1)
Hugo Landau [Fri, 8 Dec 2023 10:14:27 +0000 (10:14 +0000)]
LHASH: Fix documentation for doall-delete hazards
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23032)
(cherry picked from commit
e91f21193c1b11de775e65b4e209a9fed67a41c1)
Neil Horman [Tue, 5 Dec 2023 20:24:20 +0000 (15:24 -0500)]
Harden asn1 oid loader to invalid inputs
In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init
config_diagnostics = 1
[openssl_init]
oid_section = oids
[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======
The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space
correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)
(cherry picked from commit
a552c23c6502592c1b3c67d93dd7e5ffbe958aa4)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23034)
(cherry picked from commit
d802bfbf80bab00123a4a6209f255852b3a10207)
Dr. David von Oheimb [Sat, 2 Dec 2023 14:54:27 +0000 (15:54 +0100)]
CONTRIBUTING.md: add reference to util/check-format.pl and fix several nits
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22911)
(cherry picked from commit
260d97229c467d17934ca3e2e0455b1b5c0994a6)
James Muir [Thu, 7 Dec 2023 15:23:49 +0000 (10:23 -0500)]
doc: fix list display in man page
"=over 1" is too small. Use "=over 2" so that list items are
displayed correctly in the generated man-page.
You can check the man-page using the following command:
cd doc && pod2man man3/OSSL_PARAM_int.pod | man /dev/stdin
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22974)
(cherry picked from commit
7f4bf1857321d2a2ebcbbb2742946a965e463b79)
fangming.fang [Thu, 7 Dec 2023 06:17:51 +0000 (06:17 +0000)]
Enable BTI feature for md5 on aarch64
Fixes: #22959
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22971)
(cherry picked from commit
ad347c9ff0fd93bdd2fa2085611c65b88e94829f)
James Muir [Wed, 6 Dec 2023 21:49:11 +0000 (16:49 -0500)]
ossl-params: check length returned by strlen()
In param_build.c, the functions OSSL_PARAM_BLD_push_utf8_string() and
OSSL_PARAM_BLD_push_utf8_ptr() use strlen() to compute the length of
the string when bsize is zero. However, the size_t returned by
strlen() might be too large (it is stored in an intermediate "int"),
so check for that.
There are analogous functions in params.c, but they do not use an
intermediate "int" to store the size_t returned by strlen(). So there
is some inconsistency between the implementations.
Credit to Viktor D and Tomas M for spotting these missing checks.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22967)
(cherry picked from commit
d4d6694aa710c9970410a6836070daa6486a0ac0)
Dr. David von Oheimb [Fri, 27 Oct 2023 06:58:48 +0000 (08:58 +0200)]
provider-storemgmt.pod: fix nits (unclosed '<' around name)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22942)
(cherry picked from commit
a149e8e108263718daede1858d2855d68dde5652)
Bernd Edlinger [Sun, 3 Dec 2023 10:41:51 +0000 (11:41 +0100)]
Fix a possible memleak in opt_verify
The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22922)
(cherry picked from commit
d6688e45fa2f987f3ffd324e19922468beee5ddc)
Bernd Edlinger [Sun, 3 Dec 2023 10:29:52 +0000 (11:29 +0100)]
Fix a possible memleak in apps/rehash.c
The OPENSSL_DIR_end was missing in case of error.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22920)
(cherry picked from commit
01709fcb8b609cfc47e277d20492c333bafb113e)
Bernd Edlinger [Sun, 3 Dec 2023 10:34:37 +0000 (11:34 +0100)]
Fix a possible memleak in smime_main
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22919)
(cherry picked from commit
ba4d833f6e24a83bc3e74ba55f52d8916b70fb59)
Bernd Edlinger [Sun, 3 Dec 2023 10:24:18 +0000 (11:24 +0100)]
Fix a possible memleak in cms_main
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22918)
(cherry picked from commit
3457a550c64ab8009c7cd0175675ac140cab33c2)
Matt Caswell [Wed, 29 Nov 2023 11:45:12 +0000 (11:45 +0000)]
Don't attempt to set provider params on an ENGINE based cipher
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22865)
Matt Caswell [Wed, 29 Nov 2023 11:30:07 +0000 (11:30 +0000)]
Add a test for late loading of an ENGINE in TLS
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).
(cherry picked from commit
a9c97da4910648790387d035afb12963158778fb)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22865)
Matt Caswell [Wed, 6 Dec 2023 12:51:34 +0000 (12:51 +0000)]
Add a test case for OSSL_HTTP_parse_url
Ensure we test the case where the port value is empty in the URL.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
(cherry picked from commit
a36d10dfb7e77614c8d3da602ff3800a2e9f4989)
Matt Caswell [Wed, 6 Dec 2023 11:51:01 +0000 (11:51 +0000)]
Fix some invalid use of sscanf
sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.
The instance in OSSL_HTTP_parse_url could cause an uninitialised read of
sizeof(unsigned int) bytes (typically 4). In many cases this uninit read
will immediately fail on the following check (i.e. if the read value
>65535).
If the top 2 bytes of a 4 byte unsigned int are zero then the value will
be <=65535 and the uninitialised value will be returned to the caller and
could represent arbitrary data on the application stack.
The OpenSSL security team has assessed this issue and consider it to be
a bug only (i.e. not a CVE).
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
(cherry picked from commit
322517d817ecb5c1a3a8b0e7e038fa146857b4d4)
Matt Caswell [Wed, 6 Dec 2023 11:19:24 +0000 (11:19 +0000)]
Extend the test of BN_GF2m_mod_inv
Test that input value of 1 for p is treated as an error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)
(cherry picked from commit
b83c719ecb884f609ade7ad7f52bd5e09737585b)
Matt Caswell [Wed, 6 Dec 2023 11:09:53 +0000 (11:09 +0000)]
Avoid an infinite loop in BN_GF2m_mod_inv
If p is set to 1 when calling BN_GF2m_mod_inv then an infinite loop will
result. Calling this function set 1 when applications call this directly
is a non-sensical value - so this would be considered a bug in the caller.
It does not seem possible to cause OpenSSL internal callers of
BN_GF2m_mod_inv to call it with a value of 1.
So, for the above reasons, this is not considered a security issue.
Reported by Bing Shi.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)
(cherry picked from commit
9c1b8f17ce2471ca37ee3936d07aed29aab10975)
Bernd Edlinger [Sun, 10 Dec 2023 09:18:19 +0000 (10:18 +0100)]
Fix a possible memory leak in do_othername
Since the gen->type will not be set in a2i_GENERAL_NAME
the gen->d.otherName will not be automatically
cleaned up by GENERAL_NAME_free.
Also fixed a similar leak in a2i_GENERAL_NAME,
where ASN1_STRING_set may fail but gen->d.ia5
will not be automatically cleaned up.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22996)
(cherry picked from commit
1c078212f1548d7f647a1f0f12ed6df257c85cc3)
Matthias St. Pierre [Wed, 29 Nov 2023 21:12:45 +0000 (22:12 +0100)]
doc: improve documentation of EVP in-place encryption
The EVP interface explicitly allows in-place encryption/decryption,
but this fact is just 'partially' documented in `EVP_EncryptUpdate(3)`
(pun intended): the manual page mentions only operation failure in
case of 'partial' overlaps. This is not even correct, because
the check for partially overlapping buffers is only implemented
in legacy code paths.
Currently, in-place encryption/decryption is only documented for
RSA (`RSA_public_encrypt(3)`) and DES (`DES_ecb_encrypt(3)`), as
well as in the provider interface (`provider-cipher(7)`).
This commit amends `EVP_EncryptUpdate(3)` and `provider-cipher(7)`
to make the front-end and back-end documentation consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22875)
(cherry picked from commit
6ebdbba76a45294e22006ede1442847cdee24f03)